liang layout layout 2/25/14 3:37 pm page 33 mobile social ...€¦ · control access to their...

IEEE Wireless Communications • February 2014 331536-1284/14/$25.00 © 2014 IEEE

MO B I L E SO C I A L NE T W O R K S

INTRODUCTIONAs reported by ComScore [1], social networkingsites such as Facebook and Twitter have reached84 percent of the world’s online population, rep-resenting 1.3 billion users around the world. Inthe meantime, fueled by the dramatic advance-ments of smartphones and the ubiquitous con-nections of Internet networks, social networkingfurther becomes available for mobile users andkeeps them posted on up-to-date worldwidenews and messages from their friends and fami-lies anytime anywhere. The convergence ofsocial networking, advanced smartphones, andstable network infrastructures brings us a perva-sive and omnipotent communication platform,mobile social networking (MSN), helping us stayconnected better than ever.

The boom of mobile applications is one of theimportant factors in MSN development. It isreported from WiKi that Apple Inc. has greatlyincreased the number of mobile applications from800 in July 2008 to over 825,000 in April 2013.Generally, these mobile applications can be divid-ed into three categories. The first category ismobile versions of online social applications(OSAs), which enable users to check socialupdates, share photos, and watch online videos ina mobile environment. The communicationsremain between smartphone users (SUs) andInternet service providers (ISPs). Web-based/password-based authentication can be continuous-

ly applied to prevent SUs’ content from beingaccessed by unauthorized entities. Security andprivacy are not difficult to solve because the ISPsare fully trusted by the SUs. In addition to voiceservice available for any cellular telephone, smart-phones distinguish themselves by powerful com-puting resources and, most significantly, theircapability to understand their surrounding envi-ronments through many sensors that are built intothem. As a result, the second category, location-based applications, becomes one of the most pop-ular. It utilizes the information downloaded fromthe Internet to assist location-based activities.Such applications are widely supported by eithersocial network giants like Facebook or specializedservice providers like Foursquare and Loopt. Themain idea is as follows: The GPS chips detect thelocation coordinates of the SUs, who then reportthe coordinates to the ISPs for downloading theinformation related to local services. However, itraises a serious privacy issue; the continuously dis-closed location coordinates may reveal where,when, or even what SUs have done. To preventabuse of their location coordinates, SUs have tooften manually switch localization on and off tocontrol access to their location information. Thethird category is autonomous mobile applications,where SUs are able to connect to neighboringSUs and local service providers (LSPs) throughshort-range wireless communications such as nearfield communication (NFC), Bluetooth, and WiFiDirect. For example, a nearby information searchapplication [2] helps an SU consult her nearbyfriends, who in turn will ask their friends, and soon, until the information is found. In this applica-tion, the SUs are not required to have an Internetconnection. Besides, navigating for informationvia neighboring SUs could be better than Internetsearch because the information from a neighbor-hood is often more personalized, localized, andup-to-date. Autonomous mobile applications canalso be applied to facilitate car pool [3] andhealthcare purposes. However, the security andprivacy of such applications are very challenging.In fact, SUs are unlikely to share their privacy-sensitive destinations or healthcare symptomswith strangers. Without a trust mediator, the pri-vacy is easily violated, and thus the SUs are prob-ably uncooperative.

XIAOHUI LIANG, KUAN ZHANG, AND XUEMIN SHEN, UNIVERSITY OF WATERLOOXIAODONG LIN, UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY

ABSTRACT

Mobile social networking is a pervasive com-munication platform where users with smart-phones can search over the Internet and queryneighboring peers to obtain the desired informa-tion. In this article, we examine the architecture,communication patterns, and especially the secu-rity and privacy of MSN. We first study threecategories of mobile applications with a focus ontwo autonomous mobile applications, businesscard and service review. We then explore thepossible methods to deal with the associatedsecurity and privacy challenges. By discussing theshortages of the methods, we finally provide sev-eral promising research directions.

SECURITY AND PRIVACY IN MOBILE SOCIALNETWORKS: CHALLENGES AND SOLUTIONS

LIANG_LAYOUT_Layout 2/25/14 3:37 PM Page 33

IEEE Wireless Communications • February 201434

As indicated above, despite the tremendousbenefits brought by MSN and its applications,MSN still faces many security and privacy chal-lenges, including private information leakage,cheating detection, Sybil attacks, and so on.Recently, extensive research efforts [4–6] havebeen made to deal with these research chal-lenges by exploring the unique MSN characteris-tics. However, the overall architecture and socialimpact from the security and privacy perspectivehave not been systematically studied. Clearly, tostudy the security and privacy requirements andtheir relations to the unique MSN characteristicsis very critical before any specific scheme design.In this article, we first define an overall MSNarchitecture with the communication entities andthe communication patterns. We then explorethe security and privacy requirements with theassociated social factors. In addition, we describethree categories of applications and their associ-ated research challenges and solutions. Lastly,we present some promising future researchdirections.

MSN ARCHITECTURE

In this section, we present MSN architecture byintroducing the communication entities, thecommunication patterns, and the security andprivacy requirements [7].

MSN COMMUNICATION ENTITIESAn MSN, as shown in Fig. 1, is a virtual environ-ment composed of the SUs moving in a localgeographical area, the LSPs, and the ISPs. It isformed upon the agreement of the participatingSUs and LSPs.

Smartphone Users — The SUs are able to not onlyaccess the Internet via cellular/WiFi networks,but also communicate with neighboring SUs via

Bluetooth/NFC technologies. The SUs choosethe communication technologies for differentapplications. For example, the SUs may choosethe Internet to obtain service information, anduse Bluetooth to communicate with nearby SUsto obtain service reviews. The SUs also considertheir mobility and social behavior patterns whenchoosing the communication technologies.

Local Service Providers — The LSPs, either mobileor static, provide services to the SUs in the vicin-ity. When an LSP is mobile, it can be equippedwith a smartphone that disseminates serviceinformation to the encountered SUs. When anLSP is static, it could be in a local store orrestaurant that is visited by nearby SUs. A staticLSP is equipped with enhanced communicationand storage devices that are placed on, in, oraround their buildings. The LSPs could use thesecommunication devices to interact with nearbySUs. For example, a restaurant is always inter-ested in disseminating its promotion to potentialcustomers.

Internet Service Providers — Mobile access to Inter-net service is available due to the pervasivedeployment of cellular network infrastructures.Besides, SUs can also access the Internet viaWiFi hotspots, which are widely distributed inrestaurants, shopping malls, and even residentialcommunities. As a result, the ISPs can bereached almost anytime anywhere. They can alsoprovide service information to SUs in MSNwhenever and wherever the SUs need it.

MSN COMMUNICATION PATTERNSAND TECHNIQUES

The communication patterns in MSN are gener-ally divided into SU-to-ISP, SU-to-LSP, and SU-to-SU categories.

Figure 1. MSN architecture. The SUs have various communication technologies to reach the ISPs, theLSPs, and other SUs. Mobile applications enable the SUs to watch online videos (Youtube), update per-sonal information (Facebook), share photos (Flickr), search for information (Foursquare), and talk toneighbors (SayHello) anytime anywhere.

Mobile social networking in a city

Vendor

UserWirelineWiFiBluetoothCellular network

Internet

The static LSP isequipped with enhancedcommunication and stor-age devices that areplaced on, in or aroundtheir buildings. The LSPscould use these commu-nication devices to inter-act with the nearbySUs. For example, arestaurant is alwaysinterested in disseminat-ing its promotion to thepotential customers.


IEEE Wireless Communications • February 2014 35

SU-to-ISP — Two common communication tech-nologies that are enabled on smartphones helpSU-to-ISP communications. One is cellular net-works. The SUs purchase a data plan from wire-less carriers, such as Rogers and Verizon. Theirsmartphones can connect to the Internet throughthe cellular network infrastructures maintainedby these companies. For example, SUs spend$5/$17/$37 to purchase a monthly plan whichprovides 10 Mbytes/250 Mbytes/5 Gbytes Inter-net data to their smartphones. The other one isWiFi technology. Compared to the previous,WiFi technology can offer pervasive Internetaccess at cheaper costs and larger bandwidth.Many LSPs integrate free WiFi access into theircommercial business solutions. For example, theCanada-wide coffee shop Tim Hortons chainhave worked with Bell Canada to roll out thenational free WiFi service to more than 2000Tim Hortons locations since September 2012. Inaddition, more and more commercial solutionsare developed by companies like FatPort andFon, encouraging distributed WiFi hotspots tocooperatively share Internet access with nearbySUs.

SU-to-LSP — SU-and-LSP communications helpSUs better obtain the service information ofnearby LSPs. The communications can be doneby short-range wireless technologies, such asWiFi and Bluetooth. Due to the ease of setupand low costs, many LSPs have been equippedwith wireless routers to offer Internet access totheir customers. In other words, these LSPs areconnected to their customers through WiFi. Inaddition, when the LSPs are mobile, they canalso be equipped with short-range communica-tion devices and send the service information tothe encountered SUs via Bluetooth.

SU-to-SU — When SUs launch autonomousmobile applications, SU-to-SU communication isuseful for the SUs to share information efficient-ly. Short-range communication technologies likeNFC, Bluetooth, and WiFi Direct are integratedinto smartphones to implement SU-to-SU com-munication. NFC operates at slower speeds thanBluetooth, but consumes far less power withoutpairing. NFC sets up more quickly than standardBluetooth, but has a lower transfer rate thanBluetooth Low Energy. With a maximum work-ing distance of less than 20 cm, NFC has a short-er range, which reduces the likelihood ofunwanted interception. It makes NFC particular-ly suitable for crowded areas. In comparison,Bluetooth and WiFi Direct support longer wire-less communication ranges more suitable forSUs to share information over distance. In addi-tion, WiFi Direct promises data transfer speedsof up to 250 Mb/s, much faster than Bluetoothand NFC, but consuming more energy.

MSN SECURITY AND PRIVACYMSN security and privacy are urgent researchissues once various MSN applications are widelylaunched in an insecure MSN environment. Theemerging security and privacy issues of MSN aretightly related to the specific application designand a user’s unique requirements. Generally,when we design MSN applications, we should

consider trust relations, private informationleakage, and malicious behavior. In the follow-ing, we first introduce these security and privacyissues, and then discuss them in different appli-cations.

Trust Relations — Trust relation is a fundamentalpart of mobile applications. Mobile applicationscan only be adopted by SUs if the SUs havetrust in the ISPs, LSPs, and other SUs. WhileSUs enjoy the conveniences brought by mobileapplications maintained by the ISPs, they realizethat more and more personal information isrevealed to the ISPs and start questioning howthe ISPs keep the collected personal informa-tion, and whether the ISPs disclose the informa-tion for other purposes without proper consent.Some research works [8, 9] suggest that SUs onlydisclose fuzzy identity and location informationto the ISPs.

A social community is a platform to buildsocial relations among people who share inter-ests, activities, backgrounds, or real-life connec-tions. In MSN, social community implies trustrelationships, and helps SUs and LSPs buildtrust relationships in a distributed way. Whentwo SUs know that they belong to the samesocial community (university or company) orhave some common interests (sports or tastes),each has a feeling that the other is more reli-able, and the shared opinions are more trustful.Some research works [4–6] develop privacy-pre-serving profile matching protocols to help twoSUs obtain their common interests. Besides,social ties representing the relationships betweentwo SUs are the foundation for effective collabo-ration. In MSN, the strength of social ties can beused to facilitate effective data forwarding [10,11] and service recommendation [12].

Private Information Leakage — Private information,such as identities, pseudonyms, locations, andprofiles, may be revealed in most mobile appli-cations to some extent. In fact, social networkingplus mobile applications can easily be used totrace an SU’s behavior if the SU does not inten-tionally protect himself. Popular social applica-tions like Facebook and Twitter have deliberateprivacy settings, while others may not provideadequate protection. However, in practice, mostSUs choose to ignore the privacy settings andput themselves in potential danger. Recentresearch works [10] suggest the use of historicalsocial contacts to facilitate the packet forwardingin the future, while not considering that thesocial contacts, including identities, are privacy-sensitive to SUs and could be never shared bySUs. As an effective solution, the profile match-ing protocols [4–6] would help users only revealthe privacy-preserving matching results.

Malicious Behavior — Most autonomous mobileapplications are ineffective in the presence ofSUs’ malicious behavior. For example, in coop-erative packet forwarding, if every SU alwaysexpects others’ help but refuses to help others,cooperative packet forwarding may never suc-ceed; in the trustworthy service evaluation (TSE)system, if the LSPs and SUs can arbitrarily addpositive reviews and delete negative reviews, the

The emerging securityand privacy issues of

MSN are tightly relatedto the specific applica-

tion design and theuser’s unique require-

ments. Generally, whenwe design MSN applica-tions, we should consid-

er the trust relations,the private informationleakage, and the mali-

cious behavior.

LIANG_LAYOUT_Layout 2/25/14 3:37 PM 5


SUs cannot receive authentic and useful reviews,and stop running the applications. Some researchworks [10, 11] consider social selfishness andsocial morality into the calculation of utility, andexplore novel packet forwarding protocols. Someresearch work [12] studies review attacks andSybil attacks, and propose corresponding defen-sive mechanisms in the distributed TSE system.

MSN APPLICATIONS

In this section, we briefly introduce the mobileversion of online social applications and loca-tion-based applications, and then focus on twoautonomous mobile applications.

MOBILE VERSIONS OF ONLINESOCIAL APPLICATIONS

Successful OSAs such as Facebook and Youtubehave been extended to mobile versions. Nowa-days, hardware specifications of smartphones arecomparable to those of personal computers,along with friendly interface improvements andusability enhancements. Moreover, the deploy-ment of third generation (3G) and Long TermEvolution (LTE) networks has considerablyimproved the available mobile bandwidth,enabling provisioning of content and servicespowered by ISPs. When SUs launch the applica-tions, they are able to quickly download/upload

data from/to the ISPs. As such, a security issuehas been raised; that is, SUs have the capabilityto send information out to the world in an easyand fast way, such as updating status or changinga head photo. Anyone with Internet access isable to keep tracking the SUs’ behavior, which isextremely dangerous. As such, when sharinginformation, SUs need to be mindful aboutwhether personal information disclosure is nec-essary or not.

LOCATION-BASED APPLICATIONSFoursquare is a typical location-based applica-tion that allows registered users to post theirlocations at a venue (“check in”) and connectwith friends. One can check in to a certainfloor/area of a building, or indicate a specificactivity while at a venue. Users can choose tohave their check-ins posted on their accounts onTwitter or Facebook. The location-based appli-cation collects and utilizes locations, which aremost privacy-sensitive to SUs. Inappropriate dis-closure of locations to potential attackers mayput the SUs’ lives in danger or cause propertyloss. In practice, SUs often trust LSPs. It is com-mon that some locations have to be disclosed forexchanging with valuable local service informa-tion. However, SUs should still have control overhow precise a level of location information isdisclosed and how much personal information islinked to those locations. In the current applica-

Figure 2. Mobile version of online social applications and location-based applications.

Enablinglocalization?

Location-basedapplications

Mobile version ofInternet applications



tions, the location coordinates of SUs are direct-ly reported to service providers. Instead, SUsmay only reveal a geographic area that circlearound the precise coordinate or mix their iden-tities with nearby SUs [8, 9]. Besides, when reg-istering with the applications, SUs can providelimited personal information and carefully definewhich part of the information can be shared withwhom.

AUTONOMOUS MOBILE APPLICATIONSAutonomous mobile applications can be devel-oped for many interesting and specific scenarios.We introduce two autonomous mobile applica-tions: business card and service review, both ofwhich are launched in an insecure and distribut-ed environment.

business card application: Exchanging busi-ness cards in a public place, such as conferencesites and restaurants, is a very common socialactivity when users want to introduce themselvesto nearby others. In practice, users do not arbi-trarily choose neighbors to whom to give outtheir business cards. They usually chat with oth-ers for a while and get to know others’ back-grounds. If they need to know further details orkeep in touch with others in the future, theyexchange business cards for more effective com-munications.

In MSN, with smartphones, SUs have anotheroption: to exchange electronic business cards (e-cards) that are preset in their smartphones, asshown in Fig. 3. The e-card application is easy touse and cost saving. However, it has two designchallenges:• Verification that an e-card is not forged• Ensuring that only a designated SU, not oth-

ers, can receive itThe first challenge can be solved via the help ofan authoritative entity who generates a digitalsignature on each e-card. SUs must provide thesignature with the e-cards at the same time. Forthe second challenge, NFC technology could be

a solution where two SUs need to be physicallycontacted and put their smartphones at a dis-tance no more than 20 cm. Bluetooth is an alter-native that enables two SUs with further distanceto share e-cards. In this case, before exchanginge-cards, two SUs need to check if the other isthe one with whom they wish to communicate.Even with simple authentication provided byNFC/Bluetooth, SUs could still wrongly connecttheir phones with other malicious attackers.

Inspired by the traditional way of exchangingbusiness cards, we introduce a novel gesture-based authentication scheme for the e-cardapplication. The scheme requires each SU toperform a gesture at the beginning. The gesturesare as simple as shaking the smartphone in anup, down, left, or right direction, or a composi-tion of these simple gestures. Two SUs bothneed to repeat each other’s gestures and sendthe gesture information back to the original SU.After confirming the right gesture, the originalSU sends the e-card. The gesture-based authen-tication scheme takes gestures as a temporarypassword that can be obtained by only close-enough SUs with visibility. Without seeing andrepeating the gestures, other malicious attackersare unable to eavesdrop the e-cards. In this way,the SUs can have secure and efficient e-cardsharing. Table 1 shows the comparison betweenpassword-based and gesture-based authentica-tions.

Service review application: Over the Internet,many social and online shopping sites allow cus-tomers to write service reviews of a specific ser-vice or product. From the review systems, serviceproviders could know the user experiences andbe able to improve service quality right away.Besides, the reviews from others could be veryhelpful for users to decide which service/productthey should choose. The use of such systems is acommon social activity where users freely shareservice reviews as recommendations for friends.Nowadays, most companies have already inte-

Figure 3. Business card application.

Physicallyexchange

Repeated gesture

Namecard

Gesture



grated the review system as an important adver-tising tool to boost their global market.

In MSN, LSPs such as restaurants and gro-cery stores offer local services to nearby SUs.There is a need for LSPs and SUs to exchangeinformation. The LSPs want to disseminate ser-vice information to the SUs, such as their loca-tions and flyers, while the SUs want to know theservice information. In addition, the servicereviews of friends play an important role in theSUs’ service selection. In MSN, the servicereview application aims to help two SUs directlyshare reviews or indirectly via the LSPs, asshown in Fig. 4.

Direct service review sharing. When two SUsboth have visited or are about to visit an unfa-miliar LSP, they need to communicate with eachother, expecting to know more about the LSP.For example, one SU may want to know fromthe other if the service is good in an automobiledealership before having a car fixed there orwhether the food is delicious in a restaurantbefore randomly picking a dish with a “deli-cious” name. However, different experiences anddifferent backgrounds of SUs may result in dis-tinctive service reviews. A profile matching tech-nique can be used to enable two SUs to check ifthey have some interests in common beforesharing reviews. According to interest catego-rization, service reviews are more valuable andtrustworthy to SUs. Although profile matching ishelpful, it should not over-disclose SUs’ privateprofile information [4–6].

Indirect service review sharing. Due to mobil-ity, direct sharing may not always be enabledamong the SUs. We introduce a TSE system [12]that helps the SUs indirectly share their servicereviews via the LSP. It works in the followingway. The SUs cooperatively upload their servicereviews to the TSE system, which is maintainedby the LSP. Then the LSP disseminates the ser-vice reviews to other SUs. However, since theLSP may launch some malicious attacks to modi-fy the review collections, the SUs need toauthenticate the received reviews. One solutionis to utilize the aggregate signature to build thereview collection [12]. Consider multiple SUs{SU1, SU2, ⋅⋅⋅, SUn} generating service reviewsR1, R2, ⋅⋅⋅, Rn, respectively. For each review Ri,to protect the review’s integrity, SUi generates asignature on Si = Sign(pski, Ri), where pski is apseudonym secret key corresponding to thepseudonym pidi. pski, and pidi are generated by acentralized identity-based cryptosystem. Notethat if SUi submits (Ri, Si) to the TSE system,the LSP can easily delete any review withoutbeing detected. However, when aggregate signa-ture is applied, {S1, S2, ⋅⋅⋅, Sn} are aggregatedinto one signature

–S. By the cooperation from

the SUs, the review collection is converted from(R1, ⋅⋅⋅, Rn, S1, ⋅⋅⋅, Sn) to (R1, ⋅⋅⋅, Rn,

–S). In this

way, the LSP either deletes or keeps the wholereview collection. It can be seen that the reviewsare integrated and the modification capability ofthe LSP is reduced. In [12], review rejectionattacks of the TSE system has been studied in asimulated MSN. Each review has a value in [0,1]. A review is negative if its value is lower than0.5. The vendor performs review rejectionattacks by rejecting all negative reviews. When

multiple reviews are aggregated and submittedtogether, the vendor accepts them if the averagevalue is no less than 0.5, or rejects them other-wise. Multiple tokens are circulated among usersto help them aggregate reviews. Figure 5a showsthe comparison of submission rates of the basicTSE (bTSE) system and the non-cooperativesystem under no review rejection attacks and dif-ferent service ranges (SRs), while Fig. 5b showsthe results under attack. It can be seen thatwhen the review rejection attacks do not exist,the bTSE and non-cooperative systems achievesimilar submission rates. When review rejectionattacks exist, the bTSE system achieves a signifi-cantly higher submission rate than the non-coop-erative system, up to 100 percent. The simulationresults clearly indicate that the bTSE system isable to effectively resist review rejection attack.

The service review application can be furtherextended in a multihop version, as shown in Fig.4b. When an SU receives a service review, it canfurther share the review with other encounteredSUs. Multihop service review dissemination helpsSUs obtain more information about the services.However, it may have a trustworthy issue; that is,the service review may be modified and its credi-bility reduced after multihop transmission. Thetrust and recommendation mechanism [13] of theinformation propagation can be considered in thedesign of dissemination methods. In addition, theincentive and effectiveness of multihop dissemi-nation has also attracted many research efforts[6, 10, 14]. Besides, disseminators are communica-tion devices that are set up by the LSPs or a gov-ernment facility. They could be integrated intothe service review application. In real life, weoften see billboards placed at a crossroad near amall. Billboards help nearby users know whatservices are provided in the mall. In MSN, dis-seminators can be put on billboards to helpexchange up-to-date service information and ser-vice reviews from LSPs and SUs. The sooner SUsreceive the information, the better service theSUs can choose, and the more potential cus-tomers the LSPs have.

RESEARCH CHALLENGES

As MSN is essentially built in the broad field ofopen wireless medium, it inherits a variety offundamental security problems such as dataeavesdropping attacks, secure routing, and

Table 1. Comparison between two authenticationmethods.

Password Gesture

Complexity High Low

Update Per user Per session

Channel Wireless Optical

Need to bememorized Yes No

Usability Hard Easy

Over the Internet, manysocial and online shop-ping sites allow cus-tomers to write servicereviews of a specific service or product. Fromthe review systems, service providers couldknow the user experi-ences and be able toimprove service qualityright away.



denial-of-service attacks. Given the limitedspace, we address the following challenges.

GESTURE-ASSISTED SECUREINFORMATION SHARING

Previously, we introduced the promising businesscard application, which is a common social activi-ty in real life. With smartphones, our capabilitiesin sensing and communication are significantlyimproved, and our social activities are carried outin a more efficient way. However, due to thebroadcast nature of the wireless medium, it isvery difficult to negotiate a shared secret andimplement secure information sharing if two SUshave no pre-established knowledge of each other.Gesture-based information sharing is a uniqueresearch direction in MSN. The gesture informa-tion is only visible to neighbors who are closeenough. SUs can make simple gestures clearenough that a target SU can repeat it. In orderto achieve secure information sharing, the ges-ture can be changed for each session. In themeantime, accelerometer sensors and gyroscopesensors can also be used to detect gestures andcheck if two gestures are the same. One interest-ing research direction is discovering how to limitthe physical and visual spaces such that the ges-tures are only visible to the target SU. Besides, itis also interesting to explore more applicationsusing gesture-assisted secure information sharing.

SOCIAL-CONTEXT-BASEDPRIVATE INFORMATION MANAGEMENT

The information to be shared by the SUs in MSNis closely related to the social context, includingthe profiles of neighboring SUs and the serviceof neighboring LSPs. For example, in a shoppingmall, people surrounded by clothing stores expect

to share and receive discount information onclothes; in a conference, participants are willingto discuss research topics and projects with otherresearch scholars. Based on the social context,the disclosed personal information can be usedto identify an SU’s behavior at different levels. Inthe previous example, if a research scholar dis-cusses research topics in a shopping mall, hisbehavior is easily distinguished from nearby cus-tomers. Thus, to achieve privacy preservation, thesocial context should be considered in MSN com-munication protocol design. Most existing priva-cy-preserving profile matching protocols [4, 5]aim at minimizing profile information disclosurebut neglect the relations between the disclosedinformation and the social context. From [6], it isshown that the anonymity variation of an SUdepends on the profile information of its nearbySUs. Thus, the effectiveness of profile matchingprotocols in terms of privacy preservation needsto be further validated in different social con-texts. Exploring practical social contexts andproposing effective protocols for specific socialcontexts is an important research direction.

EFFECTIVE RESISTANCE TO MOBILE SYBIL ATTACKSDistributed systems are vulnerable to Sybil attackswhere an attacker manipulates bogus identities orabuse pseudonyms to compromise the effective-ness of the systems. Especially for MSN, the SUsoften adopt multiple pseudonyms for protectingtheir location privacy [6, 11]. Thus, it is very chal-lenging to restrict Sybil attackers who legally havemultiple pseudonyms but maliciously use them. InMSN, Sybil attacks can be further extended to themobile version, called mobile Sybil attacks(MSAs), which can be launched by mobile SUsanytime anywhere. The MSAs are hardly to bedetected because their behaviors are difficult tomonitor. The previously introduced TSE system is

Figure 4. Service review application.

Neighboring SUs

NeighboringSU

NeighboringSU

Two-hop SU

User

Disseminator

Disseminator

(a)

(b)

SU

Information request

Information response

LSP

LSP



subject to the MSAs [12]. One solution is perva-sive and cooperative monitoring, that is, requiringnormal SUs to monitor other SUs’ behaviors andsubmit the monitoring results to a centralizedauthority. Then the centralized authority can cor-relate the results and detect MSAs by viewing thestatistic information. This method is similar to tra-ditional Sybil attack detection [15] in online socialnetworks. However, in MSN, this method requiresextensive communication overhead and incursunexpected detection delay. Another solution [12]is to embed a secret in the multiple pseudonymsof one SU. When the attacker uses thepseudonyms beyond the predefined boundary, itsreal identity is calculated from these pseudonyms.In both solutions, how to define the boundarybetween MSAs and good behavior is challenging.Location information may be integrated into theboundary design of MSA detection.

CONCLUSION

In this article, we have studied the security andprivacy issues in mobile social networking andapplications. We have defined MSN communica-tion patterns, and introduced the security andprivacy challenges. We have also offered severalpromising approaches to deal with the securityand privacy challenges in various mobile applica-tions, especially for the business card and servicereview applications. Lastly, we have presentedthree promising research directions: gesture-assisted secure information sharing, social-con-text-based private information management, andeffective resistance to mobile Sybil attacks.

REFERENCES[1] ComScore, http://www.comscoredatamine.com/.[2] M. Motani, V. Srinivasan, and P. Nuggehalli, “Peo-

plenet: Engineering a Wireless Virtual Social Network,”Proc. MobiCom, 2005, pp. 243–57.

[3] M. Brereton e al., “Designing Participation in AgileRidesharing with Mobile Social Software,” Proc. AnnualConference of the Australian Computer-Human Interac-tion Special Interest Group, 2009, pp. 257–60.

[4] M. Li et al., “Findu: Privacy-Preserving Personal Profile

Matching in Mobile Social Networks,” Proc. IEEE INFO-COM, 2011, pp. 2435–43.

[5] R. Zhang et al., “Fine-Grained Private Matching forProximity-Based Mobile Social Networking,” Proc. IEEEINFOCOM, 2012, pp. 1969–77.

[6] X. Liang et al., “Fully Anonymous Profile Matching inMobile Social Networks,” IEEE JSAC, vol. 31, no. 9,2013, pp. 641–55.

[7] N. Kayastha et al., “Applications, Architectures, andProtocol Design Issues for Mobile Social Networks: ASurvey,” Proc. IEEE, vol. 99, no. 12, 2011, pp. 2130–58.

[8] X. Zhao, L. Li, and G. Xue, “Checking In without Wor-ries: Location Privacy in Location Based Social Net-works,” Proc. IEEE INFOCOM, 2013, pp. 3003–11.

[9] K. Puttaswamy et al., “Preserving Location Privacy inGeo-Social Applications,” IEEE Trans. Mobile Comput-ing, 2013.

[10] Q. Li, S. Zhu, and G. Cao, “Routing in Socially SelfishDelay Tolerant Networks,” Proc. IEEE INFOCOM, 2010,pp. 857–65.

[11] X. Liang et al., “Morality-Driven Data Forwarding withPrivacy Preservation in Mobile Social Networks,” IEEETrans. Vehic. Tech., vol. 7, no. 61, 2012, pp. 3209–22.

[12] X. Liang, X. Lin, and X. Shen, “Enabling TrustworthyService Evaluation in Service-Oriented Mobile SocialNetworks,” IEEE Trans. Parallel and Distributed Systems,2013.

[13] A. Jøsang, R. Hayward, and S. Pope, “Trust NetworkAnalysis with Subjective Logic,” Proc. Australasian Com-puter Science Conference, 2006, pp. 85–94.

[14] G. Costantino, F. Martinelli, and P. Santi, “Investigat-ing the Privacy vs. Forwarding Accuracy Tradeoff inOpportunistic Interest-casting,” IEEE Trans. MobileComputing, 2013.

[15] L. Shi et al., “Sybilshield: An Agent-Aided Social Net-work-Based Sybil Defense among Multiple Communi-ties,” Proc. IEEE INFOCOM, 2013, pp. 1034–42.

BIOGRAPHIESXIAOHUI LIANG [S’10, M’13] ([email protected]) isa postdoctoral fellow in the Department of Electrical andComputer Engineering, University of Waterloo, Canada. Heobtained his Ph.D. degree in electrical and computer eEngi-neering from the same university in 2013. He obtained hisBachelor’s and Master’s degrees in computer science fromShanghai Jiao Tong University, China, in 2006 and 2009.His research interests include information and networksecurity, privacy preservation, and applied cryptography fore-healthcare systems and mobile social networks.

XIAODONG LIN [S’07, M’09] ([email protected]) receivedhis Ph.D. degree in information engineering from BeijingUniversity of Posts and Telecommunications, China, in1998 and another Ph.D. degree (with Outstanding Achieve-ment in Graduate Studies Award) in electrical and comput-

Figure 5. Submission rate of TSE system in MSN [12]: a) no rejection attacks; b) under rejection attacks.

Token number

(a)

21

0.2

0.1

Subm

issi

on r

ate

0.3

0.4

0.5

0.6

0.7

0.8

0.9

3 4 5 6 7 8 9Token number

(b)

21

0.2

0.1

Subm

issi

on r

ate

0.3

0.4

0.5

0.6

0.7

0.8

0.9

3 4 5 6 7 8 9

Non-coop, SR=150 mNon-coop, SR=200 mNon-coop, SR=250 m

bTSE, SR=150 mbTSE, SR=200 mbTSE, SR=250 m

Non-coop, SR=150 mNon-coop, SR=200 mNon-coop, SR=250 m

bTSE, SR=150 mbTSE, SR=200 mbTSE, SR=250 m



er engineering from the University of Waterloo in 2008. Heis currently an assistant professor of information securitywith the Faculty of Business and Information Technology,University of Ontario Institute of Technology, Oshawa,Canada. His research interests include wireless networksecurity, applied cryptography, computer forensics, soft-ware security, and wireless networking and mobile com-puting. He was the recipient of a Natural Sciences andEngineering Research Council of Canada (NSERC) CanadaGraduate Scholarships (CGS) Doctoral and the Best PaperAwards of the 18th International Conference on ComputerCommunications and Networks (ICCCN 2009), the 5thInternational Conference on Body Area Networks (BodyNets2010), and IEEE ICC 2007.

KUAN ZHANG ([email protected]) received hisB.Sc. degree in electrical and computer engineering andM.Sc. degree in computer science from Northeastern Uni-versity, China, in 2009 and 2011, respectively. He is cur-rently working toward a Ph.D. degree in the Department ofElectrical and Computer Engineering, University of Water-loo. His research interests include packet forwarding, andsecurity and privacy for mobile social networks.

XUEMIN SHEN [M’97, SM’02, F’09] ([email protected]) received his B.Sc.(1982) degree from Dalian MaritimeUniversity, China, and his M.Sc. (1987) and Ph.D. (1990)degrees from Rutgers University, New Jersey, all in electri-cal engineering. He is a professor and university researchchair, Department of Electrical and Computer Engineering,University of Waterloo. He was the associate chair for grad-uate studies from 2004 to 2008. His research focuses onresource management in interconnected wireless/wired net-works, wireless network security, wireless body area net-

works, and vehicular ad hoc and sensor networks. He is aco-author/editor of six books, and has published more than600 papers and book chapters in wireless communicationsand networks, control and filtering. He has served as theTechnical Program Committee Chair for IEEE VTC ’10 Fall,Symposia Chair for IEEE ICC ’10, Tutorial Chair for IEEE VTC’11 Spring and IEEE ICC ’08, Technical Program CommitteeChair for IEEE GLOBECOM ’07, General Co-Chair for China-com ’07 and QShine ’06, Chair for IEEE CommunicationsSociety’s Technical Committee on Wireless Communica-tions, and P2P Communications and Networking. He alsoserves/served as Editor-in-Chief for IEEE Network, Peer-to-Peer Networking and Application, and IET Communica-tions; a Founding Area Editor for IEEE Transactions onWireless Communications; an Associate Editor for IEEETransactions on Vehicular Technology, Computer Networks,and ACM/Wireless Networks; and as a Guest Editor for IEEEJSAC, IEEE Wireless Communications, IEEE CommunicationsMagazine, and ACM Mobile Networks and Applications. Hereceived the Excellent Graduate Supervision Award in 2006,and the Outstanding Performance Award in 2004, 2007,and 2010 from the University of Waterloo, the Premier’sResearch Excellence Award (PREA) in 2003 from theProvince of Ontario, and the Distinguished PerformanceAward in 2002 and 2007 from the Faculty of Engineering,University of Waterloo. He is a registered Professional Engi-neer of Ontario, Canada, an Engineering Institute of Cana-da Fellow, a Canadian Academy of Engineering Fellow, anda Distinguished Lecturer of the IEEE Vehicular Technologyand Communications Societies. He has been a guest pro-fessor of Tsinghua University, Shanghai Jiao Tong Universi-ty, Zhejiang University, Beijing Jiao Tong University,Northeast University, and others.


liang layout layout 2/25/14 3:37 pm page 33 mobile social ...€¦ · control access to their...

Documents