solutions to security and privacy issues in mobile social networking speaker: xiaoliang li shijie...
TRANSCRIPT
Solutions to Security and Privacy Issues in Mobile Social Networking
Speaker: Xiaoliang Li
Shijie Yang
Xinyang Li
Instructor: Shambhu Upadhyaya
Date: 04/30/2015
4 /30/20152
Outline
Introduction Background Security Analysis Solution Analysis Conclusion
4 /30/20153
Introduction
The focus is on security and privacy in location-aware mobile social network (LAMSN) systems.
Security and Privacy Problems. Propose a design for a system that provides
solutions for these security and privacy problems.
4 /30/20154
Outline
Introduction Background Security Analysis Solution Analysis Conclusion
4 /30/20155
Background
Mobile social networking.
Mobile social networking is social networking where individuals with similar interests converse and connect with one another through their mobile phone and/or tablet
A current trend for social networking websites, such as Facebook is to create mobile apps to give their users instant and real-time access from their device.
4 /30/20156
Background
Mobile social networking.
4 /30/20157
Background
Mobile social networking is hot.
Facebook: There are 1.9 billion mobile active users (MAU) (Source: Facebook as of 1/28/15) an increase of 26 percent year-over-year.
Twitter: 288 million monthly active users and 80% of Twitter active users are on mobile
4 /30/20158
Background
Relevant features of mobile social networking.
Context information
4 /30/2015 9
Background
Relevant features of mobile social networking.Many applications enables the
creation of context-aware (location-aware) services that exploit social network information found on existing online social network.
These Apps pay little heed to the security and privacy concerns associated with revealing one’s personal social networking preferences and friendship information to the ubiquitous computing environment.
4 /30/201510
Outline
Introduction Background Security Analysis Solution Analysis Conclusion
Security and privacy issue
Direct anonymity Indirect anonymity or K-anonymity Eavesdropping, spoofing, replay, and
wormhole attacks
4 /30/2015 11
Security and privacy issue
Peer-to-Peer Model Client-Server Model
4 /30/2015 12
Security and privacy issue
P2P system
CS system
Direct anonymity YES YES
Indirect anonymity or K-anonymity
YES YES
Eavesdropping, spoofing, replay, and wormhole attacks
YES NO
Security and privacy issue
Direct anonymity
4 /30/2015 13
Security and privacy issue
Indirect anonymity or K-anonymity
4 /30/2015 14
Security and privacy issue
Eavesdropping, spoofing, replay, and wormhole attacks
4 /30/2015 15
4 /30/201516
Outline
Introduction Background Security Analysis Solution Analysis Conclusion
Solutions Identity Server and Anonymous Identifier
4 /30/2015 17
IS & AID
Generate AID using a cryptographic hash function such as SHA-1, with a random salt value.
Consume AID or remove AID when it is timeout
IS does not support the retrieval of personally identifiable information
Solves the direct anonymity problem.
4 /30/2015 18
K-Anonymity
Exploring the use of logic simplification algorithms such as Quine-McCluskey to solve K-Anonymity problem.
Algorithms determine admissible sets that should maintain to guarantee at least k minimal sets of users are always indistinguishable as related to the n sequential sets.
4 /30/2015 19
Eavesdropping, Spoofing, Replay, and Wormhole Attacks AIDs prevent spoofing and replay attacks. IS verifies if mobile device who attempts to
obtain social network information for the mobile user associated with this AID is within an acceptable range of this AID to solve Wormhole Attacks.
Provide reasonable protection against eavesdropping such as HTTPS.
4 /30/2015 20
4 /30/201521
Outline
Introduction Background Security Analysis Solution Analysis Conclusion
Conclusion
support anonymous exchange of social network information with real world location-based systems.
enable context-aware systems that do not compromise users’ security and privacy.
Show it is possible to move forward with creative mobile social network applications without further compromising user security and privacy.
4 /30/2015 22
4 /30/201523
Thank you !