Skip to main content
SpringerLink
Log in

Privacy of Community Pseudonyms in Wireless Peer-to-Peer Networks

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Wireless networks offer novel means to enhance social interactions. In particular, peer-to-peer wireless communications enable direct and real-time interaction with nearby devices and communities and could extend current online social networks by providing complementary services including real-time friend and community detection and localized data sharing without infrastructure requirement. After years of research, the deployment of such peer-to-peer wireless networks is finally being considered. A fundamental primitive is the ability to discover geographic proximity of specific communities of people (e.g, friends or neighbors). To do so, mobile devices must exchange some community identifiers or messages. We investigate privacy threats introduced by such communications, in particular, adversarial community detection. We use the general concept of community pseudonyms to abstract anonymous community identification mechanisms and define two distinct notions of community privacy by using a challenge-response methodology. An extensive cost analysis and simulation results throw further light on the feasibility of these mechanisms in the upcoming generation of wireless peer-to-peer networks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. Note as well that as cellular networks approach their theoretical communication limits, peer-to-peer wireless offer an alternative to further extend wireless throughput between local devices.

References

  1. Aka aki. http://www.aka-aki.com. Accessed 10 Jan 2012

  2. Blue star. http://www.csg.ethz.ch/research/projects/Blue_star. Accessed 10 Jan 2012

  3. Game mobile. http://www.gamemobile.co.uk/bluetoothmobilegames. Accessed 10 Jan 2012

  4. Social serendipity. http://reality.media.mit.edu/serendipity.php. Accessed 10 Jan 2012

  5. Arrington M (2007) http://www.techcrunch.com/2007/09/11/the-holy-grail-for-mobile-social-networks. Accessed 10 Jan 2012

  6. Asokan N, Ginzboorg P (1999) Key agreement in ad-hoc networks. Comput Commun 23:1627–1637

    Article  Google Scholar 

  7. Baden R, Bender A, Spring N, Bhattacharjee B, Starin D (2009) Persona: an online social network with user-defined privacy. ACM SIGCOMM Comput Commun Rev 39(4):135–146

    Article  Google Scholar 

  8. Balfanz D, Durfee G, Shankar N, Smetters D, Staddon J, Wong HC (2003) Secret handshakes from pairing-based key agreements. In: IEEE S & P

  9. Barth A, Boneh D, Waters B (2006) Privacy in encrypted content distribution using private broadcast encryption. In: Financial cryptography

  10. Beresford AR (2005) Location privacy in ubiquitous computing. PhD thesis, University of Cambridge

  11. Bilogrevic I, Jadliwala M, Lam I, Aad I, Ginzboorg P, Niemi V, Bindschaedler L, Hubaux JP (2012) Big brother knows your friends: on privacy of social communities in pervasive networks. In: Proceedings of the 10th international conference on pervasive computing (PERVASIVE)

  12. Bindschaedler L, Jadliwala M, Bilogrevic I, Aad I, Ginzboorg P, Niemi V, Hubaux JP (2012) Track me if you can: on the effectiveness of context-based identifier changes in deployed mobile networks. In: Proceedings of the 19th annual network and distributed system security symposium (NDSS)

  13. Blog ON (2010) Nokia instant community gets you social. http://conversations.nokia.com/2010/05/25/nokia-instant-community-gets-you-social. Accessed 10 Jan 2012

  14. BlondelV,Guillaume J, Lambiotte R, Lefebvre E (2008) Fast unfolding of communities in large networks. J Stat Mech: Theory and Experiment. doi:10.1088/1742-5468/2008/10/P10008

  15. Bradshaw RW, Holt JE, Seamons KE (2006) Concealing complex policies with hidden credentials. In: Proceedings of the ACM conference on computer and communications security (CCS)

  16. Broch J, Maltz DA, Johnson DB, Hu YC, Jetcheva J (1998) A performance comparison of multi-hop wireless ad hoc network routing protocols. In: MobiCom, pp. 85–97

  17. Buttyan L, Holczer T, Vajda I (2007) On the effectiveness of changing pseudonyms to provide location privacy in VANETs. In: Proceedings of the European workshop on security and privacy of Ad hoc and sensor networks (ESAS)

  18. Camenisch J, Hohenberger S, Kohlweiss M, Lysyanskaya A, Meyerovich M (2006) How to win the clone wars: efficient periodic n-times anonymous authentication. In: Proceedings of the ACM conference on computer and communications security (CCS)

  19. Chaum D, Heyst EV (1991) Group signatures. In: EUROCRYPT

  20. Chen CHO, Chen CW, Kuo C, Lai YH, McCune JM, Studer A, Perrig A, Yang BY, Wu TC (2008) GAnGS: gather, authenticate ’n group securely. In: Proceedings of the ACM international conference on mobile computing and networking (MobiCom)

  21. Eagle N, Pentland AS, Lazer D (2009) Inferring friendship network structure by using mobile phone data. National Academy of Sciences 106(36):15,274–15,278

    Article  Google Scholar 

  22. Fiat A, Naor M (1994) Broadcast encryption. In: CRYPTO

  23. Freedman M, Nissim K, Pinkas B (2004) Efficient private matching and set intersection. In: EuroCRYPT, pp 1–19

  24. Gruteser M, Grunwald D (2005) Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. Mob Netw Appl 10(3):315–325

    Article  Google Scholar 

  25. Huang L, Matsuura K, Yamane H, Sezaki K (2005) Enhancing wireless location privacy using silent period. In: Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC)

  26. Jarecki S, Kim J, Tsudik G (2008) Beyond secret handshakes: affiliation-hiding authenticated key exchange. In: CT-RSA

  27. Jarecki S, Liu X (2007) Unlinkable secret handshakes and key-private group key management schemes. In: ACNS, pp 270–287

  28. Jarecki S, Liu X (2009) Private mutual authentication and conditional oblivious transfer. In: CRYPTO, pp 90–107

  29. Jarecki S, Liu X (2010) Affiliation-hiding envelope and authentication schemes with efficient support for multiple credentials. In: Automata, languages and programming

  30. Khiabani M (2009) Metro-sexual. http://bit.ly/theranMetroSexual. Accessed 10 Jan 2012

  31. Laroia R (2010) Future of wireless? The proximate internet. Keynote presentation. http://www.cedt.iisc.ernet.in/people/kuri/Comsnets/Keynotes/Keynote-Rajiv-Laroia.pdf. Accessed 10 Jan 2012

  32. Li M, Sampigethaya K, Huang L, Poovendran R (2006) Swing & Swap: user-centric approaches towards maximizing location privacy. In: WPES, pp 19–28

  33. Li N, Du W, Boneh D (2005) Oblivious signature-based envelope. Distrib Comput 17(4):293–302

    Article  Google Scholar 

  34. Manulis M, Pinkas B, Poettering B (2010) Privacy-preserving group discovery with linear complexity. In: ACNS, pp 420–437

  35. Nagaraja S (2010) The impact of unlinkability on adversarial community detection: effects and countermeasures. In: Proceedings of the privacy enhancing technologies symposium (PETS)

  36. Palla G, Derenyi I, Farkas I, Vicsek T (2005) Uncovering the overlapping community structure of complex networks in nature and society. Nature 435(7043):814–818

    Article  Google Scholar 

  37. Park D, Boyd C, Moon SJ (2004) Forward secrecy and its application to future mobile communications security. In: Public key cryptography, pp 433–445

  38. Patently Apple (2010) iGroups: apple’s new iPhone social app in development http://www.patentlyapple.com/patently-apple/2010/03/igroups-apples-new-iphone-social-app-in-development.html. Accessed 10 Jan 2012

  39. Paulos E, Goodman E (2004) The familiar stranger: anxiety, comfort, and play in public places. In: CHI, pp 223–230

  40. Pfitzmann A, Kohntopp M (2001) Anonymity, unobservability, and pseudonymity—a proposal for terminology. In: Workshop on design issues in anonymity and unobservability

  41. Putnam R (1995) Bowling alone: america’s declining social capital. J Democr 6(1):65–78

    Article  Google Scholar 

  42. Rivest R, Shamir A, Tauman Y (2001) How to leak a secret. In: ASIACrypt

  43. Setia S, Koussih S, Jajodia S, Harder E (2002) Kronos: a scalable group re-keying approach for secure multicast. In: Proceedings of the IEEE symposium on security and privacy (S&P)

  44. Steiner M, Tsudik G, Waidner M (2000) Key agreement in dynamic peer groups. IEEE Trans Parallel Distrib Syst 11(8):769–780

    Article  Google Scholar 

  45. Tsudik G, Xu S (2006) A flexible framework for secret handshakes. In: Proceedings of the privacy enhancing technologies symposium (PETS)

  46. Vojnovic M, Boudec JYL (2005) Perfect simulation and stationarity of a class of mobility models. In: Proceedings of the IEEE international conference on computer communications (INFOCOM)

  47. Xu S (2005) On the security of group communication schemes based on symmetric key cryptosystems. In: SASN, pp 22–31

  48. Xu S, Yung M (2004) K-anonymous secret handshakes with reusable credentials. In: Proceedings of the ACM conference on computer and communications security (CCS)

  49. Zheng P (2003) Tradeoffs in certificate revocation schemes. SIGCOMM Comput Commun Rev 33(2):103–112

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. EPFL, 1015, Lausanne, Switzerland

    Julien Freudiger & Jean-Pierre Hubaux

  2. Wichita State University, Wichita, KS, USA

    Murtuza Jadliwala

  3. Nokia Research Center, Helsinki, Finland

    Valtteri Niemi & Philip Ginzboorg

Authors
  1. Julien Freudiger
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Murtuza Jadliwala
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Pierre Hubaux
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Valtteri Niemi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Philip Ginzboorg
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Murtuza Jadliwala.

Appendix: Proof of Theorem 1

Appendix: Proof of Theorem 1

Proof

We prove the first part of Theorem 1 by showing that ability to breach community anonymity (CAN) implies ability to breach community unlinkability (CUN) as well.

Hence, let an arbitrarily chosen algorithm for breaching community anonymity be A CAN(p j ,C i ). The algorithm outputs yes if p j  ∈ C i and no if \(p_{j} \not \in C_{i}\). We have for some communities C i (that do not belong to the graph G′):

$$ \sigma = Pr(A_{\rm CAN}(p_{j},C_{i}) \mbox{ is correct} ) >\frac{1}{2} $$

Given A CAN, we can now construct a probabilistic algorithm, A CUN(p j ,p k ), for deciding whether any two community pseudonyms belong to the same community or not:

  1. 1.

    Given community pseudonyms p j and p k each of which belong to either a community C 0 or to a community C 1.

  2. 2.

    Call A CAN(p j , C 0) and guess if p j  ∈ C 0.

  3. 3.

    Call A CAN(p k , C 0) and guess if p k  ∈ C 0 .

  4. 4.

    Output yes if the two guesses both say yes or both say no, else output no.

The probability of success of A CUN(p j ,p k ) is μ = σ 2 + (1 − σ)2 where σ 2 corresponds to the case A CAN guesses both p j and p k correctly, and (1 − σ)2 corresponds to the case where A CAN does not guess either p j or p k correctly (but the final answer still is correct).

We observe that when σ = 0.5, we have μ = 0.5, when σ > 0.5, we have μ > 0.5 and when σ = 1, we have μ = 1. Hence, regardless of how the challenger chooses C 0 and C 1, we obtain that A CUN succeeds with probability greater than a random guess. This completes the first part of the proof.

We prove the second part by giving an example of a pseudonym scheme that has the property of CAN but not the property of CUN. We consider a scheme where every community is given a single community pseudonym. This kind of scheme was introduced in Section 4.1. Within a community, all users share the same pseudonym which has been chosen randomly. Consequently, community messages are trivially linkable, hence we do not have CUN. On the other hand, an adversary cannot break anonymity because it does not know how to relate pseudonyms to communities. Hence, there is CAN.□

Rights and permissions

Reprints and permissions

About this article

Cite this article

Freudiger, J., Jadliwala, M., Hubaux, JP. et al. Privacy of Community Pseudonyms in Wireless Peer-to-Peer Networks. Mobile Netw Appl 18, 413–428 (2013). https://doi.org/10.1007/s11036-012-0406-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-012-0406-y

Keywords

Search

Navigation