Abstract
Wireless networks offer novel means to enhance social interactions. In particular, peer-to-peer wireless communications enable direct and real-time interaction with nearby devices and communities and could extend current online social networks by providing complementary services including real-time friend and community detection and localized data sharing without infrastructure requirement. After years of research, the deployment of such peer-to-peer wireless networks is finally being considered. A fundamental primitive is the ability to discover geographic proximity of specific communities of people (e.g, friends or neighbors). To do so, mobile devices must exchange some community identifiers or messages. We investigate privacy threats introduced by such communications, in particular, adversarial community detection. We use the general concept of community pseudonyms to abstract anonymous community identification mechanisms and define two distinct notions of community privacy by using a challenge-response methodology. An extensive cost analysis and simulation results throw further light on the feasibility of these mechanisms in the upcoming generation of wireless peer-to-peer networks.
Similar content being viewed by others
Notes
Note as well that as cellular networks approach their theoretical communication limits, peer-to-peer wireless offer an alternative to further extend wireless throughput between local devices.
References
Aka aki. http://www.aka-aki.com. Accessed 10 Jan 2012
Blue star. http://www.csg.ethz.ch/research/projects/Blue_star. Accessed 10 Jan 2012
Game mobile. http://www.gamemobile.co.uk/bluetoothmobilegames. Accessed 10 Jan 2012
Social serendipity. http://reality.media.mit.edu/serendipity.php. Accessed 10 Jan 2012
Arrington M (2007) http://www.techcrunch.com/2007/09/11/the-holy-grail-for-mobile-social-networks. Accessed 10 Jan 2012
Asokan N, Ginzboorg P (1999) Key agreement in ad-hoc networks. Comput Commun 23:1627–1637
Baden R, Bender A, Spring N, Bhattacharjee B, Starin D (2009) Persona: an online social network with user-defined privacy. ACM SIGCOMM Comput Commun Rev 39(4):135–146
Balfanz D, Durfee G, Shankar N, Smetters D, Staddon J, Wong HC (2003) Secret handshakes from pairing-based key agreements. In: IEEE S & P
Barth A, Boneh D, Waters B (2006) Privacy in encrypted content distribution using private broadcast encryption. In: Financial cryptography
Beresford AR (2005) Location privacy in ubiquitous computing. PhD thesis, University of Cambridge
Bilogrevic I, Jadliwala M, Lam I, Aad I, Ginzboorg P, Niemi V, Bindschaedler L, Hubaux JP (2012) Big brother knows your friends: on privacy of social communities in pervasive networks. In: Proceedings of the 10th international conference on pervasive computing (PERVASIVE)
Bindschaedler L, Jadliwala M, Bilogrevic I, Aad I, Ginzboorg P, Niemi V, Hubaux JP (2012) Track me if you can: on the effectiveness of context-based identifier changes in deployed mobile networks. In: Proceedings of the 19th annual network and distributed system security symposium (NDSS)
Blog ON (2010) Nokia instant community gets you social. http://conversations.nokia.com/2010/05/25/nokia-instant-community-gets-you-social. Accessed 10 Jan 2012
BlondelV,Guillaume J, Lambiotte R, Lefebvre E (2008) Fast unfolding of communities in large networks. J Stat Mech: Theory and Experiment. doi:10.1088/1742-5468/2008/10/P10008
Bradshaw RW, Holt JE, Seamons KE (2006) Concealing complex policies with hidden credentials. In: Proceedings of the ACM conference on computer and communications security (CCS)
Broch J, Maltz DA, Johnson DB, Hu YC, Jetcheva J (1998) A performance comparison of multi-hop wireless ad hoc network routing protocols. In: MobiCom, pp. 85–97
Buttyan L, Holczer T, Vajda I (2007) On the effectiveness of changing pseudonyms to provide location privacy in VANETs. In: Proceedings of the European workshop on security and privacy of Ad hoc and sensor networks (ESAS)
Camenisch J, Hohenberger S, Kohlweiss M, Lysyanskaya A, Meyerovich M (2006) How to win the clone wars: efficient periodic n-times anonymous authentication. In: Proceedings of the ACM conference on computer and communications security (CCS)
Chaum D, Heyst EV (1991) Group signatures. In: EUROCRYPT
Chen CHO, Chen CW, Kuo C, Lai YH, McCune JM, Studer A, Perrig A, Yang BY, Wu TC (2008) GAnGS: gather, authenticate ’n group securely. In: Proceedings of the ACM international conference on mobile computing and networking (MobiCom)
Eagle N, Pentland AS, Lazer D (2009) Inferring friendship network structure by using mobile phone data. National Academy of Sciences 106(36):15,274–15,278
Fiat A, Naor M (1994) Broadcast encryption. In: CRYPTO
Freedman M, Nissim K, Pinkas B (2004) Efficient private matching and set intersection. In: EuroCRYPT, pp 1–19
Gruteser M, Grunwald D (2005) Enhancing location privacy in wireless LAN through disposable interface identifiers: a quantitative analysis. Mob Netw Appl 10(3):315–325
Huang L, Matsuura K, Yamane H, Sezaki K (2005) Enhancing wireless location privacy using silent period. In: Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC)
Jarecki S, Kim J, Tsudik G (2008) Beyond secret handshakes: affiliation-hiding authenticated key exchange. In: CT-RSA
Jarecki S, Liu X (2007) Unlinkable secret handshakes and key-private group key management schemes. In: ACNS, pp 270–287
Jarecki S, Liu X (2009) Private mutual authentication and conditional oblivious transfer. In: CRYPTO, pp 90–107
Jarecki S, Liu X (2010) Affiliation-hiding envelope and authentication schemes with efficient support for multiple credentials. In: Automata, languages and programming
Khiabani M (2009) Metro-sexual. http://bit.ly/theranMetroSexual. Accessed 10 Jan 2012
Laroia R (2010) Future of wireless? The proximate internet. Keynote presentation. http://www.cedt.iisc.ernet.in/people/kuri/Comsnets/Keynotes/Keynote-Rajiv-Laroia.pdf. Accessed 10 Jan 2012
Li M, Sampigethaya K, Huang L, Poovendran R (2006) Swing & Swap: user-centric approaches towards maximizing location privacy. In: WPES, pp 19–28
Li N, Du W, Boneh D (2005) Oblivious signature-based envelope. Distrib Comput 17(4):293–302
Manulis M, Pinkas B, Poettering B (2010) Privacy-preserving group discovery with linear complexity. In: ACNS, pp 420–437
Nagaraja S (2010) The impact of unlinkability on adversarial community detection: effects and countermeasures. In: Proceedings of the privacy enhancing technologies symposium (PETS)
Palla G, Derenyi I, Farkas I, Vicsek T (2005) Uncovering the overlapping community structure of complex networks in nature and society. Nature 435(7043):814–818
Park D, Boyd C, Moon SJ (2004) Forward secrecy and its application to future mobile communications security. In: Public key cryptography, pp 433–445
Patently Apple (2010) iGroups: apple’s new iPhone social app in development http://www.patentlyapple.com/patently-apple/2010/03/igroups-apples-new-iphone-social-app-in-development.html. Accessed 10 Jan 2012
Paulos E, Goodman E (2004) The familiar stranger: anxiety, comfort, and play in public places. In: CHI, pp 223–230
Pfitzmann A, Kohntopp M (2001) Anonymity, unobservability, and pseudonymity—a proposal for terminology. In: Workshop on design issues in anonymity and unobservability
Putnam R (1995) Bowling alone: america’s declining social capital. J Democr 6(1):65–78
Rivest R, Shamir A, Tauman Y (2001) How to leak a secret. In: ASIACrypt
Setia S, Koussih S, Jajodia S, Harder E (2002) Kronos: a scalable group re-keying approach for secure multicast. In: Proceedings of the IEEE symposium on security and privacy (S&P)
Steiner M, Tsudik G, Waidner M (2000) Key agreement in dynamic peer groups. IEEE Trans Parallel Distrib Syst 11(8):769–780
Tsudik G, Xu S (2006) A flexible framework for secret handshakes. In: Proceedings of the privacy enhancing technologies symposium (PETS)
Vojnovic M, Boudec JYL (2005) Perfect simulation and stationarity of a class of mobility models. In: Proceedings of the IEEE international conference on computer communications (INFOCOM)
Xu S (2005) On the security of group communication schemes based on symmetric key cryptosystems. In: SASN, pp 22–31
Xu S, Yung M (2004) K-anonymous secret handshakes with reusable credentials. In: Proceedings of the ACM conference on computer and communications security (CCS)
Zheng P (2003) Tradeoffs in certificate revocation schemes. SIGCOMM Comput Commun Rev 33(2):103–112
Author information
Authors and Affiliations
Corresponding author
Appendix: Proof of Theorem 1
Appendix: Proof of Theorem 1
Proof
We prove the first part of Theorem 1 by showing that ability to breach community anonymity (CAN) implies ability to breach community unlinkability (CUN) as well.
Hence, let an arbitrarily chosen algorithm for breaching community anonymity be A CAN(p j ,C i ). The algorithm outputs yes if p j ∈ C i and no if \(p_{j} \not \in C_{i}\). We have for some communities C i (that do not belong to the graph G′):
Given A CAN, we can now construct a probabilistic algorithm, A CUN(p j ,p k ), for deciding whether any two community pseudonyms belong to the same community or not:
-
1.
Given community pseudonyms p j and p k each of which belong to either a community C 0 or to a community C 1.
-
2.
Call A CAN(p j , C 0) and guess if p j ∈ C 0.
-
3.
Call A CAN(p k , C 0) and guess if p k ∈ C 0 .
-
4.
Output yes if the two guesses both say yes or both say no, else output no.
The probability of success of A CUN(p j ,p k ) is μ = σ 2 + (1 − σ)2 where σ 2 corresponds to the case A CAN guesses both p j and p k correctly, and (1 − σ)2 corresponds to the case where A CAN does not guess either p j or p k correctly (but the final answer still is correct).
We observe that when σ = 0.5, we have μ = 0.5, when σ > 0.5, we have μ > 0.5 and when σ = 1, we have μ = 1. Hence, regardless of how the challenger chooses C 0 and C 1, we obtain that A CUN succeeds with probability greater than a random guess. This completes the first part of the proof.
We prove the second part by giving an example of a pseudonym scheme that has the property of CAN but not the property of CUN. We consider a scheme where every community is given a single community pseudonym. This kind of scheme was introduced in Section 4.1. Within a community, all users share the same pseudonym which has been chosen randomly. Consequently, community messages are trivially linkable, hence we do not have CUN. On the other hand, an adversary cannot break anonymity because it does not know how to relate pseudonyms to communities. Hence, there is CAN.□
Rights and permissions
About this article
Cite this article
Freudiger, J., Jadliwala, M., Hubaux, JP. et al. Privacy of Community Pseudonyms in Wireless Peer-to-Peer Networks. Mobile Netw Appl 18, 413–428 (2013). https://doi.org/10.1007/s11036-012-0406-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-012-0406-y