research-article

Combining social authentication and untrusted clouds for private location sharing

Authors:

Andrew K. Adams,

Adam J. LeeAuthors Info & Claims

SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies

Pages 15 - 24

https://doi.org/10.1145/2462410.2462421

Published: 12 June 2013 Publication History

Abstract

Recently, many location-sharing services (LSSs) have emerged that share data collected using mobile devices. However, research has shown that many users are uncomfortable with LSS operators managing their location histories, and that the ease with which contextual data can be shared with unintended audiences can lead to regrets that sometimes outweigh the benefits of these systems. In an effort to address these issues, we have developed SLS: a secure location sharing system that combines location-limited channels, multi-channel key establishment, and untrusted cloud storage to hide user locations from LSS operators while also limiting unintended audience sharing. In addition to describing the key agreement and location-sharing protocols used by SLS, we discuss an iOS implementation of SLS that enables location sharing at tunable granularity through an intuitive policy interface on the user's mobile device.

References

[1]

Amazon s3. https://s3.amazonaws.com/.

[2]

J. Backes, M. Backes, M. Dürmuth, S. Gerling, and S. Lorenz. X-pire! - a digital expiration date for images in social networks. CoRR, abs/1112.2649, 2011.

[3]

D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking To Strangers : Authentication in Ad-Hoc Wireless Networks. In ISOC Network and Distributed Systems Security Symposium (NDSS), 2002.

[4]

L. Bauer, L. F. Cranor, R. W. Reeder, M. K. Reiter, and K. Vaniea. Real life challenges in access-control management. In CHI 2009: Conference on Human Factors in Computing Systems, pages 899--908, April 2009.

Digital Library

[5]

J. T. Biehl, E. Rieffel, and A. J. Lee. When privacy and utility are in harmony: Towards better design of presence technologies. Personal and Ubiquitous Computing, 2012.

Digital Library

[6]

J. T. Biehl, E. G. Rieffel, and A. J. Lee. When privacy and utility are in harmony: towards better design of presence technologies. Personal and Ubiquitous Computing, 17(3):503--518, 2013.

Digital Library

[7]

Bump. http://bu.mp.

[8]

Y. Cai and T. Xu. Design, analysis, and implementation of a large-scale real-time location-based information sharing system. Proceeding of the 6th international conference on Mobile systems applications and services MobiSys 08, page 106, 2008.

Digital Library

[9]

Datalocker. http://www.appsense.com/labs/data-locker.

[10]

D. Dolev and A. C. Yao. On the security of public key protocols. In Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, SFCS '81, pages 350--357, Washington, DC, USA, 1981. IEEE Computer Society.

Digital Library

[11]

S. Egelman, A. Oates, and S. Krishnamurthi. Oops, i did it again: mitigating repeated access control errors on facebook. In CHI 2011: Conference on Human Factors in Computing Systems, pages 2295--2304, 2011.

Digital Library

[12]

Facebook places. http://www.facebook.com/about/location?_fb_noscript=1.

[13]

M. Farb, M. Burman, G. Singh, C. Jon, and M. A. Perrig. Safeslinger: An easy-to-use and secure approach for human trust establishment. http://www.cmu.edu/homepage/computing/2012/winter/safeslinger.shtml.

[14]

Foursquare. https://foursquare.com/.

[15]

R. Geambasu, T. Kohno, A. Levy, and H. M. Levy. Vanish: Increasing data privacy with self-destructing data. In Proc. of the 18th USENIX Security Symposium, 2009.

Digital Library

[16]

Glympse. http://www.glympse.com/.

[17]

Google latitude. https://www.google.com/latitude/.

[18]

J. Lindqvist, J. Cranshaw, J. Wiese, J. Hong, and J. Zimmerman. I'm the mayor of my house : Examining why people use foursquare - a social-driven location sharing application. Design, 54(6):2409--2418, 2011.

[19]

R. Mayrhofer and H. Gellersen. Shake Well Before Use: Intuitive and Secure Pairing of Mobile Devices. IEEE Transactions on Mobile Computing, 8(6):792--806, June 2009.

Digital Library

[20]

J. McCune, A. Perrig, and M. Reiter. Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication. In IEEE Symposium on Security and Privacy, pages 110--124. IEEE, 2005.

Digital Library

[21]

B. Palanisamy and L. Liu. Mobimix: Protecting location privacy with mix-zones over road networks. Data Engineering, International Conference on, 0:494--505, 2011.

Digital Library

[22]

S. Patil, G. Norcie, A. Kapadia, and A. J. Lee. Reasons, rewards, regrets: Privacy considerations in location sharing as an interactive practice. In Symposium on Usable Privacy and Security (SOUPS), July 2012.

Digital Library

[23]

R. W. Reeder, L. Bauer, L. F. Cranor, M. K. Reiter, K. Bacon, K. How, and H. Strong. Expandable grids for visualizing and authoring computer security policies. In CHI 2008: Conference on Human Factors in Computing Systems, pages 1473--1482, 2008.

Digital Library

[24]

R. Schlegel, A. Kapadia, and A. J. Lee. Eyeing your exposure: quantifying and controlling information sharing for improved privacy. In Proceedings of the Seventh Symposium on Usable Privacy and Security, SOUPS '11, pages 14:1--14:14, New York, NY, USA, 2011. ACM.

Digital Library

[25]

A. Shamir. How to share a secret. Commun. ACM, 22(11):612--613, 1979.

Digital Library

[26]

R. Shokri, G. Theodorakopoulos, G. Danezis, J.-P. Hubaux, and J.-Y. Le Boudec. Quantifying Location Privacy: The Case of Sporadic Location Exposure. In The 11th Privacy Enhancing Technologies Symposium (PETS), 2011.

Digital Library

[27]

R. Shokri, G. Theodorakopoulos, J.-Y. Le Boudec, and J.-P. Hubaux. Quantifying Location Privacy. In 2011 Ieee Symposium On Security And Privacy (Sp 2011), IEEE Symposium on Security and Privacy, pages 247--262. Ieee Computer Soc Press, Customer Service Center, Po Box 3014, 10662 Los Vaqueros Circle, Los Alamitos, Ca 90720--1264 Usa, 2011.

Digital Library

[28]

J. Y. Tsai, P. Kelley, P. Drielsma, L. F. Cranor, J. Hong, and N. Sadeh. Who's viewed you?: the impact of feedback in a mobile location-sharing application. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '09, pages 2003--2012, New York, NY, USA, 2009. ACM.

Digital Library

[29]

Y. Wang, S. Komanduri, P. Leon, G. Norcie, A. Acquisti, and L. Cranor. I regretted the minute i pressed share: A qualitative study of regrets on facebook. In Symposium on Usable Privacy and Security (SOUPS), 2011.

Digital Library

[30]

F. L. Wong and F. Stajano. Related Work in Multichannel Security Protocols. IEEE Pervasive Computing, 6(4):31--39, 2007.

Digital Library

[31]

www.MyVoucherCodes.co.uk. Average brit has 476 facebook friends compared to 152 mobile phone contacts, 2011.

Cited By

Alomar NAlsaleh MAlarifi A(2017)Social Authentication Applications, Attacks, Defense Strategies and Future Research Directions: A Systematic ReviewIEEE Communications Surveys & Tutorials10.1109/COMST.2017.265174119:2(1080-1111)Online publication date: Oct-2018
https://doi.org/10.1109/COMST.2017.2651741
Rossi FCalheiros RDe Rose C(2017)A Terminology to Classify Artifacts for Cloud InfrastructureResearch Advances in Cloud Computing10.1007/978-981-10-5026-8_4(75-92)Online publication date: 28-Dec-2017
https://doi.org/10.1007/978-981-10-5026-8_4
Nagar NSuman U(2016)Two Factor Authentication Using M-Pin Server for Secure Cloud Computing EnvironmentWeb-Based Services10.4018/978-1-4666-9466-8.ch046(1053-1066)Online publication date: 2016
https://doi.org/10.4018/978-1-4666-9466-8.ch046
Show More Cited By

Index Terms

Combining social authentication and untrusted clouds for private location sharing
1. Networks
  1. Network protocols
    1. Application layer protocols

Recommendations

Secure and private search protocols for RFID systems

In many real world applications, there is a need to search for RFID tagged items. In this paper, we propose a set of protocols for secure and private search for tags based on their identities or certain criteria they must satisfy. When RFID enabled ...
An RFID system based MCLT system with improved privacy
EUC'06: Proceedings of the 2006 international conference on Emerging Directions in Embedded and Ubiquitous Computing

Radio Frequency Identification (RFID) systems are increasingly becoming accepted for many EPC Network applications. However, RFID systems have some privacy problems. In this paper, a system for missing child location tracking in the EPC Network ...
Examining Privacy Concern in Social-Driven Location Sharing: An Empirical Study on Chinese Popular SNSs
COMPSAC '13: Proceedings of the 2013 IEEE 37th Annual Computer Software and Applications Conference

Sharing location in SNSs has witnessed rapid development in recent years. Privacy is undoubtedly a barrier to the adoption of such location sharing services. In this paper, we investigate what factors affect users' privacy concerns and how privacy ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies

June 2013

278 pages

ISBN:9781450319508

DOI:10.1145/2462410

General Chair:
Mauro Conti
University of Padua, Italy
,
Program Chairs:
Jaideep Vaidya
Rutgers University, USA
,
Andreas Schaad
SAP AG, Germany

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '13

Sponsor:

SIGSAC

SACMAT '13: 18th ACM Symposium on Access Control Models and Technologies

June 12 - 14, 2013

Amsterdam, The Netherlands

Acceptance Rates

SACMAT '13 Paper Acceptance Rate 19 of 62 submissions, 31%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
198
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Alomar NAlsaleh MAlarifi A(2017)Social Authentication Applications, Attacks, Defense Strategies and Future Research Directions: A Systematic ReviewIEEE Communications Surveys & Tutorials10.1109/COMST.2017.265174119:2(1080-1111)Online publication date: Oct-2018
https://doi.org/10.1109/COMST.2017.2651741
Rossi FCalheiros RDe Rose C(2017)A Terminology to Classify Artifacts for Cloud InfrastructureResearch Advances in Cloud Computing10.1007/978-981-10-5026-8_4(75-92)Online publication date: 28-Dec-2017
https://doi.org/10.1007/978-981-10-5026-8_4
Nagar NSuman U(2016)Two Factor Authentication Using M-Pin Server for Secure Cloud Computing EnvironmentWeb-Based Services10.4018/978-1-4666-9466-8.ch046(1053-1066)Online publication date: 2016
https://doi.org/10.4018/978-1-4666-9466-8.ch046
Nagar NSuman U(2014)Two Factor Authentication using M-pin Server for Secure Cloud Computing EnvironmentInternational Journal of Cloud Applications and Computing10.4018/ijcac.20141001044:4(42-54)Online publication date: Oct-2014
https://doi.org/10.4018/ijcac.2014100104

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents