Meetup: Secure Encounter Based Social Networking
Published on Sep 16, 2019
Encounter-based social networks and encounter-based systems link users who share a location at the same time, as opposed to the traditional social network paradigm of linking users who have an offline friendship. This new approach presents challenges that are fundamentally different from those tackled by previous social network designs. In this paper, we explore the functional and security requirements for these new systems, such as availability, security, and privacy, and present several design options for building secure encounter-based social networks.
To highlight these challenges we examine one recently proposed encounter-based social network design and compare it to a set of idealized security and functionality requirements. We show that it is vulnerable to several attacks, including impersonation, collusion, and privacy breaching, even though it was designed specifically for security. Mindful of the possible pitfalls, we construct a flexible framework for secure encounter-based social networks, which can be used to construct networks that offer different security, privacy, and availability guarantees.
We describe two example constructions derived from this framework, and consider each in terms of the ideal requirements. Some of our new designs fulfill more requirements in terms of system security, reliability, and privacy than previous work. We also evaluate real-world performance of one of our designs by implementing a proof-of-concept iPhone application called Meet Up. Experiments highlight the potential of our system and hint at the deployability of our designs on a large scale.
We developed a prototype of our design, called MeetUp, which uses visual authentication for encounter information exchange and verification. At the core of our system is a visual authentication scheme that provides authenticity guarantees for users involved in an encounter. Our authentication scheme capitalizes on that people are good at remembering faces but worse at remembering names. Encounter-based networks with visual authentication would play to people’s strengths, allowing anyone who remembers a face to later connect with the “owner” of that face, without the need to remember additional information. MeetUp uses Tor hidden services to provide an anonymous communication channel for the second phase of our protocol. By performing preliminary real world experiments using plausible deployment settings, and considering user feedback, we highlight the end-user usability of our system and its feasibility for deployment at larger scales.
DISADVANTAGES OF EXISTING SYSTEM:
Encounter-based designs do not consider even basic security and privacy requirements along with functionality and performance. They present a dramatically different set of challenges, not the least of which is security and privacy of users and authenticity of the other party in a conversation.
Guarantees that are trivial in traditional social networks, such as authenticity (ensuring one is communicating with the desired person), become open problems in encounter-based networks.
The main contribution of this paper is an encounter based social network design, our techniques can be employed for a wide range of applications, such as a drop-in replacement for a face-to-face key distribution service for future secure communication, e.g. SPATE, or for privacy-preserving file sharing systems, e.g. OneSwarm. In OneSwarm, untrusted users get their keys from an online key distribution center. Using our design, one may distribute keys to untrusted users based on some shared activity—an encounter. Any application that requires key pre-distribution, such as storage services, private file-sharing systems, private collaboration groups, etc, would benefit from our design in the same way. Another example is a scientific meeting, where some researchers present their work, and others participate in discussions, and no one has time to introduce themselves to everyone. We can employ our encounter-based system for private on-the-fly name and business card distribution—concerte examples are discussed
ADVANTAGES OF PROPOSED SYSTEM:
We examine the extent to which SMILE, a recent state-of-the art design of secure encounter-based social network, meets these requirements, showing that it is vulnerable to many attacks.
We propose a new and generic architecture for encounter-based social networking that greatly differs from the architecture of previously proposed systems and suggest two possible implementations, each striking a balance between performance and security.
We show the feasibility of our designs by implementing a proof-of-concept system— including an iPhone application called MeetUp—conforming to our requirements and evaluating its performance in real world settings using mobile devices
· User Registration & Login
· Friends Request
· Send and Receive messages
User Registration & Login
In MeetUp every user must register with the MeetUp server, to register in the MeetUp every user must send a request from the Android mobile client, to register every user send a request to MeetUp server with the details such as Name, email id, password, dob, city and profile photo for MeetUp. After successfully register with the MeetUp server an ID card for the MeetUp service is generated and send it to the user. To login to the MeetUp android application user need to provide the email id and password which is given at the time of registration. Upon successful registration every user will receive the public key from the MeetUp server. MeetUp server will generate a public key for every user and send it to the user. they key is used for sending and receiving messages from other users.
After successfully login into the MeetUp application user can see the list of friends he/she already connected with. From there he can send and receive the messages to the friends. User also can see the list of encountered users who are near to the user’s current location. The encounter is shown the user based on the current location of user and other members. When encounter user are showing, no personal details can be viewed by the user before make connection with that user. He can see only the MeetUp Id card of that encountered user, and can send the friendship request to that user.
In this module the sent and received friends request in MeetUp application is managed. If a user sees anybody in the encountered list, he can send friend request to that user. Initially in encountered user can see the basic information of that encountered user. Upon seeing the details he send the friend request. The user also has the option to see the friends request received from other user. Then he can also accept or reject the particular request. After accepting friend request to any user, both user can send and receive the messages through MeetUp server.
Send and Receive messages
User can send and receive messages from/to the friends already connected with the MeetUp application. If a user wants to send message to his friend the message will be encrypted with the recipient public key. This is because nobody can read the messages of a particular user and if even anybody have access to the MeetUp server then he can only see the encrypted form of the messages of the users. The messages are stored in the MeetUp server in the encrypted format. The message is encrypted with the recipient public key. If a user wants to see the received messages the messages are retrieved from the MeetUp server in encrypted format. After retrieving the messages will be decrypted with the public key of the user.
CPU type : Pentium IV 2.4 GHz.
Clock speed : 3.0 GHz
Ram size : 512 MB
Hard disk capacity : 40 GB
Monitor type : 15 Inch color monitor
Keyboard type : internet keyboard
Mobile : ANDROID MOBILE
Operating system : Windows XP.
Coding Language : Java 1.7
Tool Kit : Android 2.3
IDE : Eclipse