Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
ESP Egocentric Social Platform T. J. Purtell, Ian Vo, Monica S. Lam
With: Kanak Biscuitwala, Willem Bult, Dan Boneh, Ben Dodson, Steve Fan, and Frank Wang,
Global Social Platforms
• Ideal for
▫ Meeting strangers
▫ Stalking people
▫ Discovering long lost hook-ups
▫ Marketing
▫ Hosting lots of personal pictures for free
▫ Laboring in the virtual world to avoid real work
• EULA for most networks
▫ Provider owns everything you post.
Egocentric Social Platforms
• Ideal for
▫ Sharing freely
“I am not going to be at my home which is at 14233 Ridge Way for 2 weeks”
▫ Maintaining boundaries
Mixing Work + Friends = Work Rules
▫ Quantified Self Apps
▫ Social Finance and Health Apps
▫ Limited global internet connectivity
Arab spring, natural disaster, 3rd world
Mobile First
• Always on
• Often connected
• Always with you
Direct Connection DENIED!
• Friend is offline… can’t send a message.
• Friend is on 3G… NAT doesn’t work.
• Friend is at work… firewall blocked it.
• The cloud and phones must BUFFER.
Separation of Concerns
• Break the system into parts
• Allow consumer choice for those parts
• Better competition, better evolution
• Choice must not be HARD
The Split
• Identity
▫ Use existing providers; already have accounts
• Short-term data
▫ Notification/message routing
▫ Temporary Blobs
• Long-term data
▫ Backup services
An OS Service
Connecting people to run apps is the next evolution of smart device platforms.
• ESP is the backend for Musubi
• Social ACLs embedded with encrypted data
• OS (Musubi for now) handles smart messaging
Social Primitives - Identity
1. Establish an Identity
2. Connect with Friends
3. Short Push Messaging
4. Large Pull Messaging
Everything Encrypted
• Friends need to exchange public keys
• Original Musubi generated an RSA key pair on install
• No way to message someone unless they are already a user
• No way to reuse existing phone address book
IBC to the Rescue
• What if the email address, Facebook ID, etc is the public key?
• Public key would exist before a user installs.
• Private key allows users to prove their identity P2P
Identity-Based Cryptography
• Shamir invented using the email address as the public key for signatures in 1984.
• Encryption of a message to a person using their email address as the public key went unsolved...
• Boneh and Franklin accomplished this in 2001 using elliptic curve pairings (Weil).
IBC: Server derives the private key
• The public keys are all well-known and there are public parameters for the IBC server.
• Any client can check a signature or encrypt a message to someone without talking to the server.
• To sign or decrypt a message you need the private key.
IBC: Identity Based Cryptography
public
parameters
• Verify
• Decrypt
IBC: Revocation
• Implicit time based revocation in IBC.
• Private key is tied to a specific time frame
• Stolen private key = only lose control of data sent during that time frame
• Lost private key = just request it again
Identities and Friends
• Solved with IBC + Mobile phone address book
• Can communicate P2P with trust
• Ideal : OAuth provider offers IBC key service
• Today: Stanford hosts a generic IBC for Gmail+FB+…
Improved Revocation
• IBC automatically expires keys
• Every message includes implicit revocation
• Check authorization token at start for revocation through existing mechanisms
Social Primitives - Data
1. Establish an Identity
2. Connect with Friends
3. Short Push Messaging
4. Large Pull Messaging
Protecting Data
• Messages encrypted with AES
• Social ACL attached ▫ hashed identities ▫ IBC encrypted secrets
• Encryption enforces ACL
▫ Servers can apply it at a higher level
• ACL serves as routing information
Message Routing
• “IP”: Identity
• Each device has a message queue
• Identity is a fan out to multiple devices
• Frequently used groups can be fan outs
• Messages buffered to stable storage
Adapted AMQP Queue – A stream of messages buffered persistently until consumed
Exchange – A destination for a message that rebroadcasts it to other exchanges or queues
Large Pull Messaging
• Small messages ideal for push
• HD quality is still needed
• Push a thumbnail with a pointer to a large blob of data
• Other devices download the full copy lazily
ESP Architecture All data are
encrypted outside the mobile device
First Time Flow
Activate an Existing Identity
Contact a Friend for the 1st Time
Responding to the 1st Message
Evaluation
IBC and Mobile Device Performance
• An IBC operation takes a second!
• Use cached AES key between a pair of individuals
▫ Embedded in social ACL
▫ Protected by IBC
• Update the pair key when either identity expires
▫ On average 15 days
Message Format
Social Behavior Models
• IBC Expiration: 1 month
Facebook Twitter Contextual
# senders 229 friends 100 followings 20 friends
# recipients 229 friends 10,000 followers 20 friends
# posts / day 100 100 10,000
# msgs received / sender / day
100 100 10,000
msg length 50 KBytes 4 KBytes 4KBytes
Sending Costs
• r: # receivers
• s: # senders
Operation CPU Time (ms) Frequency
Compute channel key 78 2 • s / t
Sign encrypted channel key 340 2 • s / t
Load cached channel key 0.58 ms* r
SHA256 of message headers 0.0067 • r ms
SHA256 of message body 0.026 • l ms
AES encrypt secret block 0.78 ms * r
AES encrypt message body 0.42 • l ms * r
• t: Expiration period (1 month) • ms : Messages sent
Receiving Costs
• r: # receivers
• mr: Messages received
• t: Expiration period (1 month)
Operation CPU Time (mr) Frequency
Check user signature 590 2 • s / t
Decrypt channel key 522 2 • s / t
Load cached channel key 0.59 mr
AES decrypt secret block 0.85 mr
AES decrypt message body 0.43 • l mr
SHA256 of message headers 0.0067 • r mr
SHA256 of message body 0.026 • l mr
Cost for Network Types
Simulated Network
Min Latency
Size Overhead (in bytes)
% CPU Send
% CPU Receive
Facebook 360 ms 59,266 0.05% 0.7%
Contextual 74 ms 5,423 0.4% 5.6%
Twitter 14 s 2,589,186 1.9% 5.4%
Future
• ESP messaging deployed in Musubi for Android
• Work on big blobs and real-time sessions is ongoing
• What apps need full ESP access vs. Musubi firewalled social access?
• Standards…
Conclusion
• Attack the open SNS problem with crypto
• Make the services required dead simple
• Smarts on the devices… They can handle it
• ESP is the basis for a compelling platform… http://mobisocial.stanford.edu/musubi