The REL Project: Mobile-based Reliable Relations

Jean-Marc Seigneur, Patroklos Argyroudis, David O'Callaghan, Joerg Abendroth,

Security Interest Group (TCDSIG), Trinity College Dublin.

Web-based social/business network services such as openBC [1] build relationships among their users using the explicit establishment of links between them. With the emergence of wireless and mobile networks the area of social software has expanded to cover new application scenarios and domains. Cellular phone and PDA users are extremely mobile; hence their physical location becomes an important attribute in their interactions with the other users of the network. The NearMe [2] service notifies a mobile phone user when his friends are near to his physical location. Since physical location is considered private information, a user is able to control its accessibility by third parties by adjusting his privacy settings [2]. BlueFOAF [3] is a similar effort for discovering nearby mobile friends using the Bluetooth wireless medium. BlueFOAF uses the Friend-of-a-Friend (FOAF) [4] specification in order to allow the creation of machine-readable lists of people and the links between them.

The goal of the REL project is to enable easy, large-scale, anytime anywhere access to, and use of social network services, with the underlying requirements to restrict and control the access to the user's information with little manual intervention.

The underlying requirement may be due to privacy expectations or because, in business settings, sharing a list of contacts with everybody else leads to covert channel attacks carried out by competitors who want to unveil unofficial alliances and potential new customers, who are already the customers of their competitors. The number of opportunities and interactions in mobile settings is increased. However, many more interactions with strangers imply many more manual security tasks to be carried out. Interactions are still uncertain but also more rushed and less convenient than in front of a personal computer. Security usability becomes very important because sacrificing usability for security often sacrifices both. To fulfil this requirement, we are evaluating the use of computational trust because the intrinsic property of trust to evolve dynamically, interaction after interaction, with little human intervention improves security auto-configuration [5]. The goal of a computational trust engine is to provide the security mechanisms based on the human notion of trust in the digital world. Researchers are working both theoretically and practically towards the latter goal. Marsh's PhD thesis presents how trust can be formalized as a computational concept [6]. In a trust engine, privileges (for example, access to the full list of contacts of another user) are dynamically granted. The decision-making process uses the trustworthiness of the requester based on pieces of evidence (e.g., direct observations or recommendations from other trustworthy friends) and the risk involved in the interaction: the action that would maintain the appropriate cost/benefit is chosen (for example, it is beneficial because the requester seems to be trustworthy, said to have many potential customers in his/her contact list and there is no business conflict-of-interest). The REL project provides a framework for evaluating many different existing trust metric schemes. It allows us to quickly implement trust metrics found in the literature, incorporate them into REL and compare them in respect to performance and security requirements. Two trust metrics are under evaluation. The trust value of the simple one is a scalar quantity on a [0...1] scale, with 0 representing total distrust and 1 blind trust. The trust values associated to people more than one hop away from the user, that is indirect trust values, are calculated with a discounting function, which has the following properties: all users trust themselves to the highest value; it is asymmetric (if user A trusts user B, B does not necessarily trust A); a user does not trust a remote user more than he/she trusts any intermediate user; trust gradually declines as we move away from the source user; the recommendations of trustworthy friends are more highly valued. The second trust metric is based on the EU-funded SECURE trust engine [7], which is based on a formal model of trust including means to reason about uncertainty, context, implications of decentralised identity privacy protection and risk.

Concerning easy, large-scale, anytime anywhere access to, and use of social network services, we are evaluating the exchange channels of mobile computing devices for access to social network services based on proximity mechanisms. The most important – readily available on a large scale – technologies for wireless data exchange in short-range situations are infrared and Bluetooth. We do not consider the IEEE 802.11 wireless medium since it has not been designed for short-range communications and therefore the great majority of mobile phones do not support it. The main advantage of infrared for close proximity data exchanges is that it is very widespread, supported by a great range of devices and most users are already familiar with it. Another advantage is its backwards compatibility with previous infrared standards and therefore with older mobile phone models. However, most implementations of infrared are particularly slow and the process of establishing and maintaining the point-to-point link is often cumbersome. On the other hand, its short-range and narrow angle provides a simple form of user-controlled security. Secure association [8] must be taken into account. Bluetooth is a radio frequency specification. It is able to transmit through solid objects, its specified range of ten meters can be extended to 100 by increasing the transmission power and is omni-directional. The fact that a lot of manufacturers (like Nokia or Toshiba) are actively supporting Bluetooth suggests that it will soon be as widespread as infrared. The main advantage of Bluetooth is that the two communicating devices do not need to remain in a fixed position and their users can move around freely while the data exchange takes place. However, Bluetooth has a lot of design flaws in respect to security [9]. These directly led to the appearance of the first mobile phone worm which propagates via Bluetooth [10]. The final contribution of the REL project is a threat analysis of the mobile-phone telecommunication infrastructure applied to mobile-based social network services, which should be taken into account in the risk analysis done in the trust engine.

 [1] "openBC".

[2] Microsoft, "NearMe".

[3] "BlueFOAF".

[4] FOAF, "The Friend-of-a-Friend Project".

[5] J.-M. Seigneur, C. Damsgaard Jensen, S. Farrell, E. Gray, and Y. Chen, "Towards Security Auto-configuration for Smart Appliances", Proceedings of the Smart Objects Conference 2003.

[6] S. Marsh, "Formalising Trust as a Computational Concept", PhD Thesis, Department of Mathematics and Computer Science, University of Stirling, 1994.

[7] J.-M. Seigneur, V. Cahill, C. D. Jensen, E. Gray, and Y. Chen, "The SECURE Framework Architecture (Beta)", TCD Technical Report, 2004.

[8] T. Kindberg and K. Zhang, "Validating and Securing Spontaneous Associations between Wireless Devices", Technical Report HPL-2002-256, Hewlett-Packard, 2002.

[9] M. Jakobson and S. Wetzel, "Security Weaknesses in Bluetooth", Progress in Cryptology (CT-RSA 2001), pp. 176-191, LNCS 2020, Springer, 2001.

[10] "Worm.Symbian.Cabir.a", 2004.