Krishna P. N. Puttaswamy

Beyond Social Graphs: User Interactions in Online Social Networks and their Implications

Social networks are popular platforms for interaction, communication, and collaboration between friends. Researchers have recently proposed an emerging class of applications that leverage relationships from social networks to improve security and performance in applications such as email, Web browsing, and overlay routing. While these applications often cite social network connectivity statistics to support their designs, researchers in psychology and sociology have repeatedly cast doubt on the practice of inferring meaningful relationships from social network connections alone. This leads to the question: “Are social links valid indicators of real user interaction? If not, then how can we quantify these factors to form a more accurate model for evaluating socially enhanced applications?” In this article, we address this question through a detailed study of user interactions in the Facebook social network. We propose the use of “interaction graphs” to impart meaning to online social links by quantifying user interactions. We analyze interaction graphs derived from Facebook user traces and show that they exhibit significantly lower levels of the “small-world” properties present in their social graph counterparts. This means that these graphs have fewer “supernodes” with extremely high degree, and overall graph diameter increases significantly as a result. To quantify the impact of our observations, we use both types of graphs to validate several well-known social-based applications that rely on graph properties to infuse new functionality into Internet applications, including Reliable Email (RE), SybilGuard, and the weighted cascade influence maximization algorithm. The results reveal new insights into each of these systems, and confirm our hypothesis that to obtain realistic and accurate results, ongoing research on social network applications studies of social applications should use real indicators of user interactions in lieu of social graphs.

Silverline: toward data confidentiality in storage-intensive cloud applications

By offering high availability and elastic access to resources, third-party cloud infrastructures such as Amazon EC2 are revolutionizing the way todays businesses operate. Unfortunately, taking advantage of their benefits requires businesses to accept a number of serious risks to data security. Factors such as software bugs, operator errors and external attacks can all compromise the confidentiality of sensitive application data on external clouds, by making them vulnerable to unauthorized access by malicious parties. In this paper, we study and seek to improve the confidentiality of application data stored on third-party computing clouds. We propose to identify and encrypt all functionally encryptable data, sensitive data that can be encrypted without limiting the functionality of the application on the cloud. Such data would be stored on the cloud only in an encrypted form, accessible only to users with the correct keys, thus protecting its confidentiality against unintentional errors and attacks alike. We describe Silverline, a set of tools that automatically 1) identify all functionally encryptable data in a cloud application, 2) assign encryption keys to specific data subsets to minimize key management complexity while ensuring robustness to key compromise, and 3) provide transparent data access at the user device while preventing key compromise even from malicious clouds. Through experiments with real applications, we find that many web applications are dominated by storage and data sharing components that do not require interpreting raw data. Thus, Silverline can protect the vast majority of data on these applications, simplify key management, and protect against key compromise. Together, our techniques provide a substantial first step towards simplifying the complex process of incorporating data confidentiality into these storage-intensive cloud applications.

Preserving Location Privacy in Geosocial Applications

Using geosocial applications, such as FourSquare, millions of people interact with their surroundings through their friends and their recommendations. Without adequate privacy protection, however, these systems can be easily misused, for example, to track users or target them for home invasion. In this paper, we introduce LocX, a novel alternative that provides significantly improved location privacy without adding uncertainty into query results or relying on strong assumptions about server security. Our key insight is to apply secure user-specific, distance-preserving coordinate transformations to all location data shared with the server. The friends of a user share this users secrets so they can apply the same transformation. This allows all location queries to be evaluated correctly by the server, but our privacy mechanisms guarantee that servers are unable to see or infer the actual location data from the transformed data or from the data access. We show that LocX provides privacy even against a powerful adversary model, and we use prototype measurements to show that it provides privacy with very little performance overhead, making it suitable for todays mobile devices.

Docx2Go: collaborative editing of fidelity reduced documents on mobile devices

Docx2Go is a new framework to support editing of shared documents on mobile devices. Three high-level requirements influenced its design -- namely, the need to adapt content, especially textual content, on the fly according to the quality of the network connection and the form factor of each device; support for concurrent, uncoordinated editing on different devices, whose effects will later be merged on all devices in a convergent and consistent manner without sacrificing the semantics of the edits; and a flexible replication architecture that accommodates both device-to-device and cloud-mediated synchronization. Docx2Go supports on-the-go editing for XML documents, such as documents in Microsoft Word and other commonly used formats. It combines the best practices from content adaptation systems, weakly consistent replication systems, and collaborative editing systems, while extending the state of the art in each of these fields. The implementation of Docx2Go has been evaluated based on a workload drawn from Wikipedia.

Securing Structured Overlays against Identity Attacks

Structured overlay networks can greatly simplify data storage and management for a variety of distributed applications. Despite their attractive features, these overlays remain vulnerable to the Identity attack, where malicious nodes assume control of application components by intercepting and hijacking key-based routing requests. Attackers can assume arbitrary application roles such as storage node for a given file, or return falsified contents of an online shoppers shopping cart. In this paper, we define a generalized form of the Identity attack, and propose a lightweight detection and tracking system that protects applications by redirecting traffic away from attackers. We describe how this attack can be amplified by a Sybil or Eclipse attack, and analyze the costs of performing such an attack. Finally, we present measurements of a deployed overlay that show our techniques to be significantly more lightweight than prior techniques, and highly effective at detecting and avoiding both single node and colluding attacks under a variety of conditions.

Improving anonymity using social links

Protecting user privacy in network communication is vital in todaypsilas open networking environment. Current anonymous routing protocols provide anonymity by forwarding traffic through a static path of randomly selected relay nodes. In practice, however, malicious relays can perform passive logging attacks to compromise the anonymity of a flow. This degradation is accelerated when nodes fail, forcing source node to reconstruct a path, and in doing so, leaking more information to passive loggers. This ldquopredecessor attackrdquo is highly effective and difficult to defend against on current systems. In this paper, we propose a highly effective approach to blocking predecessor attacks by leveraging trusted links from social networks. We first show how users can completely shield themselves from traditional logging attacks. We then propose a hybrid logging attack optimized for social networks, and perform detailed analysis to show that we can defend against it using optimized path selection techniques. Finally, we analyze detailed measurement traces from Facebook to show that our approach is indeed feasible given the user behavior in social networks today.

Protecting anonymity in dynamic peer-to-peer networks

Peer-to-peer anonymous networks offer the resources to support todaypsilas Internet applications. In todaypsilas dynamic networks, the key challenge to these systems arises from node dynamics and failures that disrupt anonymous routing paths, forcing them to be frequently rebuilt. Not only do these path rebuilds interrupt application sessions, but they also leak information to logging attacks such as the predecessor attack, leading to significant degradation of anonymity over long sessions. In this paper, we propose Bluemoon, a new anonymous protocol that provides strong resilience against the predecessor attack through the use of persistent anonymous links called hooks. When chained together, these links create robust anonymous paths that avoid path disruptions and rebuilds across node failures. Through detailed analysis, we show that relative to prior approaches, Bluemoon provides significantly stronger resistance against predecessor attacks. Finally, we implement and deploy a prototype on both local and Internet-scale network testbeds, and show that it provides high throughput even in high-load environments such as PlanetLab.

A Case for Unstructured Distributed Hash Tables

Structured peer-to-peer overlays support compelling applications such as large-scale file systems and distributed backup using the distributed hash table (DHT) interface. While unstructured file-sharing systems continue to flourish, wide adoption of structured applications has been elusive. We explore an alternative path to deployment of these applications by asking the question, can structured applications be run on top of unstructured overlays? We build an unstructured distributed hash table (UDHT) on top of state of the art search and topology management mechanisms, and evaluate whether it can sufficiently emulate properties of DHTs to support structured applications.

Fidelity-Aware Replication for Mobile Devices

Mobile devices often store data in reduced resolutions or custom formats in order to accommodate resource constraints and tailor-made software. The Polyjuz framework enables sharing and synchronization of data across a collection of personal devices that use formats of different fidelity. Layered transparently between the application and an off-the-shelf replication platform, Polyjuz bridges the isolated worlds of different data formats. With Polyjuz, data items created or updated on high-fidelity devices-such as laptops and desktops-are automatically replicated onto low-fidelity, mobile devices. Similarly, data items updated on low-fidelity devices are reintegrated with their high-fidelity counterparts when possible. Polyjuz performs these fidelity reductions and reintegrations as devices exchange data in a peer-to-peer manner, ultimately extending the eventual-consistency guarantee of the underlying replication platform to the multifidelity universe. In this paper, we present the design and implementation of Polyjuz and demonstrate its benefits for fidelity-aware contacts management and picture sharing applications.

Deja vu: fingerprinting network problems

We ask the question: can network problems experienced by applications be identified based on symptoms contained in a network packet trace? An answer in the affirmative would open the doors to many opportunities, including non-intrusive monitoring of such problems on the network and matching a problem with past instances of the same problem. To this end, we present Deja vu, a tool to condense the manifestation of a network problem into a compact signature, which could then be used to match multiple instances of the same problem. Deja vu uses as input a network-level packet trace of an applications communication and extracts from it a set of features. During the training phase, each application run is manually labeled as GOOD or BAD, depending on whether the run was successful or not. Deja vu then employs a novel learning technique to build a signature tree not only to distinguish between GOOD and BAD runs but to also sub-classify the BAD runs, revealing the different classes of failures. The novelty lies in performing the sub-classification without requiring any failure class-specific labels. We evaluate Deja vu in the context of the multiple web browsers in a corporate environment and an email application in a university environment, with promising results. The signature generated by Deja vu based on the limited GOOD/BAD labels is as effective as one generated using full-blown classification with knowledge of the actual problem types.