Summary by Patrick Skevik This paper presents a communication platform named Contrail. Its a decentralized network for smartphones, allowing developers to create social applications, games and sharing applications on top of it. A decentralized network would allow users to have a greater control over their privacy as there is no central storage that holds their data. Contrail attempts to create such a system. Contrail uses filters which are installed on a users smartphone. A user can request a filter to be installed on another user's smartphone, this could be to send messager, share photos or track locations. A user can deny or accept such a request. All the data sent between two or more users are stored in the cloud and it could be encrypted to further protect the privacy of the users. The idea behind Contrail is interesting, but it is based on using a cloud to send and store messager. It isn't really decentralized in the same way a P2P system is, and while it allows the user to encrypt the data, the cloud is still aware of a lot. It knows which users someone else is in contact with. It knows about filter requests, location data and more. ----- BEGIN SUMMARY ------ Contrail: enabling decentralized social networks on smartphones. By Guangyu Han ------------------------------ Nowadays lots of social network users uses smartphones in order to communicate and exchange data with the other users. In the typical design, social networks are implemented commonly are centralized.This need the customer trust with the third part. and a decentralized system can could help to deal with the trust problems. In this paper a decentralized system named Contrail is introduce to us aims at this issue . The design of Contrail consists of two main parts - sender side filters and cloud relays. Server side filters is used for prentending flooding network with unnecessary messages. cloud server solves the problem of delivering data from one mobile device to another. The authors presents an implementation of Contrail on Windows Azure, and Windows Mobile 6.5 for evaluation. The possibility of implementation Contrail with Facebook is also discussed in the paper. Questions Is the advantage of Contrail are as outstanding as the author state in pretend the privacy issue comparinging with the traditional methods ------------------END SUMMARY------- Summary by Ioana Livadarlu Contrail: Enabling Decentralised Social Networks on Smartphones - Patrick Stuedi, Iqbal Mohomed, Mahesh Balakrishnan, Rama Ramasubramanian, Ted Wobber, Doug Terry and Morley Mao ( 2011 ) The paper present Contrail, a communication platform that enables developers to build decentralised social networks applications. The components of the platformed are represented by : - a cloud-based messaging layer that allows reliable, secure communications between devices; - sender-side content filters, which execute on each edge device; The filters and the data is exchanged between the devices via cloud-based relays in encrypted form, providing thus privacy. The usage of such filters ensures also efficiency in terms of energy and bandwidth usage. The different types of applications can be build using this platform are location notification, real-time interactive applications, content sharing and sensor aggregation. From these different types a child-traking application is further detailed. In such an application location updates are send periodically from one device ( the child's device - Junior ) to another ( the mother's device - Alice ). If the the device that is sending the updates is out of a certain bound area, an alarm should be triggered. Using Contrail, Alice's device would install a filter on Junior's device. The application would run continuously on the child's device and generate information about its locations. This piece of information would then be pushed to the cloud. Alice's device would connect to the cloud and receive the information. The platform is implemented using the cloud platform Windows Azure and Windows Mobile 6.5 devices. The experiments ran on the platform show that it performs good in terms of end-to-end latency and throughput. Also, the proposed platform is scalable and the server-side filter do not introduce a high computational overhead. Questions: 1. What are the the limitations of the platform ? 2. Describe how other applications would be implemented using Contrail ? Summary by Adnan Malik Today technology has penetrated into everyone¨ªs life via different mediums. Among other communication ways one famous example is facebook. These social sites are very attractive and easier to use. The problem is privacy of end user. The data is kept at centralized location by such websites, This means that the data can be accessed by third parties. For example agencies can pull the data from these centralized locations to perform their operations. This threatens the end user about their privacy concerned. This paper discusses solution to such a problem by using an application, where this application uses the concept of decentralized storage of data. Also while communication is being carried out between users the data is encrypted such that only the parties interacting can encrypt and decrypt the data. The paper discusses example of Bob and Alice that before they start to communicate they are supposed to accept the plugin or signature and then this communication starts between them. This communication cannot be decrypted by any third party. Not only has this but it also supported the location finding. For example Alice may get an alert if bob goes to an unlikely place. And if alice is offline then whenever she gets online , she will not get bulk of location messages but only the last updated location messages. Moreover the messages are stored at the cloud while one user in in offline mode and as soon as the user gets online the user gets the messages and then the messages are deleted from the cloud. The paper also gives example of location alert if a user sets alert on specific locations like campus, So if second user comes at campus gate then the first user will get the location alert. All the communication is done through decentralized communication medium and no data is saved, This helps to overcome privacy issues. Summary by Sasha Mile Rudan Paper Contrail analysis ¡ñ This paper present a research on privacy-distributed systems formed mainly of mobile devices. The research proposes Contrail, a system that doesn¡¯t present a pure network-distributed systems. ¡ñ Cotnrail depends on a central cloud service and it uses standard Internet connection and TCP/IP routing protocols. Sender sends message to the central cloud service; to one of ¡°proxies¡± and message got stored in the storage tier and eventually delivered to receiver(s). The idea is that all messages are encrypted and content is known only to end-points, while cloud service is used only for routing and buffering messages (storage tier); for offline receiver, or the case of sender having faster bandwidth than receiver. ¡ñ Opposite than Pub/Sub pattern/architecture where matching and filtering processing is done at the centralized servers which raises privacy concerns; both regarding central server knowing user interests and having access to data. Contrail gives privacy since send-filters are filtering at the trusted sender point. However, another important problem is with sending clients being required to upload all content, no matter of any other user interest. ¡ñ Reduced upload is in Contrail achieved through sender-installed receiver-interest-filters. ¡ð This clearly makes sense from network bandwidth perspective, however ¡ð from the social-network perspective it is hard to see the reason of producer producing social content that she primarily keeps on her machine and waits for someone to show the interest for the content. ¡ð At the same time we have a problem of social discover, that authors didn¡¯t pay attention to. ¡ñ In some sense, this paper present a solution that is trying to offer ultimate experience of social-distributed network without covering all aspects, and in that sense happens to be ¡°overblown¡± and unfinished solution. ¡ñ Personal impression of reading paper is shared. ¡ð First, there is a fresh air of solid implementation of the solution authors are presenting coming from that solution was at least PoC developed in the R&D part of Microsoft. ¡ð However this also introduced a lot of unnecessary details, and some general lack of state-of-the-art knowledge, which ended up in presenting some more standard solution as a kind of revolutionary solutions :) or missing some critical components of the system as key-management-trust-server, etc. ¡ñ Estimates seems to be elaboreted, however some of them are either pointless or too simple (i.e. using ping (it can have different priority at the level of TCP/IP, etc). ¡ñ Regarding the discussion of mobile devices issues there are some misleading; most of these concepts are relevant to the regular computers as well, especially laptops: turned off, battery, disconnected, ¡­ it is mostly related to distributed architecture rather than smartphone characteristics. ¡ñ I didn¡¯t understand claims behind download efficiency: If business logic is on server (centralized) than that is not issue. Same for i.e. Facebook, FB machinery decides already what user is interested in, or user can describe filters of interest. ¡ñ Regarding: ¡°For a transport layer to assist applications in achieving this goal, it has to understand application-level requirements; in other words, the application has to specify to the transport layer which devices require what data.¡±; Isn¡¯t that a standard way of higher level -> lower level communication?! Higher level issues communication request for data sending, etc. ¡ñ When authors are describing type of messages being sent over the Contrail, it seems wrong to state that there are only 2 types of messages. If we are talking about social networks we should consider more social discovery. For example, here is missing a social discovery / semantic messages which will announce new features/ interests/ domains that other agents/users could be interested in. How user¡¯s will get interested into something they do not know it exist? This will introduce THIRD KIND of message; publishing new interests. In general, this is my dominant uncomfortable feeling about distributed networks solutions, they are trying to propose ultimate solution, complete solution instead of explicitly stressing they are solving just one, distributed, aspect and do not say there ARE TWO KIND of messages, but they are CONSIDERING TWO KIND of messages ¡ñ I have doubts regarding encryption and key-material exchange component of Contrail ¡ð There are more security issues with this approach. First, how they will share public keys, and avoid main-in-the-middle-atacks. ¡ð Secondly, how cloud can trust client, receiver, that he is really the right one, and according to delivery delete messages. ¡ð Thirdly, malicious user can send other messages pretending he is Bob, etc. Especially in the case of multicasting when new key is expected. So, we need to sign message (digest, challenge, ..) with sender key also to prove authenticity. We need to support key revocation, etc, etc. Ok, they considered authentication, but still the whole concept of public-key -> user relation trust, etc is non cinsidered at all. ¡ð Conclusion, there is need for CENTRALIZED service guaranteeing connection between user and her public key, or initial safe channel for the public keys exchange. ¡ñ The whole area of routing users/messages and cloud knowledge of topology is a grey area of this paper. I assume that malicious cloud can anyway learn over time (based on communication paths) who are friends (white-lists) even if it doesn¡¯t have access to white-lists. What about DeviceID generation, origin and uniqueness?! ¡ñ Again regarding social-user-experience and message acknowledgment and message repetition sending: ¡ð What if receiving device downloads the message but proxy do not receive acknowledgment, etc? Do messages get resent¡­? ¡ð It is explained later, OK. So it behaves more like UDP rather than TCP protocol, which gives me impression of social-network-low level protocol, that requires social-network-high level protocol to satisfy final user experience. ¡ð later, related to the Off-By-Default approach: for a reasonable social-network experience, I believe purely Off-By-Default approach is not sufficient, there must be discovery-extension or support of additional channels used prior switching to Off-By-Default channel. ¡ñ I do not see any explanation how filter mapping in the tree structure is organized? Based on the data type or ...?