The document proposes a security architecture called Twimight that allows for Twitter-like functionality during disasters when centralized connectivity is disrupted. Twimight uses opportunistic communication between devices using Bluetooth to spread tweets. It introduces the Twimight Disaster Server which acts as a certificate authority to sign keys and tweets to authenticate users and ensure integrity and confidentiality even when devices are disconnected. The server also helps manage revocation of keys if devices are lost or stolen.

1. Twitter in Disaster Mode: Security Architecture Theus Hossmann Dominik Schatzmann Franck Legendre Paolo Carta ETH Zurich, Switzerland Christian Rohner Per Gunningberg Uppsala Universitet, Sweden

2. [email_address] Source: XKCD (http://xkcd.com/723/)

3. [email_address] Source: Twitter Blog (http://blog.twitter.com/2011/06/global-pulse.html)

4. Network Outage in Japan [email_address] Operator # inoperative BS NTT DoCoMo 6720 KDDI 3800 Softbank 3786

5. Your Smart Phone, the Emergency Kit Temporary GSM network Wireless mesh network Satellite communication Opportunistic Communication DTN2 Haggle PodNet [email_address] ✗ ✓ Goal: Enable disaster victims to tweet instantaneously Deployment, configuration, etc. Requires experts > 1-2 days No expert skills required Instantly ready

6. [email_address] Twimight Simple yet flexible Wide spread (200M users) Wide spread Developer friendly Disaster Mode (user enabled with a simple settings check-box) ✓ Opportunistic Communication ✓ Security  Open source (Google Code)

7. Opportunistic Spreading of Tweets Bluetooth communication Periodic Scanning (2min ± 20sec) Power saving heuristic Reduced scanning interval at battery levels < 50% No more scanning at levels below 30% Epidemic spreading (flooding) Small data volumes FIFO buffer Publish tweets once connectivity is restored [email_address]

8. What about security? Problem: From centralized to distributed operation Authenticity & Integrity Confidentiality Goal: Achieve Twitter-equivalent security in disaster operation Sign Tweets and Messages Encrypt privat messages Our solution: The “Twimight Disaster Server” PKI, adapted for temporarily disconnected networks [email_address] Key Idea: Prepare everything before it breaks! ! !

9. The Twimight Disaster Server [email_address]

10. Step 1: Server-side User Identification Client obtains OAuth tokens from Twitter Client sends tokens (over HTTPS) to TDS Server receives Twitter user ID using tokens [email_address] 1. Oauth 2. Send tokens 3. Get user ID

11. Step 2: Inter-client User Identification Client generates Key Pair (RSA, 2048Bit) Client sends Public Key to TDS Server sends certificate (signed with TDS key) to client Client signs Tweets using its Private Key Client attaches certificates to Tweets for verification [email_address] 1. Create keys 2. Send PK 3. Send certificate 4. Signed Tweets

12. Stolen/Lost device Revoke key on TDS TDS manages a revocation list (certificate’s serial number) TDS distributes incremental list to devices Scalability?? Key Idea: Shored-lived certificates (days-weeks) Transmit and store only non-outdated records [email_address]

13. Additional benefits: Direct Messages Private unicast messages (Direct Messages) Adapted to disaster opertation: Encrypt Direct Messages TDS maintains list of followers TDS sends followers’ keys Client encrypts message with Public Key (and signs with Private Key) [email_address]

14. Summary [email_address]

15. Public release (Android Market) Bug fixes Awareness Scalability! Geo-location to the rescue.. Geographically limited flooding Smart tweet delivery Contact Graph based routing for Direct Messages Interest matching for tweets Geographically limited key revocation New Twitter features (photos, lists, etc.) What’s next? [email_address]

16. Thank You For Installing & Using Twimight  [email_address] http://code.google.com/p/twimight