“Fairness-Aware and Privacy Preserving

Friend Matching Protocol in Mobile Social Networks”

Presented By:

Shailesh kumar

CONTENT Introduction System model adversary model and designing objectives Paillier homomorphic encryption The proposed blind transformation protocol The proposed fairness-aware and collusion free matching

protocol Security against interested/profile leaking Security against runway attack Security against collusion attack Evaluation Mobile social network Secure friend discovery in social network conclusion

Introduction Mobile social network (MNS) are becoming devoted part of our

lives.

We make new friends within physical proximity based on the personal profile matching.

A malicious and dishonest user launch the runway attack to store the personal information of users and it is completely disclosed to the public.

To prevent from runway attack, it is important to hide the correlation between the original vector and transformed result.

To achieve this, a novel blind vector transformation technique is introduced.

System, Adversary Model and Preliminaries

System Model In MSNs, a user launches a query to find a friend.

Vector P={p1,p2,….pn} is attributes of user’s profile.

pj=(j = 1,…,n) is an integer, which refers to an attribute of P.

Fig 1. System Architecture

When a user issues a query, he firstly generates the corresponding interest vector I = {i1, i2,……,in}.

Adversary Model and Designing Objective

The following adversary model is considered :- The Inference from Profile matching Privacy Inference from Aborting the protocol (Runway Attack)

Collusion Attack The proposed Protocol should satisfy the following

Designing objectives: Privacy Guarantee Fairness Assurance

Paillier Homomorphic Encryption The proposed protocol based on the Paillier Homomorphic

Encryption To understand the protocol Paillier Cryptosystem will help.

Key Generation: The entity's Paillier public and private keys are < N, g > and λ

Encryption: The ciphertext could be given by

E(m mod N, r mod N) = gmrn mod N2

Decryption: D(c) = L [(c λ mod N2)/L(g λ mod N2)] mod N

Homomorphic: given m1, m2, r1, r2, ϵ Zn , it satisfies the following homomorphioc property:

E (m1). E (m2) = E (m1 + m2)

The Proposed Protocols

Two types of protocol are proposed.

a) Blind Vector transformation Protocol

b) Fairness-aware and Collusion-free protocol

Blind Vector transformation Protocol

This protocol is allowing two untrusted parties to transform two vectors into the blind ones.

Five primitive operations in this protocol to achieve idea about how to hide the real value of profile.

Fig 2.Five primitive operation in blind transformation

Blind Vector transformation Protocol(cont..)

Ub and Ua are two profile of two different users. Ub performs the following blind transformation operations:

Blind Add: Ub generates a random vector rb, and then performs r’b = Encrypt (rb,pka).

Blind Append: Ub generates a random vector yb of length lb, and then performs y’b= Encrypt (yb, pka) to get P’a=VecExt(Pa; y’ b).

Blind Reverse: Ub randomly selects kb ϵ {1,2,…l2} and performs yb=VecRev(yb,kb), then obtains I’b= VecExt(Ib; yb).

Blind Shuffle: Ub performs I’’b= VecShuffle (I’b) and P’’a = VecShuffle (P’a) with the same order.

Fairness-aware and Collusion-free protocol To verify the interests and profiles match or not,Ua sends ha=H(sa||sb)

whereas Ub sends hb=H(sa||sb) to a randomly chosen verifier.

A potential weakness of the proposed basic protocol is that it may be vulnerable to collusion attack.

To thwart the collusion attack, this Matching protocol is based on Blind Linear Transformation is introduced.

In this protocol, instead of directly sending ha and hb to the verifier, an additional blind linear transformation round is introduced to protect the hash result.

Both users preserved their hash result by a pair of blinding numbers which are larger, thus collusion attack is considered impossible under this scheme.

Security Analysis

• Security Against Interest/Profile Leaking

• Security Against Runway Attack

• Security Against Collision Attack

Security Against Interest/Profile leaking

Pa is encrypted by Pallier Cryptogsystem, without any secret key and Ib is guaranteed by BPVT protocol.

After receiving the processed Pa and Ib, Ua can not correlate any item of Ib with the attributes in Pa.

At the same time, it is guaranteed for Ub that Ua can not test his interest by changing Pa arbitrarily.

Security Against Runway Attack

The upper bound of the successful probability that Ua could guess any item of Ib without any error.

If two users are not matched finally, they could not guess anything according to the comparing result.

Theorem:- Given a profile P and an interest I which are blind transformed and matched by following the proposed protocols, the correct-guess probability P(CG) that U could infer any item of I based on the blind transformed P and the comparing result s is bounded by 3/ln (n > 5), where n is the length of P and l is the number of attributes appended to P.

Security Against Collision Attack

Theorem : Given H(sr``b) the probability of guessing s^a and sb correctly is negligible.

This theorem prevents either side from guessing the actual value of the other side by brute-force search over the hash value.

To guess the parameters can be formalized as guessing (a; b) in y = ax + b given the knowledge of only one pair of (x; y), which is negligible.

The Fairness Assurance in matching phase is achieved in that the only results revealed so far are ``success'' or ``fail'', which is known to both sides at the same time.

Evaluation Evaluated the running time of protocol in Blind

Transformation, Fair Matching and Blind Linear Transformation phase.

3 security parameter length l = n, l = 2n, l = 3n.

Statistics of experiment results.

Executes time on blind transformation for different number of attributes(ms)

Execution time on fair matching phase for different number of attributes(ms).

Execution time on blind linear transformation for different number of attributes(ms).

Execution time on blind linear transformation for different number of attributes(ms).

• The growth of the execution time remains linear almost in all cases

• Thus the decryption or encryption time grows in proportion with the number of total attributes.

Related Work

• Mobile social network

• Secure Friend Discovery In Mobile Social Networks

Mobile Social Network

The explosive popularity of online social networks has attracted significant attention.

A large body of industrial efforts, which try to make location based friend discovery by providing Android or Ios based services.

Many apps like We Chat, Skout, Momo and others. These existing apps fail to consider hide users' profiles.

Designing a privacy-preserving friend matching protocol is highly desired for these apps.

Secure Friend Discovery In MSNs

To address serious security and privacy concerns, a novel techniques and protocols to compute social proximity introduced before.

Different from these existing works, first time user’s profiles is separated from their interest.

A novel Run-away attack is proposed, which may potentially introduce the unfairness issue.

The proposed scheme could well thwart this novel attack and thus achieve a better security.

Conclusion

A novel protocol is developed. That ensure the fairness and the privacy of privacy-

preserving interest and profile matching process. Our future work includes how to provide fine-grained

interest/profile matching and investigate more security and privacy issues in mobile social networks.

Thank you