findu privacy preserving personal profile matching in mobile social networks n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
FindU : Privacy-Preserving Personal Profile Matching in Mobile Social Networks PowerPoint Presentation
Download Presentation
FindU : Privacy-Preserving Personal Profile Matching in Mobile Social Networks

Loading in 2 Seconds...

  share
play fullscreen
1 / 26
annick

FindU : Privacy-Preserving Personal Profile Matching in Mobile Social Networks - PowerPoint PPT Presentation

147 Views
Download Presentation
FindU : Privacy-Preserving Personal Profile Matching in Mobile Social Networks
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. FindU: Privacy-Preserving Personal Profile Matching in Mobile Social Networks Ming Li*, Ning Cao*, Shucheng Yu+ and Wenjing Lou* *Worcester Polytechnic Institute, Dept. of ECE +University of Arkansas at Little Rock, Dept. of CS IEEE INFOCOM 2011, Shanghai, China April. 10 - 15, 2011 1

  2. Outline Motivation Problem Formulation Main Design Security Analysis Performance Evaluation Conclusion 2

  3. Mobile Social Network Mobile Social Networks (MSN): the proliferating of mobile devices • Location based services • Augmented reality • Making new connections using MSN (profile matching) 3

  4. Profile Matching in MSN Applications • Symptom matching in mobile health social network • Finding “familiar strangers” and initiate a small-talk • Finding likeminded vehicles on the road • Finding lost connections • More…. Matched 1 interest: running Matched 1 interest: running {running, pingpong, swimming} {running, tennis, golf} B A 4

  5. Profile Matching in MSN (cont’d) Privacy issues • User profiling: active or passive • Individual privacy: get to know a specific user’s sensitive attributes (e.g., a disease) • Group privacy: malicious activities based on group attributes (e.g., salesman from a pharmacy do marketing) Goal: reveal only the necessary information to each other during matching 5

  6. Existing Solutions Directly publish and exchange the profile of each user • MagnetU, http://www.magnetu.com/ E-Smalltalker[Yang et.al., ICDCS 2010] • Use hash table to encode user’s attributes; exchange hash table • Suffers from dictionary attack – though can be salted to alleviate Same-symptom-based handshaking [Lu et. al., MONET 10] • Establish a secret key only if two patients share exactly same symptom • Need semi-online trusted authority to distribute key material • Uses pairing based cryptography- expensive 6

  7. Contributions Formulate the problem of privacy-preserving profile matching in MSN (for the first time) • Three levels of privacy are defined • No central authority Propose two private set intersection schemes to achieve increasing privacy, based on secure multiparty computation (SMC) and secret sharing • Enhance the efficiency in computation & communication Prove the security of the schemes, and evaluate performance via simulations 7

  8. Outline Motivation Problem Formulation Main Design Security Analysis Performance Evaluation Conclusion 8

  9. Model Network of N parties, P1 (initiator), P2, …, PN (candidates), each with a set of attributes . Initiator wants to find out the “best match”, i.e., the party with maximal (similarity). • Based on the intersection set with best match, P1 decides whether to make connection. Communication is one-hop, all nodes are in rage; secure pairwise communication channel exist already Security model: adversary is honest-but-curious, but can also launch some active attacks; adversaries can collude. 9

  10. Privacy Levels Level 1 privacy: P1 and each candidate only learn the their intersection set: , but adversary learns nothing more beyond the output and its private input Level 2 privacy: P1 and each candidate only learn the size of their intersection set: Level 3 privacy: P1 and each candidate only learn the rank of the size of their intersection set: • P1 is required to only connect with P* (best match) and know their intersection set but not others, to reveal least information about candidates. 10

  11. Challenges No central trusted authority • Need to achieve high security, while being fully distributed Resource constraint on mobile devices • Existing works in SMC have high computational complexity or communication overhead Existing cryptographic solutions are too expensive • Private set intersection (PSI) • Private cardinality of set intersection (PCSI) 11

  12. Outline Motivation Problem Formulation Main Design Security Analysis Performance Evaluation Conclusion 12

  13. Technical Preliminaries Shamir Secret Sharing Scheme: (t,w)-SS • Pick a random t degree polynomial q(x)=a0+a1x+···+atxt • The secret is (or can be made) a number: D • a0=D • D1=q(1), ···, Di=q(i), ···, Dw=q(w) t-collusion resistance 13

  14. Technical Preliminaries Secure Multiparty Computation based on SS • Homomorphic addition • Multiplication can be achieved via a two-round protocol • Given shares , the parties want to compute the shares of , i.e. . Additive Homomorphic Encryption • To compute E(m1+m2), given , without knowing the private key. 14

  15. The Basic Scheme • Express sets using polynomials • P1 has Pi has • Pi’s set is expressed by coefficients of • For each of P1’s attribute xj, • Parties publish the shares of their attributes xj and polynomial coefficients aik 15

  16. The Basic Scheme • Parties will compute shares of collaboratively • Rij - random numbers jointly generated by P1 and Pi not known by anyone • Using - recall the two properties • 2t+1 out of N parties need to be involved for P1 and Pi • Enhancement is made during the SMC phase to lower the communication cost 16

  17. The Basic Scheme • Protocol is efficient in computation and communication • Result revealing: • Values of {Fi(xj)}1≤j≤n remain in secret shared forms between P1 and Pi before their shares are revealed to each other, to provide verifiability 17

  18. The Advanced Scheme • Parties first compute shares of • securely using the basic scheme • Must blind from P1 the correspondence between its inputs and outputs - to achieve PL2 • Idea: using a blind-and-permute (BP) method • Employ additive homomorphic encryption • We reduce the number of invocations of the BP protocol using share conversion 18

  19. Outline Motivation Problem Formulation Main Design Security Analysis Performance Evaluation Conclusion 19

  20. Complexity Analysis Computation and communication costs t: maximum tolerated number of colluders m: number of attributes of a candidate user n: number of attributes used by the initiator (query) N: total number of participants 20

  21. Simulation Study Setup • Implement in NS2, since crypto libraries for SMC aren’t available on smart phone yet • Assume 400MHz CPU and WIFI, and tell the simulator the size of each group element, and the computation time of each primitive • Estimated energy consumption using established models for WiFi on cellphone platform. • Compared with FNP 04 (PCSI) and FC 10 (PSI) schemes. 21

  22. Simulation Results Total run time • Change n (number of attributes of P1) • Change m (number of attributes of Pi) Our schemes are more practical when the number of profile attributes is large, while the number of query attributes is relatively small 22

  23. Simulation Results Total run time • Change N, fix t (collusion threshold) • Change t, fix N (total number of parties) Advantage of our proposed schemes: when n and N are both relatively small (in the order of tens) 23

  24. Security Comparison Advantages of our schemes • Information-theoretic security for basic scheme under HBC (honest-but-curious) model • Resist from active attacks 24

  25. Conclusion We have formulated and addressed the privacy-preserving profile matching problem in MSNs We used secure multiparty computation to achieve desired security levels while using secret sharing to reduce the computation overhead Simulation shows our protocols are suitable under practical MSN scenarios – relatively small n and N, but large m. 25

  26. The End Thank you! Questions and Answer 26