Fine-grained Private Matching for Proximity-based Mobile Social Networking INFOCOM 2012 Rui Zhang, Yanchao Zhang Jinyuan (Stella) Sun Arizona State University University of Tennessee Guanhua Yan Los Alamos National Laboratory 1
Proximity-based Mobile Social Networking (PMSN) Social interaction Among physically proximate users Using mobile devices, e.g., smartphone or tablet Directly through the Bluetooth/WiFi interfaces Valuable complement to web-based online social networking 2 Chat, file sharing, …
Private (Profile) Matching The process of two users comparing their profiles without disclosing any information beyond the comparison result An indispensible part of PMSN because People prefer to socialize with others having similar interests or background Privacy concern 3
Existing Private Matching Schemes 4 User profile comprises a list of attributes chosen from an underlying attribute set Ex: interests [Li et al.’11], friends [Arb et al.’08], disease symptoms [Lu et al.’10]
Existing Private Matching Schemes 5 Map private matching into the problem of Private set intersection (PSI), e.g., [Kissner&Song’05], [Ye et al.’08] Private set intersection cardinality (PSI-CA), e.g., [Freedman et al.’04], [Cristofaro& Tsudik’10] or
Limitations 6 Cannot differentiate users with the same attribute Ex: suppose that Alice, Bob, and Mario all like movie Watch movie twice a week Twice a week Twice a month ?
Fine-grained Personal Profile 7 Movie 5 Sports 3 Cooking 0 Movie 5 Sports 3 Cooking 0 Movie 3 Sports 3 Cooking 0
Fine-grained Private Matching 8 Two users evaluate the similarity/distance between their personal profiles in a privacy- preserving fashion Finer differentiation Personalized profile matching Cannot be solved by PSI or PSI-CA
Outline 9 System model, problem formulation and cryptographic tool Fine-grained private matching protocols Protocol 1 Protocol 2 Protocol 3 Protocol 4 Performance evaluation Conclusion
System Model 10 Each user carries a mobile device, e.g., smartphone, with the same PMSN application installed Fine-grained profile Consists of attributes, e.g., interests User assigns an integer in to each attribute, e.g., to indicate the level of interest Each personal profile can be represented as a - dimensional vector
System Model (cont’) 11 Take Alice and Bob as two exemplary users A PMSN session consists of three phases Neighbor discovery Profile matching Social interaction Bob Alice
Problem Formulation 12 A set of candidate matching metrics Each is a function over two vectors measuring the distance between two personal profiles Alice chooses and runs a private matching protocol with Bob to compute
Privacy Levels 13 Privacy-level 1 (PL-1) When protocols ends, Alice learns ; Bob learns Privacy-level 2 (PL-2) When protocols ends, Alice learns ; Bob learns nothing Privacy-level 3 (PL-3) When protocols ends, Alice learns if for some threshold of her choice; Bob learns nothing
Cryptographic Tools: Paillier Cryptosystem [Paillier’99] 14 Encryption Homomorphic property Self-blinding property
Private Matching Protocol 1 (PL-1) 15 A non-trivial adaption of [Rane et al. 2010] Matching metric: distance
Protocol Intuition 16 For, define a function where Ex: We have
Protocol Intuition (cont’) 17 Define We have
Protocol Intuition (cont’) 18 We further have Known by AliceKnown by BobDot product
Detailed Protocol 19 Can be precomputed
Private Matching Protocol 2 (PL-2) 20 Matching metric Any additively separable functions that can be written as, for some functions Ex: (Weighted distance) ( distance) (Dot product)
Protocol Intuition 21 Convert any additive separable function into dot product computation For and, define functions and The th bit is1The th element is
Protocol Intuition (cont’) 22 Let We have
Detailed Protocol 23 Can be precomputed
Private Matching Protocol 3 (PL-3) 24 Matching metric Any additive separable function When protocol ends, Alice learns if, Bob learns nothing
Protocol Intuition 25 Let be three arbitrary positive integers, such that We have Assume that and are both integers The following inequalities are equivalent
Detailed Protocol 26 Can be precomputed
Detailed Protocol (cont’) 27
Private Matching Protocol 4 (PL-3) 28 Matching metric Protocols 1~3 cannot be directly applied Basic idea Transform into an additive function
Protocol Intuition: Similarity Matching 29
Protocol Intuition (cont’) 30 Three properties of similarity score Additive separable Directly affected by the value of Related to according to the following theorem Protocol 4 can be realized as a special case of Protocol 3 by choosing the similarity score as matching metric
Performance Evaluation Compare Protocols 1~3 with RSV [Rane et al. 2010] 31 Offline Comp.Online Comp.Comm. (bit) RSV Protocol 1 Protocol 2 Protocol bit exponentiation 2048-bit exponentiation 1024-bit multiplication 2048-bit multiplication
Simulation Results 32
Simulation Results 33
Conclusion We motivated the problem of fine-grained private matching for PMSN We presented a set of novel private matching protocols supporting different matching metrics and privacy levels 34
Thank you Q&A 35