Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet

Outline Introduction The Problem Motivation Model Constructions Discussion

Introduction Transitive trust relationships Goal: to leverage social relationships to guide interactions with others users in online systems that use social networks. or IM contexts – Black/white-listing

The Problem Compare list of friends/contacts and find intersection Privacy issues

Motivation Content-based spam filters – False positives Whitelists – Forge From: addresses – Does not accept from previously unknown sources – Populating requires manual effort RE: – Automatically expands set of senders who to accept from by examining user’s social network – Does not prevent parties from “lying” about information they present (friends they give out)

Model Social network can be modeled as a directed graph where a presence of an arc (or ) indicates existence of social relationship Find bridging friends and Privacy concerns

Model Social link should express consent of both parties Forward trust –, Backward authorization –,

Constructions Hash-based construction Privacy in the face of collusions

Hash-Based Implementation Each user R has a signing/verification key pair SK R /VK R, and a secret seed for cryptographic pseudo-random hash function F For each social link, user R creates an attestation for user X and sends it along with. R receives from X. Each arc is associated with a (pseudo-)random key (a-value)

Privacy in the Face of Collusions Backward authorization implemented in hash- based scheme is transferable Hash-based scheme, R gives out the same secret to all X s.t. Solution: different shared secret key to each X Proximity check protocol uses same overall structure as that of hash-based scheme

Discussion Where else can this be applied? – P2P file sharing – Bluetooth – Phone services/VoIP Does the model make sense? – It is assumed that system has proximity check mechanism – Can be implemented at a higher level? How to transfer attestations?

Discussion How to revoke attestations? – Time limit Is collusion a privacy concern? – Would share their resources anyway! What are the effects of multi-hop proximity? – Is it practical/safe?

Discussion How would a malicious user exploit the system? – Viruses – Sybil attacks – Are the consequences worse? Anything else?

Proximity Checking Consider, and For, S encrypts attestation – – where is a secure symmetric cipher – and S also includes – tab

Proximity Checking S creates list of tabbed encrypted attestations (one for each incoming social relationship), and sends to R along with request

Proximity Checking User R processes list by looking at tab components Looks for relationships of the form Since R holds – can compute – Generates own set of tabs – Compares with received from S

Proximity Checking Match between tabs guarantees same seed was used by both R and S Bridging friend T revealed R computes key and decrypts encrypted attestation, recovering Concludes and

Performance Comparison