Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Do I Know You? Efficient, Privacy-Preserving Protocols for Finding Common Friends Marcin Nagy, Aalto University (joint work with Emiliano De Cristofaro,

Published byArjun Allender Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Do I Know You? Efficient, Privacy-Preserving Protocols for Finding Common Friends Marcin Nagy, Aalto University (joint work with Emiliano De Cristofaro,"— Presentation transcript:

1 1 Do I Know You? Efficient, Privacy-Preserving Protocols for Finding Common Friends Marcin Nagy, Aalto University (joint work with Emiliano De Cristofaro, Alexandra Dmitrienko, N. Asokan, Ahmad-Reza Sadeghi) 12 th December 2013

2 Problem How can you find if you have common friends with someone (nearby)? … in a privacy-preserving way 2

3 Applications Intuitive means for specifying access control –Ride sharing –Tethering Internet access –... Information –Friend radar... 3

4 Requirements privacy: –no more info. to participants than about common friends –no additional info. to anybody else (e.g., FourSquare) authenticity: –no false claims of friendship efficiency: –applicable for mobile usage –minimize expensive crypto operations 4

5 Outline Current approaches Our approach: using Bloom Filters “Common Friends” framework 5

6 Outline Current approaches Our approach: using Bloom Filters “Common Friends” framework Using bloom Filters “Common Friends” framework 6

7 Using a trusted server FourSquare, Tencent,... I am at 7 BobAngela

8 Using a trusted server FourSquare, Tencent, … UserLocation Angela(x,y) Bob(x,y)... Who is near me? “Angela” Privacy  Authenticity  Efficiency  8 AngelaBob

9 Private Set Intersection Protocols PSI Input set S I IR Input set S R S I  S R PSI-CA Input set S I IR Input set S R |S I  S R | Secure in the honest-but-curious model O(|S I |+|S R |) modular exponentiations 9 [De Cristofaro et al, FC’10, Asiacrypt ’10, CANS’12]FC’10Asiacrypt ’10CANS’12 Initiator Responder

10 PSI Finding Common Friends using PSI naively Friend ID Anna Carol... Friend ID Carol David... “Carol” Privacy? Authenticity  Efficiency  10 BobAngela

11 Finding Common Friends using PSI with capabilities 1. Distribute (short-lived) bearer capability to friends 2. Private Set Intersection on capability sets to find common friends PSI Social Network UserCapability Angelaxx Bobxx... Privacy  Authenticity  Efficiency  [PeerShare, Nagy et. al., NordSec 2013 ]NordSec 2013 11

12 Other approaches Authorized PSI –Input from one side (R), authorized by a trusted (off-line) CA –O(n) modular exponentiations in the size of the input sets Private discovery of common social contacts –Friendship certificates exchanged ahead of time –O(n) modular exponentiations in the size of the input sets Privacy  Authenticity  Efficiency  12 [De Cristofaro et. al., ACNS’11]ACNS’11 [De Cristofaro et. al., Asiacrypt’10]Asiacrypt’10

13 Outline framework 13 Current approaches Our approach: using Bloom Filters “Common Friends” framework Using bloom Filters “Common Friends” framework

14 Can we build a faster “PSI”? Why are classic PSIs slow? Designed to work even when input sets are enumerable –i.e., elements are predictable Naive hash-each-element approach fast, but insecure for enumerable input sets However, bearer capabilities are random –Hash-each-element approach is safe –Still O(n) communication complexity Idea: use a Bloom Filter to represent input set 14

15 What is Bloom Filter? Efficient data structure used for testing if an element is in the input set 15 Inserting Testing Source: Wikipedia

16 insert elements into BF check each elements for presence in BF BF BFPSI Protocol 16 Privacy  Authenticity  Efficiency  Not a replacement for PSI in general! Initiator IResponder R Channel binding Secure channel establishment False positives removal e.g., challenge-response Man-in-the-middle False positives Insecure channel Challenges

17 Initiator IResponder R Inputs: SK I,PK I,R I Inputs: SK R,PK R,R R SK I, PK I SK R, PK R PK R, K IR PK I, K IR DH-KeyExchange Channel binding Challenge/response to remove false positives Secure channel Bloom Filter

18 Beyond honest-but-curious model Capability grants authority to anyone who possesses it How to defend against capability loss/theft? Use “friendship certificates” –distributed the same way as capabilities are –still O(1) exponentiations in size of the input set 18

19 Comparison: execution time average of 30 runs 19

20 Comparison: power consumption PSI-CA (5 runs)BFPSI (5 runs) 20

21 Outline Current approaches Using bloom Filters 21 Current approaches Using Bloom Filters “Common Friends” framework Using bloom Filters skip to summary

22 22 Common Friends Service App Set up channel PK I IReq accepted/rejected StartResponder(IReq) RRes StartInitiator(RRes) IRes Process(IRes) GetPublicKey ResultContainer M ProcessContainer(M) ResultContainer M ProcessContainer(M) getResult Result, K IR Responder device Initiator device Result, K IR Initialize PSI state machine indicated by type ResultContainer Optional (possibly repeated many times) Inputs: SK R,PK R,R R Common Friends Service App Inputs: SK I,PK I,R I

23 “Common Friends” Framework Abstract interface – PSI schemes can be plugged in (currently PSI-CA and BFPSI) Used in: Easily re-usable by other apps Source code available on request TetheringAppnearbyPeople 23

24 Next steps Bloom Filter based PSI-CA? Finding other common attributes?... 24

25 Summary A new, fast “PSI” based on bearer capabilities Privacy and Authenticity guaranteed False positives removed Massive performance gain: O(1) vs. O(n) A re-usable framework An example of leveraging social networks to improve security/privacy/usability 25

26 Thank you! Questions? 26

Download ppt "1 Do I Know You? Efficient, Privacy-Preserving Protocols for Finding Common Friends Marcin Nagy, Aalto University (joint work with Emiliano De Cristofaro,"

Similar presentations

Delta Confidential 1 5/29 – 6/6, 2001 SAP R/3 V4.6c PP Module Order Change Management(OCM)

Delta Confidential 1 5/29 – 6/6, 2001 SAP R/3 V4.6c PP Module Order Change Management(OCM)
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Kapitel 21 Astronomie Autor: Bennett et al. Galaxienentwicklung Kapitel 21 Galaxienentwicklung © Pearson Studium 2010 Folie: 1.

Kapitel 21 Astronomie Autor: Bennett et al. Galaxienentwicklung Kapitel 21 Galaxienentwicklung © Pearson Studium 2010 Folie: 1.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.

© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
Doc.: IEEE 802.19-10/0165r1 SubmissionPäivi Ruuska, NokiaSlide 1 Implementation aspects of a 802.19.1 coexistence system Notice: This document has been.

Doc.: IEEE /0165r1 SubmissionPäivi Ruuska, NokiaSlide 1 Implementation aspects of a coexistence system Notice: This document has been.
RXQ.11.4.1 Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment (11.3.2.1)

RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
Document #07-12G 1 RXQ.11.4.1 Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.

Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-12G 1 RXQ.11.4.1 Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.

Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-2I RXQ.11.4.1 Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.

Document #07-2I RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.

Similar presentations

Ads by Google