1. Fine-grained Private Matching for Proximity-based Mobile Social Networking INFOCOM 2012 Rui Zhang, Yanchao Zhang Jinyuan (Stella) Sun Arizona State University University of Tennessee Guanhua Yan Los Alamos National Laboratory 1

2. Proximity-based Mobile Social Networking (PMSN)  Social interaction  Among physically proximate users  Using mobile devices, e.g., smartphone or tablet  Directly through the Bluetooth/WiFi interfaces  Valuable complement to web-based online social networking 2 Chat, file sharing, …

3. Private (Profile) Matching  The process of two users comparing their profiles without disclosing any information beyond the comparison result  An indispensible part of PMSN because  People prefer to socialize with others having similar interests or background  Privacy concern 3

4. Existing Private Matching Schemes 4  User profile comprises a list of attributes chosen from an underlying attribute set  Ex: interests [Li et al.’11], friends [Arb et al.’08], disease symptoms [Lu et al.’10]

5. Existing Private Matching Schemes 5  Map private matching into the problem of  Private set intersection (PSI), e.g., [Kissner&Song’05], [Ye et al.’08]  Private set intersection cardinality (PSI-CA), e.g., [Freedman et al.’04], [Cristofaro& Tsudik’10] or

6. Limitations 6  Cannot differentiate users with the same attribute  Ex: suppose that Alice, Bob, and Mario all like movie Watch movie twice a week Twice a week Twice a month ?

7. Fine-grained Personal Profile 7 Movie 5 Sports 3 Cooking 0 Movie 5 Sports 3 Cooking 0 Movie 3 Sports 3 Cooking 0

8. Fine-grained Private Matching 8  Two users evaluate the similarity/distance between their personal profiles in a privacy- preserving fashion  Finer differentiation  Personalized profile matching  Cannot be solved by PSI or PSI-CA

9. Outline 9  System model, problem formulation and cryptographic tool  Fine-grained private matching protocols  Protocol 1  Protocol 2  Protocol 3  Protocol 4  Performance evaluation  Conclusion

10. System Model 10  Each user carries a mobile device, e.g., smartphone, with the same PMSN application installed  Fine-grained profile  Consists of attributes, e.g., interests  User assigns an integer in to each attribute, e.g., to indicate the level of interest  Each personal profile can be represented as a - dimensional vector

11. System Model (cont’) 11  Take Alice and Bob as two exemplary users  A PMSN session consists of three phases Neighbor discovery Profile matching Social interaction Bob Alice

12. Problem Formulation 12  A set of candidate matching metrics  Each is a function over two vectors measuring the distance between two personal profiles  Alice chooses and runs a private matching protocol with Bob to compute

13. Privacy Levels 13  Privacy-level 1 (PL-1)  When protocols ends, Alice learns ; Bob learns  Privacy-level 2 (PL-2)  When protocols ends, Alice learns ; Bob learns nothing  Privacy-level 3 (PL-3)  When protocols ends, Alice learns if for some threshold of her choice; Bob learns nothing

14. Cryptographic Tools: Paillier Cryptosystem [Paillier’99] 14  Encryption  Homomorphic property  Self-blinding property

15. Private Matching Protocol 1 (PL-1) 15  A non-trivial adaption of [Rane et al. 2010]  Matching metric: distance

16. Protocol Intuition 16  For, define a function where Ex: We have

17. Protocol Intuition (cont’) 17  Define We have

18. Protocol Intuition (cont’) 18  We further have Known by AliceKnown by BobDot product

19. Detailed Protocol 19 Can be precomputed

20. Private Matching Protocol 2 (PL-2) 20  Matching metric  Any additively separable functions that can be written as, for some functions  Ex: (Weighted distance) ( distance) (Dot product)

21. Protocol Intuition 21  Convert any additive separable function into dot product computation  For and, define functions and The th bit is1The th element is

22. Protocol Intuition (cont’) 22  Let We have

23. Detailed Protocol 23 Can be precomputed

24. Private Matching Protocol 3 (PL-3) 24  Matching metric  Any additive separable function  When protocol ends, Alice learns if, Bob learns nothing

25. Protocol Intuition 25  Let be three arbitrary positive integers, such that We have  Assume that and are both integers  The following inequalities are equivalent

26. Detailed Protocol 26 Can be precomputed

27. Detailed Protocol (cont’) 27

28. Private Matching Protocol 4 (PL-3) 28  Matching metric  Protocols 1~3 cannot be directly applied  Basic idea  Transform into an additive function

29. Protocol Intuition: Similarity Matching 29

30. Protocol Intuition (cont’) 30  Three properties of similarity score  Additive separable  Directly affected by the value of  Related to according to the following theorem Protocol 4 can be realized as a special case of Protocol 3 by choosing the similarity score as matching metric

31. Performance Evaluation  Compare Protocols 1~3 with RSV [Rane et al. 2010] 31 Offline Comp.Online Comp.Comm. (bit) RSV Protocol 1 Protocol 2 Protocol 3 1024-bit exponentiation 2048-bit exponentiation 1024-bit multiplication 2048-bit multiplication

32. Simulation Results 32

33. Simulation Results 33

34. Conclusion  We motivated the problem of fine-grained private matching for PMSN  We presented a set of novel private matching protocols supporting different matching metrics and privacy levels 34

35. Thank you Q&A 35