Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos."— Presentation transcript:

1 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos EPFL 8 th International Conference on Cryptology & Network Security Dec 13 th, 2009

2 BC E F Social Trust is Useful 2 BuyerSeller People nearby in a social network are more trusted D A Privacy-preserving relationship path discovery scheme B E A D ? ? score d=3

3 A Social Networking Problem  Relationships => private information  Personal attributes  Personal associations 3 Just by looking at a person’s online friends, they could predict whether the person was gay. Gay men had proportionally more gay friends than straight men. http://www.boston.com/bostonglobe/ideas/articles/2009/09/20/project_gaydar_an _mit_experiment_raises_new_questions_about_online_privacy /  Private information is revealed by most SN sites

4 Partial Solution: Decentralization  Characteristics  Friend list managed locally  Secure channels between friends  Users may be offline  Some privacy concerns are alleviated  Censorship resistance 4 B E A A Friend list A B E Secure channel

5 Agenda  Problem Definition  Protocol Overview  Analysis  Related Work  Conclusion 5

6 Private-Path Discovery  Private relationship path  First person on the relationship path  Distance to an individual on a relationship path 6 Example of private paths from A to D of distance d ≤ 3 Example of relationship paths from A to D D ABC E F B ? E ? D A d=3

7 Goal 1: Relationship Privacy 7 C A B E F D Ideal Model A B E C F D A D Real Model A Friends = B & E Trusted 3 rd party A A B E D ? ? A B E Private paths to D? C F ✕ ✕ Friends = A & C B Private paths to D ? ? A B E D ? ? C F ✕ ✕

8 Goal 2: Distance Integrity  Trust => Distance integrity  Higher trust requires shorter distances  1 st user on path is most trusted 8 +  Non-integrity Concern  User shortens paths for succeeding users (but not past herself) D AB ? ? C D

9 Goal 3: Completeness  Discovery of all private paths  Consent of individuals on path needed 9 Corresponding private paths 2 relationship paths between A & D of distance ≤ 3 D A BC E F B ? E ? D A d=3 1 relationship path between A & D Corresponding private path Consent

10 Adversary Model  User of the system  Single adversary  Account creation  Relationship establishment  Free to arbitrarily deviate from the protocol  Goal  Break relationship privacy  Break distance integrity 10 Example D ABC E F

11 Agenda  Problem Definition  Protocol Overview  Analysis  Related Work  Conclusion 11

12 Solution Overview  Token flooding phase  Periodic run e.g. 1 st day of each month Token Flooding phase Example: 1 st day of each month Example: When A & D meet at CANS Path discovery phase D A BC E F A B E A D ? ? D D C F d= 3  Private path discovery phase  On demand  Existing private paths returned

13 Token Flooding Phase (1/2) 13 T’Computed token TReceived token ctrCounter dDistance Originator A DA BC E F d max =3 T 1 =H(z||1), 1 T 3 =H(T 1 ||1), 2 T 2 =H(z||2), 1 T 5 =H(T 2 ||1), 2 T 4 =H(T 3 ||1), 3 T 6 =H(T 5 ||1), 3 z T’=H(T||ctr), d T1T1 T2T2 T3T3 T4T4 T5T5 T6T6

14 Token Flooding Phase (2/2)  Local hash tree computation by originator  Depth  Maximum degree  In the paper: originator only computes propagated tokens ? ? ? ? T 1 =H(z||1) T 3 =H(T 1 ||1) T 8 =H(T 1 ||2 ) ? ? T 4 =H(T 3 ||1) T 7 =H(T 3 ||2) ? ? T 9 =H(T 8 ||1) T 10 =H(T 8 ||2) T 5 =H(T 2 ||1) T 12 =H(T 2 ||2) ? ? T 6 =H(T 5 ||1) T 11 =H(T 5 ||2) ? ? T 13 =H(T 12 ||1) T 14 =H(T 12 ||2) T 2 =H(z||2) B E A A locally computes z d max =3

15 A Path Discovery Phase  User sends the tokens it received to the originator  Originator looks up tokens in the computed hash tree  Phase runs once for a given pair of users 15 A D d=3 T 4, T 6 ? D T 1 =H(z||1) ? BA T 3 =H(T 1 ||1) T 4 =H(T 3 ||1) ? D E ? A T 2 =H(z||2) T 5 =H(T 2 ||1) T 6 =H(T 5 ||1)

16 Multiple Originators D A BC E F Token distribution phase with A & E as originators D A Private set intersection protocol Private path discovery between A & D Input: Output: A D No output

17 Agenda  Problem Definition  Protocol Overview  Analysis  Related Work  Conclusion 17

18 Network Topologies Used 18 FlickrLiveJournalOrkutYouTube Number of users 1.8 million5.2 million3 million1.1 million % of population crawled 26.9 %95.4 %11.3 %unknown Number of friend links 22.6 millions77.4 millions223.5 millions4.9 millions Mislove et al. IMC 07

19 Complexity 19 Computation overhead Token flooding O(F 3 + 2 F 1. F 2 ) hash computation Private path discovery User discovering the private paths F 3 homomorphic encryptions (once per input set) F 3 homomorphic decryptions Other user O(F 3 + F 3 ln ln F 3 ) exponentiations F i : Number of relationship paths of distance ≤ i starting from user X d max = 3

20 Token Flooding – Computation Overhead 20 10 -5 10 -3 10 -1 10 1000 Computation overhead per user (Token Flooding by all users) ≅ 90%: 100 ms ≅ 95%: 10 s More connected

21 Path Discovery – Computation Overhead 21 10 -2 1 10 2 10 4 Computation overhead for the user discovering the private paths ≅ 70 %: 10 s ≅ 90%: 2 min ≅ 80 %: 16 min More connected

22 Future Work  Overhead reduction  Randomized discovery  Full dynamic topology support  New relationships established  Old relationships revoked  Colluding adversaries  Untrusted server 22

23 Related Work  RE: Reliable Email S. Garris, M. Kaminky, M. J. Freedman, B. Karp, D. Mazieres, H. Yu. In Symposium on Networked Systems Design and Implementation (NSDI), 2006  Private Relationships in Social Networks B. Carminati, E. Ferrari, and A. Perego. In International Conference on Data Engineering Workshops, 2007  A public-key protocol for social networks with private relationships J. Domingo-Ferrer. In Modeling Decisions for Artificial Intelligence, 2007  Privacy Preserving Grapevines: Capturing Social Network Interactions Using Delegatable Anonymous Credentials. Vijay A. Balasubramaniyan, Yunho Lee, and Mustaque Ahamad. Georgia Tech Technical Report GT-CS-09-12, Sept 2009. 23

24 Conclusion  People nearby in a social network are more trusted  We proposed a scheme for privacy-preserving relationship path discovery  Works in decentralized social networks  Avoids privacy issues common in centralized sites  Many potential applications  Trust establishment  Access control  Email whitelisting 24

25 Backup Slides 25

26 One Intermediate Friend vs. Longer Relationship Paths  One intermediate friend  Sufficient information available to users  Privacy-preserving information sharing  Longer relationship paths  Insufficient initial information  Privacy-preserving information distribution & sharing 26 A B A E C F BC D A discovers that B is a common friend with C without knowing the other friends of C Missing information B ? E ? C D F D B

27 Background – Private Set Intersection Protocol 27 D A AD Computation overhead k A homomorphic encryptions (once per input set) k D homomorphic decryptions O(k A + k D ln ln k A ) exponentiations Trusted Third party ≈ Freedman et al. Eurocrypt 04 No output

28 Background- Private set intersection  Private set intersection [Freedman et al. Eurocrypt 07]  Based on homomorphic encryption  Similar to public key encryption  Some operations on plaintext are possible without the private key 28 AD Computation overhead k A homomorphic encryptions (once per input set) k D homomorphic decryptions O(k A + k D ln ln k A ) exponentiations Communication overhead k A + k D exchange of homomorphic ciphertexts

29 Complexities 29 ComputationCommunication Token flooding O(F 3 + 2 F 1. F 2 ) hash computation O(F 3 + 2 F 1. F 2 ) Hash exchange Private path discovery User A F 3 A homomorphic encryptions (once per input set) F 3 D homomorphic decryptions F 3 A + F 3 D homomorphic ciphertexts exchange User D O(F 3 A + F 3 D ln ln F 3 A ) exponentiations F 3 A + F 3 D homomorphic ciphertexts exchange F i X Number of relationship paths of distance ≤ i starting from user X

30 Token Flooding Phase – Communication Overhead 30 10 2 10 4 10 6 10 8 10 10 Communication overhead per user 1 MB 10 MB 100 MB

31 Path Discovery Phase – Communication Overhead 31 Communication overhead for both users involved in the discovery 10 2 10 4 10 6 10 8

32 Basic Scheme – Privacy Leak  Leakage of the relative positioning of users  After private path discovery phase with multiple users 32 A C B E D F Example topology F F D A’s perception of the social network topology ? A C B T 1 =H(z||1),1 T 2 =H(z||2),1 T 3 =H(T 1 ||1), 2 T 4 =H(T 2 ||1), 2 T 7 =H(T 4 ||1),3 T 8 =H(T 4 ||2),3 T 5 =H(T 3 ||1),3 T 6 =H(T 3 ||2), 3 ? ? ? ? ? D

33 Randomization Technique 33 A C B E D F T 1 =H( z||1|1 ),1 T 2 =H(z||1||2),1 T 3 =H(T 1 ||2||1 ),2 T 5 =H(T 1 ||3||1 ) T 6 =H(T 1 ||3||2 ) T 4 =H(T 2 ||2||1 ),2 T 7 =H(T 2 ||3||1 ) T 8 =H(T 2 ||3||2 ) T 7,3 T 8,3 T 6,3 T 5,3 D E F A T 1 =H( z||1|1 ) T 5 =H(T 1 ||3||1 ) T 3 =H(T 1 ||2||1 ) T 6 =H(T 1 ||3||2) T 2 =H( z||1|2 ) T 7 =H(T 5 ||3||1 ) T 4 =H(T 5 ||2||1 ) T 8 =H(T 5 ||3||2 ) B C D F E E D F Hash Tree Tokens Propagated Received tokenDistance Count

34 C B A ? ? ? ? ? ? ? ? ? ? ? ? Privacy Analysis  Leakage of the total num of paths with d ≤ d max of the other party  No linkage among runs with different users A C B E D F F C B F D … H(T 1 || 2 || 2 ) H(T 1 || 3 || 5 ) H(T 1 || 3 || 1 ) H(T 1 || 2 || 1 ) T1T1 T2T2 T8T8 T4T4 T3T3 … H(T 9 || 2 || 2 ) H(T 9 || 3 || 3 ) H(T 9 || 3 || 1 ) H(T 9 || 2 || 1 ) T9T9 T 10 T 14 T 12 T 11 z H( z|| 2||1 ) H( z|| 1||2 ) F F D D D Example topology A’s perception of the network topology Hash Tree

Download ppt "1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos."

Similar presentations

Secure Evaluation of Multivariate Polynomials

Secure Evaluation of Multivariate Polynomials
Trust relationships in sensor networks Ruben Torres October 2004.

Trust relationships in sensor networks Ruben Torres October 2004.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.

 Introduction  Benefits of VANET  Different types of attacks and threats  Requirements and challenges  Security Architecture  Vehicular PKI.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Queensland University of Technology CRICOS No. 00213J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.

Queensland University of Technology CRICOS No J Mitigating Sandwich Attacks against a Secure Key Management in WSNs for PCS/SCADA Hani Alzaid, DongGook.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.

Secure Data Communication in Mobile Ad Hoc Networks Authors: Panagiotis Papadimitratos and Zygmunt J Haas Presented by Sarah Casey Authors: Panagiotis.
Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Parallel Mixing Philippe Golle, PARC Ari Juels, RSA Labs.

Parallel Mixing Philippe Golle, PARC Ari Juels, RSA Labs.
An Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications Hu Xiong, Konstantin Beznosov, Zhiguang Qin, Matei Ripeanu.

An Efficient and Spontaneous Privacy-Preserving Protocol for Secure Vehicular Communications Hu Xiong, Konstantin Beznosov, Zhiguang Qin, Matei Ripeanu.
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Similar presentations

Ads by Google