1 / 34

Privacy-Preserving Relationship Path Discovery in Social Networks

Privacy-Preserving Relationship Path Discovery in Social Networks. Ghita Mezzour , Adrian Perrig, Virgil Gligor Carnegie Mellon University. Panos Papadimitratos EPFL. 8 th International Conference on Cryptology & Network Security Dec 13 th , 2009. Social Trust is Useful. d=3. d=3. ?. B.

ferrol
Download Presentation

Privacy-Preserving Relationship Path Discovery in Social Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos EPFL 8th International Conference on Cryptology & Network Security Dec 13th, 2009

  2. Social Trust is Useful d=3 d=3 ? B D A ? E Buyer Seller A B C D score F People nearby in a social network are more trusted E Privacy-preserving relationship path discovery scheme

  3. A Social Networking Problem • Relationships => private information • Personal attributes • Personal associations Just by looking at a person’s online friends, they could predict whether the person was gay. Gay men had proportionally more gay friends than straight men. http://www.boston.com/bostonglobe/ideas/articles/2009/09/20/project_gaydar_an_mit_experiment_raises_new_questions_about_online_privacy/ • Private information is revealed by most SN sites

  4. Partial Solution: Decentralization • Characteristics • Friend list managed locally • Secure channels between friends • Users may be offline • Some privacy concerns are alleviated • Censorship resistance B Secure channel Friend list A Friend list Friend list E

  5. Agenda • Problem Definition • Protocol Overview • Analysis • Related Work • Conclusion

  6. Private-Path Discovery • Private relationship path • First person on the relationship path • Distance to an individual on a relationship path d=3 A A B B C D D ? F d=3 E E ? Example of relationship paths from A to D Example of private paths from A to D of distance d ≤ 3

  7. ✕ Goal 1: Relationship Privacy Friends = A & C ✕ ✕ Trusted 3rd party B B C C C C B A A D E F F F B Private paths to D Private paths to D? E F ? Friends = B & E B B ? ? A D D A A ? D E E D A A A ? ? E Ideal Model Real Model

  8. Goal 2: Distance Integrity • Trust => Distance integrity • Higher trust requires shorter distances • 1st user on path is most trusted ? ? • Non-integrity Concern • User shortens paths for succeeding users (but not past herself) C + A B D D

  9. Goal 3: Completeness • Discovery of all private paths • Consent of individuals on path needed Consent A A B B C D D d=3 ? F d=3 E E ? 1 relationship path between A & D 2 relationship paths between A & D of distance ≤ 3 Corresponding private path Corresponding private paths

  10. Adversary Model • User of the system • Single adversary • Account creation • Relationship establishment • Free to arbitrarily deviate from the protocol • Goal • Break relationship privacy • Break distance integrity A B C D F E Example

  11. Agenda • Problem Definition • Protocol Overview • Analysis • Related Work • Conclusion

  12. Solution Overview • Token flooding phase • Periodic run e.g. 1st day of each month • Private path discovery phase • On demand • Existing private paths returned ? B C D D A ? F E d=3 A B C D D Token Flooding phase Path discovery phase F A Example: When A & D meet at CANS Example: 1st day of each month E

  13. Token Flooding Phase (1/2) T3 T1 T3=H(T1||1), 2 T4=H(T3||1), 3 T1=H(z||1), 1 z T4 T6 T2=H(z||2), 1 T6=H(T5||1), 3 A B C D T5=H(T2||1), 2 T’=H(T||ctr), d dmax=3 T2 T5 E F Originator A

  14. Token Flooding Phase (2/2) ? T4=H(T3||1) • Local hash tree computationby originator • Depth • Maximum degree • In the paper: originator only computes propagated tokens ? T7=H(T3||2) T3=H(T1||1) ? ? T8=H(T1||2) T9=H(T8||1) T1=H(z||1) ? T10=H(T8||2) z ? ? T6=H(T5||1) T2=H(z||2) ? T11=H(T5||2) T5=H(T2||1) ? A B dmax=3 ? locally computes T12=H(T2||2) T13=H(T12||1) E ? A T14=H(T12||2) ?

  15. Path Discovery Phase • User sends the tokens it received to the originator • Originator looks up tokens in the computed hash tree • Phase runs once for a given pair of users T4, T6 T4, T6 D D A B D A A T1=H(z||1) T3=H(T1||1) T4=H(T3||1) ? ? d=3 d=3 T2=H(z||2) T6=H(T5||1) T5=H(T2||1) ? ? E A

  16. Multiple Originators Input: Input: Token distribution phase with A & E as originators A A A B C D D D F Private path discovery between A & D Private set intersection protocol Output: No output E

  17. Agenda • Problem Definition • Protocol Overview • Analysis • Related Work • Conclusion

  18. Network Topologies Used Mislove et al. IMC 07

  19. Complexity Fi:Number of relationship paths of distance ≤ i starting from user X dmax = 3

  20. Token Flooding – Computation Overhead ≅95%: 10 s ≅90%: 100 ms More connected 10-5 10-3 10-1 101000 Computation overhead per user (Token Flooding by all users)

  21. Path Discovery – Computation Overhead ≅90%: 2 min ≅80 %: 16 min ≅70 %: 10 s More connected 10-2 1 102 104 Computation overhead for the user discovering the private paths

  22. Future Work • Overhead reduction • Randomized discovery • Full dynamic topology support • New relationships established • Old relationships revoked • Colluding adversaries • Untrusted server

  23. Related Work • RE: Reliable Email S. Garris, M. Kaminky, M. J. Freedman, B. Karp, D. Mazieres, H. Yu. In Symposium on Networked Systems Design and Implementation (NSDI), 2006 • Private Relationships in Social Networks B. Carminati, E. Ferrari, and A. Perego. In International Conference on Data Engineering Workshops, 2007 • A public-key protocol for social networks with private relationships J. Domingo-Ferrer. In Modeling Decisions for Artificial Intelligence, 2007 • Privacy Preserving Grapevines: Capturing Social Network Interactions Using Delegatable Anonymous Credentials. Vijay A. Balasubramaniyan, Yunho Lee, and Mustaque Ahamad. Georgia Tech Technical Report GT-CS-09-12, Sept 2009.

  24. Conclusion • People nearby in a social network are more trusted • We proposed a scheme for privacy-preserving relationship path discovery • Works in decentralized social networks • Avoids privacy issues common in centralized sites • Many potential applications • Trust establishment • Access control • Email whitelisting

  25. Backup Slides

  26. One Intermediate Friend vs. Longer Relationship Paths • One intermediate friend • Sufficient information available to users • Privacy-preserving information sharing • Longer relationship paths • Insufficient initial information • Privacy-preserving information distribution & sharing C A discovers that B is a common friendwith C without knowing the other friends of C Missing information A B E C A B D ? D C B B F D F E ?

  27. Background – Private Set Intersection Protocol ≈ Trusted Third party No output A D Freedman et al. Eurocrypt 04

  28. Background-Private set intersection • Private set intersection [Freedman et al. Eurocrypt 07] • Based on homomorphic encryption • Similar to public key encryption • Some operations on plaintext are possible without the private key

  29. Complexities FiX Number of relationship paths of distance ≤ i starting from user X

  30. Token Flooding Phase – Communication Overhead 100 MB 1 MB 10 MB 102 104 106 108 1010 Communication overhead per user

  31. Path Discovery Phase – Communication Overhead 102 104 106 108 Communication overhead for both users involved in the discovery

  32. Basic Scheme – Privacy Leak • Leakage of the relative positioning of users • After private path discovery phase with multiple users ? T5=H(T3||1),3 T3=H(T1||1),2 D ? B T6=H(T3||2),3 T1=H(z||1),1 ? F A D ? B D T2=H(z||2),1 T7=H(T4||1),3 T4=H(T2||1),2 A F ? C Example topology T8=H(T4||2),3 C E A’s perception of the social network topology ? F

  33. Randomization Technique T4=H(T5||2||1 ) T3=H(T1||2||1 ) T7=H(T5||3||1 ) T5=H(T1||3||1 ) Received token Distance Count D T6=H(T1||3||2) T8=H(T5||3||2 ) E T3=H(T1||2||1 ) ,2 T5=H(T1||3||1 ) T6=H(T1||3||2 ) T6,3 T1=H( z||1|1 ) F B D B T5,3 T1=H( z||1|1 ) ,1 E F A T2=H( z||1|2 ) A E D T4=H(T2||2||1 ) ,2 T7=H(T2||3||1 ) T8=H(T2||3||2 ) T7,3 T2=H(z||1||2),1 C E C D T8,3 F Tokens Propagated Hash Tree F

  34. Privacy Analysis • Leakage of the total num of paths with d ≤ dmax of the other party • No linkage among runs with different users D T2 H(T1||2||1) H(T1||2||2) T3 B T1 H(T1||3||1) T4 H( z||2||1 ) H(T1||3||5) … T8 ? F D ? z ? T10 ? B H( z||1||2 ) H(T9||2||1) B D ? ? H(T9||2||2) T11 ? F A ? T9 A F F ? H(T9||3||1) C D C ? T12 F H(T9||3||3) … C E ? ? T14 D A’s perception of the network topology Example topology Hash Tree

More Related