Fine-grained Private Matching for Proximity-based Mobile Social Networking

INFOCOM 2012

Rui Zhang, Yanchao Zhang Jinyuan (Stella) Sun Arizona State University University of Tennessee

Guanhua YanLos Alamos National Laboratory

1

Proximity-based Mobile Social Networking (PMSN)

Social interaction Among physically proximate users Using mobile devices, e.g., smartphone or tablet Directly through the Bluetooth/WiFi interfaces

Valuable complement to web-based online social networking

2

Chat, file sharing, …

Private (Profile) Matching

The process of two users comparing their profiles without disclosing any information beyond the comparison result

An indispensible part of PMSN because People prefer to socialize with others having similar

interests or background Privacy concern

3

Existing Private Matching Schemes4

User profile comprises a list of attributes chosen from an underlying attribute set Ex: interests [Li et al.’11], friends [Arb et al.’08],

disease symptoms [Lu et al.’10]

Existing Private Matching Schemes5

Map private matching into the problem of Private set intersection (PSI), e.g., [Kissner&Song’05],

[Ye et al.’08] Private set intersection cardinality (PSI-CA), e.g.,

[Freedman et al.’04], [Cristofaro& Tsudik’10]

or

Limitations6

Cannot differentiate users with the same attribute Ex: suppose that Alice, Bob, and Mario all like movie

Watch movie twice a week

Twice a week

Twice a month

?

Fine-grained Personal Profile7

Movie 5Sports 3Cooking 0

Movie 5Sports 3Cooking 0

Movie 3Sports 3Cooking 0

Fine-grained Private Matching8

Two users evaluate the similarity/distance between their personal profiles in a privacy-preserving fashion Finer differentiation Personalized profile matching

Cannot be solved by PSI or PSI-CA

Outline9

System model, problem formulation and cryptographic tool

Fine-grained private matching protocols Protocol 1 Protocol 2 Protocol 3 Protocol 4

Performance evaluation Conclusion

System Model10

Each user carries a mobile device, e.g., smartphone, with the same PMSN application installed

Fine-grained profile Consists of attributes, e.g., interests User assigns an integer in to each

attribute, e.g., to indicate the level of interest Each personal profile can be represented as a -

dimensional vector

System Model (cont’)11

Take Alice and Bob as two exemplary users A PMSN session consists of three phases

Neighbor discovery

Profile matching

Social interaction

BobAlice

Problem Formulation12

A set of candidate matching metrics Each is a function over two vectors measuring

the distance between two personal profiles Alice chooses and runs a private matching

protocol with Bob to compute

Privacy Levels13

Privacy-level 1 (PL-1) When protocols ends, Alice learns ; Bob learns

Privacy-level 2 (PL-2) When protocols ends, Alice learns ; Bob learns

nothing Privacy-level 3 (PL-3)

When protocols ends, Alice learns if for some threshold of her choice; Bob learns nothing

Cryptographic Tools: Paillier Cryptosystem [Paillier’99]

14

Encryption

Homomorphic property

Self-blinding property

Private Matching Protocol 1 (PL-1)15

A non-trivial adaption of [Rane et al. 2010]

Matching metric: distance

Protocol Intuition16

For , define a function where

Ex:

We have

Protocol Intuition (cont’)17

Define

We have

Protocol Intuition (cont’)18

We further have

Known by Alice Known by BobDot product

Detailed Protocol19

Can be precomputed

Private Matching Protocol 2 (PL-2)20

Matching metric Any additively separable functions that can be written

as , for some functions

Ex:

(Weighted distance)

( distance)(Dot product)

Protocol Intuition21

Convert any additive separable function into dot product computation

For and , define functions and

The th bit is1 The th element is

Protocol Intuition (cont’)22

Let

We have

Detailed Protocol23

Can be precomputed

Private Matching Protocol 3 (PL-3)24

Matching metric Any additive separable function

When protocol ends, Alice learns if , Bob learns nothing

Protocol Intuition25

Let be three arbitrary positive integers, such that

We have Assume that and are both integers The following inequalities are equivalent

Detailed Protocol26

Can be precomputed

Detailed Protocol (cont’)27

Private Matching Protocol 4 (PL-3)28

Matching metric

Protocols 1~3 cannot be directly applied Basic idea

Transform into an additive function

Protocol Intuition: Similarity Matching29

Protocol Intuition (cont’)30

Three properties of similarity score Additive separable Directly affected by the value of Related to according to the following theorem

Protocol 4 can be realized as a special case of Protocol 3by choosing the similarity score as matching metric

Performance Evaluation

Compare Protocols 1~3 with RSV [Rane et al. 2010]

31

Offline Comp.

Online Comp.

Comm. (bit)

RSV

Protocol 1

Protocol 2

Protocol 3 1024-bit exponentiation

2048-bit exponentiation

1024-bit multiplication

2048-bit multiplication

Simulation Results32

Simulation Results33

Conclusion

We motivated the problem of fine-grained private matching for PMSN

We presented a set of novel private matching protocols supporting different matching metrics and privacy levels

34

35

Thank youQ&A