190 likes | 273 Views
Efficient Private Techniques for Verifying Social Proximity. Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet. Outline. Introduction The Problem Motivation Model Constructions Discussion. Introduction. Transitive trust relationships
E N D
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. ZiadHatahet
Outline • Introduction • The Problem • Motivation • Model • Constructions • Discussion
Introduction • Transitive trust relationships • Goal: to leverage social relationships to guide interactions with others users in online systems that use social networks. • Email or IM contexts • Black/white-listing
The Problem • Compare list of friends/contacts and find intersection • Privacy issues
Motivation • Content-based spam filters • False positives • Whitelists • Forge From: addresses • Does not accept email from previously unknown sources • Populating requires manual effort • RE: • Automatically expands set of senders who to accept email from by examining user’s social network • Does not prevent parties from “lying” about information they present (friends they give out)
Model • Social network can be modeled as a directed graph where a presence of an arc (or ) indicates existence of social relationship • Find bridgingfriends and • Privacy concerns
Model • Social link should express consent of both parties • Forward trust • , • Backward authorization • ,
Constructions • Hash-based construction • Privacy in the face of collusions
Hash-Based Implementation • Each user R has a signing/verification key pair SKR/VKR, and a secret seed for cryptographic pseudo-random hash function F • For each social link , user R creates an attestation for user X and sends it along with . R receives from X. • Each arc is associated with a (pseudo-)random key (a-value)
Privacy in the Face of Collusions • Backward authorization implemented in hash-based scheme is transferable • Hash-based scheme, R gives out the same secret to all X s.t. • Solution: different shared secret key to each X • Proximity check protocol uses same overall structure as that of hash-based scheme
Discussion • Where else can this be applied? • P2P file sharing • Bluetooth • Phone services/VoIP • Does the model make sense? • It is assumed that system has proximity check mechanism • Can be implemented at a higher level? • How to transfer attestations?
Discussion • How to revoke attestations? • Time limit • Is collusion a privacy concern? • Would share their resources anyway! • What are the effects of multi-hop proximity? • Is it practical/safe?
Discussion • How would a malicious user exploit the system? • Viruses • Sybil attacks • Are the consequences worse? • Anything else?
Proximity Checking • Consider , and • For , S encrypts attestation • where is a secure symmetric cipher • and • S also includes • tab
Proximity Checking • S creates list of tabbed encrypted attestations (one for each incoming social relationship), and sends to R along with request
Proximity Checking • User R processes list by looking at tab components • Looks for relationships of the form • Since R holds • can compute • Generates own set of tabs • Compares with received from S
Proximity Checking • Match between tabs guarantees same seed was used by both R and S • Bridging friend T revealed • R computes key and decrypts encrypted attestation, recovering • Concludes and