Efficient Private Techniques for Verifying Social Proximity

1
Efficient Private Techniques for Verifying Social
Proximity

• Michael J. Freedman and Antonio Nicolosi
• Discussion by A. Ziad Hatahet

2
Outline

• Introduction
• The Problem
• Motivation
• Model
• Constructions
• Discussion

3
Introduction

• Transitive trust relationships
• Goal to leverage social relationships to guide
  interactions with others users in online systems
  that use social networks.
• Email or IM contexts
• Black/white-listing

4
The Problem

• Compare list of friends/contacts and find
  intersection
• Privacy issues

5
Motivation

• Content-based spam filters
• False positives
• Whitelists
• Forge From addresses
• Does not accept email from previously unknown
  sources
• Populating requires manual effort
• RE
• Automatically expands set of senders who to
  accept email from by examining users social
  network
• Does not prevent parties from lying about
  information they present (friends they give out)

6
Model

• Social network can be modeled as a directed graph
  where a presence of an arc
  (or ) indicates existence of social
  relationship
• Find bridging friends and
• Privacy concerns

7
Model

• Social link should express consent of both
  parties
• Forward trust
• ,
• Backward authorization
• ,

8
Constructions

• Hash-based construction
• Privacy in the face of collusions

9
Hash-Based Implementation

• Each user R has a signing/verification key pair
  SKR/VKR, and a secret seed for cryptographic
  pseudo-random hash function F
• For each social link , user R creates an
  attestation for user X and sends it along
  with . R receives from X.
• Each arc is associated with a (pseudo-)random key
  (a-value)

10
Privacy in the Face of Collusions

• Backward authorization implemented in hash-based
  scheme is transferable
• Hash-based scheme, R gives out the same secret
  to all X s.t.
• Solution different shared secret key to each X
• Proximity check protocol uses same overall
  structure as that of hash-based scheme

11
Discussion

• Where else can this be applied?
• P2P file sharing
• Bluetooth
• Phone services/VoIP
• Does the model make sense?
• It is assumed that system has proximity check
  mechanism
• Can be implemented at a higher level?
• How to transfer attestations?

12
Discussion

• How to revoke attestations?
• Time limit
• Is collusion a privacy concern?
• Would share their resources anyway!
• What are the effects of multi-hop proximity?
• Is it practical/safe?

13
Discussion

• How would a malicious user exploit the system?
• Viruses
• Sybil attacks
• Are the consequences worse?
• Anything else?

14
(No Transcript)
15
Proximity Checking

• Consider , and
• For , S encrypts attestation
• where is a secure symmetric cipher
• and
• S also includes
• tab

16
Proximity Checking

• S creates list of tabbed encrypted attestations
  (one for each incoming social relationship), and
  sends to R along with request

17
Proximity Checking

• User R processes list by looking at tab
  components
• Looks for relationships of the form
• Since R holds
• can compute
• Generates own set of tabs
• Compares with received from S

18
Proximity Checking

• Match between tabs guarantees same seed was used
  by both R and S
• Bridging friend T revealed
• R computes key and decrypts encrypted
  attestation, recovering
• Concludes and

19
Performance Comparison