![Page 1: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/1.jpg)
1
Privacy-Preserving Relationship Path Discovery in Social Networks
Ghita Mezzour, Adrian Perrig, Virgil Gligor
Carnegie Mellon University
Panos Papadimitratos
EPFL
8th International Conference on Cryptology & Network SecurityDec 13th, 2009
![Page 2: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/2.jpg)
B C
E F
Social Trust is Useful
2
Buyer Seller
People nearby in a social network are more trusted
DA
Privacy-preserving relationship path discovery scheme
B
E
A D
?
?
score
d=3
d=3
![Page 3: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/3.jpg)
A Social Networking Problem
Relationships => private information Personal attributes Personal associations
3
Just by looking at a person’s online friends, they could predict whether the person was gay. Gay men had proportionally more gay friends than straight men.
http://www.boston.com/bostonglobe/ideas/articles/2009/09/20/project_gaydar_an_mit_experiment_raises_new_questions_about_online_privacy/
Private information is revealed by most SN sites
![Page 4: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/4.jpg)
Partial Solution: Decentralization Characteristics
Friend list managed locally Secure channels between friends Users may be offline
Some privacy concerns are alleviated Censorship resistance
4
B
E
A
AFriend listA
B
E
Friend list
Friend list
Secure channel
![Page 5: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/5.jpg)
Agenda Problem Definition Protocol Overview Analysis Related Work Conclusion
5
![Page 6: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/6.jpg)
Private-Path Discovery Private relationship path
First person on the relationship path Distance to an individual on a relationship path
6
Example of private paths from A to D of distance d ≤ 3
Example of relationship paths from A to D
DA
B C
E F
B?
E?
DA
d=3
d=3
![Page 7: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/7.jpg)
Goal 1: Relationship Privacy
7
C
A
B
E F
D
Ideal Model
A
B
E
C
F
D
A DReal Model
A
Friends = B & E
Trusted 3rd party
A
A
B
E
D
?
?
A
B
E
Private paths to D?
C
F
✕
✕
Friends = A & C
B
Private paths to D
?
?
A
B
E
D
?
?C
F
✕
✕
![Page 8: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/8.jpg)
Goal 2: Distance Integrity Trust => Distance integrity
Higher trust requires shorter distances 1st user on path is most trusted
8
+
Non-integrity Concern User shortens paths for succeeding users (but not past herself)
D
A B? ?C D
![Page 9: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/9.jpg)
Goal 3: Completeness Discovery of all private paths
Consent of individuals on path needed
9Corresponding private paths2 relationship paths between
A & D of distance ≤ 3
DA
B C
E F
B?
E?
DA
d=3
d=3
1 relationship path between A & D Corresponding private path
Consent
![Page 10: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/10.jpg)
Adversary Model User of the system
Single adversary Account creation Relationship establishment
Free to arbitrarily deviate from the protocol Goal
Break relationship privacy Break distance integrity
10Example
DA
B C
E F
![Page 11: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/11.jpg)
Agenda Problem Definition Protocol Overview Analysis Related Work Conclusion
11
![Page 12: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/12.jpg)
Solution Overview Token flooding phase
Periodic run e.g. 1st day of each month
Token Flooding phase
Example: 1st day of each monthExample: When A & D meet at CANS
Path discovery phase
DA
B C
E F
A
B
E
A D
?
?
D
D
C
F
d=3
Private path discovery phase On demand Existing private paths returned
![Page 13: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/13.jpg)
Token Flooding Phase (1/2)
13
T’ Computed token
T Received token
ctr Counter
d Distance Originator A
DA
B C
E Fdmax=3
T 1=H(z|
|1), 1T3=H(T1||1), 2
T2 =H(z||2), 1
T5=H(T2||1), 2
T4 =H(T
3 ||1), 3
T 6=H(T 5
||1), 3
z
T’=H(T||ctr), d
T1
T2
T3
T4
T5
T6
![Page 14: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/14.jpg)
Token Flooding Phase (2/2) Local hash tree computation
by originator Depth Maximum degree In the paper: originator only
computes propagated tokens
?
?
?
?
T 1=H
(z||1
)
T 3=H(T 1
||1)
T8 =H(T
1 ||2)
?
?
T 4=H(T 3||1)
T7 =H(T
3 ||2)
?
?
T 9=H(T 8||1)
T10 =H(T
8 ||2)
T 5=H(T 2
||1)
T12 =H(T
2 ||2)
?
?
T 6=H(T 5||1)
T11 =H(T
5 ||2)
?
?
T 13=H(T 12||1)
T14 =H(T
12 ||2)
T2 =H(z||2)
B
E
A
A
locally computes
z
dmax=3
![Page 15: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/15.jpg)
A
Path Discovery Phase User sends the tokens it received to the originator Originator looks up tokens in the computed hash tree Phase runs once for a given pair of users
15
A D
d=3
d=3
T4, T6T4, T6
?D
T1=H(z||1)?
BA
T3=H(T1||1) T4=H(T3||1)
?DE
?A
T2=H(z||2) T5=H(T2||1) T6=H(T5||1)
![Page 16: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/16.jpg)
Multiple Originators
DA
B C
E F
Token distribution phase with A & E as originators
DA Private set intersection
protocol
Private path discovery between A & D
Input:Input:
Output:
A D
No output
![Page 17: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/17.jpg)
Agenda Problem Definition Protocol Overview Analysis Related Work Conclusion
17
![Page 18: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/18.jpg)
Network Topologies Used
18
Flickr LiveJournal Orkut YouTube
Number of users 1.8 million 5.2 million 3 million 1.1 million
% of population crawled 26.9 % 95.4 % 11.3 % unknown
Number of friend links 22.6 millions 77.4 millions 223.5 millions 4.9 millions
Mislove et al. IMC 07
![Page 19: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/19.jpg)
Complexity
19
Computation overhead
Token floodingO(F3 + 2 F1 . F2) hash computation
Private path discovery
User discovering the private paths
F3 homomorphic encryptions
(once per input set)
F3 homomorphic decryptions
Other userO(F3 + F3
ln ln F3)exponentiations
Fi: Number of relationship paths of distance ≤ i starting from user X
dmax = 3
![Page 20: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/20.jpg)
Token Flooding – Computation Overhead
20
10-5 10-3 10-1 10
1000
Computation overhead per user (Token Flooding by all users)
≅90%: 100 ms
≅95%: 10 s
More connected
![Page 21: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/21.jpg)
Path Discovery – Computation Overhead
21
10-2 1 102
104
Computation overhead for the user discovering the private paths
≅70 %: 10 s
≅90%: 2 min≅80 %: 16 min
More connected
![Page 22: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/22.jpg)
Future Work Overhead reduction
Randomized discovery Full dynamic topology support
New relationships established Old relationships revoked
Colluding adversaries Untrusted server
22
![Page 23: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/23.jpg)
Related Work RE: Reliable Email S. Garris, M. Kaminky, M. J. Freedman, B.
Karp, D. Mazieres, H. Yu. In Symposium on Networked Systems Design and Implementation (NSDI), 2006
Private Relationships in Social Networks B. Carminati, E. Ferrari, and A. Perego. In International Conference on Data Engineering Workshops, 2007
A public-key protocol for social networks with private relationships J. Domingo-Ferrer. In Modeling Decisions for Artificial Intelligence, 2007
Privacy Preserving Grapevines: Capturing Social Network Interactions Using Delegatable Anonymous Credentials. Vijay A. Balasubramaniyan, Yunho Lee, and Mustaque Ahamad. Georgia Tech Technical Report GT-CS-09-12, Sept 2009.
23
![Page 24: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/24.jpg)
Conclusion People nearby in a social network are more
trusted We proposed a scheme for privacy-preserving
relationship path discovery Works in decentralized social networks Avoids privacy issues common in centralized sites
Many potential applications Trust establishment Access control Email whitelisting
24
![Page 25: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/25.jpg)
Backup Slides
25
![Page 26: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/26.jpg)
One Intermediate Friend vs. Longer Relationship Paths
One intermediate friend Sufficient information available to users Privacy-preserving information sharing
Longer relationship paths Insufficient initial information Privacy-preserving information distribution & sharing
26
A
BA
E
C
F
B CD
A discovers that B is a common friend with C without knowing the other friends of C
Missing information
B?
E?
C
DF
DB
![Page 27: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/27.jpg)
Background – Private Set Intersection Protocol
27
DA
A D
Computation overhead
kA homomorphic encryptions (once per input set)kD homomorphic decryptions
O(kA + kD ln ln kA)exponentiations
Trusted Third party
≈
Freedman et al. Eurocrypt 04
No output
![Page 28: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/28.jpg)
Background-Private set intersection
Private set intersection [Freedman et al. Eurocrypt 07] Based on homomorphic encryption
Similar to public key encryption Some operations on plaintext are possible without the private key
28
A D
Computation overhead
kA homomorphic encryptions (once per input set)kD homomorphic decryptions
O(kA + kD ln ln kA)exponentiations
Communicationoverhead
kA + kD exchange of homomorphic ciphertexts
kA + kD exchange of homomorphic ciphertexts
![Page 29: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/29.jpg)
Complexities
29
Computation Communication
Token floodingO(F3 + 2 F1 . F2) hash computation
O(F3 + 2 F1 . F2) Hash exchange
Private path discovery
User A
F3A homomorphic encryptions
(once per input set)
F3D homomorphic decryptions
F3A + F3
D homomorphic ciphertexts exchange
User DO(F3
A + F3D ln ln F3
A)exponentiations
F3A + F3
D homomorphic ciphertexts exchange
FiX Number of relationship paths of distance ≤ i starting from user X
![Page 30: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/30.jpg)
Token Flooding Phase – Communication Overhead
30
102 104 106 108
1010
Communication overhead per user
1 MB10 MB
100 MB
![Page 31: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/31.jpg)
Path Discovery Phase – Communication Overhead
31
Communication overhead for both users involved in the discovery
102 104 106
108
![Page 32: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/32.jpg)
Basic Scheme – Privacy Leak Leakage of the relative positioning of users
After private path discovery phase with multiple users
32
A
C
B
E
D
F
Example topology
F
F
D
A’s perception of the social network topology
?
A
C
B
T 1=H(z|
|1),1
T2 =H(z||2),1
T3=H(T1||1),2
T4=H(T2||1),2T 7
=H(T 4||1),3
T8 =H(T
4 ||2),3
T 5=H(T 3
||1),3
T6 =H(T
3 ||2),3
?
?
?
?
?D
![Page 33: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/33.jpg)
Randomization Technique
33
A
C
B
E
D
FT 1=H( z|
|1|1 ) ,1
T2 =H(z||1||2),1
T3=H(T1||2||1 ) ,2T5=H(T1||3||1 ) T6=H(T1||3||2 )
T4=H(T2||2||1 ) ,2T7=H(T2||3||1 ) T8=H(T2||3||2 )
T 7,3
T8 ,3
T 6,3
T5 ,3
D
E
F
A
T 1=H
( z||
1|1 )
T5=H(T1||3||1 ) T 3
=H(T 1||
2||1 )
T6 =H(T
1 ||3||2)
T2 =H( z||1|2 ) T7=H(T5||3||1 )
T 4=H(T 5
||2||
1 )
T8 =H(T
5 ||3||2 )
B
C
D
F
EE
D
FHash TreeTokens Propagated
Received token Distance Count
![Page 34: 1 Privacy-Preserving Relationship Path Discovery in Social Networks Ghita Mezzour, Adrian Perrig, Virgil Gligor Carnegie Mellon University Panos Papadimitratos](https://reader037.vdocuments.site/reader037/viewer/2022110207/56649d5c5503460f94a3b01d/html5/thumbnails/34.jpg)
C
B
A
?
?
?
?
?
??
?
?
?
??
Privacy Analysis Leakage of the total num of paths with
d ≤ dmax of the other party No linkage among runs with different users
A
C
B
E
D
F F
C
B
FD
…
H(T1||2||2 )
H(T1 ||3||5)
H(T1||3||1 )
H(T 1||
2||1 )
T1
T2
T8
T4
T3
…
H(T9||2||2 )
H(T9 ||3||3)
H(T9||3||1 )
H(T 9||
2||1 )
T9
T10
T14
T12
T11
z
H( z||
2||1
)
H( z||1||2 )
F
F
D
D
D
Example topologyA’s perception of the
network topology Hash Tree