International Journal of Information Security

, Volume 12, Issue 1, pp 49–65 | Cite as

Private discovery of common social contacts

  • Emiliano De Cristofaro
  • Mark Manulis
  • Bertram Poettering
Special Issue Paper

Abstract

Digital services that are offered, and consumed, on the basis of social relationships form the backbone of social clouds—an emerging new concept that finds its roots in online social networks. The latter have already taken an essential role in people’s daily life, helping users to build and reflect their social relationships to other participants. A key step in establishing new links entails the reconciliation of shared contacts and friends. However, for many individuals, personal relationships belong to the private sphere, and, as such, should be concealed from potentially prying eyes of strangers. Consequently, the transition toward social clouds cannot set aside mechanisms to control the disclosure of social links. This paper motivates and introduces the concept of Private Discovery of Common Social Contacts, which allows two users to assess their social proximity through interaction and learn the set of contacts (e.g., friends) that are common to both users, while hiding contacts that they do not share. We realize private contact discovery using a new cryptographic primitive, called contact discovery scheme (CDS), whose functionality and privacy is formalized in this work. To this end, we define a novel privacy feature, called contact-hiding, that captures our strong privacy goals. We also propose the concept of contact certification and show that it is essential to thwart impersonation attacks on social relationships. We build provably private and realistically efficient CDS protocols for private discovery of mutual contacts. Our constructions do not rely on a trusted third party (TTP)—all contacts are managed independently by the users. The practicality of our proposals is confirmed both analytically and experimentally on different computing platforms. We show that they can be efficiently deployed on smartphones, thus allowing ad hoc and ubiquitous contact discovery outside of existing social networks. Our CDS constructions allow users to select their (certified) contacts to be included in individual protocol executions. That is, users may perform context-dependent contact discovery using any subset (circle) of their contacts.

Keywords

Common social contacts Social clouds Friend-of-friend detection Social PKI Privacy 

References

  1. 1.
    Ateniese, G., De Cristofaro, E., Tsudik, G.: (If) size matters: Size-hiding private set intersection. In: D. Catalano, N. Fazio, R. Gennaro, and A. Nicolosi (eds.) PKC 2011: 14th International Workshop on Theory and Practice in Public Key Cryptography, vol. 6571 of Lecture Notes in Computer Science, pp. 156–173. Taormina, Italy, March 6–9. Springer, Germany, Berlin (2011)Google Scholar
  2. 2.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Berlin (2003)Google Scholar
  3. 3.
    Chapman, P., Evans, D., Huang, Y., Koo, S.: Common Contacts–Privacy-preserving shared contact computation. http://www.mightbeevil.com/contacts/
  4. 4.
    Chiou, S.-Y., Chang, S.-Y., Sun, H.-M.: Common friends discovery with privacy and authenticity. In: IAS, pp. 337–340. IEEE Computer Society (2009)Google Scholar
  5. 5.
    Dachman-Soled, D., Malkin, T., Raykova, M., Yung, M.: Efficient robust private set intersection. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 09: 7th International Conference on Applied Cryptography and Network Security, vol. 5536 of Lecture Notes in Computer Science, pp. 125–142. Paris-Rocquencourt, France, June 2–5. Springer, Germany, Berlin (2009)Google Scholar
  6. 6.
    Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004)MATHGoogle Scholar
  7. 7.
    De Cristofaro, E., Kim, J., Tsudik, G.: Linear-complexity private set intersection protocols secure in malicious model. In: Abe, M. (ed.) Advances in Cryptology–ASIACRYPT, vol. 6477 of Lecture Notes in Computer Science, pp. 213–231. Singapore, December 5–9. Springer, Germany, Berlin (2010)Google Scholar
  8. 8.
    De Cristofaro, E., Manulis, M., Poettering, B.: Private discovery of common social contacts. In: Lopez, J., Tsudik, G. (eds.) ACNS 11: 9th International Conference on Applied Cryptography and Network Security, vol. 6715 of Lecture Notes in Computer Science, pp. 147–165, Nerja, Spain, June 7–10. Springer, Germany, Berlin (2011)Google Scholar
  9. 9.
    De Cristofaro, E., Tsudik, G.: Practical private set intersection protocols with linear complexity. In: Sion, R. (ed.), FC 2010: 14th International Conference on Financial Cryptography and Data Security, vol. 6052 of Lecture Notes in Computer Science, pp. 143–159. Tenerife, Canary Islands, Spain, January 25–28. Springer, Germany, Berlin (2010)Google Scholar
  10. 10.
    De Cristofaro, E., Jarecki, S., Kim, J., Tsudik, G.: Privacy-preserving policy-based information transfer. In: Goldberg, I., Atallah, M.J. (eds.) Privacy Enhancing Technologies, vol. 5672 of Lecture Notes in Computer Science, pp. 164–184. Springer, Berlin (2009)Google Scholar
  11. 11.
    Diehl, C.P., Namata, G., Getoor, L.: Relationship identification for social network discovery. In: AAAI, pp. 546–552. AAAI Press (2007)Google Scholar
  12. 12.
    Okamoto, E., Tanaka, K.: Key distribution system based on identification information. IEEE J. Sel. Areas Commun. 7(4), 481–485 (1989)CrossRefGoogle Scholar
  13. 13.
    Emerson, R.: Huffingtonpost: Facebook Users Expected To Pass 1 Billion In August 2012. http://www.huffingtonpost.com/2012/01/13/facebook-users-1-billion-icrossing_n_1204948.html, July 2012
  14. 14.
    Free Software Foundation. The GNU MP Bignum Library. http://gmplib.org/
  15. 15.
    Freedman, M.J., Nicolosi, A.: Efficient private techniques for verifying social proximity. IPTPS, In (2007)Google Scholar
  16. 16.
    Freedman, M.J., Nissim, K., Pinkas, B.: Efficient private matching and set intersection. In: Cachin, C., Camenisch, J. (eds.) Advances in Cryptology–EUROCRYPT 2004, vol. 3027 of Lecture Notes in Computer Science, pp. 1–19. Interlaken, Switzerland, May 2–6. Springer, Germany, Berlin (2004)Google Scholar
  17. 17.
    Gennaro, R., Krawczyk, H., Rabin, T.: Okamoto-Tanaka revisited: Fully authenticated Diffie-Hellman with minimal overhead. Cryptology ePrint Archive, Report 2010/068, 2010. http://eprint.iacr.org/2010/068.pdf
  18. 18.
    Gennaro, R., Krawczyk, H., Rabin, T.: Okamoto-Tanaka revisited: Fully authenticated Diffie-Hellman with minimal overhead. In: Zhou, J., Yung, M. (eds.) ACNS 10: 8th International Conference on Applied Cryptography and Network Security, vol. 6123 of Lecture Notes in Computer Science, pp. 309–328, Beijing, China, June 22–25. Springer, Germany, Berlin (2010)Google Scholar
  19. 19.
    Google Inc. Google+. http://plus.google.com
  20. 20.
    Hazay, C., Lindell, Y.: Efficient protocols for set intersection and pattern matching with security against malicious and covert adversaries. In: Canetti, R. (ed.) TCC 2008: 5th Theory of Cryptography Conference, vol. 4948 of Lecture Notes in Computer Science, pp. 155–175. San Francisco, CA, USA, March 19–21. Springer, Germany, Berlin (2008)Google Scholar
  21. 21.
    Hazay, C., Nissim, K.: Efficient set operations in the presence of malicious adversaries. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010: 13th International Conference on Theory and Practice of Public Key Cryptography, vol. 6056 of Lecture Notes in Computer Science, pp. 312–331. Paris, France, May 26–28. Springer, Germany, Berlin (2010)Google Scholar
  22. 22.
    Huang, Y., Chapman, P., Evans, D.: Privacy-preserving applications on smartphones. In: 6th USENIX Workshop on Hot Topics in, Security (2011)Google Scholar
  23. 23.
    Jarecki, S., Kim, J., Tsudik, G.: Beyond secret handshakes: Affiliation-hiding authenticated key exchange. In: Tal M. (ed.), Topics in Cryptology–CT-RSA 2008, vol. 4964 of Lecture Notes in Computer Science, pp. 352–369. San Francisco, CA, USA, April 7–11. Springer, Germany, Berlin (2008)Google Scholar
  24. 24.
    Jarecki, S., Liu, X.: Efficient oblivious pseudorandom function with applications to adaptive OT and secure computation of set intersection. In: Reingold, O. (ed.) TCC 2009: 6th Theory of Cryptography Conference, vol. 5444 of Lecture Notes in Computer Science, pp. 577–594. Springer, Berlin, Germany, March 15–17, 2009Google Scholar
  25. 25.
    Jarecki, S., Liu, X.: Fast secure computation of set intersection. In: Garay, J.A., De Prisco, R. (eds.) SCN 10: 7th International Conference on Security in Communication Networks, vol. 6280 of Lecture Notes in Computer Science, pp. 418–435. Amalfi, Italy, September 13–15. Springer, Germany, Berlin (2010)Google Scholar
  26. 26.
    Kissner, L., Song, D.: Privacy-preserving set operations. In: Shoup, V. (ed.) Advances in Cryptology–CRYPTO 2005, vol. 3621 of Lecture Notes in Computer Science, pp. 241–257, Santa Barbara, CA, USA, August 14–18. Springer, Germany, Berlin (2005)Google Scholar
  27. 27.
    Korolova, A., Motwani, R., Nabar, S.U., Xu, Y.: Link privacy in social networks. In: ICDE, pp. 1355–1357. IEEE (2008)Google Scholar
  28. 28.
    Korolova, A., Motwani, R., Nabar, S.U., Xu, Y.: Link privacy in social networks. In: Shanahan, J.G., Amer-Yahia, S., Manolescu, I., Zhang, Y., Evans, D.A., Kolcz, A., Choi, K.-S., Chowdhury, A. (eds.) CIKM, pp. 289–298. ACM (2008)Google Scholar
  29. 29.
    Krawczyk, H.: SIGMA: The “SIGn-and-MAc” approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.), Advances in Cryptology—CRYPTO 2003, vol. 2729 of Lecture Notes in Computer Science, pp. 400–425, Santa Barbara, CA, USA, August 17–21. Springer. Germany, Berlin (2003)Google Scholar
  30. 30.
    LinkedIn. Press center - about us. http://press.linkedin.com/about, July 2012
  31. 31.
    Manulis, M., Pinkas, B., Poettering, B.: Privacy-preserving group discovery with linear complexity. In: Zhou, J., Yung, M. (eds.) ACNS 10: 8th International Conference on Applied Cryptography and Network Security, vol. 6123 of Lecture Notes in Computer Science, pp. 420–437, Beijing, China, June 22–25. Springer, Germany, Berlin (2010)Google Scholar
  32. 32.
    Manulis, M., Poettering, B., Tsudik, G.: Taming big brother ambitions: More privacy for secret handshakes. In Atallah, M.J., Hopper, N.J. (eds) Privacy Enhancing Technologies, vol. 6205 of Lecture Notes in Computer Science, pp. 149–165. Springer (2010)Google Scholar
  33. 33.
    Manulis, M., Poettering, B.: Practical affiliation-hiding authentication from improved polynomial interpolation. In: ASIACCS, pp. 286–295 (2011) Google Scholar
  34. 34.
    Schatzman, M.: Numerical Analysis: A Mathematical Introduction. Clarendon Press, Oxford (2002)Google Scholar
  35. 35.
    Goldreich, O., Rosen, V.: On the security of modular exponentiation with application to the construction of pseudorandom generators. J. Cryptol. 16(2), 71–93 (2003)MathSciNetCrossRefMATHGoogle Scholar
  36. 36.
    Okamoto, E.: Key distribution systems based on identification information. In: Pomerance, C. (ed.) Advances in Cryptology—CRYPTO ’87, vol. 293 of Lecture Notes in Computer Science, pp. 194–202, Santa Barbara, CA, USA, August 16–20. Springer, Germany, Berlin (1988)Google Scholar
  37. 37.
    Pons, P., Latapy, M.: Computing communities in large networks using random walks. J. Graph Algorithms Appl. 10(2), 191–218 (2006)MathSciNetCrossRefMATHGoogle Scholar
  38. 38.
    Poettering, B.: Privacy protection for authentication protocols. PhD thesis 2012. http://tuprints.ulb.tu-darmstadt.de/2867
  39. 39.
    von Arb, M., Bader, M., Kuhn, M., Wattenhofer, R.: Veneta: Serverless friend-of-friend detection in mobile social networking. In: WiMob, pp. 184–189. IEEE (2008)Google Scholar
  40. 40.
    Yao, A.C.-C.: How to generate and exchange secrets (extended abstract). In: FOCS, pp. 162–167. IEEE Computer Society (1986)Google Scholar
  41. 41.
    Yu, P.S., Han, J., Faloutsos, C.: Link Mining: Models, Algorithms, and Applications. Springer, Berlin (2010)CrossRefGoogle Scholar
  42. 42.
    Zhelevam, E., Getoor, L., Golbeck, J., Kuter, U.: Using friendship ties and family circles for link prediction. In: Giles, C.L., Smith, M., Yen, J., Zhang, H. (eds.) SNAKDD, vol. 5498 of Lecture Notes in Computer Science, pp. 97–113. Springer (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Emiliano De Cristofaro
    • 1
  • Mark Manulis
    • 2
  • Bertram Poettering
    • 3
  1. 1.Palo Alto Research Center (PARC) Palo AltoUSA
  2. 2.Department of ComputingUniversity of Surrey SurreyUnited Kingdom
  3. 3.ISG, Royal HollowayUniversity of London SurreyUnited Kingdom

Personalised recommendations