Annual Computer Security Applications Conference (ACSAC) 2013

Full Program »

Do I know You? - Efficient and Privacy-Preserving Common Friend-Finder Protocols and Applications

The increasing penetration of, and reliance on, Online Social Networks (OSNs) prompts the need for effectively accessing and utilizing social networking information. In numerous applications, users need to make trust and/or access control decisions involving other (possibly stranger) users, and one important factor is often the existence of common social relationships. This motivates the need for secure and privacy-preserving techniques letting users assess whether or not they have mutual friends.
This paper presents the design and the implementation of the Common Friends service, a framework for finding common friends, which protects privacy of non-mutual friends and guarantees authenticity of friendships. We present a generic construction that reduces to secure computation of set intersection, while ensuring authenticity of announced friends via bearer capabilities. We also propose an efficient instantiation, based on Bloom filters, that only incurs a constant number of public-key operations and appreciably low communication overhead.
Our framework is designed so that developers can easily integrate the Common Friends service into their applications, e.g., to enforce access control based on users' social proximity in a privacy-preserving manner. Finally, we showcase our techniques in the context of an existing application for sharing (tethered) Internet connections, whereby users decide to share depending on the existence of common friends. A comprehensive experimental evaluation also attests to the practicality of proposed techniques.

Author(s):

Marcin Nagy    
Aalto University
Finland

Emiliano De Cristofaro    
PARC (a Xerox Company)
United States

Alexandra Dmitrienko    
Fraunhofer SIT/CASED
Germany

N. Asokan    
University of Helsinki
Finland

Ahmad-Reza Sadeghi    
TU Darmstadt/CASED
Germany

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC