Secure and Privacy-aware Matchmaking in Mobile Social Network

Abstract

Recent advancements in the technology have almost completely changed the traditional means of communications. People use the Internet and their hand-held devices for a variety of services such as location-based services, social gaming, creating and distributing social gatherings and meetup information, finding old friends and even making new friends online. Online social network (OSN) such as Twitter, Facebook, QQ, and LinkedIn (to name a few) enable users to connect, share and exchange information. Mobile social network (MSN) is a subset of OSN where people use their mobile devices to connect with each other. There are various types of MSN such as proximity-based MSN, encounter-based MSN, and event-based MSN (to name a few).

Profile matchmaking is one of the famous applications of MSN. In this application, users share their personal profiles and interests in order to find the similarity between them. The more similar profiles means more chances of users to become friends with each other. However, the revelation of personal information poses significant privacy threats. An attacker can use this information for harassment as well as for stalking. The attacker can be an outsider as well as an insider. Therefore, the matchmaking between users is needed to be performed in a secure and privacy preserving manner.

Many schemes have been presented in order to find privacy preserving matchmaking. However, these schemes inherent many drawbacks. Most of the proposed schemes employ one of the three paradigms i.e. centralized, decentralized or hybrid. The centralized schemes suffer from the trusted third party (TTP) assumption, single point of failure and performance bottleneck issues. Distributed schemes suffer from unsolved conflict between users due to the absence of a conflict resolver. A malicious user can easily cheat and run away in such environment. Hybrid schemes try to combine the benefits of centralized and decentralized schemes but still prone to various security and privacy attacks. This dissertation aims to provide secure and privacy preserving matchmaking in the aforementioned environments. First, we present a privacy preserving matchmaking solution for encounter-based MSN using a cloud-based server. We efficiently avoid the single point of failure and performance bottleneck issues by proposing the cloud-based centralized server. Moreover, the trust assumption on the centralized server is reduced to an honest-but-curious behavior. The users, who share an earlier encounter, anonymously access the cloud-based server and use it as a bullet-in board in order to find each other and perform the matchmaking. No information other than the matched interests is revealed to the users running the matchmaking protocol. Neither the server nor the other participants of the system know any personal information of user. The performance evaluation shows the effective performance of the protocol in encounter-based MSN scenario and functional improvements over the other existing approaches. Second, we provide a privacy preserving matchmaking solution for a completely distributed environment. Additionally, the protocol considers the associated priorities of the interests. The fine-grained evaluation enables a user to find the best match among a number of candidate users. The protocol allows a user to use any number of priority levels without any performance degradation. The protocol eliminates the need of a conflict resolver in such an environment by enabling the users to exchange information and compute matchmaking gradually. The protocol defines various privacy levels that reveal increasing information about the results of matchmaking. Moreover, in case a malicious behavior is detected by a user, he/she can immediately terminate the protocol. The protocol uses fresh keying material in order to prevent Sybil attacks. The performance evaluation shows only a linear and acceptable increase in computational time for increasing number of interests and associated priorities. Furthermore, the security analysis shows the robustness of the protocol against various security and privacy related attacks. Third, we introduce a hybrid protocol that combines the benefits of centralized and distributed schemes by employing a server only for the user identity verification and conflict resolution. The matchmaking is completely performed on users' devices. The protocol presents novel privacy attacks in a hybrid environment and proposes an efficient solution. The security analysis shows the resilience of our protocol against both the passive and active attacks. The experimental results show the effectiveness of the protocol without any significant performance degradation in comparison with existing approaches.