The Prom Problem: Fair and Privacy-Enhanced Matchmaking with Identity Linked Wishes

In the Prom Problem (TPP), Alice wishes to attend a school dance with Bob and needs a risk-free, privacy preserving way to find out whether Bob shares that same wish. If not, no one should know that she inquired about it, not even Bob. TPP represents a special class of matchmaking challenges, augmenting the properties of privacy-enhanced matchmaking, further requiring fairness and support for identity linked wishes (ILW) – wishes involving specific identities that are only valid if all involved parties have those same wishes. The Horne-Nair (HN) protocol was proposed as a solution to TPP along with a sample pseudo-code embodiment leveraging an untrusted matchmaker. Neither identities nor pseudo-identities are included in any messages or stored in the matchmaker’s database. Privacy relevant data stay within user control. A security analysis and proof-of-concept implementation validated the approach, fairness was quantified, and a feasibility analysis demonstrated practicality in real-world networks and systems, thereby bounding risk prior to incurring the full costs of development. The SecretMatch™ Prom app leverages one embodiment of the patented HN protocol to achieve privacy-enhanced and fair matchmaking with ILW. The endeavor led to practical lessons learned and recommendations for privacy engineering in an era of rapidly evolving privacy legislation. Next steps include design of SecretMatch™ apps for contexts like voting negotiations in legislative bodies and executive recruiting. The roadmap toward a quantum resistant SecretMatch™ began with design of a Hybrid Post-Quantum Horne-Nair (HPQHN) protocol. Future directions include enhancements to HPQHN, a fully Post Quantum HN protocol, and more

An Authenticated Privacy-Preserving Mobile Matchmaking Protocol Based on Social Connections with Friendship Ownership

The increase of mobile device use for social interaction drives the proliferation of online social applications. However, it prompts a series of security and existence problems. Some common problems are the authenticity of social contacts, the privacy of online communication, and the lack of physical interaction. This work presents mobile private matchmaking protocols that allow users to privately and immediately search the targets which match their planning purposes via mobile devices and wireless network. Based on social networks, the relationships of targets can be unlimited or limited to friends or friends of friends. It considers the privacy of users and the authenticity of friendships. The privacy means that no private information, except chosen targets, is leaked and the authenticity that signifies no forgery relationships can be successfully claimed. It applies to many applications such as searching for a person to talk to, to dine with, to play games with, or to see a movie with. The proposed scheme is demonstrated to be secure, effective, and efficient. The implementation of the proposed algorithms on Android system mobile devices allows users to securely find their target via mobile phones

PRUB: A Privacy Protection Friend Recommendation System Based on User Behavior

The fast developing social network is a double-edged sword. It remains a serious problem to provide users with excellent mobile social network services as well as protecting privacy data. Most popular social applications utilize behavior of users to build connection with people having similar behavior, thus improving user experience. However, many users do not want to share their certain behavioral information to the recommendation system. In this paper, we aim to design a secure friend recommendation system based on the user behavior, called PRUB. The system proposed aims at achieving fine-grained recommendation to friends who share some same characteristics without exposing the actual user behavior. We utilized the anonymous data from a Chinese ISP, which records the user browsing behavior, for 3 months to test our system. The experiment result shows that our system can achieve a remarkable recommendation goal and, at the same time, protect the privacy of the user behavior information

Privacy-Preserving Interest Matching for Mobile Social Networking

The success of online social networking has resulted in increased attention to mobile social networking research and applications. In mobile social networking, instead of looking for friends over the Internet, people look for friends who are physically located close and also based on other self-defined criteria. For example, a person could find other people who are nearby and who also share the same interests with her by using mobile social networking. As a result, they have common topics to talk about and may eventually become friends. There are two main approaches in the existing works. One approach focuses on efficiently establishing friendship and ignores the protection of private information of the participants. For example, some applications simply broadcast users’ personal information to everybody and rely on the other users to report the matches. From a privacy point of view, this approach is bad, since it makes the users vulnerable to context-aware attacks. The other approach requires a central server to participate in each matchmaking process. For example, an application deploys a central server, which stores the profile information of all users. When two nearby client devices query the central server at the same time, the central server fetches the profile information of both devices from the server’s database, performs matching based on the information, and reports the result back to the clients. However, a central server is not always available, so this approach does not scale. In addition, the central server not only learns all users’ personal information, it also learns which users become friends. This thesis proposes a privacy-preserving architecture for users to find potential friends with the same interests. The architecture has two matchmaking protocols to prevent privacy leaks. Our protocols let a user learn only the interests she has in common with the other party. One protocol is simpler, but works only if some assumptions hold. The other protocol is more secure, but requires longer execution time. Our architecture does not require any central server that is involved in the matchmaking process. We describe how the protocols work, analyze how secure the protocols are under different assumptions, and implement the protocols in a BlackBerry application. We test the efficiency of the protocols by conducting a number of experiments. We also consider the cheating-detection and friend-recognition problems

Emendation of Undesirable Attack on Multiparty Data Sharing With Anonymous Id Assignment Using AIDA Algorithm

Security is a state of being free from danger or threat. When someone finds the vulnerabilities and loopholes in a system without permission means the system lacks its security. Wherever a secure data sharing occurs between multiparty there would be the possibility for undesirable attacks. In a variety of application domains such as patient medical records, military applications, social networking, electronic voting, business and personal applications there is a great significance of anonymity. Using this system we can store our data as groups and also encrypt it with encryption key. Only the privileged person can see the data. The secure computation function widely used is secure sum that allows parties to compute the sum of their individual inputs without mentioning the inputs to one another. This function helps to characterize the complexities of the secure multiparty computation. Another algorithm for sharing simple integer data on top of secure sum is built. The sharing algorithm will be used at each iteration of this algorithm for anonymous ID assignment (AIDA). By this algorithm and certain security measures it is possible to have a system which is free from undesirable attacks. Keywords:Vulnerability, anonymity, encryption key, secure multiparty computation, AIDA

Trustworthy Edge Machine Learning: A Survey

The convergence of Edge Computing (EC) and Machine Learning (ML), known as Edge Machine Learning (EML), has become a highly regarded research area by utilizing distributed network resources to perform joint training and inference in a cooperative manner. However, EML faces various challenges due to resource constraints, heterogeneous network environments, and diverse service requirements of different applications, which together affect the trustworthiness of EML in the eyes of its stakeholders. This survey provides a comprehensive summary of definitions, attributes, frameworks, techniques, and solutions for trustworthy EML. Specifically, we first emphasize the importance of trustworthy EML within the context of Sixth-Generation (6G) networks. We then discuss the necessity of trustworthiness from the perspective of challenges encountered during deployment and real-world application scenarios. Subsequently, we provide a preliminary definition of trustworthy EML and explore its key attributes. Following this, we introduce fundamental frameworks and enabling technologies for trustworthy EML systems, and provide an in-depth literature review of the latest solutions to enhance trustworthiness of EML. Finally, we discuss corresponding research challenges and open issues.Comment: 27 pages, 7 figures, 10 table

Oblivious Handshakes and Sharing of Secrets of Privacy-Preserving Matching and Authentication Protocols

The objective of this research is focused on two of the most important privacy-preserving techniques: privacy-preserving element matching protocols and privacy-preserving credential authentication protocols, where an element represents the information generated by users themselves and a credential represents a group membership assigned from an independent central authority (CA). The former is also known as private set intersection (PSI) protocol and the latter is also known as secret handshake (SH) protocol. In this dissertation, I present a general framework for design of efficient and secure PSI and SH protocols based on similar message exchange and computing procedures to confirm “commonality” of their exchanged information, while protecting the information from each other when the commonalty test fails. I propose to use the homomorphic randomization function (HRF) to meet the privacy-preserving requirements, i.e., common element/credential can be computed efficiently based on homomorphism of the function and uncommon element/credential are difficult to derive because of the randomization of the same function. Based on the general framework two new PSI protocols with linear computing and communication cost are proposed. The first protocol uses full homomorphic randomization function as the cryptographic basis and the second one uses partial homomorphic randomization function. Both of them achieve element confidentiality and private set intersection. A new SH protocol is also designed based on the framework, which achieves unlinkability with a reusable pair of credential and pseudonym and least number of bilinear mapping operations. I also propose to interlock the proposed PSI protocols and SH protocol to design new protocols with new security properties. When a PSI protocol is executed first and the matched elements are associated with the credentials in a following SH protocol, authenticity is guaranteed on matched elements. When a SH protocol is executed first and the verified credentials is used in a following PSI protocol, detection resistance and impersonation attack resistance are guaranteed on matching elements. The proposed PSI and SH protocols are implemented to provide privacy-preserving inquiry matching service (PPIM) for social networking applications and privacy-preserving correlation service (PAC) of network security alerts. PPIM allows online social consumers to find partners with matched inquiries and verified group memberships without exposing any information to unmatched parties. PAC allows independent network alert sources to find the common alerts without unveiling their local network information to each other

Private set intersection: A systematic literature review

Secure Multi-party Computation (SMPC) is a family of protocols which allow some parties to compute a function on their private inputs, obtaining the output at the end and nothing more. In this work, we focus on a particular SMPC problem named Private Set Intersection (PSI). The challenge in PSI is how two or more parties can compute the intersection of their private input sets, while the elements that are not in the intersection remain private. This problem has attracted the attention of many researchers because of its wide variety of applications, contributing to the proliferation of many different approaches. Despite that, current PSI protocols still require heavy cryptographic assumptions that may be unrealistic in some scenarios. In this paper, we perform a Systematic Literature Review of PSI solutions, with the objective of analyzing the main scenarios where PSI has been studied and giving the reader a general taxonomy of the problem together with a general understanding of the most common tools used to solve it. We also analyze the performance using different metrics, trying to determine if PSI is mature enough to be used in realistic scenarios, identifying the pros and cons of each protocol and the remaining open problems.This work has been partially supported by the projects: BIGPrivDATA (UMA20-FEDERJA-082) from the FEDER Andalucía 2014– 2020 Program and SecTwin 5.0 funded by the Ministry of Science and Innovation, Spain, and the European Union (Next Generation EU) (TED2021-129830B-I00). The first author has been funded by the Spanish Ministry of Education under the National F.P.U. Program (FPU19/01118). Funding for open access charge: Universidad de Málaga/CBU