research article prub: a privacy protection friend recommendation system based...
TRANSCRIPT
Research ArticlePRUB A Privacy Protection Friend Recommendation SystemBased on User Behavior
Wei Jiang Ruijin Wang Zhiyuan Xu Yaodong Huang Shuo Chang and Zhiguang Qin
University of Electronic Science and Technology of China Chengdu 611731 China
Correspondence should be addressed to Ruijin Wang 124355850qqcom
Received 13 February 2016 Accepted 2 August 2016
Academic Editor Salvatore Alfonzetti
Copyright copy 2016 Wei Jiang et alThis is an open access article distributed under theCreative CommonsAttribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited
The fast developing social network is a double-edged sword It remains a serious problem to provide users with excellent mobilesocial network services as well as protecting privacy data Most popular social applications utilize behavior of users to buildconnection with people having similar behavior thus improving user experience However many users do not want to share theircertain behavioral information to the recommendation system In this paper we aim to design a secure friend recommendationsystem based on the user behavior called PRUB The system proposed aims at achieving fine-grained recommendation to friendswho share some same characteristics without exposing the actual user behavior We utilized the anonymous data from a ChineseISP which records the user browsing behavior for 3 months to test our system The experiment result shows that our system canachieve a remarkable recommendation goal and at the same time protect the privacy of the user behavior information
1 Introduction
We are now embracing the era of the mobile social networkThis network connects people with similar interests and char-acteristics through mobile devices like smartphones tabletsand so forth Users on a mobile social networks platformcan share their states convenientlyThemobile social networkplatform is an open platform it is established on the base ofactual social relationship anddeveloped by further expandingthe social circle Aiming at recommending new links for eachuser almost all the mobile social networking systems providea service to recommend friends Considering the fact thatthe size of the network grows exponentially many serviceproviders and researchers are trying to import distributedmanagement to implement a recommendation system asa way to ease the pressure of services on a centralizedmanagement system [1] and improve user experience at thesame time
The recommendation system can achieve a promisingresult using the information of user behavior [2] Howeversome of the information contains personal privacy data andusers are unwilling to share their certain behavioral infor-mation to others They prefer to exchange their informationwith people who share common interests instead of all the
strangers Particularly in the distributed systems becausethere are no regulators in the interactive process the privacysecurity will be a problemThus ldquohow to realize high qualityrecommendation as well as protecting the privacy of userbehavior information of the userrdquo is becoming a researchhotspot [3ndash5]
To solve these problems we design a secure friend recom-mendation system based on the user behavior called PRUBThis system aims at achieving fine-grained recommendationto friends who share common interests without exposing theactual user behavior PRUB provides a modified matchingprotocol and authorization protocol to ensure the security ofuser behavior information in the hybrid management whichcombines the centralized and distributed management
PRUB works mainly in two steps The first step is to real-ize the coarse friend recommendation The authenticationserver classifies users using the KNN classification algorithmwhich is based on user behavior information such as usersrsquobrowsing records and returns friend recommendation resultbased on peoplewho share the same interests as the usersThesecond step is to realize the fine-grained friend recommenda-tion Each user uses coarse grained friend recommendationon similarity calculation using the matching protocol If thesimilarity degree is greater than the user defined threshold
Hindawi Publishing CorporationMathematical Problems in EngineeringVolume 2016 Article ID 8575187 12 pageshttpdxdoiorg10115520168575187
2 Mathematical Problems in Engineering
PRUB adds the person to the fine-grained friend recommen-dation list
This paper aims to make the following contributions(1) We present a hybrid management architecture
according to the mobile social networks platformcharacteristics easing the pressure from the serverand improving the user experience
(2) We propose a privacy supported matching proto-col Utilizing the usersrsquo behavior it can realize thepersonalized instead of the blindly recommendedresult At the same time the protocol ensures personalprivacy security users can protect their own sensitiveinformation and avoid exposing it to all the strangerson the platform
(3) We define a security model and theoretically analyzethe security of our protocol We aim to prove that ourprotocol can defend against attack in the position ofinitiator and matching target respectively
To evaluate our system PRUB we utilize anonymous datafrom aChinese ISP which records the user browsing behaviorfor 3 months The experiment result shows that our systemcan achieve a fine-grained recommendation and protect theprivacy of the user behavior information at the same time
The rest of the paper is organized as follows Section 2 dis-cusses related works Section 3 provides the system overviewof PRUB The secure matching protocol is discussed inSection 4 Section 5 analyzes the security of the system Theexperiment result is presented in Section 6 We conclude ourwork in Section 7
2 Related Works
Corresponding to the structure of the mobile social networkthere are three application patterns for friend recommenda-tion centralized management distributed management andhybrid management
CentralizedManagement In this pattern all the user informa-tion is stored on the central server As a trusted third partythe central server manages the whole system and handlesall the processes Users only need to access the server usinga mobile client and they can acquire the desired serviceThe central server will complete the characters matchingand return the recommended friend list to the users [8]Throughout the process there is no interaction between theusers In the centralized management the central serverholds all the information about user characteristics It caneffectively protect the user privacy through enhancing theserver security However the server cannot be accessed atany time this depends on the network conditions Thususer experience decreases under unstable network conditionApart from this not all the users are willing to deliver theirbehavior information to server providers especially somepersonal privacy information Some server providers mayutilize the information for illegal activities [9]
DistributedManagement In distributed social networks dataare stored and handled at the local clients and users can
directly interact with each other Clients broadcast theirown information and receive information of others at thesame time and then match characteristics based on theinformation to discover target users In this pattern thewholerecommendation process can be realized among clientswithout any server participation [10] This pattern certainlyrelieves the pressure of the server However clients mayunintentionally publish some unnecessary information evenuser privacy [11] In the distributed system the interactionprocess lacks control and fails to ensure the security of therecommendation processMany researchers presented securematching protocols to avoid the shortage such as [12] itutilizes Shamir secret dividing to complete matching
Hybrid Management In order to integrate the advantages ofcentralized and distributed management some researcherspresented hybrid management [13] In this pattern userscould interact directly but during the process of matchingappropriate server control is required such as storing tem-porary data and arbitrationThe hybrid management patterncan reduce the server stress and provide security mechanismas well The problem for researchers is how to minimizethe information provided by users how to realize securematching with server involvement as little as possible andhow to realize arbitration using minimal user informationand ensure accuracy [14]
Our recommendation system PRUB is built on the hybridmanagement Matching protocols is the core of hybrid man-agement users can find some friends who share commoninterests such as common browsing habits and also protecttheir private information The process of matching can beregarded as PSI (private set intersection) problem or PCSI(private cardinality of set intersection) problem [15] Cur-rently the popular resolution algorithm can be categorizedinto three types
Matching Protocol Based on Commutative Encryption Func-tion Agrawal et al [7] presented a commutative encryptionprotocol to solve PSIPCSI problem It used a pair of encryp-tion functions 119891 and 119892 and 119891(119892(119909)) = 119892(119891(119909)) the propertyof each function is that the encrypted result is independentof the calculation order such as 119891
119890(119909) = 119909119890 mod119901 where 119901
is safe prime This protocol is secure under the hypothesis ofDDH (Decisional Diffie-Hellman) hypothesis and only oneof the participators knows the intersection the other cannotacquire anything However this protocol cannot defendagainst malicious attacks
Von Arb et al [16] presented a social platform VENETAbased on the algorithm of Agrawal et al They rely on aconstruction based on commutative encryption Comparedto Agrawal et al they assume that the attack cannot causeany serious damage A victim only reveals a contact he waswilling to share without getting this information in returnVENETA enables two users to calculate the intersection oftheir characters in a certain range If it successfully matchesbetween two users VENETA will recommend this strangerto the user
Xie and Hengartner [6] presented a matching protocolin mobile social networks The protocol adds signature
Mathematical Problems in Engineering 3
verification to property elements this paper shows thatAgrawal et al proved that given the Decisional Diffie-Hellman (DDH) hypothesis ⟨119883
119894 119891119890(119883
119894) 119884
119895 119891119890(119884119895)⟩ for fixed
values of 119894 and 119895 with 119891119890(119909) = 119909119890 is indistinguishable from
⟨119883119894 119891119890(119883
119894) 119884
119895 119885⟩ when 119890 is not givenThey prove that these
certificates are sent across an encrypted channel so a passiveeavesdropper cannot learn Alicersquos or Bobrsquos interests Thusattackers cannot reorder all the segments and propertieseasily thus avoiding counterfeit and scanning attacks
In [17] a new efficient solution to Yaorsquosmillionairesrsquo prob-lembased on symmetric cryptography is constructed and theprivacy-preserving property of the solution is demonstratedby a well-accepted simulation paradigm It proposes a newsecurity paradigm that quantitatively captures the securitylevels of different solutions The paper proposes an idealmodel with a trusted third party Alice and Bob have 119909 and119910 they want privately to compute functionality 119891(119909 119910) =(1198911(119909 119910) 119891
2(119909 119910)) with the help of a trusted third party
At the end of the protocol Alice (Bob) obtains 1198911(119909 119910)
1198912(119909 119910) without leaking 119909(119910) The ideal model provides the
best possible security of secure multiparty computations andits security level is the highest level compared with thatany secure multiparty computation solution can achieveTheauthors of [17] use the following to judge whether Protocol 120587
1
is more secure than Protocol 1205872
1198671205871
(119909 | 1198912(119909 119910))
1198671205872
(119909 | 1198912(119909 119910))
gt 1
or1198671205871
(119910 | 1198911(119909 119910))
1198671205872
(119910 | 1198911(119909 119910))
gt 1
or both hold
(1)
They concluded that the new solution was as secure as boththe ideal secure multiparty computation solution and Yaorsquossolution In this paper the solution provided in [17] enablesXOR operating in commutative encryption function butit greatly increases the calculation costs and decreases thesecurity of the system
Matching Protocol Based on Linear PolynomialThe paper [15]presented FNP protocol which transforms properties intolinear polynomial and uses the character of homomorphy tohandle the encrypted coefficients In the exchange processone side is the client and the other is the server For eachinput property of the client it only knows whether theproperty belongs to the server and cannot acquire any otherinformation Meanwhile the server cannot get any otherinput information from the client
Kissner and Song [18] used a polynomial to representmultiple collections Taking advantage of polynomial andaddition homomorphy function it realizes the secure oper-ation of intersection union and complementation Thisprotocol can be applied against semihonest attacks and thesetechniques can be applied to a wide range of practicalproblems This paper has an important feature of privacy-preserving multiset operations which can be composed andenable a wide range of applications The authors of [18] use
the following grammar to compute the output of any functionover the multisets
119884 = 119904|Rdd(119884)| 119884 cap 119884|119904 cup 119884|119884 cup 119904 They construct analgorithm for computing the polynomial representation ofoperations on sets including union intersection and ele-ment reduction And they extend these techniques includingintersection and element reduction with a trusted third partyto encrypted polynomials allowing secure implementation ofour techniques without a trusted third party Dachman-Soledet al [19] presented a PSI protocol which can be applied fordefending against malicious users They also use the polyno-mial coefficient to represent properties and use Shamir SecretShare to dividing coefficient for realizing higher security
Lu et al [20] put forward Secure Handshake with symp-tom-matching and deployed the matching protocol intodisease monitoring Their system enables patients who havethe same symptoms to communicate and share informationThe core of their algorithm is the feature of bilinear matchingfunction In this system model they consider a typicalmHealthcare social network (MHSN) which consists oftrusted authority (TA) at eHealth center and a large numberof mobile patients As the patient health condition is verysensitive to the patient himselfherself therefore it is essentialthat the privacy of PHI should be controlled by the patientin a MHSN environment so they develop a secure same-symptom-based handshake (SSH) scheme It consists ofthese algorithms system setup patient joining and patientrsquossame-symptom-basedhandshaking (PatientsSSH)Thepapershows the employed identity-based encryption
119862
=
1198621= 119903 (119875pub + 119867 (pid) 119875) where 119903 119877
larr997888 119885lowast119902
1198622= 119890 (119875119867
0(119879)) 119903 sdot 119873 119879 is specific triage
(2)
The identity-based encryption (IBE) should be semanticsecurity (indistinguishable) under selective-PID-symptomsand chosen-plaintext attacks In this paper let IBE be a secureencryption scheme with security parameter 119897 and define theadvantage probability of 119860 to be an INDsPS-CPA adversaryagainst IBE It is very important in the random oracle model
AdvIND-sPS-CPAIBE119860 (119897) = 2 sdot Pr [ExpIND-sPS-CPA
IBE119860 (119897) = 1] minus 1
= 2 sdot Pr [119887 = 1198871015840] minus 1(3)
In this paper SSH is of vital importance to the success ofMHSN but this algorithm can be only applied to matchingsingle property and it is difficult to extend it into multiprop-erties
Matching Protocol Based on PseudorandomNumberThis pro-tocol is firstly presented in [21] Hazay and Lindell designeda PSI protocol in order to defend against different attacksand ensure the operating efficiency at the same time Thepseudorandom number is used for encryption In this paperthe protocols for securely computing the set intersectionfunctionality are based on secure pseudorandom functionevaluations in contrast to previous protocols This paper
4 Mathematical Problems in Engineering
proposed Secure Pattern Matching 119865PM was used to addressthe question of how to securely compute the above basicpattern matching functionality
((119879119898) 119901)
997891997888rarr
(120582 119894 | 119879119894= 119901) if 1003816100381610038161003816119901
1003816100381610038161003816 le 119898
(120582 119894 | 119879119894= 119901
1sdot sdot sdot 119901
119898) otherwise
(4)
This protocol is presented for securely computing 119865PMin the presence of malicious adversaries with one-sidedsimulatability And specific properties of the Naor-Reingoldpseudorandom function and the protocol120587PRF for computingtheNaor-Reingold function are utilizedThe following is usedinstead of the corrupted party 119901
1computing and sending the
set
(119894 119892119894= prod
log119873119895=1
119886
(119894)119895
119898+119895)119873minus119898+1
119894=1
(5)
So the Naor-Reingold pseudorandom function will achievehigh efficiency
Yang et al [22] designed a distributed mobile social net-work E-SmallTalker It utilizes Bloom filter as the store struc-ture of properties and calculates the intersection throughseveral rounds of iteration with pseudorandom functionE-SmallTalker can reduce the storage space effectively andprevent interactive users from acquiring more informationbesides the common properties It requires no data serviceslike Internet access and exchanges user information betweentwo phones and performs matching locally Yang et al buildon the Bluetooth Service Discovery Protocol (SDP) to searchfor nearby E-SmallTalker users And the iterative Bloom filter(IBF) they proposed is to encode user information data isencoded in a bit string to address SDP attributesrsquo size limitThis system architecture includes four software componentscontext data store context encoding and matching contextexchange and user interface (UI)The authors of [22] devise amultiround protocol to achieve the desired false-positive rate119891 with a minimum total amount of transmission given theconstraints imposed by the implementation of Bluetooth SDPand the quantitative measurement of the false-positive rate isdefined by the following formula 119891 = (1 minus (1 minus 1119898)119896119899)119896 asymp
(1 minus 119890minus119896119899119898)119896 So this paperrsquos approach was efficient incomputation and communication
3 PRUB System Overview
The PRUB system is based on users browsing behavior torecommend related friends with similar behavior and activi-ties The system adopts the hybrid management architecturementioned aboveThe system consists of several users severalsmartphones one verification server (VS) and several anchorservers (AS) The basic structure is shown in Figure 1
31 Users Every user who wants to use our system to findfriends with similar behavior should have a smartphoneand install our application The application will collect users
VS
MSN
MSN
middot middot middot
Figure 1 PRUB system structure
browsing histories and classify them into several catalogsThe value of each catalog is defined as properties andcharacteristic of the user The users should sign up with anaccount to use the service
To test the security of our system we define some kindsof abnormal users The first kind of abnormal users will nottry to break protocols of the network They only want toobtain some privacy data of other users by analyzing theinformation they obtain from the recommendation resultThe way they are trying to do this is defined as passive attackThese users are called semihonest users Another kind ofusers who are trying to attack actively is called malicioususers For getting more information of other users they donot obey the protocols and even try to break down the wholesystem Somemethods of attacking are to send fake messagesor terminate an agreement before it finishes
32 Smartphones The smartphones which have installedour application are also part of the system The applicationsaves the personal information of the user including hisherID properties private key and public key The smartphoneshould have some computability in order to compute somesecure information The smartphones of the users formmobile social networks (MSNs)
33 Verification Server (VS) The user should register on theverification server before heshe obtains the recommendationdata The application will send the encrypted userrsquos personalinformation to the VS to get the ID and a pair of RSA keysWhen verifying the userrsquos ID and properties the applicationwill send the username and the public key to VS the VSgenerates a random number and then sends the randomnumber to the userrsquos application The application will utilizethe properties (119883
1 119883
2 119883
119898) to get Attr = (119883
1)119886
(1198832)119886 sdot sdot sdot (119883
119899)119886 and send the ID to the VS The VS
uses its private key to get signvs(ID Attr) and sends itback to the userrsquos application In order to prevent abnormalusers from changing their properties to obtain othersrsquo privateinformation the VS can bind the user with its properties andsignature certification
34 Anchor Server (AS) The anchor servers are used toconnect several MSNs The user can register on several
Mathematical Problems in Engineering 5
Client 119860 Server 119861(1) Get client private key 119909generate a prime 119901Original root 119892 of 119901
119892119909 mod 119901997888997888997888997888997888997888997888rarr
(2) Generate a randomnumber 119877
1 get server
private key 119910(1198771)119892119909119910 119892119910 mod 119901
larr997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Get client sign 119879
Hash(1198791198771)997888997888997888997888997888997888997888997888rarr
(4) Calculate the Hashand compare with 119860rsquoscalculation
Box 1 One-way authentication protocol
Client 119860 Client 119861(1) Get client privatekey 119909 generate a prime119901 and random number 119877
2
1198772 119892119909 mod 119901
997888997888997888997888997888997888997888997888997888rarr(2) Get server private key 119910
119892119910[(119892119909119892119910)119870minus1
119887
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877
2
and compared withthe 119877
2which 119860 produced
[(119892119909119892119910)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(4) 119861 calculate 119892119910 119892119909 and1198772then compared with
what 119861 received in step (2)
Box 2 Mutual authentication protocol
differentMSNs and theAS transmits information to the usersfrom different MSNs
4 Secure Matching Protocol
One-Way Authentication Protocol In the beginning of estab-lishing the interaction communication channel between VSand the user VS utilizes one-way authentication protocol toauthenticate the identity of the userThe protocol is describedin Box 1
After the interaction about setting identity and randomidentification the protocol can realize the identificationbetween dual direction key and one-way entity throughverifying hash value It achieves forward secrecy and non-repudiation and can defend the man-in-the-middle attacksincluding replay attack reflection attack prophecy attackand interleaving attack
Mutual Authentication Protocol This protocol is used tomutually authenticate the pairing of interaction when
establishing the channel The protocol is described in Box 2where 119870
119860= 119892119909 mod119901 119870
119861= 119892119910 mod119901 and 119870
119860119861=
119892119909119910 mod119901Our mutual authentication protocol is developed on the
basis of STS workstation protocol After adding the identityand using a random number timestamp the identification iscompleted This protocol can also be used to defend man-in-the-middle attack
Matching Protocol In order to achieve fine-grained friendrecommendation the similarity of common properties withcoarse grained recommendation is calculated The mutualprotocol must be done before matching The protocol ispresented as shown in Box 3
Attr119860= (119883
1)119886 (119883
2)119886 sdot sdot sdot (119883
119899)119886 Attr
119894= (119884
1198941)119887
(1198841198942)119887 sdot sdot sdot (119884
119894119899)119887 and 119894 denotes all the users that are
recommended to 119860 Attr1015840119860= (119883119886
1198971
)119887 (119883119886
1198972
)119887 sdot sdot sdot (119883119886
119897119898
)119887
and Attr1015840119894= (119884119887
1198941198951
)119886 (1198841198871198941198952
)119886 sdot sdot sdot (119884119887119894119895119899
)119886
6 Mathematical Problems in Engineering
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is a random among which 119897
1 1198972 119897
119898is a random
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 3 Matching protocol
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is an ordered among which 119897
1 1198972 119897
119898is an ordered
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 4 Attribute exchange protocol
The core of the matching protocol is the principle ofcommutative encryption of messages Pairing of interactionacquires the amount of common properties through twoencrypted comparisons of each property
Meanwhile the confusing operation is added to ensurethe equity and security In the last step common propertiesof both sides are compared if they do notmatch thenwe turninto arbitration
Common Property Exchange Protocol This protocol is usedfor pairing of users to exchange the detail of common prop-erties The mutual protocol must be done before exchangingproperties Box 4 shows this protocol
The core of this protocol is also the commutative encryp-tion but it does not include a confusing operation Pairingof interaction can get the detail of properties by the number
Similarly common properties of both sides are compared inthe last step and hencewe decide whether to have arbitration
5 Security Principles
In this section we evaluate the security of the pro-posed scheme under the security protocols we proposed inSection 4 Our protocols are designed based on the Dolev-Yao security model [23]
51 Definitions
Definition 1 (ignorable function) Function 119910 119873 rarr 119877 is anignorable function when forall polynomial 119901 exist119899 isin 119873 forall119896 gt 119899
0 le 119910 (119896) lt1
119901 (119896) (6)
Mathematical Problems in Engineering 7
User A VS
gx mod p
(R1)gxy gy mod p
Hash(IDA R1)
Figure 2 One-way authentication protocol
Definition 2 (probabilistic polynomial (PP)) A language 119871 isin PP if and only if there exists a probabilistic Turingmachine119872 such that
119872 runs for polynomial time on all inputsfor all 119909 in 119871 119872 outputs 1 with probability strictlygreater than 12for all 119909 not in 119871 M outputs 1 with probability lessthan or equal to 12
Definition 3 (computationally indistinguishable) Probabilitycollectives 119883
119899 and 119884
119899 are computationally indistinguish-
able if exist probabilistic polynomial Turing machine 119863 a largeenough integer 119899 and any polynomial 119901
1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]
1003816100381610038161003816 lt1
119901 (119899) (7)
For 119863 119883119899 and 119884
119899 are the same 119863 cannot get any
information of 119883119899 from 119884
119899 and vice versa
Definition 4 (Decisional Diffie-Hellman (DDH) hypothesis)119902 is a prime number 119866
119902is a cycle group ordered 119902 and 119892 is a
generator of119866119902 And hence 119886 119887 119888 isin
119877119885119902 The distributions of
(119892 119892119886 119892119887 119892119886119887) and (119892 119892119886 119892119887 119892119888) are computationally indis-tinguishable
52 Security Analysis The system security faces a num-ber of threats such as man-in-the-middle attack passivewiretapping property modification and malicious match byabnormal users We analyze four threats on our system
521 Man-in-the-Middle Attack The user should register onthe VS first VS matches the properties and sends back thecoarse recommendation result The system implements theone-way authentication protocol to defend against the man-in-the-middle attack The process is shown in Figure 2
The fine-grained friend recommendation of our system isbased on matching protocol based on commutative encryp-tion function In order to defend against the man-in-the-middle attack we implement mutual authentication protocolwhen the communication channel is establishedThe processis shown in Figure 3
One-way authentication protocol achieves the bidirec-tional key and unidirectional entity confirmation Mutualauthentication protocol achieves the bidirectional key andbidirectional entity confirmation They complete forwardsecrecy and nonrepudiation which can defend against basicman-in-the-middle attacks including replay attack reflectionattack and interleaving attack
User A User B
gxKab = gxy mod n
gy gx gykminus1119887
k119886119887
gx gykminus1119886 k119886119887
Figure 3 Mutual authentication protocol
522 Passive Wiretapping Passive wiretapping is whenattackers are trying to obtain users information throughthe communication channel The register process when VSis matching the properties and sending back the coarserecommendation result is threatened by passive wiretapping
To avoid passive wiretapping the system uses encryptedproperties Key agreement in the authentication protocolswill encrypt the value of the properties which will efficientlydefend against passive wiretapping
Communication channelrsquos general model shown inFigure 4 shows that the source is discrete and memorylesswith entropy 119867
119904 The ldquomain channelrdquo and the ldquowiretap
channelrdquo are discrete memoryless channels with transitionprobabilities 119876
119872(sdot | sdot) and 119876
119908(sdot | sdot) The source and the
transition probabilities 119876119872
and 119876119908are given and fixed The
encoder as shown in the figure is a channel with the 119870vector 119878119870 as input and the 119873 vector 119883119873 as output Thevector 119883119873 is in turn the input to the main channel Themain channel output and the wiretap channel input are 119884119873The wiretap channel output is 119885119873 The decoder associatesa 119870 vector 119870 with 119884119873 and the error probablity 119875
119890=
(1119870)sum119870
119896=1Pr119878119870 =
119870
The source sends a data sequence1198781 1198782 which consists of independent copies of the binary
random variable 119878 where Pr119878 = 0 = Pr119878 = 1 = 12 Theencoder examines the first119870 source bits 119878119870 = (119878
1 119878
119896) and
encodes 119878119870 into a binary119873 vector119883119873 = (1198831 119883
119873)119883119873 in
turn is transmitted perfectly to the decoder via the noiselesschannel and is transformed into a binary data stream
119870
=
(1
119896) for the delivery to the destinationThewiretapper
observes the encoded vector119883119873 through a binary symmetricchannel with crossover probability 119875
0(0 lt 119875
0le 12) The
corresponding output at the wiretap is119885119873 = (1198851 119885
119873) so
that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =
(1 minus 1198750)120575119909 119911 + 119875
0(1 minus 120575119909 119911)) with Δ Δ
= (1119870)119867(119878119870 | 119885119873)and the transmission rate is 119870119867
119878119873 source bits per channel
input symbolAs shown in Figure 5 Alice and Bob communicate with
each other The transmission probability is 119875119884119885119883
(119910 119911119909)Supposing that the channel has no memory the transmissionprobability of length of sequence 119899 is
119875(119884119899119885119899
119883119899) =
119899
prod119894=1
119875119884119885119883
(119910119894119911119894
119909119894
) (8)
Alice sends a commonmessage1198720to Bob and Eve and sends
a private message to Bob The codeword 119860(21198991198770 21198991198771 119899) isdefined by these
8 Mathematical Problems in Engineering
Source Encoder Main channel Decoder
Wire-tap channel
SK XN YN
OM
sk
OW
ZN
Figure 4 Communication channel general model
Bob
Decoder
Eve
Decoder
XN
YN
ZN
P(y zx)
Alice
EncoderM0
M1
m0
m0
m1
Figure 5 Secret information
(1) 1198720= 1 2 21198991198770 and119872
1= 1 2 21198991198771
(2) An encoding function 119891119899 119872
0times 119872
1rarr 120594119899 (119898
0
1198981) isin 119872
0119872
1 119883119899 isin 120594119899
(3) Two decoding functions 119892119899 119884119899 rarr 119872
0times 119872
1and
ℎ119899 119885119899 rarr119872
0 119884119899 get (
0
1) 119885119899 get
0
Attackers get the signal M1rsquos with uncertainty
(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for
any 120576 gt 0 the set of rate (1198770 119877
1 119877
119890) should satisfy
119875 [119892119899(119884119899) = (119872
0119872
1) or ℎ
119899(119885119899) = 119872
0] lt 120576
reliable condition
1
119899119867(
1198721
119885119899) ge 119877
119890minus 120576
Conditions of confidentiality
(9)
523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification
Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860
and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as
similarity = cos (120579) = (119860) sdot997888119881 (119861)
100381610038161003816100381610038161003816
997888119881 (119860)
100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816
997888119881 (119861)
100381610038161003816100381610038161003816
(10)
The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity
Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873
119894 is the set of users 119895 such that there
exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors
of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873
119895 In order to have amodel with asymmetric links
the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881
119861and the set of good users by119881
119866 It holds
that 119881119861cap 119881
119866= 0 and 119881
119861cup 119881
119866= 119881 We will be using the
term type of a user for the property of being good or bad (seeFigure 6)
Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
2 Mathematical Problems in Engineering
PRUB adds the person to the fine-grained friend recommen-dation list
This paper aims to make the following contributions(1) We present a hybrid management architecture
according to the mobile social networks platformcharacteristics easing the pressure from the serverand improving the user experience
(2) We propose a privacy supported matching proto-col Utilizing the usersrsquo behavior it can realize thepersonalized instead of the blindly recommendedresult At the same time the protocol ensures personalprivacy security users can protect their own sensitiveinformation and avoid exposing it to all the strangerson the platform
(3) We define a security model and theoretically analyzethe security of our protocol We aim to prove that ourprotocol can defend against attack in the position ofinitiator and matching target respectively
To evaluate our system PRUB we utilize anonymous datafrom aChinese ISP which records the user browsing behaviorfor 3 months The experiment result shows that our systemcan achieve a fine-grained recommendation and protect theprivacy of the user behavior information at the same time
The rest of the paper is organized as follows Section 2 dis-cusses related works Section 3 provides the system overviewof PRUB The secure matching protocol is discussed inSection 4 Section 5 analyzes the security of the system Theexperiment result is presented in Section 6 We conclude ourwork in Section 7
2 Related Works
Corresponding to the structure of the mobile social networkthere are three application patterns for friend recommenda-tion centralized management distributed management andhybrid management
CentralizedManagement In this pattern all the user informa-tion is stored on the central server As a trusted third partythe central server manages the whole system and handlesall the processes Users only need to access the server usinga mobile client and they can acquire the desired serviceThe central server will complete the characters matchingand return the recommended friend list to the users [8]Throughout the process there is no interaction between theusers In the centralized management the central serverholds all the information about user characteristics It caneffectively protect the user privacy through enhancing theserver security However the server cannot be accessed atany time this depends on the network conditions Thususer experience decreases under unstable network conditionApart from this not all the users are willing to deliver theirbehavior information to server providers especially somepersonal privacy information Some server providers mayutilize the information for illegal activities [9]
DistributedManagement In distributed social networks dataare stored and handled at the local clients and users can
directly interact with each other Clients broadcast theirown information and receive information of others at thesame time and then match characteristics based on theinformation to discover target users In this pattern thewholerecommendation process can be realized among clientswithout any server participation [10] This pattern certainlyrelieves the pressure of the server However clients mayunintentionally publish some unnecessary information evenuser privacy [11] In the distributed system the interactionprocess lacks control and fails to ensure the security of therecommendation processMany researchers presented securematching protocols to avoid the shortage such as [12] itutilizes Shamir secret dividing to complete matching
Hybrid Management In order to integrate the advantages ofcentralized and distributed management some researcherspresented hybrid management [13] In this pattern userscould interact directly but during the process of matchingappropriate server control is required such as storing tem-porary data and arbitrationThe hybrid management patterncan reduce the server stress and provide security mechanismas well The problem for researchers is how to minimizethe information provided by users how to realize securematching with server involvement as little as possible andhow to realize arbitration using minimal user informationand ensure accuracy [14]
Our recommendation system PRUB is built on the hybridmanagement Matching protocols is the core of hybrid man-agement users can find some friends who share commoninterests such as common browsing habits and also protecttheir private information The process of matching can beregarded as PSI (private set intersection) problem or PCSI(private cardinality of set intersection) problem [15] Cur-rently the popular resolution algorithm can be categorizedinto three types
Matching Protocol Based on Commutative Encryption Func-tion Agrawal et al [7] presented a commutative encryptionprotocol to solve PSIPCSI problem It used a pair of encryp-tion functions 119891 and 119892 and 119891(119892(119909)) = 119892(119891(119909)) the propertyof each function is that the encrypted result is independentof the calculation order such as 119891
119890(119909) = 119909119890 mod119901 where 119901
is safe prime This protocol is secure under the hypothesis ofDDH (Decisional Diffie-Hellman) hypothesis and only oneof the participators knows the intersection the other cannotacquire anything However this protocol cannot defendagainst malicious attacks
Von Arb et al [16] presented a social platform VENETAbased on the algorithm of Agrawal et al They rely on aconstruction based on commutative encryption Comparedto Agrawal et al they assume that the attack cannot causeany serious damage A victim only reveals a contact he waswilling to share without getting this information in returnVENETA enables two users to calculate the intersection oftheir characters in a certain range If it successfully matchesbetween two users VENETA will recommend this strangerto the user
Xie and Hengartner [6] presented a matching protocolin mobile social networks The protocol adds signature
Mathematical Problems in Engineering 3
verification to property elements this paper shows thatAgrawal et al proved that given the Decisional Diffie-Hellman (DDH) hypothesis ⟨119883
119894 119891119890(119883
119894) 119884
119895 119891119890(119884119895)⟩ for fixed
values of 119894 and 119895 with 119891119890(119909) = 119909119890 is indistinguishable from
⟨119883119894 119891119890(119883
119894) 119884
119895 119885⟩ when 119890 is not givenThey prove that these
certificates are sent across an encrypted channel so a passiveeavesdropper cannot learn Alicersquos or Bobrsquos interests Thusattackers cannot reorder all the segments and propertieseasily thus avoiding counterfeit and scanning attacks
In [17] a new efficient solution to Yaorsquosmillionairesrsquo prob-lembased on symmetric cryptography is constructed and theprivacy-preserving property of the solution is demonstratedby a well-accepted simulation paradigm It proposes a newsecurity paradigm that quantitatively captures the securitylevels of different solutions The paper proposes an idealmodel with a trusted third party Alice and Bob have 119909 and119910 they want privately to compute functionality 119891(119909 119910) =(1198911(119909 119910) 119891
2(119909 119910)) with the help of a trusted third party
At the end of the protocol Alice (Bob) obtains 1198911(119909 119910)
1198912(119909 119910) without leaking 119909(119910) The ideal model provides the
best possible security of secure multiparty computations andits security level is the highest level compared with thatany secure multiparty computation solution can achieveTheauthors of [17] use the following to judge whether Protocol 120587
1
is more secure than Protocol 1205872
1198671205871
(119909 | 1198912(119909 119910))
1198671205872
(119909 | 1198912(119909 119910))
gt 1
or1198671205871
(119910 | 1198911(119909 119910))
1198671205872
(119910 | 1198911(119909 119910))
gt 1
or both hold
(1)
They concluded that the new solution was as secure as boththe ideal secure multiparty computation solution and Yaorsquossolution In this paper the solution provided in [17] enablesXOR operating in commutative encryption function butit greatly increases the calculation costs and decreases thesecurity of the system
Matching Protocol Based on Linear PolynomialThe paper [15]presented FNP protocol which transforms properties intolinear polynomial and uses the character of homomorphy tohandle the encrypted coefficients In the exchange processone side is the client and the other is the server For eachinput property of the client it only knows whether theproperty belongs to the server and cannot acquire any otherinformation Meanwhile the server cannot get any otherinput information from the client
Kissner and Song [18] used a polynomial to representmultiple collections Taking advantage of polynomial andaddition homomorphy function it realizes the secure oper-ation of intersection union and complementation Thisprotocol can be applied against semihonest attacks and thesetechniques can be applied to a wide range of practicalproblems This paper has an important feature of privacy-preserving multiset operations which can be composed andenable a wide range of applications The authors of [18] use
the following grammar to compute the output of any functionover the multisets
119884 = 119904|Rdd(119884)| 119884 cap 119884|119904 cup 119884|119884 cup 119904 They construct analgorithm for computing the polynomial representation ofoperations on sets including union intersection and ele-ment reduction And they extend these techniques includingintersection and element reduction with a trusted third partyto encrypted polynomials allowing secure implementation ofour techniques without a trusted third party Dachman-Soledet al [19] presented a PSI protocol which can be applied fordefending against malicious users They also use the polyno-mial coefficient to represent properties and use Shamir SecretShare to dividing coefficient for realizing higher security
Lu et al [20] put forward Secure Handshake with symp-tom-matching and deployed the matching protocol intodisease monitoring Their system enables patients who havethe same symptoms to communicate and share informationThe core of their algorithm is the feature of bilinear matchingfunction In this system model they consider a typicalmHealthcare social network (MHSN) which consists oftrusted authority (TA) at eHealth center and a large numberof mobile patients As the patient health condition is verysensitive to the patient himselfherself therefore it is essentialthat the privacy of PHI should be controlled by the patientin a MHSN environment so they develop a secure same-symptom-based handshake (SSH) scheme It consists ofthese algorithms system setup patient joining and patientrsquossame-symptom-basedhandshaking (PatientsSSH)Thepapershows the employed identity-based encryption
119862
=
1198621= 119903 (119875pub + 119867 (pid) 119875) where 119903 119877
larr997888 119885lowast119902
1198622= 119890 (119875119867
0(119879)) 119903 sdot 119873 119879 is specific triage
(2)
The identity-based encryption (IBE) should be semanticsecurity (indistinguishable) under selective-PID-symptomsand chosen-plaintext attacks In this paper let IBE be a secureencryption scheme with security parameter 119897 and define theadvantage probability of 119860 to be an INDsPS-CPA adversaryagainst IBE It is very important in the random oracle model
AdvIND-sPS-CPAIBE119860 (119897) = 2 sdot Pr [ExpIND-sPS-CPA
IBE119860 (119897) = 1] minus 1
= 2 sdot Pr [119887 = 1198871015840] minus 1(3)
In this paper SSH is of vital importance to the success ofMHSN but this algorithm can be only applied to matchingsingle property and it is difficult to extend it into multiprop-erties
Matching Protocol Based on PseudorandomNumberThis pro-tocol is firstly presented in [21] Hazay and Lindell designeda PSI protocol in order to defend against different attacksand ensure the operating efficiency at the same time Thepseudorandom number is used for encryption In this paperthe protocols for securely computing the set intersectionfunctionality are based on secure pseudorandom functionevaluations in contrast to previous protocols This paper
4 Mathematical Problems in Engineering
proposed Secure Pattern Matching 119865PM was used to addressthe question of how to securely compute the above basicpattern matching functionality
((119879119898) 119901)
997891997888rarr
(120582 119894 | 119879119894= 119901) if 1003816100381610038161003816119901
1003816100381610038161003816 le 119898
(120582 119894 | 119879119894= 119901
1sdot sdot sdot 119901
119898) otherwise
(4)
This protocol is presented for securely computing 119865PMin the presence of malicious adversaries with one-sidedsimulatability And specific properties of the Naor-Reingoldpseudorandom function and the protocol120587PRF for computingtheNaor-Reingold function are utilizedThe following is usedinstead of the corrupted party 119901
1computing and sending the
set
(119894 119892119894= prod
log119873119895=1
119886
(119894)119895
119898+119895)119873minus119898+1
119894=1
(5)
So the Naor-Reingold pseudorandom function will achievehigh efficiency
Yang et al [22] designed a distributed mobile social net-work E-SmallTalker It utilizes Bloom filter as the store struc-ture of properties and calculates the intersection throughseveral rounds of iteration with pseudorandom functionE-SmallTalker can reduce the storage space effectively andprevent interactive users from acquiring more informationbesides the common properties It requires no data serviceslike Internet access and exchanges user information betweentwo phones and performs matching locally Yang et al buildon the Bluetooth Service Discovery Protocol (SDP) to searchfor nearby E-SmallTalker users And the iterative Bloom filter(IBF) they proposed is to encode user information data isencoded in a bit string to address SDP attributesrsquo size limitThis system architecture includes four software componentscontext data store context encoding and matching contextexchange and user interface (UI)The authors of [22] devise amultiround protocol to achieve the desired false-positive rate119891 with a minimum total amount of transmission given theconstraints imposed by the implementation of Bluetooth SDPand the quantitative measurement of the false-positive rate isdefined by the following formula 119891 = (1 minus (1 minus 1119898)119896119899)119896 asymp
(1 minus 119890minus119896119899119898)119896 So this paperrsquos approach was efficient incomputation and communication
3 PRUB System Overview
The PRUB system is based on users browsing behavior torecommend related friends with similar behavior and activi-ties The system adopts the hybrid management architecturementioned aboveThe system consists of several users severalsmartphones one verification server (VS) and several anchorservers (AS) The basic structure is shown in Figure 1
31 Users Every user who wants to use our system to findfriends with similar behavior should have a smartphoneand install our application The application will collect users
VS
MSN
MSN
middot middot middot
Figure 1 PRUB system structure
browsing histories and classify them into several catalogsThe value of each catalog is defined as properties andcharacteristic of the user The users should sign up with anaccount to use the service
To test the security of our system we define some kindsof abnormal users The first kind of abnormal users will nottry to break protocols of the network They only want toobtain some privacy data of other users by analyzing theinformation they obtain from the recommendation resultThe way they are trying to do this is defined as passive attackThese users are called semihonest users Another kind ofusers who are trying to attack actively is called malicioususers For getting more information of other users they donot obey the protocols and even try to break down the wholesystem Somemethods of attacking are to send fake messagesor terminate an agreement before it finishes
32 Smartphones The smartphones which have installedour application are also part of the system The applicationsaves the personal information of the user including hisherID properties private key and public key The smartphoneshould have some computability in order to compute somesecure information The smartphones of the users formmobile social networks (MSNs)
33 Verification Server (VS) The user should register on theverification server before heshe obtains the recommendationdata The application will send the encrypted userrsquos personalinformation to the VS to get the ID and a pair of RSA keysWhen verifying the userrsquos ID and properties the applicationwill send the username and the public key to VS the VSgenerates a random number and then sends the randomnumber to the userrsquos application The application will utilizethe properties (119883
1 119883
2 119883
119898) to get Attr = (119883
1)119886
(1198832)119886 sdot sdot sdot (119883
119899)119886 and send the ID to the VS The VS
uses its private key to get signvs(ID Attr) and sends itback to the userrsquos application In order to prevent abnormalusers from changing their properties to obtain othersrsquo privateinformation the VS can bind the user with its properties andsignature certification
34 Anchor Server (AS) The anchor servers are used toconnect several MSNs The user can register on several
Mathematical Problems in Engineering 5
Client 119860 Server 119861(1) Get client private key 119909generate a prime 119901Original root 119892 of 119901
119892119909 mod 119901997888997888997888997888997888997888997888rarr
(2) Generate a randomnumber 119877
1 get server
private key 119910(1198771)119892119909119910 119892119910 mod 119901
larr997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Get client sign 119879
Hash(1198791198771)997888997888997888997888997888997888997888997888rarr
(4) Calculate the Hashand compare with 119860rsquoscalculation
Box 1 One-way authentication protocol
Client 119860 Client 119861(1) Get client privatekey 119909 generate a prime119901 and random number 119877
2
1198772 119892119909 mod 119901
997888997888997888997888997888997888997888997888997888rarr(2) Get server private key 119910
119892119910[(119892119909119892119910)119870minus1
119887
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877
2
and compared withthe 119877
2which 119860 produced
[(119892119909119892119910)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(4) 119861 calculate 119892119910 119892119909 and1198772then compared with
what 119861 received in step (2)
Box 2 Mutual authentication protocol
differentMSNs and theAS transmits information to the usersfrom different MSNs
4 Secure Matching Protocol
One-Way Authentication Protocol In the beginning of estab-lishing the interaction communication channel between VSand the user VS utilizes one-way authentication protocol toauthenticate the identity of the userThe protocol is describedin Box 1
After the interaction about setting identity and randomidentification the protocol can realize the identificationbetween dual direction key and one-way entity throughverifying hash value It achieves forward secrecy and non-repudiation and can defend the man-in-the-middle attacksincluding replay attack reflection attack prophecy attackand interleaving attack
Mutual Authentication Protocol This protocol is used tomutually authenticate the pairing of interaction when
establishing the channel The protocol is described in Box 2where 119870
119860= 119892119909 mod119901 119870
119861= 119892119910 mod119901 and 119870
119860119861=
119892119909119910 mod119901Our mutual authentication protocol is developed on the
basis of STS workstation protocol After adding the identityand using a random number timestamp the identification iscompleted This protocol can also be used to defend man-in-the-middle attack
Matching Protocol In order to achieve fine-grained friendrecommendation the similarity of common properties withcoarse grained recommendation is calculated The mutualprotocol must be done before matching The protocol ispresented as shown in Box 3
Attr119860= (119883
1)119886 (119883
2)119886 sdot sdot sdot (119883
119899)119886 Attr
119894= (119884
1198941)119887
(1198841198942)119887 sdot sdot sdot (119884
119894119899)119887 and 119894 denotes all the users that are
recommended to 119860 Attr1015840119860= (119883119886
1198971
)119887 (119883119886
1198972
)119887 sdot sdot sdot (119883119886
119897119898
)119887
and Attr1015840119894= (119884119887
1198941198951
)119886 (1198841198871198941198952
)119886 sdot sdot sdot (119884119887119894119895119899
)119886
6 Mathematical Problems in Engineering
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is a random among which 119897
1 1198972 119897
119898is a random
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 3 Matching protocol
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is an ordered among which 119897
1 1198972 119897
119898is an ordered
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 4 Attribute exchange protocol
The core of the matching protocol is the principle ofcommutative encryption of messages Pairing of interactionacquires the amount of common properties through twoencrypted comparisons of each property
Meanwhile the confusing operation is added to ensurethe equity and security In the last step common propertiesof both sides are compared if they do notmatch thenwe turninto arbitration
Common Property Exchange Protocol This protocol is usedfor pairing of users to exchange the detail of common prop-erties The mutual protocol must be done before exchangingproperties Box 4 shows this protocol
The core of this protocol is also the commutative encryp-tion but it does not include a confusing operation Pairingof interaction can get the detail of properties by the number
Similarly common properties of both sides are compared inthe last step and hencewe decide whether to have arbitration
5 Security Principles
In this section we evaluate the security of the pro-posed scheme under the security protocols we proposed inSection 4 Our protocols are designed based on the Dolev-Yao security model [23]
51 Definitions
Definition 1 (ignorable function) Function 119910 119873 rarr 119877 is anignorable function when forall polynomial 119901 exist119899 isin 119873 forall119896 gt 119899
0 le 119910 (119896) lt1
119901 (119896) (6)
Mathematical Problems in Engineering 7
User A VS
gx mod p
(R1)gxy gy mod p
Hash(IDA R1)
Figure 2 One-way authentication protocol
Definition 2 (probabilistic polynomial (PP)) A language 119871 isin PP if and only if there exists a probabilistic Turingmachine119872 such that
119872 runs for polynomial time on all inputsfor all 119909 in 119871 119872 outputs 1 with probability strictlygreater than 12for all 119909 not in 119871 M outputs 1 with probability lessthan or equal to 12
Definition 3 (computationally indistinguishable) Probabilitycollectives 119883
119899 and 119884
119899 are computationally indistinguish-
able if exist probabilistic polynomial Turing machine 119863 a largeenough integer 119899 and any polynomial 119901
1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]
1003816100381610038161003816 lt1
119901 (119899) (7)
For 119863 119883119899 and 119884
119899 are the same 119863 cannot get any
information of 119883119899 from 119884
119899 and vice versa
Definition 4 (Decisional Diffie-Hellman (DDH) hypothesis)119902 is a prime number 119866
119902is a cycle group ordered 119902 and 119892 is a
generator of119866119902 And hence 119886 119887 119888 isin
119877119885119902 The distributions of
(119892 119892119886 119892119887 119892119886119887) and (119892 119892119886 119892119887 119892119888) are computationally indis-tinguishable
52 Security Analysis The system security faces a num-ber of threats such as man-in-the-middle attack passivewiretapping property modification and malicious match byabnormal users We analyze four threats on our system
521 Man-in-the-Middle Attack The user should register onthe VS first VS matches the properties and sends back thecoarse recommendation result The system implements theone-way authentication protocol to defend against the man-in-the-middle attack The process is shown in Figure 2
The fine-grained friend recommendation of our system isbased on matching protocol based on commutative encryp-tion function In order to defend against the man-in-the-middle attack we implement mutual authentication protocolwhen the communication channel is establishedThe processis shown in Figure 3
One-way authentication protocol achieves the bidirec-tional key and unidirectional entity confirmation Mutualauthentication protocol achieves the bidirectional key andbidirectional entity confirmation They complete forwardsecrecy and nonrepudiation which can defend against basicman-in-the-middle attacks including replay attack reflectionattack and interleaving attack
User A User B
gxKab = gxy mod n
gy gx gykminus1119887
k119886119887
gx gykminus1119886 k119886119887
Figure 3 Mutual authentication protocol
522 Passive Wiretapping Passive wiretapping is whenattackers are trying to obtain users information throughthe communication channel The register process when VSis matching the properties and sending back the coarserecommendation result is threatened by passive wiretapping
To avoid passive wiretapping the system uses encryptedproperties Key agreement in the authentication protocolswill encrypt the value of the properties which will efficientlydefend against passive wiretapping
Communication channelrsquos general model shown inFigure 4 shows that the source is discrete and memorylesswith entropy 119867
119904 The ldquomain channelrdquo and the ldquowiretap
channelrdquo are discrete memoryless channels with transitionprobabilities 119876
119872(sdot | sdot) and 119876
119908(sdot | sdot) The source and the
transition probabilities 119876119872
and 119876119908are given and fixed The
encoder as shown in the figure is a channel with the 119870vector 119878119870 as input and the 119873 vector 119883119873 as output Thevector 119883119873 is in turn the input to the main channel Themain channel output and the wiretap channel input are 119884119873The wiretap channel output is 119885119873 The decoder associatesa 119870 vector 119870 with 119884119873 and the error probablity 119875
119890=
(1119870)sum119870
119896=1Pr119878119870 =
119870
The source sends a data sequence1198781 1198782 which consists of independent copies of the binary
random variable 119878 where Pr119878 = 0 = Pr119878 = 1 = 12 Theencoder examines the first119870 source bits 119878119870 = (119878
1 119878
119896) and
encodes 119878119870 into a binary119873 vector119883119873 = (1198831 119883
119873)119883119873 in
turn is transmitted perfectly to the decoder via the noiselesschannel and is transformed into a binary data stream
119870
=
(1
119896) for the delivery to the destinationThewiretapper
observes the encoded vector119883119873 through a binary symmetricchannel with crossover probability 119875
0(0 lt 119875
0le 12) The
corresponding output at the wiretap is119885119873 = (1198851 119885
119873) so
that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =
(1 minus 1198750)120575119909 119911 + 119875
0(1 minus 120575119909 119911)) with Δ Δ
= (1119870)119867(119878119870 | 119885119873)and the transmission rate is 119870119867
119878119873 source bits per channel
input symbolAs shown in Figure 5 Alice and Bob communicate with
each other The transmission probability is 119875119884119885119883
(119910 119911119909)Supposing that the channel has no memory the transmissionprobability of length of sequence 119899 is
119875(119884119899119885119899
119883119899) =
119899
prod119894=1
119875119884119885119883
(119910119894119911119894
119909119894
) (8)
Alice sends a commonmessage1198720to Bob and Eve and sends
a private message to Bob The codeword 119860(21198991198770 21198991198771 119899) isdefined by these
8 Mathematical Problems in Engineering
Source Encoder Main channel Decoder
Wire-tap channel
SK XN YN
OM
sk
OW
ZN
Figure 4 Communication channel general model
Bob
Decoder
Eve
Decoder
XN
YN
ZN
P(y zx)
Alice
EncoderM0
M1
m0
m0
m1
Figure 5 Secret information
(1) 1198720= 1 2 21198991198770 and119872
1= 1 2 21198991198771
(2) An encoding function 119891119899 119872
0times 119872
1rarr 120594119899 (119898
0
1198981) isin 119872
0119872
1 119883119899 isin 120594119899
(3) Two decoding functions 119892119899 119884119899 rarr 119872
0times 119872
1and
ℎ119899 119885119899 rarr119872
0 119884119899 get (
0
1) 119885119899 get
0
Attackers get the signal M1rsquos with uncertainty
(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for
any 120576 gt 0 the set of rate (1198770 119877
1 119877
119890) should satisfy
119875 [119892119899(119884119899) = (119872
0119872
1) or ℎ
119899(119885119899) = 119872
0] lt 120576
reliable condition
1
119899119867(
1198721
119885119899) ge 119877
119890minus 120576
Conditions of confidentiality
(9)
523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification
Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860
and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as
similarity = cos (120579) = (119860) sdot997888119881 (119861)
100381610038161003816100381610038161003816
997888119881 (119860)
100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816
997888119881 (119861)
100381610038161003816100381610038161003816
(10)
The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity
Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873
119894 is the set of users 119895 such that there
exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors
of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873
119895 In order to have amodel with asymmetric links
the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881
119861and the set of good users by119881
119866 It holds
that 119881119861cap 119881
119866= 0 and 119881
119861cup 119881
119866= 119881 We will be using the
term type of a user for the property of being good or bad (seeFigure 6)
Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 3
verification to property elements this paper shows thatAgrawal et al proved that given the Decisional Diffie-Hellman (DDH) hypothesis ⟨119883
119894 119891119890(119883
119894) 119884
119895 119891119890(119884119895)⟩ for fixed
values of 119894 and 119895 with 119891119890(119909) = 119909119890 is indistinguishable from
⟨119883119894 119891119890(119883
119894) 119884
119895 119885⟩ when 119890 is not givenThey prove that these
certificates are sent across an encrypted channel so a passiveeavesdropper cannot learn Alicersquos or Bobrsquos interests Thusattackers cannot reorder all the segments and propertieseasily thus avoiding counterfeit and scanning attacks
In [17] a new efficient solution to Yaorsquosmillionairesrsquo prob-lembased on symmetric cryptography is constructed and theprivacy-preserving property of the solution is demonstratedby a well-accepted simulation paradigm It proposes a newsecurity paradigm that quantitatively captures the securitylevels of different solutions The paper proposes an idealmodel with a trusted third party Alice and Bob have 119909 and119910 they want privately to compute functionality 119891(119909 119910) =(1198911(119909 119910) 119891
2(119909 119910)) with the help of a trusted third party
At the end of the protocol Alice (Bob) obtains 1198911(119909 119910)
1198912(119909 119910) without leaking 119909(119910) The ideal model provides the
best possible security of secure multiparty computations andits security level is the highest level compared with thatany secure multiparty computation solution can achieveTheauthors of [17] use the following to judge whether Protocol 120587
1
is more secure than Protocol 1205872
1198671205871
(119909 | 1198912(119909 119910))
1198671205872
(119909 | 1198912(119909 119910))
gt 1
or1198671205871
(119910 | 1198911(119909 119910))
1198671205872
(119910 | 1198911(119909 119910))
gt 1
or both hold
(1)
They concluded that the new solution was as secure as boththe ideal secure multiparty computation solution and Yaorsquossolution In this paper the solution provided in [17] enablesXOR operating in commutative encryption function butit greatly increases the calculation costs and decreases thesecurity of the system
Matching Protocol Based on Linear PolynomialThe paper [15]presented FNP protocol which transforms properties intolinear polynomial and uses the character of homomorphy tohandle the encrypted coefficients In the exchange processone side is the client and the other is the server For eachinput property of the client it only knows whether theproperty belongs to the server and cannot acquire any otherinformation Meanwhile the server cannot get any otherinput information from the client
Kissner and Song [18] used a polynomial to representmultiple collections Taking advantage of polynomial andaddition homomorphy function it realizes the secure oper-ation of intersection union and complementation Thisprotocol can be applied against semihonest attacks and thesetechniques can be applied to a wide range of practicalproblems This paper has an important feature of privacy-preserving multiset operations which can be composed andenable a wide range of applications The authors of [18] use
the following grammar to compute the output of any functionover the multisets
119884 = 119904|Rdd(119884)| 119884 cap 119884|119904 cup 119884|119884 cup 119904 They construct analgorithm for computing the polynomial representation ofoperations on sets including union intersection and ele-ment reduction And they extend these techniques includingintersection and element reduction with a trusted third partyto encrypted polynomials allowing secure implementation ofour techniques without a trusted third party Dachman-Soledet al [19] presented a PSI protocol which can be applied fordefending against malicious users They also use the polyno-mial coefficient to represent properties and use Shamir SecretShare to dividing coefficient for realizing higher security
Lu et al [20] put forward Secure Handshake with symp-tom-matching and deployed the matching protocol intodisease monitoring Their system enables patients who havethe same symptoms to communicate and share informationThe core of their algorithm is the feature of bilinear matchingfunction In this system model they consider a typicalmHealthcare social network (MHSN) which consists oftrusted authority (TA) at eHealth center and a large numberof mobile patients As the patient health condition is verysensitive to the patient himselfherself therefore it is essentialthat the privacy of PHI should be controlled by the patientin a MHSN environment so they develop a secure same-symptom-based handshake (SSH) scheme It consists ofthese algorithms system setup patient joining and patientrsquossame-symptom-basedhandshaking (PatientsSSH)Thepapershows the employed identity-based encryption
119862
=
1198621= 119903 (119875pub + 119867 (pid) 119875) where 119903 119877
larr997888 119885lowast119902
1198622= 119890 (119875119867
0(119879)) 119903 sdot 119873 119879 is specific triage
(2)
The identity-based encryption (IBE) should be semanticsecurity (indistinguishable) under selective-PID-symptomsand chosen-plaintext attacks In this paper let IBE be a secureencryption scheme with security parameter 119897 and define theadvantage probability of 119860 to be an INDsPS-CPA adversaryagainst IBE It is very important in the random oracle model
AdvIND-sPS-CPAIBE119860 (119897) = 2 sdot Pr [ExpIND-sPS-CPA
IBE119860 (119897) = 1] minus 1
= 2 sdot Pr [119887 = 1198871015840] minus 1(3)
In this paper SSH is of vital importance to the success ofMHSN but this algorithm can be only applied to matchingsingle property and it is difficult to extend it into multiprop-erties
Matching Protocol Based on PseudorandomNumberThis pro-tocol is firstly presented in [21] Hazay and Lindell designeda PSI protocol in order to defend against different attacksand ensure the operating efficiency at the same time Thepseudorandom number is used for encryption In this paperthe protocols for securely computing the set intersectionfunctionality are based on secure pseudorandom functionevaluations in contrast to previous protocols This paper
4 Mathematical Problems in Engineering
proposed Secure Pattern Matching 119865PM was used to addressthe question of how to securely compute the above basicpattern matching functionality
((119879119898) 119901)
997891997888rarr
(120582 119894 | 119879119894= 119901) if 1003816100381610038161003816119901
1003816100381610038161003816 le 119898
(120582 119894 | 119879119894= 119901
1sdot sdot sdot 119901
119898) otherwise
(4)
This protocol is presented for securely computing 119865PMin the presence of malicious adversaries with one-sidedsimulatability And specific properties of the Naor-Reingoldpseudorandom function and the protocol120587PRF for computingtheNaor-Reingold function are utilizedThe following is usedinstead of the corrupted party 119901
1computing and sending the
set
(119894 119892119894= prod
log119873119895=1
119886
(119894)119895
119898+119895)119873minus119898+1
119894=1
(5)
So the Naor-Reingold pseudorandom function will achievehigh efficiency
Yang et al [22] designed a distributed mobile social net-work E-SmallTalker It utilizes Bloom filter as the store struc-ture of properties and calculates the intersection throughseveral rounds of iteration with pseudorandom functionE-SmallTalker can reduce the storage space effectively andprevent interactive users from acquiring more informationbesides the common properties It requires no data serviceslike Internet access and exchanges user information betweentwo phones and performs matching locally Yang et al buildon the Bluetooth Service Discovery Protocol (SDP) to searchfor nearby E-SmallTalker users And the iterative Bloom filter(IBF) they proposed is to encode user information data isencoded in a bit string to address SDP attributesrsquo size limitThis system architecture includes four software componentscontext data store context encoding and matching contextexchange and user interface (UI)The authors of [22] devise amultiround protocol to achieve the desired false-positive rate119891 with a minimum total amount of transmission given theconstraints imposed by the implementation of Bluetooth SDPand the quantitative measurement of the false-positive rate isdefined by the following formula 119891 = (1 minus (1 minus 1119898)119896119899)119896 asymp
(1 minus 119890minus119896119899119898)119896 So this paperrsquos approach was efficient incomputation and communication
3 PRUB System Overview
The PRUB system is based on users browsing behavior torecommend related friends with similar behavior and activi-ties The system adopts the hybrid management architecturementioned aboveThe system consists of several users severalsmartphones one verification server (VS) and several anchorservers (AS) The basic structure is shown in Figure 1
31 Users Every user who wants to use our system to findfriends with similar behavior should have a smartphoneand install our application The application will collect users
VS
MSN
MSN
middot middot middot
Figure 1 PRUB system structure
browsing histories and classify them into several catalogsThe value of each catalog is defined as properties andcharacteristic of the user The users should sign up with anaccount to use the service
To test the security of our system we define some kindsof abnormal users The first kind of abnormal users will nottry to break protocols of the network They only want toobtain some privacy data of other users by analyzing theinformation they obtain from the recommendation resultThe way they are trying to do this is defined as passive attackThese users are called semihonest users Another kind ofusers who are trying to attack actively is called malicioususers For getting more information of other users they donot obey the protocols and even try to break down the wholesystem Somemethods of attacking are to send fake messagesor terminate an agreement before it finishes
32 Smartphones The smartphones which have installedour application are also part of the system The applicationsaves the personal information of the user including hisherID properties private key and public key The smartphoneshould have some computability in order to compute somesecure information The smartphones of the users formmobile social networks (MSNs)
33 Verification Server (VS) The user should register on theverification server before heshe obtains the recommendationdata The application will send the encrypted userrsquos personalinformation to the VS to get the ID and a pair of RSA keysWhen verifying the userrsquos ID and properties the applicationwill send the username and the public key to VS the VSgenerates a random number and then sends the randomnumber to the userrsquos application The application will utilizethe properties (119883
1 119883
2 119883
119898) to get Attr = (119883
1)119886
(1198832)119886 sdot sdot sdot (119883
119899)119886 and send the ID to the VS The VS
uses its private key to get signvs(ID Attr) and sends itback to the userrsquos application In order to prevent abnormalusers from changing their properties to obtain othersrsquo privateinformation the VS can bind the user with its properties andsignature certification
34 Anchor Server (AS) The anchor servers are used toconnect several MSNs The user can register on several
Mathematical Problems in Engineering 5
Client 119860 Server 119861(1) Get client private key 119909generate a prime 119901Original root 119892 of 119901
119892119909 mod 119901997888997888997888997888997888997888997888rarr
(2) Generate a randomnumber 119877
1 get server
private key 119910(1198771)119892119909119910 119892119910 mod 119901
larr997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Get client sign 119879
Hash(1198791198771)997888997888997888997888997888997888997888997888rarr
(4) Calculate the Hashand compare with 119860rsquoscalculation
Box 1 One-way authentication protocol
Client 119860 Client 119861(1) Get client privatekey 119909 generate a prime119901 and random number 119877
2
1198772 119892119909 mod 119901
997888997888997888997888997888997888997888997888997888rarr(2) Get server private key 119910
119892119910[(119892119909119892119910)119870minus1
119887
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877
2
and compared withthe 119877
2which 119860 produced
[(119892119909119892119910)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(4) 119861 calculate 119892119910 119892119909 and1198772then compared with
what 119861 received in step (2)
Box 2 Mutual authentication protocol
differentMSNs and theAS transmits information to the usersfrom different MSNs
4 Secure Matching Protocol
One-Way Authentication Protocol In the beginning of estab-lishing the interaction communication channel between VSand the user VS utilizes one-way authentication protocol toauthenticate the identity of the userThe protocol is describedin Box 1
After the interaction about setting identity and randomidentification the protocol can realize the identificationbetween dual direction key and one-way entity throughverifying hash value It achieves forward secrecy and non-repudiation and can defend the man-in-the-middle attacksincluding replay attack reflection attack prophecy attackand interleaving attack
Mutual Authentication Protocol This protocol is used tomutually authenticate the pairing of interaction when
establishing the channel The protocol is described in Box 2where 119870
119860= 119892119909 mod119901 119870
119861= 119892119910 mod119901 and 119870
119860119861=
119892119909119910 mod119901Our mutual authentication protocol is developed on the
basis of STS workstation protocol After adding the identityand using a random number timestamp the identification iscompleted This protocol can also be used to defend man-in-the-middle attack
Matching Protocol In order to achieve fine-grained friendrecommendation the similarity of common properties withcoarse grained recommendation is calculated The mutualprotocol must be done before matching The protocol ispresented as shown in Box 3
Attr119860= (119883
1)119886 (119883
2)119886 sdot sdot sdot (119883
119899)119886 Attr
119894= (119884
1198941)119887
(1198841198942)119887 sdot sdot sdot (119884
119894119899)119887 and 119894 denotes all the users that are
recommended to 119860 Attr1015840119860= (119883119886
1198971
)119887 (119883119886
1198972
)119887 sdot sdot sdot (119883119886
119897119898
)119887
and Attr1015840119894= (119884119887
1198941198951
)119886 (1198841198871198941198952
)119886 sdot sdot sdot (119884119887119894119895119899
)119886
6 Mathematical Problems in Engineering
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is a random among which 119897
1 1198972 119897
119898is a random
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 3 Matching protocol
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is an ordered among which 119897
1 1198972 119897
119898is an ordered
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 4 Attribute exchange protocol
The core of the matching protocol is the principle ofcommutative encryption of messages Pairing of interactionacquires the amount of common properties through twoencrypted comparisons of each property
Meanwhile the confusing operation is added to ensurethe equity and security In the last step common propertiesof both sides are compared if they do notmatch thenwe turninto arbitration
Common Property Exchange Protocol This protocol is usedfor pairing of users to exchange the detail of common prop-erties The mutual protocol must be done before exchangingproperties Box 4 shows this protocol
The core of this protocol is also the commutative encryp-tion but it does not include a confusing operation Pairingof interaction can get the detail of properties by the number
Similarly common properties of both sides are compared inthe last step and hencewe decide whether to have arbitration
5 Security Principles
In this section we evaluate the security of the pro-posed scheme under the security protocols we proposed inSection 4 Our protocols are designed based on the Dolev-Yao security model [23]
51 Definitions
Definition 1 (ignorable function) Function 119910 119873 rarr 119877 is anignorable function when forall polynomial 119901 exist119899 isin 119873 forall119896 gt 119899
0 le 119910 (119896) lt1
119901 (119896) (6)
Mathematical Problems in Engineering 7
User A VS
gx mod p
(R1)gxy gy mod p
Hash(IDA R1)
Figure 2 One-way authentication protocol
Definition 2 (probabilistic polynomial (PP)) A language 119871 isin PP if and only if there exists a probabilistic Turingmachine119872 such that
119872 runs for polynomial time on all inputsfor all 119909 in 119871 119872 outputs 1 with probability strictlygreater than 12for all 119909 not in 119871 M outputs 1 with probability lessthan or equal to 12
Definition 3 (computationally indistinguishable) Probabilitycollectives 119883
119899 and 119884
119899 are computationally indistinguish-
able if exist probabilistic polynomial Turing machine 119863 a largeenough integer 119899 and any polynomial 119901
1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]
1003816100381610038161003816 lt1
119901 (119899) (7)
For 119863 119883119899 and 119884
119899 are the same 119863 cannot get any
information of 119883119899 from 119884
119899 and vice versa
Definition 4 (Decisional Diffie-Hellman (DDH) hypothesis)119902 is a prime number 119866
119902is a cycle group ordered 119902 and 119892 is a
generator of119866119902 And hence 119886 119887 119888 isin
119877119885119902 The distributions of
(119892 119892119886 119892119887 119892119886119887) and (119892 119892119886 119892119887 119892119888) are computationally indis-tinguishable
52 Security Analysis The system security faces a num-ber of threats such as man-in-the-middle attack passivewiretapping property modification and malicious match byabnormal users We analyze four threats on our system
521 Man-in-the-Middle Attack The user should register onthe VS first VS matches the properties and sends back thecoarse recommendation result The system implements theone-way authentication protocol to defend against the man-in-the-middle attack The process is shown in Figure 2
The fine-grained friend recommendation of our system isbased on matching protocol based on commutative encryp-tion function In order to defend against the man-in-the-middle attack we implement mutual authentication protocolwhen the communication channel is establishedThe processis shown in Figure 3
One-way authentication protocol achieves the bidirec-tional key and unidirectional entity confirmation Mutualauthentication protocol achieves the bidirectional key andbidirectional entity confirmation They complete forwardsecrecy and nonrepudiation which can defend against basicman-in-the-middle attacks including replay attack reflectionattack and interleaving attack
User A User B
gxKab = gxy mod n
gy gx gykminus1119887
k119886119887
gx gykminus1119886 k119886119887
Figure 3 Mutual authentication protocol
522 Passive Wiretapping Passive wiretapping is whenattackers are trying to obtain users information throughthe communication channel The register process when VSis matching the properties and sending back the coarserecommendation result is threatened by passive wiretapping
To avoid passive wiretapping the system uses encryptedproperties Key agreement in the authentication protocolswill encrypt the value of the properties which will efficientlydefend against passive wiretapping
Communication channelrsquos general model shown inFigure 4 shows that the source is discrete and memorylesswith entropy 119867
119904 The ldquomain channelrdquo and the ldquowiretap
channelrdquo are discrete memoryless channels with transitionprobabilities 119876
119872(sdot | sdot) and 119876
119908(sdot | sdot) The source and the
transition probabilities 119876119872
and 119876119908are given and fixed The
encoder as shown in the figure is a channel with the 119870vector 119878119870 as input and the 119873 vector 119883119873 as output Thevector 119883119873 is in turn the input to the main channel Themain channel output and the wiretap channel input are 119884119873The wiretap channel output is 119885119873 The decoder associatesa 119870 vector 119870 with 119884119873 and the error probablity 119875
119890=
(1119870)sum119870
119896=1Pr119878119870 =
119870
The source sends a data sequence1198781 1198782 which consists of independent copies of the binary
random variable 119878 where Pr119878 = 0 = Pr119878 = 1 = 12 Theencoder examines the first119870 source bits 119878119870 = (119878
1 119878
119896) and
encodes 119878119870 into a binary119873 vector119883119873 = (1198831 119883
119873)119883119873 in
turn is transmitted perfectly to the decoder via the noiselesschannel and is transformed into a binary data stream
119870
=
(1
119896) for the delivery to the destinationThewiretapper
observes the encoded vector119883119873 through a binary symmetricchannel with crossover probability 119875
0(0 lt 119875
0le 12) The
corresponding output at the wiretap is119885119873 = (1198851 119885
119873) so
that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =
(1 minus 1198750)120575119909 119911 + 119875
0(1 minus 120575119909 119911)) with Δ Δ
= (1119870)119867(119878119870 | 119885119873)and the transmission rate is 119870119867
119878119873 source bits per channel
input symbolAs shown in Figure 5 Alice and Bob communicate with
each other The transmission probability is 119875119884119885119883
(119910 119911119909)Supposing that the channel has no memory the transmissionprobability of length of sequence 119899 is
119875(119884119899119885119899
119883119899) =
119899
prod119894=1
119875119884119885119883
(119910119894119911119894
119909119894
) (8)
Alice sends a commonmessage1198720to Bob and Eve and sends
a private message to Bob The codeword 119860(21198991198770 21198991198771 119899) isdefined by these
8 Mathematical Problems in Engineering
Source Encoder Main channel Decoder
Wire-tap channel
SK XN YN
OM
sk
OW
ZN
Figure 4 Communication channel general model
Bob
Decoder
Eve
Decoder
XN
YN
ZN
P(y zx)
Alice
EncoderM0
M1
m0
m0
m1
Figure 5 Secret information
(1) 1198720= 1 2 21198991198770 and119872
1= 1 2 21198991198771
(2) An encoding function 119891119899 119872
0times 119872
1rarr 120594119899 (119898
0
1198981) isin 119872
0119872
1 119883119899 isin 120594119899
(3) Two decoding functions 119892119899 119884119899 rarr 119872
0times 119872
1and
ℎ119899 119885119899 rarr119872
0 119884119899 get (
0
1) 119885119899 get
0
Attackers get the signal M1rsquos with uncertainty
(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for
any 120576 gt 0 the set of rate (1198770 119877
1 119877
119890) should satisfy
119875 [119892119899(119884119899) = (119872
0119872
1) or ℎ
119899(119885119899) = 119872
0] lt 120576
reliable condition
1
119899119867(
1198721
119885119899) ge 119877
119890minus 120576
Conditions of confidentiality
(9)
523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification
Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860
and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as
similarity = cos (120579) = (119860) sdot997888119881 (119861)
100381610038161003816100381610038161003816
997888119881 (119860)
100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816
997888119881 (119861)
100381610038161003816100381610038161003816
(10)
The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity
Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873
119894 is the set of users 119895 such that there
exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors
of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873
119895 In order to have amodel with asymmetric links
the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881
119861and the set of good users by119881
119866 It holds
that 119881119861cap 119881
119866= 0 and 119881
119861cup 119881
119866= 119881 We will be using the
term type of a user for the property of being good or bad (seeFigure 6)
Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
4 Mathematical Problems in Engineering
proposed Secure Pattern Matching 119865PM was used to addressthe question of how to securely compute the above basicpattern matching functionality
((119879119898) 119901)
997891997888rarr
(120582 119894 | 119879119894= 119901) if 1003816100381610038161003816119901
1003816100381610038161003816 le 119898
(120582 119894 | 119879119894= 119901
1sdot sdot sdot 119901
119898) otherwise
(4)
This protocol is presented for securely computing 119865PMin the presence of malicious adversaries with one-sidedsimulatability And specific properties of the Naor-Reingoldpseudorandom function and the protocol120587PRF for computingtheNaor-Reingold function are utilizedThe following is usedinstead of the corrupted party 119901
1computing and sending the
set
(119894 119892119894= prod
log119873119895=1
119886
(119894)119895
119898+119895)119873minus119898+1
119894=1
(5)
So the Naor-Reingold pseudorandom function will achievehigh efficiency
Yang et al [22] designed a distributed mobile social net-work E-SmallTalker It utilizes Bloom filter as the store struc-ture of properties and calculates the intersection throughseveral rounds of iteration with pseudorandom functionE-SmallTalker can reduce the storage space effectively andprevent interactive users from acquiring more informationbesides the common properties It requires no data serviceslike Internet access and exchanges user information betweentwo phones and performs matching locally Yang et al buildon the Bluetooth Service Discovery Protocol (SDP) to searchfor nearby E-SmallTalker users And the iterative Bloom filter(IBF) they proposed is to encode user information data isencoded in a bit string to address SDP attributesrsquo size limitThis system architecture includes four software componentscontext data store context encoding and matching contextexchange and user interface (UI)The authors of [22] devise amultiround protocol to achieve the desired false-positive rate119891 with a minimum total amount of transmission given theconstraints imposed by the implementation of Bluetooth SDPand the quantitative measurement of the false-positive rate isdefined by the following formula 119891 = (1 minus (1 minus 1119898)119896119899)119896 asymp
(1 minus 119890minus119896119899119898)119896 So this paperrsquos approach was efficient incomputation and communication
3 PRUB System Overview
The PRUB system is based on users browsing behavior torecommend related friends with similar behavior and activi-ties The system adopts the hybrid management architecturementioned aboveThe system consists of several users severalsmartphones one verification server (VS) and several anchorservers (AS) The basic structure is shown in Figure 1
31 Users Every user who wants to use our system to findfriends with similar behavior should have a smartphoneand install our application The application will collect users
VS
MSN
MSN
middot middot middot
Figure 1 PRUB system structure
browsing histories and classify them into several catalogsThe value of each catalog is defined as properties andcharacteristic of the user The users should sign up with anaccount to use the service
To test the security of our system we define some kindsof abnormal users The first kind of abnormal users will nottry to break protocols of the network They only want toobtain some privacy data of other users by analyzing theinformation they obtain from the recommendation resultThe way they are trying to do this is defined as passive attackThese users are called semihonest users Another kind ofusers who are trying to attack actively is called malicioususers For getting more information of other users they donot obey the protocols and even try to break down the wholesystem Somemethods of attacking are to send fake messagesor terminate an agreement before it finishes
32 Smartphones The smartphones which have installedour application are also part of the system The applicationsaves the personal information of the user including hisherID properties private key and public key The smartphoneshould have some computability in order to compute somesecure information The smartphones of the users formmobile social networks (MSNs)
33 Verification Server (VS) The user should register on theverification server before heshe obtains the recommendationdata The application will send the encrypted userrsquos personalinformation to the VS to get the ID and a pair of RSA keysWhen verifying the userrsquos ID and properties the applicationwill send the username and the public key to VS the VSgenerates a random number and then sends the randomnumber to the userrsquos application The application will utilizethe properties (119883
1 119883
2 119883
119898) to get Attr = (119883
1)119886
(1198832)119886 sdot sdot sdot (119883
119899)119886 and send the ID to the VS The VS
uses its private key to get signvs(ID Attr) and sends itback to the userrsquos application In order to prevent abnormalusers from changing their properties to obtain othersrsquo privateinformation the VS can bind the user with its properties andsignature certification
34 Anchor Server (AS) The anchor servers are used toconnect several MSNs The user can register on several
Mathematical Problems in Engineering 5
Client 119860 Server 119861(1) Get client private key 119909generate a prime 119901Original root 119892 of 119901
119892119909 mod 119901997888997888997888997888997888997888997888rarr
(2) Generate a randomnumber 119877
1 get server
private key 119910(1198771)119892119909119910 119892119910 mod 119901
larr997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Get client sign 119879
Hash(1198791198771)997888997888997888997888997888997888997888997888rarr
(4) Calculate the Hashand compare with 119860rsquoscalculation
Box 1 One-way authentication protocol
Client 119860 Client 119861(1) Get client privatekey 119909 generate a prime119901 and random number 119877
2
1198772 119892119909 mod 119901
997888997888997888997888997888997888997888997888997888rarr(2) Get server private key 119910
119892119910[(119892119909119892119910)119870minus1
119887
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877
2
and compared withthe 119877
2which 119860 produced
[(119892119909119892119910)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(4) 119861 calculate 119892119910 119892119909 and1198772then compared with
what 119861 received in step (2)
Box 2 Mutual authentication protocol
differentMSNs and theAS transmits information to the usersfrom different MSNs
4 Secure Matching Protocol
One-Way Authentication Protocol In the beginning of estab-lishing the interaction communication channel between VSand the user VS utilizes one-way authentication protocol toauthenticate the identity of the userThe protocol is describedin Box 1
After the interaction about setting identity and randomidentification the protocol can realize the identificationbetween dual direction key and one-way entity throughverifying hash value It achieves forward secrecy and non-repudiation and can defend the man-in-the-middle attacksincluding replay attack reflection attack prophecy attackand interleaving attack
Mutual Authentication Protocol This protocol is used tomutually authenticate the pairing of interaction when
establishing the channel The protocol is described in Box 2where 119870
119860= 119892119909 mod119901 119870
119861= 119892119910 mod119901 and 119870
119860119861=
119892119909119910 mod119901Our mutual authentication protocol is developed on the
basis of STS workstation protocol After adding the identityand using a random number timestamp the identification iscompleted This protocol can also be used to defend man-in-the-middle attack
Matching Protocol In order to achieve fine-grained friendrecommendation the similarity of common properties withcoarse grained recommendation is calculated The mutualprotocol must be done before matching The protocol ispresented as shown in Box 3
Attr119860= (119883
1)119886 (119883
2)119886 sdot sdot sdot (119883
119899)119886 Attr
119894= (119884
1198941)119887
(1198841198942)119887 sdot sdot sdot (119884
119894119899)119887 and 119894 denotes all the users that are
recommended to 119860 Attr1015840119860= (119883119886
1198971
)119887 (119883119886
1198972
)119887 sdot sdot sdot (119883119886
119897119898
)119887
and Attr1015840119894= (119884119887
1198941198951
)119886 (1198841198871198941198952
)119886 sdot sdot sdot (119884119887119894119895119899
)119886
6 Mathematical Problems in Engineering
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is a random among which 119897
1 1198972 119897
119898is a random
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 3 Matching protocol
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is an ordered among which 119897
1 1198972 119897
119898is an ordered
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 4 Attribute exchange protocol
The core of the matching protocol is the principle ofcommutative encryption of messages Pairing of interactionacquires the amount of common properties through twoencrypted comparisons of each property
Meanwhile the confusing operation is added to ensurethe equity and security In the last step common propertiesof both sides are compared if they do notmatch thenwe turninto arbitration
Common Property Exchange Protocol This protocol is usedfor pairing of users to exchange the detail of common prop-erties The mutual protocol must be done before exchangingproperties Box 4 shows this protocol
The core of this protocol is also the commutative encryp-tion but it does not include a confusing operation Pairingof interaction can get the detail of properties by the number
Similarly common properties of both sides are compared inthe last step and hencewe decide whether to have arbitration
5 Security Principles
In this section we evaluate the security of the pro-posed scheme under the security protocols we proposed inSection 4 Our protocols are designed based on the Dolev-Yao security model [23]
51 Definitions
Definition 1 (ignorable function) Function 119910 119873 rarr 119877 is anignorable function when forall polynomial 119901 exist119899 isin 119873 forall119896 gt 119899
0 le 119910 (119896) lt1
119901 (119896) (6)
Mathematical Problems in Engineering 7
User A VS
gx mod p
(R1)gxy gy mod p
Hash(IDA R1)
Figure 2 One-way authentication protocol
Definition 2 (probabilistic polynomial (PP)) A language 119871 isin PP if and only if there exists a probabilistic Turingmachine119872 such that
119872 runs for polynomial time on all inputsfor all 119909 in 119871 119872 outputs 1 with probability strictlygreater than 12for all 119909 not in 119871 M outputs 1 with probability lessthan or equal to 12
Definition 3 (computationally indistinguishable) Probabilitycollectives 119883
119899 and 119884
119899 are computationally indistinguish-
able if exist probabilistic polynomial Turing machine 119863 a largeenough integer 119899 and any polynomial 119901
1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]
1003816100381610038161003816 lt1
119901 (119899) (7)
For 119863 119883119899 and 119884
119899 are the same 119863 cannot get any
information of 119883119899 from 119884
119899 and vice versa
Definition 4 (Decisional Diffie-Hellman (DDH) hypothesis)119902 is a prime number 119866
119902is a cycle group ordered 119902 and 119892 is a
generator of119866119902 And hence 119886 119887 119888 isin
119877119885119902 The distributions of
(119892 119892119886 119892119887 119892119886119887) and (119892 119892119886 119892119887 119892119888) are computationally indis-tinguishable
52 Security Analysis The system security faces a num-ber of threats such as man-in-the-middle attack passivewiretapping property modification and malicious match byabnormal users We analyze four threats on our system
521 Man-in-the-Middle Attack The user should register onthe VS first VS matches the properties and sends back thecoarse recommendation result The system implements theone-way authentication protocol to defend against the man-in-the-middle attack The process is shown in Figure 2
The fine-grained friend recommendation of our system isbased on matching protocol based on commutative encryp-tion function In order to defend against the man-in-the-middle attack we implement mutual authentication protocolwhen the communication channel is establishedThe processis shown in Figure 3
One-way authentication protocol achieves the bidirec-tional key and unidirectional entity confirmation Mutualauthentication protocol achieves the bidirectional key andbidirectional entity confirmation They complete forwardsecrecy and nonrepudiation which can defend against basicman-in-the-middle attacks including replay attack reflectionattack and interleaving attack
User A User B
gxKab = gxy mod n
gy gx gykminus1119887
k119886119887
gx gykminus1119886 k119886119887
Figure 3 Mutual authentication protocol
522 Passive Wiretapping Passive wiretapping is whenattackers are trying to obtain users information throughthe communication channel The register process when VSis matching the properties and sending back the coarserecommendation result is threatened by passive wiretapping
To avoid passive wiretapping the system uses encryptedproperties Key agreement in the authentication protocolswill encrypt the value of the properties which will efficientlydefend against passive wiretapping
Communication channelrsquos general model shown inFigure 4 shows that the source is discrete and memorylesswith entropy 119867
119904 The ldquomain channelrdquo and the ldquowiretap
channelrdquo are discrete memoryless channels with transitionprobabilities 119876
119872(sdot | sdot) and 119876
119908(sdot | sdot) The source and the
transition probabilities 119876119872
and 119876119908are given and fixed The
encoder as shown in the figure is a channel with the 119870vector 119878119870 as input and the 119873 vector 119883119873 as output Thevector 119883119873 is in turn the input to the main channel Themain channel output and the wiretap channel input are 119884119873The wiretap channel output is 119885119873 The decoder associatesa 119870 vector 119870 with 119884119873 and the error probablity 119875
119890=
(1119870)sum119870
119896=1Pr119878119870 =
119870
The source sends a data sequence1198781 1198782 which consists of independent copies of the binary
random variable 119878 where Pr119878 = 0 = Pr119878 = 1 = 12 Theencoder examines the first119870 source bits 119878119870 = (119878
1 119878
119896) and
encodes 119878119870 into a binary119873 vector119883119873 = (1198831 119883
119873)119883119873 in
turn is transmitted perfectly to the decoder via the noiselesschannel and is transformed into a binary data stream
119870
=
(1
119896) for the delivery to the destinationThewiretapper
observes the encoded vector119883119873 through a binary symmetricchannel with crossover probability 119875
0(0 lt 119875
0le 12) The
corresponding output at the wiretap is119885119873 = (1198851 119885
119873) so
that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =
(1 minus 1198750)120575119909 119911 + 119875
0(1 minus 120575119909 119911)) with Δ Δ
= (1119870)119867(119878119870 | 119885119873)and the transmission rate is 119870119867
119878119873 source bits per channel
input symbolAs shown in Figure 5 Alice and Bob communicate with
each other The transmission probability is 119875119884119885119883
(119910 119911119909)Supposing that the channel has no memory the transmissionprobability of length of sequence 119899 is
119875(119884119899119885119899
119883119899) =
119899
prod119894=1
119875119884119885119883
(119910119894119911119894
119909119894
) (8)
Alice sends a commonmessage1198720to Bob and Eve and sends
a private message to Bob The codeword 119860(21198991198770 21198991198771 119899) isdefined by these
8 Mathematical Problems in Engineering
Source Encoder Main channel Decoder
Wire-tap channel
SK XN YN
OM
sk
OW
ZN
Figure 4 Communication channel general model
Bob
Decoder
Eve
Decoder
XN
YN
ZN
P(y zx)
Alice
EncoderM0
M1
m0
m0
m1
Figure 5 Secret information
(1) 1198720= 1 2 21198991198770 and119872
1= 1 2 21198991198771
(2) An encoding function 119891119899 119872
0times 119872
1rarr 120594119899 (119898
0
1198981) isin 119872
0119872
1 119883119899 isin 120594119899
(3) Two decoding functions 119892119899 119884119899 rarr 119872
0times 119872
1and
ℎ119899 119885119899 rarr119872
0 119884119899 get (
0
1) 119885119899 get
0
Attackers get the signal M1rsquos with uncertainty
(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for
any 120576 gt 0 the set of rate (1198770 119877
1 119877
119890) should satisfy
119875 [119892119899(119884119899) = (119872
0119872
1) or ℎ
119899(119885119899) = 119872
0] lt 120576
reliable condition
1
119899119867(
1198721
119885119899) ge 119877
119890minus 120576
Conditions of confidentiality
(9)
523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification
Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860
and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as
similarity = cos (120579) = (119860) sdot997888119881 (119861)
100381610038161003816100381610038161003816
997888119881 (119860)
100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816
997888119881 (119861)
100381610038161003816100381610038161003816
(10)
The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity
Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873
119894 is the set of users 119895 such that there
exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors
of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873
119895 In order to have amodel with asymmetric links
the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881
119861and the set of good users by119881
119866 It holds
that 119881119861cap 119881
119866= 0 and 119881
119861cup 119881
119866= 119881 We will be using the
term type of a user for the property of being good or bad (seeFigure 6)
Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 5
Client 119860 Server 119861(1) Get client private key 119909generate a prime 119901Original root 119892 of 119901
119892119909 mod 119901997888997888997888997888997888997888997888rarr
(2) Generate a randomnumber 119877
1 get server
private key 119910(1198771)119892119909119910 119892119910 mod 119901
larr997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Get client sign 119879
Hash(1198791198771)997888997888997888997888997888997888997888997888rarr
(4) Calculate the Hashand compare with 119860rsquoscalculation
Box 1 One-way authentication protocol
Client 119860 Client 119861(1) Get client privatekey 119909 generate a prime119901 and random number 119877
2
1198772 119892119909 mod 119901
997888997888997888997888997888997888997888997888997888rarr(2) Get server private key 119910
119892119910[(119892119909119892119910)119870minus1
119887
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877
2
and compared withthe 119877
2which 119860 produced
[(119892119909119892119910)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(4) 119861 calculate 119892119910 119892119909 and1198772then compared with
what 119861 received in step (2)
Box 2 Mutual authentication protocol
differentMSNs and theAS transmits information to the usersfrom different MSNs
4 Secure Matching Protocol
One-Way Authentication Protocol In the beginning of estab-lishing the interaction communication channel between VSand the user VS utilizes one-way authentication protocol toauthenticate the identity of the userThe protocol is describedin Box 1
After the interaction about setting identity and randomidentification the protocol can realize the identificationbetween dual direction key and one-way entity throughverifying hash value It achieves forward secrecy and non-repudiation and can defend the man-in-the-middle attacksincluding replay attack reflection attack prophecy attackand interleaving attack
Mutual Authentication Protocol This protocol is used tomutually authenticate the pairing of interaction when
establishing the channel The protocol is described in Box 2where 119870
119860= 119892119909 mod119901 119870
119861= 119892119910 mod119901 and 119870
119860119861=
119892119909119910 mod119901Our mutual authentication protocol is developed on the
basis of STS workstation protocol After adding the identityand using a random number timestamp the identification iscompleted This protocol can also be used to defend man-in-the-middle attack
Matching Protocol In order to achieve fine-grained friendrecommendation the similarity of common properties withcoarse grained recommendation is calculated The mutualprotocol must be done before matching The protocol ispresented as shown in Box 3
Attr119860= (119883
1)119886 (119883
2)119886 sdot sdot sdot (119883
119899)119886 Attr
119894= (119884
1198941)119887
(1198841198942)119887 sdot sdot sdot (119884
119894119899)119887 and 119894 denotes all the users that are
recommended to 119860 Attr1015840119860= (119883119886
1198971
)119887 (119883119886
1198972
)119887 sdot sdot sdot (119883119886
119897119898
)119887
and Attr1015840119894= (119884119887
1198941198951
)119886 (1198841198871198941198952
)119886 sdot sdot sdot (119884119887119894119895119899
)119886
6 Mathematical Problems in Engineering
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is a random among which 119897
1 1198972 119897
119898is a random
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 3 Matching protocol
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is an ordered among which 119897
1 1198972 119897
119898is an ordered
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 4 Attribute exchange protocol
The core of the matching protocol is the principle ofcommutative encryption of messages Pairing of interactionacquires the amount of common properties through twoencrypted comparisons of each property
Meanwhile the confusing operation is added to ensurethe equity and security In the last step common propertiesof both sides are compared if they do notmatch thenwe turninto arbitration
Common Property Exchange Protocol This protocol is usedfor pairing of users to exchange the detail of common prop-erties The mutual protocol must be done before exchangingproperties Box 4 shows this protocol
The core of this protocol is also the commutative encryp-tion but it does not include a confusing operation Pairingof interaction can get the detail of properties by the number
Similarly common properties of both sides are compared inthe last step and hencewe decide whether to have arbitration
5 Security Principles
In this section we evaluate the security of the pro-posed scheme under the security protocols we proposed inSection 4 Our protocols are designed based on the Dolev-Yao security model [23]
51 Definitions
Definition 1 (ignorable function) Function 119910 119873 rarr 119877 is anignorable function when forall polynomial 119901 exist119899 isin 119873 forall119896 gt 119899
0 le 119910 (119896) lt1
119901 (119896) (6)
Mathematical Problems in Engineering 7
User A VS
gx mod p
(R1)gxy gy mod p
Hash(IDA R1)
Figure 2 One-way authentication protocol
Definition 2 (probabilistic polynomial (PP)) A language 119871 isin PP if and only if there exists a probabilistic Turingmachine119872 such that
119872 runs for polynomial time on all inputsfor all 119909 in 119871 119872 outputs 1 with probability strictlygreater than 12for all 119909 not in 119871 M outputs 1 with probability lessthan or equal to 12
Definition 3 (computationally indistinguishable) Probabilitycollectives 119883
119899 and 119884
119899 are computationally indistinguish-
able if exist probabilistic polynomial Turing machine 119863 a largeenough integer 119899 and any polynomial 119901
1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]
1003816100381610038161003816 lt1
119901 (119899) (7)
For 119863 119883119899 and 119884
119899 are the same 119863 cannot get any
information of 119883119899 from 119884
119899 and vice versa
Definition 4 (Decisional Diffie-Hellman (DDH) hypothesis)119902 is a prime number 119866
119902is a cycle group ordered 119902 and 119892 is a
generator of119866119902 And hence 119886 119887 119888 isin
119877119885119902 The distributions of
(119892 119892119886 119892119887 119892119886119887) and (119892 119892119886 119892119887 119892119888) are computationally indis-tinguishable
52 Security Analysis The system security faces a num-ber of threats such as man-in-the-middle attack passivewiretapping property modification and malicious match byabnormal users We analyze four threats on our system
521 Man-in-the-Middle Attack The user should register onthe VS first VS matches the properties and sends back thecoarse recommendation result The system implements theone-way authentication protocol to defend against the man-in-the-middle attack The process is shown in Figure 2
The fine-grained friend recommendation of our system isbased on matching protocol based on commutative encryp-tion function In order to defend against the man-in-the-middle attack we implement mutual authentication protocolwhen the communication channel is establishedThe processis shown in Figure 3
One-way authentication protocol achieves the bidirec-tional key and unidirectional entity confirmation Mutualauthentication protocol achieves the bidirectional key andbidirectional entity confirmation They complete forwardsecrecy and nonrepudiation which can defend against basicman-in-the-middle attacks including replay attack reflectionattack and interleaving attack
User A User B
gxKab = gxy mod n
gy gx gykminus1119887
k119886119887
gx gykminus1119886 k119886119887
Figure 3 Mutual authentication protocol
522 Passive Wiretapping Passive wiretapping is whenattackers are trying to obtain users information throughthe communication channel The register process when VSis matching the properties and sending back the coarserecommendation result is threatened by passive wiretapping
To avoid passive wiretapping the system uses encryptedproperties Key agreement in the authentication protocolswill encrypt the value of the properties which will efficientlydefend against passive wiretapping
Communication channelrsquos general model shown inFigure 4 shows that the source is discrete and memorylesswith entropy 119867
119904 The ldquomain channelrdquo and the ldquowiretap
channelrdquo are discrete memoryless channels with transitionprobabilities 119876
119872(sdot | sdot) and 119876
119908(sdot | sdot) The source and the
transition probabilities 119876119872
and 119876119908are given and fixed The
encoder as shown in the figure is a channel with the 119870vector 119878119870 as input and the 119873 vector 119883119873 as output Thevector 119883119873 is in turn the input to the main channel Themain channel output and the wiretap channel input are 119884119873The wiretap channel output is 119885119873 The decoder associatesa 119870 vector 119870 with 119884119873 and the error probablity 119875
119890=
(1119870)sum119870
119896=1Pr119878119870 =
119870
The source sends a data sequence1198781 1198782 which consists of independent copies of the binary
random variable 119878 where Pr119878 = 0 = Pr119878 = 1 = 12 Theencoder examines the first119870 source bits 119878119870 = (119878
1 119878
119896) and
encodes 119878119870 into a binary119873 vector119883119873 = (1198831 119883
119873)119883119873 in
turn is transmitted perfectly to the decoder via the noiselesschannel and is transformed into a binary data stream
119870
=
(1
119896) for the delivery to the destinationThewiretapper
observes the encoded vector119883119873 through a binary symmetricchannel with crossover probability 119875
0(0 lt 119875
0le 12) The
corresponding output at the wiretap is119885119873 = (1198851 119885
119873) so
that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =
(1 minus 1198750)120575119909 119911 + 119875
0(1 minus 120575119909 119911)) with Δ Δ
= (1119870)119867(119878119870 | 119885119873)and the transmission rate is 119870119867
119878119873 source bits per channel
input symbolAs shown in Figure 5 Alice and Bob communicate with
each other The transmission probability is 119875119884119885119883
(119910 119911119909)Supposing that the channel has no memory the transmissionprobability of length of sequence 119899 is
119875(119884119899119885119899
119883119899) =
119899
prod119894=1
119875119884119885119883
(119910119894119911119894
119909119894
) (8)
Alice sends a commonmessage1198720to Bob and Eve and sends
a private message to Bob The codeword 119860(21198991198770 21198991198771 119899) isdefined by these
8 Mathematical Problems in Engineering
Source Encoder Main channel Decoder
Wire-tap channel
SK XN YN
OM
sk
OW
ZN
Figure 4 Communication channel general model
Bob
Decoder
Eve
Decoder
XN
YN
ZN
P(y zx)
Alice
EncoderM0
M1
m0
m0
m1
Figure 5 Secret information
(1) 1198720= 1 2 21198991198770 and119872
1= 1 2 21198991198771
(2) An encoding function 119891119899 119872
0times 119872
1rarr 120594119899 (119898
0
1198981) isin 119872
0119872
1 119883119899 isin 120594119899
(3) Two decoding functions 119892119899 119884119899 rarr 119872
0times 119872
1and
ℎ119899 119885119899 rarr119872
0 119884119899 get (
0
1) 119885119899 get
0
Attackers get the signal M1rsquos with uncertainty
(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for
any 120576 gt 0 the set of rate (1198770 119877
1 119877
119890) should satisfy
119875 [119892119899(119884119899) = (119872
0119872
1) or ℎ
119899(119885119899) = 119872
0] lt 120576
reliable condition
1
119899119867(
1198721
119885119899) ge 119877
119890minus 120576
Conditions of confidentiality
(9)
523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification
Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860
and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as
similarity = cos (120579) = (119860) sdot997888119881 (119861)
100381610038161003816100381610038161003816
997888119881 (119860)
100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816
997888119881 (119861)
100381610038161003816100381610038161003816
(10)
The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity
Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873
119894 is the set of users 119895 such that there
exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors
of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873
119895 In order to have amodel with asymmetric links
the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881
119861and the set of good users by119881
119866 It holds
that 119881119861cap 119881
119866= 0 and 119881
119861cup 119881
119866= 119881 We will be using the
term type of a user for the property of being good or bad (seeFigure 6)
Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
6 Mathematical Problems in Engineering
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is a random among which 119897
1 1198972 119897
119898is a random
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 3 Matching protocol
Client 119860 Client 119861(1) Calculate Attr
119860
Attr119860[(Attr119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr
119861
Attr119861 [(Attr119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888
(3) Calculate [(119884119895)119887]
119886
(3) Calculate [(119883119894)119886]
119887
(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887
1198941198951
)119886
(1198841198871198941198952
)119886
sdot sdot sdot (119884119887119894119895119899
)119886
] 119862119894= 119867[(119883119886
1198971
)119887
(119883119886
1198972
)119887
sdot sdot sdot (119883119886
119897119898
)119887
]
among which 1198951 1198952 119895
119899is an ordered among which 119897
1 1198972 119897
119898is an ordered
sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119860[(Attr1015840119860)119870minus1119886
1198772]119870119886119887
997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119861[(Attr1015840119861)119870minus1119886
1198772]119870119886119887
larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute
Box 4 Attribute exchange protocol
The core of the matching protocol is the principle ofcommutative encryption of messages Pairing of interactionacquires the amount of common properties through twoencrypted comparisons of each property
Meanwhile the confusing operation is added to ensurethe equity and security In the last step common propertiesof both sides are compared if they do notmatch thenwe turninto arbitration
Common Property Exchange Protocol This protocol is usedfor pairing of users to exchange the detail of common prop-erties The mutual protocol must be done before exchangingproperties Box 4 shows this protocol
The core of this protocol is also the commutative encryp-tion but it does not include a confusing operation Pairingof interaction can get the detail of properties by the number
Similarly common properties of both sides are compared inthe last step and hencewe decide whether to have arbitration
5 Security Principles
In this section we evaluate the security of the pro-posed scheme under the security protocols we proposed inSection 4 Our protocols are designed based on the Dolev-Yao security model [23]
51 Definitions
Definition 1 (ignorable function) Function 119910 119873 rarr 119877 is anignorable function when forall polynomial 119901 exist119899 isin 119873 forall119896 gt 119899
0 le 119910 (119896) lt1
119901 (119896) (6)
Mathematical Problems in Engineering 7
User A VS
gx mod p
(R1)gxy gy mod p
Hash(IDA R1)
Figure 2 One-way authentication protocol
Definition 2 (probabilistic polynomial (PP)) A language 119871 isin PP if and only if there exists a probabilistic Turingmachine119872 such that
119872 runs for polynomial time on all inputsfor all 119909 in 119871 119872 outputs 1 with probability strictlygreater than 12for all 119909 not in 119871 M outputs 1 with probability lessthan or equal to 12
Definition 3 (computationally indistinguishable) Probabilitycollectives 119883
119899 and 119884
119899 are computationally indistinguish-
able if exist probabilistic polynomial Turing machine 119863 a largeenough integer 119899 and any polynomial 119901
1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]
1003816100381610038161003816 lt1
119901 (119899) (7)
For 119863 119883119899 and 119884
119899 are the same 119863 cannot get any
information of 119883119899 from 119884
119899 and vice versa
Definition 4 (Decisional Diffie-Hellman (DDH) hypothesis)119902 is a prime number 119866
119902is a cycle group ordered 119902 and 119892 is a
generator of119866119902 And hence 119886 119887 119888 isin
119877119885119902 The distributions of
(119892 119892119886 119892119887 119892119886119887) and (119892 119892119886 119892119887 119892119888) are computationally indis-tinguishable
52 Security Analysis The system security faces a num-ber of threats such as man-in-the-middle attack passivewiretapping property modification and malicious match byabnormal users We analyze four threats on our system
521 Man-in-the-Middle Attack The user should register onthe VS first VS matches the properties and sends back thecoarse recommendation result The system implements theone-way authentication protocol to defend against the man-in-the-middle attack The process is shown in Figure 2
The fine-grained friend recommendation of our system isbased on matching protocol based on commutative encryp-tion function In order to defend against the man-in-the-middle attack we implement mutual authentication protocolwhen the communication channel is establishedThe processis shown in Figure 3
One-way authentication protocol achieves the bidirec-tional key and unidirectional entity confirmation Mutualauthentication protocol achieves the bidirectional key andbidirectional entity confirmation They complete forwardsecrecy and nonrepudiation which can defend against basicman-in-the-middle attacks including replay attack reflectionattack and interleaving attack
User A User B
gxKab = gxy mod n
gy gx gykminus1119887
k119886119887
gx gykminus1119886 k119886119887
Figure 3 Mutual authentication protocol
522 Passive Wiretapping Passive wiretapping is whenattackers are trying to obtain users information throughthe communication channel The register process when VSis matching the properties and sending back the coarserecommendation result is threatened by passive wiretapping
To avoid passive wiretapping the system uses encryptedproperties Key agreement in the authentication protocolswill encrypt the value of the properties which will efficientlydefend against passive wiretapping
Communication channelrsquos general model shown inFigure 4 shows that the source is discrete and memorylesswith entropy 119867
119904 The ldquomain channelrdquo and the ldquowiretap
channelrdquo are discrete memoryless channels with transitionprobabilities 119876
119872(sdot | sdot) and 119876
119908(sdot | sdot) The source and the
transition probabilities 119876119872
and 119876119908are given and fixed The
encoder as shown in the figure is a channel with the 119870vector 119878119870 as input and the 119873 vector 119883119873 as output Thevector 119883119873 is in turn the input to the main channel Themain channel output and the wiretap channel input are 119884119873The wiretap channel output is 119885119873 The decoder associatesa 119870 vector 119870 with 119884119873 and the error probablity 119875
119890=
(1119870)sum119870
119896=1Pr119878119870 =
119870
The source sends a data sequence1198781 1198782 which consists of independent copies of the binary
random variable 119878 where Pr119878 = 0 = Pr119878 = 1 = 12 Theencoder examines the first119870 source bits 119878119870 = (119878
1 119878
119896) and
encodes 119878119870 into a binary119873 vector119883119873 = (1198831 119883
119873)119883119873 in
turn is transmitted perfectly to the decoder via the noiselesschannel and is transformed into a binary data stream
119870
=
(1
119896) for the delivery to the destinationThewiretapper
observes the encoded vector119883119873 through a binary symmetricchannel with crossover probability 119875
0(0 lt 119875
0le 12) The
corresponding output at the wiretap is119885119873 = (1198851 119885
119873) so
that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =
(1 minus 1198750)120575119909 119911 + 119875
0(1 minus 120575119909 119911)) with Δ Δ
= (1119870)119867(119878119870 | 119885119873)and the transmission rate is 119870119867
119878119873 source bits per channel
input symbolAs shown in Figure 5 Alice and Bob communicate with
each other The transmission probability is 119875119884119885119883
(119910 119911119909)Supposing that the channel has no memory the transmissionprobability of length of sequence 119899 is
119875(119884119899119885119899
119883119899) =
119899
prod119894=1
119875119884119885119883
(119910119894119911119894
119909119894
) (8)
Alice sends a commonmessage1198720to Bob and Eve and sends
a private message to Bob The codeword 119860(21198991198770 21198991198771 119899) isdefined by these
8 Mathematical Problems in Engineering
Source Encoder Main channel Decoder
Wire-tap channel
SK XN YN
OM
sk
OW
ZN
Figure 4 Communication channel general model
Bob
Decoder
Eve
Decoder
XN
YN
ZN
P(y zx)
Alice
EncoderM0
M1
m0
m0
m1
Figure 5 Secret information
(1) 1198720= 1 2 21198991198770 and119872
1= 1 2 21198991198771
(2) An encoding function 119891119899 119872
0times 119872
1rarr 120594119899 (119898
0
1198981) isin 119872
0119872
1 119883119899 isin 120594119899
(3) Two decoding functions 119892119899 119884119899 rarr 119872
0times 119872
1and
ℎ119899 119885119899 rarr119872
0 119884119899 get (
0
1) 119885119899 get
0
Attackers get the signal M1rsquos with uncertainty
(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for
any 120576 gt 0 the set of rate (1198770 119877
1 119877
119890) should satisfy
119875 [119892119899(119884119899) = (119872
0119872
1) or ℎ
119899(119885119899) = 119872
0] lt 120576
reliable condition
1
119899119867(
1198721
119885119899) ge 119877
119890minus 120576
Conditions of confidentiality
(9)
523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification
Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860
and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as
similarity = cos (120579) = (119860) sdot997888119881 (119861)
100381610038161003816100381610038161003816
997888119881 (119860)
100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816
997888119881 (119861)
100381610038161003816100381610038161003816
(10)
The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity
Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873
119894 is the set of users 119895 such that there
exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors
of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873
119895 In order to have amodel with asymmetric links
the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881
119861and the set of good users by119881
119866 It holds
that 119881119861cap 119881
119866= 0 and 119881
119861cup 119881
119866= 119881 We will be using the
term type of a user for the property of being good or bad (seeFigure 6)
Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 7
User A VS
gx mod p
(R1)gxy gy mod p
Hash(IDA R1)
Figure 2 One-way authentication protocol
Definition 2 (probabilistic polynomial (PP)) A language 119871 isin PP if and only if there exists a probabilistic Turingmachine119872 such that
119872 runs for polynomial time on all inputsfor all 119909 in 119871 119872 outputs 1 with probability strictlygreater than 12for all 119909 not in 119871 M outputs 1 with probability lessthan or equal to 12
Definition 3 (computationally indistinguishable) Probabilitycollectives 119883
119899 and 119884
119899 are computationally indistinguish-
able if exist probabilistic polynomial Turing machine 119863 a largeenough integer 119899 and any polynomial 119901
1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]
1003816100381610038161003816 lt1
119901 (119899) (7)
For 119863 119883119899 and 119884
119899 are the same 119863 cannot get any
information of 119883119899 from 119884
119899 and vice versa
Definition 4 (Decisional Diffie-Hellman (DDH) hypothesis)119902 is a prime number 119866
119902is a cycle group ordered 119902 and 119892 is a
generator of119866119902 And hence 119886 119887 119888 isin
119877119885119902 The distributions of
(119892 119892119886 119892119887 119892119886119887) and (119892 119892119886 119892119887 119892119888) are computationally indis-tinguishable
52 Security Analysis The system security faces a num-ber of threats such as man-in-the-middle attack passivewiretapping property modification and malicious match byabnormal users We analyze four threats on our system
521 Man-in-the-Middle Attack The user should register onthe VS first VS matches the properties and sends back thecoarse recommendation result The system implements theone-way authentication protocol to defend against the man-in-the-middle attack The process is shown in Figure 2
The fine-grained friend recommendation of our system isbased on matching protocol based on commutative encryp-tion function In order to defend against the man-in-the-middle attack we implement mutual authentication protocolwhen the communication channel is establishedThe processis shown in Figure 3
One-way authentication protocol achieves the bidirec-tional key and unidirectional entity confirmation Mutualauthentication protocol achieves the bidirectional key andbidirectional entity confirmation They complete forwardsecrecy and nonrepudiation which can defend against basicman-in-the-middle attacks including replay attack reflectionattack and interleaving attack
User A User B
gxKab = gxy mod n
gy gx gykminus1119887
k119886119887
gx gykminus1119886 k119886119887
Figure 3 Mutual authentication protocol
522 Passive Wiretapping Passive wiretapping is whenattackers are trying to obtain users information throughthe communication channel The register process when VSis matching the properties and sending back the coarserecommendation result is threatened by passive wiretapping
To avoid passive wiretapping the system uses encryptedproperties Key agreement in the authentication protocolswill encrypt the value of the properties which will efficientlydefend against passive wiretapping
Communication channelrsquos general model shown inFigure 4 shows that the source is discrete and memorylesswith entropy 119867
119904 The ldquomain channelrdquo and the ldquowiretap
channelrdquo are discrete memoryless channels with transitionprobabilities 119876
119872(sdot | sdot) and 119876
119908(sdot | sdot) The source and the
transition probabilities 119876119872
and 119876119908are given and fixed The
encoder as shown in the figure is a channel with the 119870vector 119878119870 as input and the 119873 vector 119883119873 as output Thevector 119883119873 is in turn the input to the main channel Themain channel output and the wiretap channel input are 119884119873The wiretap channel output is 119885119873 The decoder associatesa 119870 vector 119870 with 119884119873 and the error probablity 119875
119890=
(1119870)sum119870
119896=1Pr119878119870 =
119870
The source sends a data sequence1198781 1198782 which consists of independent copies of the binary
random variable 119878 where Pr119878 = 0 = Pr119878 = 1 = 12 Theencoder examines the first119870 source bits 119878119870 = (119878
1 119878
119896) and
encodes 119878119870 into a binary119873 vector119883119873 = (1198831 119883
119873)119883119873 in
turn is transmitted perfectly to the decoder via the noiselesschannel and is transformed into a binary data stream
119870
=
(1
119896) for the delivery to the destinationThewiretapper
observes the encoded vector119883119873 through a binary symmetricchannel with crossover probability 119875
0(0 lt 119875
0le 12) The
corresponding output at the wiretap is119885119873 = (1198851 119885
119873) so
that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =
(1 minus 1198750)120575119909 119911 + 119875
0(1 minus 120575119909 119911)) with Δ Δ
= (1119870)119867(119878119870 | 119885119873)and the transmission rate is 119870119867
119878119873 source bits per channel
input symbolAs shown in Figure 5 Alice and Bob communicate with
each other The transmission probability is 119875119884119885119883
(119910 119911119909)Supposing that the channel has no memory the transmissionprobability of length of sequence 119899 is
119875(119884119899119885119899
119883119899) =
119899
prod119894=1
119875119884119885119883
(119910119894119911119894
119909119894
) (8)
Alice sends a commonmessage1198720to Bob and Eve and sends
a private message to Bob The codeword 119860(21198991198770 21198991198771 119899) isdefined by these
8 Mathematical Problems in Engineering
Source Encoder Main channel Decoder
Wire-tap channel
SK XN YN
OM
sk
OW
ZN
Figure 4 Communication channel general model
Bob
Decoder
Eve
Decoder
XN
YN
ZN
P(y zx)
Alice
EncoderM0
M1
m0
m0
m1
Figure 5 Secret information
(1) 1198720= 1 2 21198991198770 and119872
1= 1 2 21198991198771
(2) An encoding function 119891119899 119872
0times 119872
1rarr 120594119899 (119898
0
1198981) isin 119872
0119872
1 119883119899 isin 120594119899
(3) Two decoding functions 119892119899 119884119899 rarr 119872
0times 119872
1and
ℎ119899 119885119899 rarr119872
0 119884119899 get (
0
1) 119885119899 get
0
Attackers get the signal M1rsquos with uncertainty
(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for
any 120576 gt 0 the set of rate (1198770 119877
1 119877
119890) should satisfy
119875 [119892119899(119884119899) = (119872
0119872
1) or ℎ
119899(119885119899) = 119872
0] lt 120576
reliable condition
1
119899119867(
1198721
119885119899) ge 119877
119890minus 120576
Conditions of confidentiality
(9)
523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification
Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860
and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as
similarity = cos (120579) = (119860) sdot997888119881 (119861)
100381610038161003816100381610038161003816
997888119881 (119860)
100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816
997888119881 (119861)
100381610038161003816100381610038161003816
(10)
The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity
Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873
119894 is the set of users 119895 such that there
exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors
of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873
119895 In order to have amodel with asymmetric links
the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881
119861and the set of good users by119881
119866 It holds
that 119881119861cap 119881
119866= 0 and 119881
119861cup 119881
119866= 119881 We will be using the
term type of a user for the property of being good or bad (seeFigure 6)
Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
8 Mathematical Problems in Engineering
Source Encoder Main channel Decoder
Wire-tap channel
SK XN YN
OM
sk
OW
ZN
Figure 4 Communication channel general model
Bob
Decoder
Eve
Decoder
XN
YN
ZN
P(y zx)
Alice
EncoderM0
M1
m0
m0
m1
Figure 5 Secret information
(1) 1198720= 1 2 21198991198770 and119872
1= 1 2 21198991198771
(2) An encoding function 119891119899 119872
0times 119872
1rarr 120594119899 (119898
0
1198981) isin 119872
0119872
1 119883119899 isin 120594119899
(3) Two decoding functions 119892119899 119884119899 rarr 119872
0times 119872
1and
ℎ119899 119885119899 rarr119872
0 119884119899 get (
0
1) 119885119899 get
0
Attackers get the signal M1rsquos with uncertainty
(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for
any 120576 gt 0 the set of rate (1198770 119877
1 119877
119890) should satisfy
119875 [119892119899(119884119899) = (119872
0119872
1) or ℎ
119899(119885119899) = 119872
0] lt 120576
reliable condition
1
119899119867(
1198721
119885119899) ge 119877
119890minus 120576
Conditions of confidentiality
(9)
523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification
Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860
and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as
similarity = cos (120579) = (119860) sdot997888119881 (119861)
100381610038161003816100381610038161003816
997888119881 (119860)
100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816
997888119881 (119861)
100381610038161003816100381610038161003816
(10)
The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity
Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873
119894 is the set of users 119895 such that there
exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors
of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873
119895 In order to have amodel with asymmetric links
the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881
119861and the set of good users by119881
119866 It holds
that 119881119861cap 119881
119866= 0 and 119881
119861cup 119881
119866= 119881 We will be using the
term type of a user for the property of being good or bad (seeFigure 6)
Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 9
BadC D
Good CD
GoodC D
Good CD
Nminus E E minus N
Nminus E E minus N
0 0 0 0
0 0
minusE E
0 minusEminusE 0
Figure 6 The two games that can take place on a link good versusbad and good versus good
along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877
119894(119886119894| 119905119894) when 119894rsquos action is 119886
119894and 119894rsquos type is 119905
119894 We extend
and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the
payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So
the decomposition of 119894rsquos payoff can be written as
119877119894(119886119894| 119905119894) = sum
119895isin119873119894
119877119894(119886119894119886119895| 119905119894) (11)
Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)
524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend
To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users
The arbitration protocol is as follows
(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr
119894)119910 from the key
(2) Both the semihonest user and the recommendedfriends send their Attr
119894 and the VS calculates (Attr
119894)119910
using its private key(3) Calculate the hash of (Attr
119894)119910 by the key from server
and clients Then the abnormal user can be found
Then we analyze the security of the matching protocolbased on commutative encryption function
Let Alice be the protocol initiator and Bob be the personto be recommended
Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice
Proof Let Alice have the property set 119883 = 1198831 119883
2 119883
119899
which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884
1 1198842 119884
119899 and secret
parameter 119887 An arbitrary element119898 isin (119883 cap 119884)
Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear
In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct
Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack
Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system
Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887
1 1198841198872 119884119887
119899 (119883119886
1
(119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887)) According to the DDH hypothesis
getting 119884119895from 119884119887
119895is hard So she cannot get 119887 from
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) For the same reason assume
that Bob is a semihonest user He cannot get any 119886 and1198831 119883
119899of Alice Thus in the first phase both users can
only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack
To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user
Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol
Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886
119894 (119883119886
119894)119887) By receiving
(119883119886
1 (119883119886
1)119887) (119883119886
119898 (119883119886
119898)119887) Alice gets the intersection 119878
119860
Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887
119895)119886 by
[(119884119887119895)119886] where119884
119895isin 119878
119860) Bob gets the intersection 119878
119861 Because
119878119861is a subset of 119878
119860 Alice can get more information than Bob
This kind of attack cannot be detected In order to avoid the
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
10 Mathematical Problems in Engineering
Table 1 Abilities of defending against attacks
Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3
PRUB radic radic radic radic
Xie andHengart-ner[6]
radic times radic radic
Agrawal etal [7] radic times times times
properties modification from the user we add promise fromAlice to Bob
1198621015840119860= 119867[(119884119887
1)119886
(1198841198872)119886
sdot sdot sdot (119884119887119899)119886
] (12)
Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886
1 (119883119886
1)119887)
(119883119886
119898 (119883119886
119898)119887) If Bob receives different information fromAlice
Bob can terminate the process and report to the VS
Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886
119894 (119885
119894)
to replace (119883119886
119894 (119883119886
119894)119887) where 119885
119894is a random number)
Before Bob sends 119883119886
119894 (119885
119894) Alice should send the promise of
119883119886
119894 (119885
119894) to Bob Obviously Bob will think that the protocol is
processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS
We compare our work with some other protocols shownin Table 1
Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol
6 Experiment
In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP
61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user
The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation
Figure 7 Registration interface
Figure 8 Recommendation list
After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list
The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9
62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10
The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Mathematical Problems in Engineering 11
Figure 9 Recommendation result Users can check what kind ofinterests they share in common
Figure 10 30-user data from a Chinese ISP
to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866
119894denote the
set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP
data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865
119894denote the set of recommended friends
The followingmeasurementmetrics are used for performanceevaluation
Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is
119877119901=sum119894(card (119865
119894cap 119866
119894) card (119865
119894))
500 (13)
where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877
119901is the average of 500 users in
one experiment
Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is
119877119903=sum119894(card (119865
119894cap 119866
119894) card (119866
119894))
500 (14)
Using different thresholds we calculated the averagerecommendation precision and recommendation recall of
10908070605040302010
20 40 50 60 80
()
Recommendation precisionRecommendation recall
Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching
the 500 randomly selected users Figure 11 presents theresult
With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be
The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction
7 Conclusion
While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
12 Mathematical Problems in Engineering
Competing Interests
The authors declare that they have no competing interestsregarding the publication of this paper
Acknowledgments
This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC
References
[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014
[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010
[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014
[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013
[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010
[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011
[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003
[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010
[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012
[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012
[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013
[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011
[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011
[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012
[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004
[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008
[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008
[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005
[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012
[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010
[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008
[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010
[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983
[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of