Professional Documents
Culture Documents
7-3-2018 Privacy Aware Seminar
7-3-2018 Privacy Aware Seminar
7-3-2018 Privacy Aware Seminar
CHAPTER 1
INTRODUCTION
With the growth of mobile devices and online social networks (OSNs), people can
connect with each other ubiquitously anytime. Mobile Social Networks (MSNs) are the
emerging trend in mobile technology that combine wireless communication and social
networking. MSN inherits advantages of delay tolerant networks (DTNs) and
opportunistic networks (Opp-nets)[1]. The main purpose of this paradigm is to provide
users with services like location aware services, group texter services, matchmaking
services, media sharing services, social gaming, social courier (just to name a few)[1], One
of the popular applications of MSN is profile matchmaking. There are many beneficial
application of MSN, where matchmaking can help users to improve themselves, for
example in their social life, in finding people with common hobbies and even in health
issues. While this is a useful way of finding common interests, matchmaking needs to
address a few issues as well.
During the matchmaking, a user needs to show his/her interests to other users in
order to match their common interests. However, there are various scenarios in which a
user may not want to disclose all of his/her interests to other user unless there is the surety
that other user have the same interests. Consider a scenario where a patient in a hospital
wishes to find someone with the same disease or symptoms he/she is himself suffering
from. However, the patient does not want to reveal his disease to anyone else. This kind
of scenario makes matchmaking a tricky thing to perform among privacy conscious users.
By revealing their private information without a privacy preserving matching mechanism,
users put themselves at risk both offline (e.g. stalking) and online (e.g. identity theft).
Therefore, the concerns as mentioned in [2] and [3] should be considered when developing
a matchmaking application.
CHAPTER 2
PROPOSED SYSTEM
In this application, we present a protocol named as PRISM (Privacy-aware Interest
Sharing and Matching) that securely matches the private information of two users. Our
objective is to improve the existing matchmaking protocols and help mobile users to
securely perform matchmaking without revealing unnecessary information. The main
contributions of our paper are as follows:
The project discusses unaddressed attacks on user privacy and provides effective
means to prevent these attacks. These include attacks during the interests
matching and interest revealing phases.
Unlike existing approaches, the trust assumptions on trusted third party (TTP) are
significantly reduced by not revealing user interests to the TTP.
CHAPTER 3
LIERATURE SURVEY
In this section, various existing profile matchmaking approaches have been
discussed. This literature discussed these approaches with two different perspectives.
Firstly, it categorizes the profile matchmaking approaches with an
architectural/deployment point of view. Secondly, it discusses various approaches with
respect to their implementation of matchmaking computation mechanism.
schemes that rely on central server. Centralized architectures are easy to deploy but are
considered a potential candidate for a single point of failure.
[4] M. J. Freedman, K. Nissim, and B. Pinkas, ``Efcient private matching and set
intersection,'' in Advances in CryptologyEUROCRYPT. Berlin, Germany: Springer,
2004, pp. 119.
Matchmaking protocols can also be described as a private set intersection (PSI)
[5]
problem or a private cardinality of set intersection (PCSI) problem . Private set
intersection (PSI) deals with finding common objects blindly. The term emerged from set
theory where intersection operation is used to find common elements in two sets. Private
cardinality of set intersection (PCSI) only provides the number of matched elements.
Commutative encryption based protocols have been used to solve PSI and PCSI
problems.
However, to prevent the system becoming a single point of failure, as well as reducing the
burden of calculations, most of the matchmaking protocol execution is done on user's
device. Another aspect to classify profile matchmaking protocol is the way matchmaking
is performed, authors use expensive Diffie-Hellman key exchange at the end of protocol
to exchange matched interests in order to detect any cheating in previous steps. Also, they
do not provide security against attacks where a malicious party sends garbage values
instead of the commutative encryption of interests. In this case, the cheating party will
know the number of matched interests while the honest party will know nothing, authors
extends the work by attempting to overcome the issues in previous approach. They also
find the best match and combine the identity and interest verification server into a single
server. However, their criterion of a best match only depends upon the number of
matches. A candidate with most matches is considered to be the best match. In reality, a
user may wish to know the matched interests in order to decide the best match. For
example, Alice is more interested in football and less interested in movies and reading. If
Bob has one match (football) with Alice and Charlie has two matches (movies and
reading) then Bob is more likely a best match for Alice. Moreover, also suffers with
similar issues. For example at the end of the protocol, in order to detect any cheating,
Alice and Bob exchange their interests encrypted in each others' public key. Bob can
easily learn Alice's interests by decrypting the message first, re-encrypting and sending
the contents back in Alice's key and therefore pretending to Alice that they have same
interests. Our proposed PRISM is an improved and efficient protocol that uses same
building blocks of commutative encryption.
CHAPTER 4
TECHNOLOGIES USED
a) HTML
HTML stands for Hypertext Markup Language, and it is the most widely used
language to write Web Pages. Hypertext refers to the way in which Web pages (HTML
documents) are linked together. Thus, the link available on a webpage is called Hypertext.
As its name suggests, HTML is a Markup Language which means you use HTML to
simply "mark-up" a text document with tags that tell a Web browser how to structure it to
display.
Originally, HTML was developed with the intent of defining the structure of
documents like headings, paragraphs, lists, and so forth to facilitate the sharing of
scientific information between researchers. Now, HTML is being widely used to format
web pages with the help of different tags available in HTML language.
In this project HTML, combined with CSS is made use to design front end of the
application.
b) CSS
CSS stands for Cascading Style Sheets. It describes how HTML elements are to
be displayed on screen, paper, or in other media. CSS was invented by Håkon Wium Lie
on October 10, 1994 and maintained through a group of people within the W3C called the
CSS Working Group. It can control the layout of multiple web pages all at once.
CSS is used to define styles for your web pages, including the design, layout and
variations in display for different devices and screen sizes. HTML was NEVER intended
to contain tags for formatting a web page. To solve this problem, the World Wide Web
Consortium (W3C) created CSS. CSS removed the style formatting from the HTML
page. The style definitions are normally saved in external. CSS files. With an external
stylesheet file, you can change the look of an entire website by changing just one file.
Advantages of CSS
CSS saves time - You can write CSS once and then reuse same sheet in multiple
HTML pages. You can define a style for each HTML element and apply it to as many
Web pages as you want.
Pages load faster - If you are using CSS, you do not need to write HTML tag
attributes every time. Just write one CSS rule of a tag and apply it to all the
occurrences of that tag. So less code means faster download times.
Easy maintenance - To make a global change, simply change the style, and all
elements in all the web pages will be updated automatically.
Superior styles to HTML - CSS has a much wider array of attributes than HTML, so
you can give a far better look to your HTML page in comparison to HTML attributes.
Multiple Device Compatibility - Style sheets allow content to be optimized for more
than one type of device. By using the same HTML document, different versions of a
website can be presented for handheld devices such as PDAs and cell phones or for
printing.
Global web standards - Now HTML attributes are being deprecated and it is being
recommended to use CSS. So its a good idea to start using CSS in all the HTML
pages to make them compatible to future browsers.
Offline Browsing - CSS can store web applications locally with the help of an offline
cache. Using of this, we can view offline websites. The cache also ensures faster
loading and better overall performance of the website.
Platform Independence - The Script offer consistent platform independence and can
support latest browsers as well.
c) JavaScript
JavaScript (JS) is an interpreted computer programming language. It was
originally implemented as part of web browsers so that client-side scripts could interact
with the user, control the browser, communicate asynchronously, and alter the document
content that was displayed. It is used as a scripting language to define functions to carry
out particular functionalities.
d) JSP
Java Server Pages (JSP) is a technology for developing Webpages that supports
dynamic content. This helps developers insert java code in HTML pages by making use
of special JSP tags, most of which start with <% and end with %>.
A Java Server Pages component is a type of Java servlet that is designed to fulfill
the role of a user interface for a Java web application. Web developers write JSPs as text
files that combine HTML or XHTML code, XML elements, and embedded JSP actions
and commands. Using JSP, you can collect input from users through Webpage forms,
present records from a database or another source, and create Web pages dynamically.
JSP tags can be used for a variety of purposes, such as retrieving information from
a database or registering user preferences, accessing JavaBeans components, passing
control between pages, and sharing information between requests, pages etc.
Java Server Pages are built on top of the Java Servlets API, so like Servlets, JSP
also has access to all the powerful Enterprise Java APIs, including JDBC, JNDI, EJB,
JAXP, etc. JSP pages can be used in combination with servlets that handle the business
logic, the model supported by Java servlet template engines. Finally, JSP is an integral
part of Java EE, a complete platform for enterprise class applications. This means that
JSP can play a part in the simplest applications to the most complex and demanding.
Here, in this application JSP is used as server side scripting language to collect input from
users through front end and to display the data stored in the backend database upon user’s
request.
e) MySQL
MySQL is a fast, easy-to-use RDBMS being used for many small and big
businesses. It is developed, marketed and supported by MySQL AB, which is a Swedish
company. MySQL is becoming so popular because of many good reasons and few of
them are,
MySQL is released under an open-source license. So you have nothing to pay to use
it.
MySQL is a very powerful program in its own right. It handles a large subset of the
functionality of the most expensive and powerful database packages.
Department of IS&E, B.I.E.T, Davangere. 8
PRISM: Privacy-Aware Interest Sharing and Matching in Mobile Social Networks
In June 2000, Net Beans was made open source by Sun Microsystems, which
remained the project sponsor until January 2010 when Sun Microsystems became a
subsidiary of Oracle. Please see our History section for more information. The two base
products, the Net Beans IDE and Net Beans Platform, are free for commercial and non-
commercial use. The source code to both is available to anyone to reuse as they see fit,
within the terms of use. The legal section contains information regarding licensing,
copyright issues, privacy policy and terms of use. Net Beans is used as a platform to
design this application.
CHAPTER 5
DESIGN / ARCHITECTURE
5.3 ASSUMPTIONS
PRISM is based on following assumptions.
IdV is honest-but-curious and can be trusted keeping a user's identity safe. However,
we do not consider the complaint against a malicious activity as a normal scenario.
Therefore in order to investigate, the IdV may ask the participants of the protocol for
their credentials.
The matchmaking protocol, once started, terminates only after its completion.
Users keep their security parameters safe during the protocol.
We do not assume any collusion among the IdV and the users.
5.4 NOTATIONS
The notations used in PRISM are mentioned in Table 1.
CHAPTER 5
IMPLEMENTATION
In this regard, PRISM proposes the use of either the unique international mobile
station equipment identity (IMEI) number of a device, which can be retrieved during
implementation of protocol through getDeviceId() in android or ANDROID_ID in
Android SDK. However, many operating systems such as Apple iOS 7 and Windows
have stopped giving IMEI information to application vendors for privacy concerns. In this
case we suggest to use identifierForVendor in iOS 7 or later (an application specific
unique identifier) and DeviceUniqueID for Windows (which is a unique value per device
and per application). Instead of using email identity or social network based identities,
PRISM uses above mentioned application and device specific identities. The identity
verifier (IdV ) will take this value from the user, hash it, digitally sign it with its private
key and sends this back to the user as his unique identity. For simplicity we will refer the
device identity as UID in= the rest of the paper. The memory size for this light weight
identity will be 20 bytes hash of UID, 4 bytes timestamps and 64 bytes of signature (we
are supporting an ECC key of IdV ), i.e. 88 bytes in total.
PRISM consists of the phases (1) initial setup phase, (2) matchmaking phase
Following are the details of these phases.
If a user is found guilty of a wrong doing, the IdV will block that user. It should be
noted that in case Alice needs to change the value of maxAlice at a later time, she will
request the new value maxAlice to the IdV Finally, Alice generates a 1024 bits random
secret exponent a chosen from modulus n, and subsequently encrypts each of her interests
by exponentiating with a. Similarly, Bob or any other participant performs the above
mentioned steps before matchmaking.
After the initialization phase, Alice and Bob become eligible to start the matchmaking
protocol. Alice sends her interests to the responder in order to find the matched interests.
2) MATCHMAKING PHASE
This paper proposes the novel idea to use k known dummy interests. These
dummy interests are suggested by the initiator and need to be included in the interest set
of both parties.
At the start of matchmaking, Alice chooses k dummy interest values. It is
worth mentioning that these values are not necessary to be meaningful. Alice also
encrypts these values by exponentiating them with her secret value a and includes these
values in her interests set Ai at random indices. Following are the steps of our
matchmaking protocol that are also shown in Fig. 2.
Step 1: Alice prepares a matchmaking request that includes her exponentiated interests
set Aia, k dummy interests in plaintext, her identity (h (UIDAlice )|||T )SKIdV , her signed
public key (PKAlice )SKIdV and (maxAlice)SKIdV. Alice then signs the entire message her
secret key and sends this to Bob.
• (∀i ∈ (0, m + k ] : Aia | |dk | |(PKAlice )SKIdV
Alice’s interests by repeatedly taking hash of all possible interests, n2 serves the same
purpose for Bob.
• ∀i ∈ (0, q] (h(Ai ) ⊕ n2 )
Step 8: Similarly Bob generates n2 , computes (h(Bi ) ⊕ n2 ) and sends this to Alice.
• ∀i ∈ (0, q] (h(Bi ) ⊕ n2 )
Step 9: Next both parties exchange n1 and n2 and find h(Ai ), h(Bi ) respectively.
CHAPTER 7
ADVANTAGES
Our design goals are as follows:
The initiator along with each of the candidates should only know the intersection set
between them mutually. Any information other than the matched interests should not
be known to any other party.
Trust assumption should be kept to a minimum. Therefore, a TTP server should only
verify the number of interests and knows nothing about the actual interests.
There should be an upper bound for the number of interests that are verified by an
identity verifier. A user should not use more interests than a threshold.
During matchmaking, none of the user should get any unfair advantage over the other.
This includes attacks where a user may place gibberish values to be matched in order
to get an unfair advantage.
On a positive match, both the parties should reveal only their matched interests to
each other in such a way that neither of them should be able to get an advantage. The
protocol should be able to prevent this kind of attack.
The protocol should also provide prevention from Sybil attacks. That is, a malicious
user should not be able to run the protocol multiple times against a user in order to
find the interests set.
CHAPTER 8
APPLICATIONS
Face book communication.
Flip cart online item purchasing applications.
Online business transaction.
CHAPTER 9
CONCLUSION
We have presented an efficient privacy protection and interest sharing protocol in
mobile social networks. We have provided novel attacks scenarios and their efficient
solution. Unlike existing approaches, PRISM does not require a user to reveal interests to a
trusted third party and only uses it as an identity verifier and conflict resolver. The proposed
use of unique identity for a user helps prevent Sybil attacks. With the help of implementation
we show the feasibility of PRISM. Moreover, with a comprehensive security and complexity
analyses, we show the robustness of PRISM against various attacks as well as its efficiency.
REFERENCES
[1] A.-K. Pietiläinen, E. Oliver, J. LeBrun, G. Varghese, and C. Diot, ``Mobi- Clique:
Middleware for mobile social networking,'' in Proc. 2nd ACM Workshop Online Social
Netw. (WOSN), 2009, pp. 49-54.
[3] L. P. Cox, A. Dalton, and V. Marupadi, ``SmokeScreen: Flexible privacy controls for
presence-sharing,'' in Proc. ACM 6th Int. Conf. Mobile Syst., Appl. Services (MobiSys),
2007, pp. 233245.
[4] M. J. Freedman, K. Nissim, and B. Pinkas, ``Efcient private matching and set
intersection,'' in Advances in CryptologyEUROCRYPT. Berlin, Germany: Springer,
2004, pp. 119.