On Preserving Secrecy in Mobile Social Networks

Location-based services are one of the most important services offered by mobile social networks. Offering this kind of services requires accessing the physical position of users together with the access authorizations, i.e., who is authorized to access what information. However, these physical positions and authorizations are sensitive information which have to be kept secret from any adversary, including the service providers. As far as we know, the problem of offering location-based services in mobile social networks with a revocation feature under collusion assumption, i.e., an adversary colludes with the service provider, has not been studied. In this paper, we show how to solve this problem in the example of range queries. Specifically, we guarantee any adversary, including the service provider, is not able to learn (1) the physical position of the users, (2) the distance between his position and that of the users, and (3) whether two users are allowed to learn the distance between them. We propose two approaches namely two-layer symmetric encryption and two-layer attribute-based encryption. The main difference between the first and the second approach is that they use, among other encryption schemes, symmetric and attribute-based encryption, respectively. Next, we prove the secrecy guarantees of both approaches, analyze their complexity and provide experiments to evaluate their performance in practice.

[1]  Elisa Bertino,et al.  Position transformation: a location privacy protection method for moving objects , 2008, SPRINGL '08.

[2]  Yao Zheng,et al.  SHARP: Private Proximity Test and Secure Handshake with Cheat-Proof Location Tags , 2012, ESORICS.

[3]  Ali Shokoufandeh,et al.  Secure Signal Processing Using Fully Homomorphic Encryption , 2015, ACIVS.

[4]  Klemens Böhm,et al.  Mutual Authorizations: Semantics and Integration Issues , 2019, SACMAT.

[5]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[6]  Mohammad Hammoudeh,et al.  A Survey on Ciphertext-Policy Attribute-based Encryption (CP-ABE) Approaches to Data Security on Mobile Devices and its Application to IoT , 2017, ICFNDS.

[7]  Frank Stajano,et al.  Mix zones: user privacy in location-aware services , 2004, IEEE Annual Conference on Pervasive Computing and Communications Workshops, 2004. Proceedings of the Second.

[8]  Daqing Zhang,et al.  Modeling User Activity Preference by Leveraging User Spatial Temporal Characteristics in LBSNs , 2015, IEEE Transactions on Systems, Man, and Cybernetics: Systems.

[9]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[10]  Vijayalakshmi Atluri,et al.  Efficient security policy enforcement for the mobile environment , 2008, J. Comput. Secur..

[11]  Fengyuan Xu,et al.  MobiShare: Flexible privacy-preserving location sharing in mobile online social networks , 2012, 2012 Proceedings IEEE INFOCOM.

[12]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[13]  Florian Kerschbaum,et al.  Joins Over Encrypted Data with Fine Granular Security , 2019, 2019 IEEE 35th International Conference on Data Engineering (ICDE).

[14]  Elisa Bertino,et al.  Practical k nearest neighbor queries with location privacy , 2014, 2014 IEEE 30th International Conference on Data Engineering.

[15]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[16]  Jae-Woo Chang,et al.  Hilbert curve-based cryptographic transformation scheme for spatial query processing on outsourced private data , 2016, Data Knowl. Eng..

[17]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[18]  David Taniar,et al.  Continuous Range Search Query Processing in Mobile Navigation , 2008, 2008 14th IEEE International Conference on Parallel and Distributed Systems.

[19]  Yanli Ren,et al.  Efficient Ciphertext-Policy Attribute Based Encryption with Hidden Policy , 2012, IDCS.

[20]  Silvio Lattanzi,et al.  The Power of Random Neighbors in Social Networks , 2015, WSDM.

[21]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[22]  Youssef Bentaleb,et al.  EPS AES-based confidentiality and integrity algorithms: Complexity study , 2011, 2011 International Conference on Multimedia Computing and Systems.

[23]  Ben Y. Zhao,et al.  Preserving Location Privacy in Geosocial Applications , 2014, IEEE Transactions on Mobile Computing.

[24]  Qi Cheng,et al.  LWE from non-commutative group rings , 2016, Designs, Codes and Cryptography.

[25]  Yehuda Lindell,et al.  Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries , 2007, TCC.

[26]  Andreas Gutscher Coordinate transformation - a solution for the privacy problem of location based services? , 2006, Proceedings 20th IEEE International Parallel & Distributed Processing Symposium.

[27]  Yehuda Lindell,et al.  Efficient Secure Two-Party Protocols: Techniques and Constructions , 2010 .

[28]  Dusit Niyato,et al.  Applications, Architectures, and Protocol Design Issues for Mobile Social Networks: A Survey , 2011, Proceedings of the IEEE.

[29]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[30]  Hong Liu,et al.  Security assessment on block-Cat-map based permutation applied to image encryption scheme , 2014 .

[31]  Jin Li,et al.  Location-Sharing Systems With Enhanced Privacy in Mobile Online Social Networks , 2017, IEEE Systems Journal.

[32]  Yang Wang,et al.  A Tree-Based CP-ABE Scheme with Hidden Policy Supporting Secure Data Sharing in Cloud Computing , 2013, 2013 International Conference on Advanced Cloud and Big Data.

[33]  Jun Yang,et al.  An efficient and privacy-preserving location sharing mechanism , 2016, Comput. Stand. Interfaces.

[34]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[35]  Jin Li,et al.  MobiShare+: Security Improved System for Location Sharing in Mobile Online Social Networks , 2014, J. Internet Serv. Inf. Secur..