| Summary: | The success of online social networking has resulted in increased attention to mobile social
networking research and applications. In mobile social networking, instead of looking for friends
over the Internet, people look for friends who are physically located close and also based on other
self-defined criteria. For example, a person could find other people who are nearby and who
also share the same interests with her by using mobile social networking. As a result, they have
common topics to talk about and may eventually become friends. There are two main approaches
in the existing works. One approach focuses on efficiently establishing friendship and ignores
the protection of private information of the participants. For example, some applications simply
broadcast users’ personal information to everybody and rely on the other users to report the
matches. From a privacy point of view, this approach is bad, since it makes the users vulnerable
to context-aware attacks. The other approach requires a central server to participate in each
matchmaking process. For example, an application deploys a central server, which stores the
profile information of all users. When two nearby client devices query the central server at the
same time, the central server fetches the profile information of both devices from the server’s
database, performs matching based on the information, and reports the result back to the clients.
However, a central server is not always available, so this approach does not scale. In addition, the
central server not only learns all users’ personal information, it also learns which users become
friends.
This thesis proposes a privacy-preserving architecture for users to find potential friends with
the same interests. The architecture has two matchmaking protocols to prevent privacy leaks.
Our protocols let a user learn only the interests she has in common with the other party. One
protocol is simpler, but works only if some assumptions hold. The other protocol is more secure,
but requires longer execution time. Our architecture does not require any central server that is
involved in the matchmaking process. We describe how the protocols work, analyze how secure
the protocols are under different assumptions, and implement the protocols in a BlackBerry
application. We test the efficiency of the protocols by conducting a number of experiments.
We also consider the cheating-detection and friend-recognition problems.
|
|---|
