VENETA: Serverless Friend-of-Friend Detection in Mobile Social Networking

1. VENETA: Serverless Friend-of-Friend Detection inMobile Social Networking Marco von Arb Matthias Bader Michael Kuhn Roger Wattenhofer WiMob 2008 Avignon, France

2. Success of Social Networking Services Wikipedia: List of Social Networking Services number of services listed growth of services Michael Kuhn, ETH Zurich @ WiMob 2008

3. Facebook (124M) Orkut (67M) MySpace (246M) Classmates (50M) LinkedIn (27M) Windows Live Spaces (120M) Biggest Virtual Social Network? Mobile Phone Contact Book (3.3B mobile subscribers) (Nov. 2007) E-Mail (1.5B Internet users) (Jun. 2008) Michael Kuhn, ETH Zurich @ WiMob 2008

4. Perfect combination Excellent penetration Permanent reachability Location awareness Success? No comparison to MySpace, Facebook, etc. Twitter: 2.5M Unique users (08/2008) Mobile Social Networking? micro-blogging service Michael Kuhn, ETH Zurich @ WiMob 2008

5. Lovegety • Introduced in 1998, Japan • Male (blue) and female (pink) device • Beeps if another lovegety of opposite sex is nearby • As of 2004, 600K devices were sold • Was presumably the most successful mobile social networking service for a long time “In the two and a half months since the product entered markets, we've already shipped 350,000 Lovegetys. Right now we can't produce enough of them to meet demand” Takeya Takafuji, CEO “I just had it on one day when it started to beep all of sudden. I started looking around while getting ready to run, if the boy was strange. He wasn't, so I said hello, and we went and ate Takoyaki” Kaori Mikuriya, 16 Quotes from: Iwatani, Wired News, 1998 Michael Kuhn, ETH Zurich @ WiMob 2008

6. Lovegety: 3 modes (talk, karaoke, get2) clones of webapps Twitter: Short messages (<140 characters) high user interaction low user interaction high data volumes simple cheap expensive adapted to mobile interface overloaded (Possible) Reasons for Success and Failure Michael Kuhn, ETH Zurich @ WiMob 2008

7. Why Clones? Friend Browsing Michael Kuhn, ETH Zurich @ WiMob 2008

8. Friends-of-Friends • Clustering Coefficient • Probability that two friends are friends themselves • High Clustering Coefficients in Social Networks • Approx. 0.25 • Feature is highly used • Better indicator for friendship than profile match Michael Kuhn, ETH Zurich @ WiMob 2008

9. Friends-of-Friends on Mobile Devices browsing is inefficient on small displays requires access to server => expensive not appropriate for mobile devices true? Michael Kuhn, ETH Zurich @ WiMob 2008

10. Mobile Friend-of-Friend Detection compare address books! peer-to-peer (e.g. Bluetooth) device rather than user searches Michael Kuhn, ETH Zurich @ WiMob 2008

11. Privacy? • Not everybody should know my contacts! • Compare hash values? => lookup tables • Possible to protect privacy? Yes! Privacy? multiparty-computation Michael Kuhn, ETH Zurich @ WiMob 2008

12. 33 55 46 37 69 41 11 Multi-Party Computation • n participants want to evaluate a function f(x1, x2, ..., xn) • Everybody knows the result, but nothing about the others‘ inputs What‘s our average age? Result: 41.7 years Participants do NOT learn individual ages Michael Kuhn, ETH Zurich @ WiMob 2008

13. Multi-party Computation • Adversaries • Passive (honest but curious): Follow the protocol • Active (malicious): Can do whatever they like to compromise somebody‘s privacy • „Protocols for Secure Computations“ • Andrew Yao, FOCS, 1982 • Any 0-1 valued function can be evaluated in the passive adversary model high computational complexity real world adversaries are malicious Michael Kuhn, ETH Zurich @ WiMob 2008

14. X Y Multiparty-Computation for Contacts? two-party set intersection • Alice and Bob both own a set of items from a given universe V • Alice: X = {x1, x2, ..., xN} (subset of V) • Bob: Y = {y1, y2, ..., yM} (subset of V) • Goal: Find intersection without knowing the other party‘s elements • This is exactly our friend-of-friend finding problem! • X: phone numbers in Alice‘s contact book • Y: phone numbers in Bob‘s contact book • V: universe of all (107) phone numbers Michael Kuhn, ETH Zurich @ WiMob 2008

15. Two-Party Set Intersection • Yao‘s generic approach computationally infeasible homomorphic encryption & roots of polynomials (Freedman et al., EUROCRYPT, 2004) homomorphic encryption & roots of polynomials (Freedman et al., EUROCRYPT, 2004) relatively complex fixes required against malicious adversaries commutative encryption (Hubermann et al., ACM EC, 1999) Michael Kuhn, ETH Zurich @ WiMob 2008

16. Two-Party Set Intersection • Commutative Encryption: Eα(Eβ(x)) = Eβ(Eα(x)) 1) A → B: Eα(x1), ..., Eα(xN) 2) B → A: Eβ(y1), ..., Eβ(yM) 3) A → B: Eα(Eβ(y1)), ..., Eα(Eβ(yM)) 4) B → A: Eβ(Eα(x1)), ..., Eβ(Eα(xN)) Commutativity: xi = yj => Eβ(Eα(xi)) = Eα(Eβ(yj)) reveals input set sizes Michael Kuhn, ETH Zurich @ WiMob 2008

17. Analysis • Agraval et al., SIGMOD, 2003 • Passive adversaries • Protocol is secure if: • Decisional Diffie-Hellmann (DDH) assumption holds • Eκ(m) = mκ mod p • p is strong prime (i.e. p = 2*q+1 with p, q large prime) • Dom E: quadratic residues modulo q • κ {1, 2, ..., q – 1} • Ideal hash function h: V → Dom E exists to map each v element V to d Dom E Eκ(m) = mκ mod p [m = h(x)] Michael Kuhn, ETH Zurich @ WiMob 2008

18. For Phone Numbers Bob is a friend-of-a-friend of Alice Michael Kuhn, ETH Zurich @ WiMob 2008

19. (mod p) h(1324328)α h(3807210)α h(2380902)α ... h(6521257)β h(8709929)β h(3807210)β ... equal due to commutativity h(1324328)αβ h(3807210)αβ h(2380902)αβ ... h(1324328)αβ h(3807210)αβ h(2380902)αβ ... h(6521257)βα h(8709929)βα h(3807210)βα ... h(6521257)βα h(8709929)βα h(3807210)βα ... For Phone Numbers +41791324328 6503807210 +18312380902 ... 6521257 +442088709929 +16503807210 ... Michael Kuhn, ETH Zurich @ WiMob 2008

20. Active Adversaries • Zhang and Zhao, VLDB, 2005 • Li et al., Computer Security, 2005 • Changing input set (e.g. adding a number) • If somebody can add a number (and knows whose number it is), it could have been in the contact book, anyways • Limited to 300 entries (no brute-force attacks) • Asymmetry (Alice could skip last step) • Simulaneously exchange values • Zhan and Zhao • Expensive • Interesting only for delicate contacts • Bob would not have made such a contact available Michael Kuhn, ETH Zurich @ WiMob 2008

21. Prototype Application: veNETa • Let‘s use our protocol • Only makes sense if other people use it as well... • Why should people use it, if there is litteraly no chance of meeting another user? • Bootstrapping problem • Integration into a more comprehensive application • veNETa • Decentralized as well as serverbound features • J2ME Michael Kuhn, ETH Zurich @ WiMob 2008

22. Decentralized Free of charge Friend-of-friend detection (as explained) Profile matching (age, gender) Simple, recall Lovegety Multihop messaging over Bluetooth (max. 3 hops, epidemic routing) Server bound Text-Messaging (encrypted, public-key infrastructure provided by server) Location tracking: veNETa can (optionally) alert users if people of interest (friends or profile matches) are nearby Requires JSR-179 (Java Location-API) messaging (stay in contact) location-awareness (re-discover) veNETa friend-finding (new friends) Michael Kuhn, ETH Zurich @ WiMob 2008

23. Conclusions • Mobile social software as huge potential • Market penetration of mobile devices • Success of social networking applications • Major target group: Young people • Low budget • Serverless core features • Free of charge • Cover the extremely popular friend-of-friend detection • Based on real friends • Future • Improve usability • Extend to e-mail addresses, ICQ numbers, etc. • Other matching mechanisms (e.g. music taste?) • Micro-blogging? Michael Kuhn, ETH Zurich @ WiMob 2008

24. Thanks for your Attention • Questions? Michael Kuhn, ETH Zurich @ WiMob 2008