Research Article PRUB: A Privacy Protection Friend Recommendation System Based...

Research ArticlePRUB A Privacy Protection Friend Recommendation SystemBased on User Behavior

Wei Jiang Ruijin Wang Zhiyuan Xu Yaodong Huang Shuo Chang and Zhiguang Qin

University of Electronic Science and Technology of China Chengdu 611731 China

Correspondence should be addressed to Ruijin Wang 124355850qqcom

Received 13 February 2016 Accepted 2 August 2016

Academic Editor Salvatore Alfonzetti

Copyright copy 2016 Wei Jiang et alThis is an open access article distributed under theCreative CommonsAttribution License whichpermits unrestricted use distribution and reproduction in any medium provided the original work is properly cited

The fast developing social network is a double-edged sword It remains a serious problem to provide users with excellent mobilesocial network services as well as protecting privacy data Most popular social applications utilize behavior of users to buildconnection with people having similar behavior thus improving user experience However many users do not want to share theircertain behavioral information to the recommendation system In this paper we aim to design a secure friend recommendationsystem based on the user behavior called PRUB The system proposed aims at achieving fine-grained recommendation to friendswho share some same characteristics without exposing the actual user behavior We utilized the anonymous data from a ChineseISP which records the user browsing behavior for 3 months to test our system The experiment result shows that our system canachieve a remarkable recommendation goal and at the same time protect the privacy of the user behavior information

1 Introduction

We are now embracing the era of the mobile social networkThis network connects people with similar interests and char-acteristics through mobile devices like smartphones tabletsand so forth Users on a mobile social networks platformcan share their states convenientlyThemobile social networkplatform is an open platform it is established on the base ofactual social relationship anddeveloped by further expandingthe social circle Aiming at recommending new links for eachuser almost all the mobile social networking systems providea service to recommend friends Considering the fact thatthe size of the network grows exponentially many serviceproviders and researchers are trying to import distributedmanagement to implement a recommendation system asa way to ease the pressure of services on a centralizedmanagement system [1] and improve user experience at thesame time

The recommendation system can achieve a promisingresult using the information of user behavior [2] Howeversome of the information contains personal privacy data andusers are unwilling to share their certain behavioral infor-mation to others They prefer to exchange their informationwith people who share common interests instead of all the

strangers Particularly in the distributed systems becausethere are no regulators in the interactive process the privacysecurity will be a problemThus ldquohow to realize high qualityrecommendation as well as protecting the privacy of userbehavior information of the userrdquo is becoming a researchhotspot [3ndash5]

To solve these problems we design a secure friend recom-mendation system based on the user behavior called PRUBThis system aims at achieving fine-grained recommendationto friends who share common interests without exposing theactual user behavior PRUB provides a modified matchingprotocol and authorization protocol to ensure the security ofuser behavior information in the hybrid management whichcombines the centralized and distributed management

PRUB works mainly in two steps The first step is to real-ize the coarse friend recommendation The authenticationserver classifies users using the KNN classification algorithmwhich is based on user behavior information such as usersrsquobrowsing records and returns friend recommendation resultbased on peoplewho share the same interests as the usersThesecond step is to realize the fine-grained friend recommenda-tion Each user uses coarse grained friend recommendationon similarity calculation using the matching protocol If thesimilarity degree is greater than the user defined threshold

Hindawi Publishing CorporationMathematical Problems in EngineeringVolume 2016 Article ID 8575187 12 pageshttpdxdoiorg10115520168575187

2 Mathematical Problems in Engineering

PRUB adds the person to the fine-grained friend recommen-dation list

This paper aims to make the following contributions(1) We present a hybrid management architecture

according to the mobile social networks platformcharacteristics easing the pressure from the serverand improving the user experience

(2) We propose a privacy supported matching proto-col Utilizing the usersrsquo behavior it can realize thepersonalized instead of the blindly recommendedresult At the same time the protocol ensures personalprivacy security users can protect their own sensitiveinformation and avoid exposing it to all the strangerson the platform

(3) We define a security model and theoretically analyzethe security of our protocol We aim to prove that ourprotocol can defend against attack in the position ofinitiator and matching target respectively

To evaluate our system PRUB we utilize anonymous datafrom aChinese ISP which records the user browsing behaviorfor 3 months The experiment result shows that our systemcan achieve a fine-grained recommendation and protect theprivacy of the user behavior information at the same time

The rest of the paper is organized as follows Section 2 dis-cusses related works Section 3 provides the system overviewof PRUB The secure matching protocol is discussed inSection 4 Section 5 analyzes the security of the system Theexperiment result is presented in Section 6 We conclude ourwork in Section 7

2 Related Works

Corresponding to the structure of the mobile social networkthere are three application patterns for friend recommenda-tion centralized management distributed management andhybrid management

CentralizedManagement In this pattern all the user informa-tion is stored on the central server As a trusted third partythe central server manages the whole system and handlesall the processes Users only need to access the server usinga mobile client and they can acquire the desired serviceThe central server will complete the characters matchingand return the recommended friend list to the users [8]Throughout the process there is no interaction between theusers In the centralized management the central serverholds all the information about user characteristics It caneffectively protect the user privacy through enhancing theserver security However the server cannot be accessed atany time this depends on the network conditions Thususer experience decreases under unstable network conditionApart from this not all the users are willing to deliver theirbehavior information to server providers especially somepersonal privacy information Some server providers mayutilize the information for illegal activities [9]

DistributedManagement In distributed social networks dataare stored and handled at the local clients and users can

directly interact with each other Clients broadcast theirown information and receive information of others at thesame time and then match characteristics based on theinformation to discover target users In this pattern thewholerecommendation process can be realized among clientswithout any server participation [10] This pattern certainlyrelieves the pressure of the server However clients mayunintentionally publish some unnecessary information evenuser privacy [11] In the distributed system the interactionprocess lacks control and fails to ensure the security of therecommendation processMany researchers presented securematching protocols to avoid the shortage such as [12] itutilizes Shamir secret dividing to complete matching

Hybrid Management In order to integrate the advantages ofcentralized and distributed management some researcherspresented hybrid management [13] In this pattern userscould interact directly but during the process of matchingappropriate server control is required such as storing tem-porary data and arbitrationThe hybrid management patterncan reduce the server stress and provide security mechanismas well The problem for researchers is how to minimizethe information provided by users how to realize securematching with server involvement as little as possible andhow to realize arbitration using minimal user informationand ensure accuracy [14]

Our recommendation system PRUB is built on the hybridmanagement Matching protocols is the core of hybrid man-agement users can find some friends who share commoninterests such as common browsing habits and also protecttheir private information The process of matching can beregarded as PSI (private set intersection) problem or PCSI(private cardinality of set intersection) problem [15] Cur-rently the popular resolution algorithm can be categorizedinto three types

Matching Protocol Based on Commutative Encryption Func-tion Agrawal et al [7] presented a commutative encryptionprotocol to solve PSIPCSI problem It used a pair of encryp-tion functions 119891 and 119892 and 119891(119892(119909)) = 119892(119891(119909)) the propertyof each function is that the encrypted result is independentof the calculation order such as 119891

119890(119909) = 119909119890 mod119901 where 119901

is safe prime This protocol is secure under the hypothesis ofDDH (Decisional Diffie-Hellman) hypothesis and only oneof the participators knows the intersection the other cannotacquire anything However this protocol cannot defendagainst malicious attacks

Von Arb et al [16] presented a social platform VENETAbased on the algorithm of Agrawal et al They rely on aconstruction based on commutative encryption Comparedto Agrawal et al they assume that the attack cannot causeany serious damage A victim only reveals a contact he waswilling to share without getting this information in returnVENETA enables two users to calculate the intersection oftheir characters in a certain range If it successfully matchesbetween two users VENETA will recommend this strangerto the user

Xie and Hengartner [6] presented a matching protocolin mobile social networks The protocol adds signature

Mathematical Problems in Engineering 3

verification to property elements this paper shows thatAgrawal et al proved that given the Decisional Diffie-Hellman (DDH) hypothesis ⟨119883

119894 119891119890(119883

119894) 119884

119895 119891119890(119884119895)⟩ for fixed

values of 119894 and 119895 with 119891119890(119909) = 119909119890 is indistinguishable from

⟨119883119894 119891119890(119883

119894) 119884

119895 119885⟩ when 119890 is not givenThey prove that these

certificates are sent across an encrypted channel so a passiveeavesdropper cannot learn Alicersquos or Bobrsquos interests Thusattackers cannot reorder all the segments and propertieseasily thus avoiding counterfeit and scanning attacks

In [17] a new efficient solution to Yaorsquosmillionairesrsquo prob-lembased on symmetric cryptography is constructed and theprivacy-preserving property of the solution is demonstratedby a well-accepted simulation paradigm It proposes a newsecurity paradigm that quantitatively captures the securitylevels of different solutions The paper proposes an idealmodel with a trusted third party Alice and Bob have 119909 and119910 they want privately to compute functionality 119891(119909 119910) =(1198911(119909 119910) 119891

2(119909 119910)) with the help of a trusted third party

At the end of the protocol Alice (Bob) obtains 1198911(119909 119910)

1198912(119909 119910) without leaking 119909(119910) The ideal model provides the

best possible security of secure multiparty computations andits security level is the highest level compared with thatany secure multiparty computation solution can achieveTheauthors of [17] use the following to judge whether Protocol 120587

1

is more secure than Protocol 1205872

1198671205871

(119909 | 1198912(119909 119910))

1198671205872

(119909 | 1198912(119909 119910))

gt 1

or1198671205871

(119910 | 1198911(119909 119910))

1198671205872

(119910 | 1198911(119909 119910))

gt 1

or both hold

(1)

They concluded that the new solution was as secure as boththe ideal secure multiparty computation solution and Yaorsquossolution In this paper the solution provided in [17] enablesXOR operating in commutative encryption function butit greatly increases the calculation costs and decreases thesecurity of the system

Matching Protocol Based on Linear PolynomialThe paper [15]presented FNP protocol which transforms properties intolinear polynomial and uses the character of homomorphy tohandle the encrypted coefficients In the exchange processone side is the client and the other is the server For eachinput property of the client it only knows whether theproperty belongs to the server and cannot acquire any otherinformation Meanwhile the server cannot get any otherinput information from the client

Kissner and Song [18] used a polynomial to representmultiple collections Taking advantage of polynomial andaddition homomorphy function it realizes the secure oper-ation of intersection union and complementation Thisprotocol can be applied against semihonest attacks and thesetechniques can be applied to a wide range of practicalproblems This paper has an important feature of privacy-preserving multiset operations which can be composed andenable a wide range of applications The authors of [18] use

the following grammar to compute the output of any functionover the multisets

119884 = 119904|Rdd(119884)| 119884 cap 119884|119904 cup 119884|119884 cup 119904 They construct analgorithm for computing the polynomial representation ofoperations on sets including union intersection and ele-ment reduction And they extend these techniques includingintersection and element reduction with a trusted third partyto encrypted polynomials allowing secure implementation ofour techniques without a trusted third party Dachman-Soledet al [19] presented a PSI protocol which can be applied fordefending against malicious users They also use the polyno-mial coefficient to represent properties and use Shamir SecretShare to dividing coefficient for realizing higher security

Lu et al [20] put forward Secure Handshake with symp-tom-matching and deployed the matching protocol intodisease monitoring Their system enables patients who havethe same symptoms to communicate and share informationThe core of their algorithm is the feature of bilinear matchingfunction In this system model they consider a typicalmHealthcare social network (MHSN) which consists oftrusted authority (TA) at eHealth center and a large numberof mobile patients As the patient health condition is verysensitive to the patient himselfherself therefore it is essentialthat the privacy of PHI should be controlled by the patientin a MHSN environment so they develop a secure same-symptom-based handshake (SSH) scheme It consists ofthese algorithms system setup patient joining and patientrsquossame-symptom-basedhandshaking (PatientsSSH)Thepapershows the employed identity-based encryption

119862

=

1198621= 119903 (119875pub + 119867 (pid) 119875) where 119903 119877

larr997888 119885lowast119902

1198622= 119890 (119875119867

0(119879)) 119903 sdot 119873 119879 is specific triage

(2)

The identity-based encryption (IBE) should be semanticsecurity (indistinguishable) under selective-PID-symptomsand chosen-plaintext attacks In this paper let IBE be a secureencryption scheme with security parameter 119897 and define theadvantage probability of 119860 to be an INDsPS-CPA adversaryagainst IBE It is very important in the random oracle model

AdvIND-sPS-CPAIBE119860 (119897) = 2 sdot Pr [ExpIND-sPS-CPA

IBE119860 (119897) = 1] minus 1

= 2 sdot Pr [119887 = 1198871015840] minus 1(3)

In this paper SSH is of vital importance to the success ofMHSN but this algorithm can be only applied to matchingsingle property and it is difficult to extend it into multiprop-erties

Matching Protocol Based on PseudorandomNumberThis pro-tocol is firstly presented in [21] Hazay and Lindell designeda PSI protocol in order to defend against different attacksand ensure the operating efficiency at the same time Thepseudorandom number is used for encryption In this paperthe protocols for securely computing the set intersectionfunctionality are based on secure pseudorandom functionevaluations in contrast to previous protocols This paper


proposed Secure Pattern Matching 119865PM was used to addressthe question of how to securely compute the above basicpattern matching functionality

((119879119898) 119901)

997891997888rarr

(120582 119894 | 119879119894= 119901) if 1003816100381610038161003816119901

1003816100381610038161003816 le 119898

(120582 119894 | 119879119894= 119901

1sdot sdot sdot 119901

119898) otherwise

(4)

This protocol is presented for securely computing 119865PMin the presence of malicious adversaries with one-sidedsimulatability And specific properties of the Naor-Reingoldpseudorandom function and the protocol120587PRF for computingtheNaor-Reingold function are utilizedThe following is usedinstead of the corrupted party 119901

1computing and sending the

set

(119894 119892119894= prod

log119873119895=1

119886

(119894)119895

119898+119895)119873minus119898+1

119894=1

(5)

So the Naor-Reingold pseudorandom function will achievehigh efficiency

Yang et al [22] designed a distributed mobile social net-work E-SmallTalker It utilizes Bloom filter as the store struc-ture of properties and calculates the intersection throughseveral rounds of iteration with pseudorandom functionE-SmallTalker can reduce the storage space effectively andprevent interactive users from acquiring more informationbesides the common properties It requires no data serviceslike Internet access and exchanges user information betweentwo phones and performs matching locally Yang et al buildon the Bluetooth Service Discovery Protocol (SDP) to searchfor nearby E-SmallTalker users And the iterative Bloom filter(IBF) they proposed is to encode user information data isencoded in a bit string to address SDP attributesrsquo size limitThis system architecture includes four software componentscontext data store context encoding and matching contextexchange and user interface (UI)The authors of [22] devise amultiround protocol to achieve the desired false-positive rate119891 with a minimum total amount of transmission given theconstraints imposed by the implementation of Bluetooth SDPand the quantitative measurement of the false-positive rate isdefined by the following formula 119891 = (1 minus (1 minus 1119898)119896119899)119896 asymp

(1 minus 119890minus119896119899119898)119896 So this paperrsquos approach was efficient incomputation and communication

3 PRUB System Overview

The PRUB system is based on users browsing behavior torecommend related friends with similar behavior and activi-ties The system adopts the hybrid management architecturementioned aboveThe system consists of several users severalsmartphones one verification server (VS) and several anchorservers (AS) The basic structure is shown in Figure 1

31 Users Every user who wants to use our system to findfriends with similar behavior should have a smartphoneand install our application The application will collect users

VS

MSN

MSN

middot middot middot

Figure 1 PRUB system structure

browsing histories and classify them into several catalogsThe value of each catalog is defined as properties andcharacteristic of the user The users should sign up with anaccount to use the service

To test the security of our system we define some kindsof abnormal users The first kind of abnormal users will nottry to break protocols of the network They only want toobtain some privacy data of other users by analyzing theinformation they obtain from the recommendation resultThe way they are trying to do this is defined as passive attackThese users are called semihonest users Another kind ofusers who are trying to attack actively is called malicioususers For getting more information of other users they donot obey the protocols and even try to break down the wholesystem Somemethods of attacking are to send fake messagesor terminate an agreement before it finishes

32 Smartphones The smartphones which have installedour application are also part of the system The applicationsaves the personal information of the user including hisherID properties private key and public key The smartphoneshould have some computability in order to compute somesecure information The smartphones of the users formmobile social networks (MSNs)

33 Verification Server (VS) The user should register on theverification server before heshe obtains the recommendationdata The application will send the encrypted userrsquos personalinformation to the VS to get the ID and a pair of RSA keysWhen verifying the userrsquos ID and properties the applicationwill send the username and the public key to VS the VSgenerates a random number and then sends the randomnumber to the userrsquos application The application will utilizethe properties (119883

1 119883

2 119883

119898) to get Attr = (119883

1)119886

(1198832)119886 sdot sdot sdot (119883

119899)119886 and send the ID to the VS The VS

uses its private key to get signvs(ID Attr) and sends itback to the userrsquos application In order to prevent abnormalusers from changing their properties to obtain othersrsquo privateinformation the VS can bind the user with its properties andsignature certification

34 Anchor Server (AS) The anchor servers are used toconnect several MSNs The user can register on several


Client 119860 Server 119861(1) Get client private key 119909generate a prime 119901Original root 119892 of 119901

119892119909 mod 119901997888997888997888997888997888997888997888rarr

(2) Generate a randomnumber 119877

1 get server

private key 119910(1198771)119892119909119910 119892119910 mod 119901

larr997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Get client sign 119879

Hash(1198791198771)997888997888997888997888997888997888997888997888rarr

(4) Calculate the Hashand compare with 119860rsquoscalculation

Box 1 One-way authentication protocol

Client 119860 Client 119861(1) Get client privatekey 119909 generate a prime119901 and random number 119877

2

1198772 119892119909 mod 119901

997888997888997888997888997888997888997888997888997888rarr(2) Get server private key 119910

119892119910[(119892119909119892119910)119870minus1

119887

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877

2

and compared withthe 119877

2which 119860 produced

[(119892119909119892119910)119870minus1119886

1198772]119870119886119887

997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(4) 119861 calculate 119892119910 119892119909 and1198772then compared with

what 119861 received in step (2)

Box 2 Mutual authentication protocol

differentMSNs and theAS transmits information to the usersfrom different MSNs

4 Secure Matching Protocol

One-Way Authentication Protocol In the beginning of estab-lishing the interaction communication channel between VSand the user VS utilizes one-way authentication protocol toauthenticate the identity of the userThe protocol is describedin Box 1

After the interaction about setting identity and randomidentification the protocol can realize the identificationbetween dual direction key and one-way entity throughverifying hash value It achieves forward secrecy and non-repudiation and can defend the man-in-the-middle attacksincluding replay attack reflection attack prophecy attackand interleaving attack

Mutual Authentication Protocol This protocol is used tomutually authenticate the pairing of interaction when

establishing the channel The protocol is described in Box 2where 119870

119860= 119892119909 mod119901 119870

119861= 119892119910 mod119901 and 119870

119860119861=

119892119909119910 mod119901Our mutual authentication protocol is developed on the

basis of STS workstation protocol After adding the identityand using a random number timestamp the identification iscompleted This protocol can also be used to defend man-in-the-middle attack

Matching Protocol In order to achieve fine-grained friendrecommendation the similarity of common properties withcoarse grained recommendation is calculated The mutualprotocol must be done before matching The protocol ispresented as shown in Box 3

Attr119860= (119883

1)119886 (119883

2)119886 sdot sdot sdot (119883

119899)119886 Attr

119894= (119884

1198941)119887

(1198841198942)119887 sdot sdot sdot (119884

119894119899)119887 and 119894 denotes all the users that are

recommended to 119860 Attr1015840119860= (119883119886

1198971

)119887 (119883119886

1198972

)119887 sdot sdot sdot (119883119886

119897119898

)119887

and Attr1015840119894= (119884119887

1198941198951

)119886 (1198841198871198941198952

)119886 sdot sdot sdot (119884119887119894119895119899

)119886


Client 119860 Client 119861(1) Calculate Attr

119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887

997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarr(2) Calculate Attr

119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887

(4) Produce and send a promise (4) Produce and send a promise119862119860= 119867[(119884119887

1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887

sdot sdot sdot (119883119886

119897119898

)119887

]

among which 1198951 1198952 119895

119899is a random among which 119897

1 1198972 119897

119898is a random

sequence of 1 2 119899 sequence of 1 2 119898Attr1015840119861[(Attr1015840119861)119870minus1119886

1198772]119870119886119887

997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888rarrAttr1015840119860[(Attr1015840119860)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(5) Calculate and exchange the (5) Calculate and exchange theproportion of the same attribute proportion of the same attribute

Box 3 Matching protocol


119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895

119899is an ordered among which 119897

1 1198972 119897

119898is an ordered


1198772]119870119886119887


1198772]119870119886119887


Box 4 Attribute exchange protocol

The core of the matching protocol is the principle ofcommutative encryption of messages Pairing of interactionacquires the amount of common properties through twoencrypted comparisons of each property

Meanwhile the confusing operation is added to ensurethe equity and security In the last step common propertiesof both sides are compared if they do notmatch thenwe turninto arbitration

Common Property Exchange Protocol This protocol is usedfor pairing of users to exchange the detail of common prop-erties The mutual protocol must be done before exchangingproperties Box 4 shows this protocol

The core of this protocol is also the commutative encryp-tion but it does not include a confusing operation Pairingof interaction can get the detail of properties by the number

Similarly common properties of both sides are compared inthe last step and hencewe decide whether to have arbitration

5 Security Principles

In this section we evaluate the security of the pro-posed scheme under the security protocols we proposed inSection 4 Our protocols are designed based on the Dolev-Yao security model [23]

51 Definitions

Definition 1 (ignorable function) Function 119910 119873 rarr 119877 is anignorable function when forall polynomial 119901 exist119899 isin 119873 forall119896 gt 119899

0 le 119910 (119896) lt1

119901 (119896) (6)


User A VS

gx mod p

(R1)gxy gy mod p

Hash(IDA R1)

Figure 2 One-way authentication protocol

Definition 2 (probabilistic polynomial (PP)) A language 119871 isin PP if and only if there exists a probabilistic Turingmachine119872 such that

119872 runs for polynomial time on all inputsfor all 119909 in 119871 119872 outputs 1 with probability strictlygreater than 12for all 119909 not in 119871 M outputs 1 with probability lessthan or equal to 12

Definition 3 (computationally indistinguishable) Probabilitycollectives 119883

119899 and 119884

119899 are computationally indistinguish-

able if exist probabilistic polynomial Turing machine 119863 a largeenough integer 119899 and any polynomial 119901

1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]

1003816100381610038161003816 lt1

119901 (119899) (7)

For 119863 119883119899 and 119884

119899 are the same 119863 cannot get any

information of 119883119899 from 119884

119899 and vice versa

Definition 4 (Decisional Diffie-Hellman (DDH) hypothesis)119902 is a prime number 119866

119902is a cycle group ordered 119902 and 119892 is a

generator of119866119902 And hence 119886 119887 119888 isin

119877119885119902 The distributions of

(119892 119892119886 119892119887 119892119886119887) and (119892 119892119886 119892119887 119892119888) are computationally indis-tinguishable

52 Security Analysis The system security faces a num-ber of threats such as man-in-the-middle attack passivewiretapping property modification and malicious match byabnormal users We analyze four threats on our system

521 Man-in-the-Middle Attack The user should register onthe VS first VS matches the properties and sends back thecoarse recommendation result The system implements theone-way authentication protocol to defend against the man-in-the-middle attack The process is shown in Figure 2

The fine-grained friend recommendation of our system isbased on matching protocol based on commutative encryp-tion function In order to defend against the man-in-the-middle attack we implement mutual authentication protocolwhen the communication channel is establishedThe processis shown in Figure 3

One-way authentication protocol achieves the bidirec-tional key and unidirectional entity confirmation Mutualauthentication protocol achieves the bidirectional key andbidirectional entity confirmation They complete forwardsecrecy and nonrepudiation which can defend against basicman-in-the-middle attacks including replay attack reflectionattack and interleaving attack

User A User B

gxKab = gxy mod n

gy gx gykminus1119887

k119886119887

gx gykminus1119886 k119886119887

Figure 3 Mutual authentication protocol

522 Passive Wiretapping Passive wiretapping is whenattackers are trying to obtain users information throughthe communication channel The register process when VSis matching the properties and sending back the coarserecommendation result is threatened by passive wiretapping

To avoid passive wiretapping the system uses encryptedproperties Key agreement in the authentication protocolswill encrypt the value of the properties which will efficientlydefend against passive wiretapping

Communication channelrsquos general model shown inFigure 4 shows that the source is discrete and memorylesswith entropy 119867

119904 The ldquomain channelrdquo and the ldquowiretap

channelrdquo are discrete memoryless channels with transitionprobabilities 119876

119872(sdot | sdot) and 119876

119908(sdot | sdot) The source and the

transition probabilities 119876119872

and 119876119908are given and fixed The

encoder as shown in the figure is a channel with the 119870vector 119878119870 as input and the 119873 vector 119883119873 as output Thevector 119883119873 is in turn the input to the main channel Themain channel output and the wiretap channel input are 119884119873The wiretap channel output is 119885119873 The decoder associatesa 119870 vector 119870 with 119884119873 and the error probablity 119875

119890=

(1119870)sum119870

119896=1Pr119878119870 =

119870

The source sends a data sequence1198781 1198782 which consists of independent copies of the binary

random variable 119878 where Pr119878 = 0 = Pr119878 = 1 = 12 Theencoder examines the first119870 source bits 119878119870 = (119878

1 119878

119896) and

encodes 119878119870 into a binary119873 vector119883119873 = (1198831 119883

119873)119883119873 in

turn is transmitted perfectly to the decoder via the noiselesschannel and is transformed into a binary data stream

119870

=

(1

119896) for the delivery to the destinationThewiretapper

observes the encoded vector119883119873 through a binary symmetricchannel with crossover probability 119875

0(0 lt 119875

0le 12) The

corresponding output at the wiretap is119885119873 = (1198851 119885

119873) so

that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =

(1 minus 1198750)120575119909 119911 + 119875

0(1 minus 120575119909 119911)) with Δ Δ

= (1119870)119867(119878119870 | 119885119873)and the transmission rate is 119870119867

119878119873 source bits per channel

input symbolAs shown in Figure 5 Alice and Bob communicate with

each other The transmission probability is 119875119884119885119883

(119910 119911119909)Supposing that the channel has no memory the transmissionprobability of length of sequence 119899 is

119875(119884119899119885119899

119883119899) =

119899

prod119894=1

119875119884119885119883

(119910119894119911119894

119909119894

) (8)

Alice sends a commonmessage1198720to Bob and Eve and sends

a private message to Bob The codeword 119860(21198991198770 21198991198771 119899) isdefined by these


Source Encoder Main channel Decoder

Wire-tap channel

SK XN YN

OM

sk

OW

ZN

Figure 4 Communication channel general model

Bob

Decoder

Eve

Decoder

XN

YN

ZN

P(y zx)

Alice

EncoderM0

M1

m0

m0

m1

Figure 5 Secret information

(1) 1198720= 1 2 21198991198770 and119872

1= 1 2 21198991198771

(2) An encoding function 119891119899 119872

0times 119872

1rarr 120594119899 (119898

0

1198981) isin 119872

0119872

1 119883119899 isin 120594119899

(3) Two decoding functions 119892119899 119884119899 rarr 119872

0times 119872

1and

ℎ119899 119885119899 rarr119872

0 119884119899 get (

0

1) 119885119899 get

0

Attackers get the signal M1rsquos with uncertainty

(1119899)119867(1198721119885119899) it needs a codeword (21198991198770 21198991198771 119899) for

any 120576 gt 0 the set of rate (1198770 119877

1 119877

119890) should satisfy

119875 [119892119899(119884119899) = (119872

0119872

1) or ℎ

119899(119885119899) = 119872

0] lt 120576

reliable condition

1

119899119867(

1198721

119885119899) ge 119877

119890minus 120576

Conditions of confidentiality

(9)

523 Property Modification by Abnormal Users Some mali-cious users do not follow the protocols They send fake mes-sage stream to get more details and more private informationthan the normal users To defend against this kind of attackthe matching protocol confuses the property informationsequence thus the informationwill not be leaked by propertymodification

Usersrsquo behavior analysis is used to find malicious usersBehavior analysis is a technique that can show whether andhow strongly one user is similar to other users In ourmethod we are using two types of behavior analysis to findmalicious users (1) behavior analysis of a single user withother products and (2) behavior analysis of multiple user IDswith commonly rated products To analyze behavior of users119860 and 119861 we have used the cosine similarity method If 119860

and 119861 are the rating values of common user IDs rated for acommon product the cosine similarity 120579 is defined as

similarity = cos (120579) = (119860) sdot997888119881 (119861)

100381610038161003816100381610038161003816

997888119881 (119860)

100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816

997888119881 (119861)

100381610038161003816100381610038161003816

(10)

The resulting similarity ranges from 0 usually indicatingindependence to 1 meaning exactly the same with values inbetween indicating intermediate similarity or dissimilarity

Malicious users and attacks have been mostly consideredfrom a system perspective for particular protocols or algo-rithms We use a game theoretic model to explain abnormalusers The network is modeled as an undirected graph 119866 =(119881 119871) where each node in119881 corresponds to one user An edge(119894 119895) isin 119871 means that there is a communication link betweenthe users corresponding to nodes 119894 and 119895The set of neighborsof user 119894 denoted by 119873

119894 is the set of users 119895 such that there

exists an edge (119894 119895) 119873119894= 119895 isin 119881 | (119894 119895) isin 119871 The neighbors

of user 119894 are also called adjacent nodes to 119894 Since the graphis undirected the neighbor relationship is symmetrical 119895 isin119873119894hArr 119894 isin 119873

119895 In order to have amodel with asymmetric links

the assumption for an undirected graph can be dropped butwe believe the extension to be straightforwardWe denote theset of bad users by119881

119861and the set of good users by119881

119866 It holds

that 119881119861cap 119881

119866= 0 and 119881

119861cup 119881

119866= 119881 We will be using the

term type of a user for the property of being good or bad (seeFigure 6)

Users have a choice between two actions C (for cooper-ate) and D (for defect) When all users choose their actionseach user receives a payoff that depends on three things hisown action his neighborsrsquo actions and his own type (but nothis neighborsrsquo types) The payoff is decomposed as a sum ofpayoffs one for each link Each term of the sum depends onthe userrsquos own action and the action and type of his neighbor


BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0

Figure 6 The two games that can take place on a link good versusbad and good versus good

along that link Observe that the user is playing the sameaction against all neighbors The payoff of user 119894 is denotedby 119877

119894(119886119894| 119905119894) when 119894rsquos action is 119886

119894and 119894rsquos type is 119905

119894 We extend

and slightly abuse this notation to denote by 119877119894(119886119894119886119895| 119905119894) the

payoff for 119894 when 119895 is a neighbor of 119894 and 119895rsquos action is 119886119895 So

the decomposition of 119894rsquos payoff can be written as

119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)

Users have incentives and disincentives to cooperate wemodel both of them in a game theoretic fashion withappropriate payoffs (119873 and 119864)

524 Malicious Match by Abnormal Users During thematching process based on commutative encryption func-tion the attackers can modify its properties to scan therecommended friendrsquos common browsing behaviors Becausethe matching protocol is based on the similarity of the userrsquosproperties that is browsing behavior the abnormal users canchange their properties to get detailed private information ofone recommended friend

To avoid such attack the system designed the arbitrationprotocol to detect the abnormal users

The arbitration protocol is as follows

(1) In one-way authentication protocol users will havekey agreement with the VS and get a key 119892119909119910 The VSgets (Attr

119894)119910 from the key

(2) Both the semihonest user and the recommendedfriends send their Attr

119894 and the VS calculates (Attr

119894)119910

using its private key(3) Calculate the hash of (Attr

119894)119910 by the key from server

and clients Then the abnormal user can be found

Then we analyze the security of the matching protocolbased on commutative encryption function

Let Alice be the protocol initiator and Bob be the personto be recommended

Theorem 5 (correctness) When Alice and Bob have the sameproperties the system will recommend Bob to Alice

Proof Let Alice have the property set 119883 = 1198831 119883

2 119883

119899

which indicates browsing behaviors and secret parameter 119886Let Bob have the property set 119884 = 119884

1 1198842 119884

119899 and secret

parameter 119887 An arbitrary element119898 isin (119883 cap 119884)

Alice and Bob calculate 119898119886 119898119887 respectively and sendthem to each other Then they calculate 119898119886119887 119898119887119886 Becausethe properties sequence is confused we can only get119898119886119887 = 119898119887119886 according to the DDH hypothesis 119898 is notclear

In the second phase Alice sends (119898119887 (119898119887)119886) to Bob andBob sends (119898119886 (119898119886)119887) to Alice If 119898119886119887 = 119898119887119886 then wecan get 119898 from 119898119886 and 119898119887 Thus if Alice and Bob havethe same properties the system believes that Bob and Alicehave similar browsing behaviors and recommends Bob toAlice Thus we can see that the matching protocol based oncommutative encryption function is correct

Theorem6 Matching protocol based on commutative encryp-tion function can defend against passive attack

Proof Semihonest users want to get sensitive private infor-mation of other users such as private key and properties byanalyzing the information they get from the system

Assume Alice is a semihonest user She wants toget Bobrsquos private key and properties During the processAlice can get Bobrsquos information of (119884119887

1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886

119898)119887)) According to the DDH hypothesis

getting 119884119895from 119884119887

119895is hard So she cannot get 119887 from

(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886

119898)119887) For the same reason assume

that Bob is a semihonest user He cannot get any 119886 and1198831 119883

119899of Alice Thus in the first phase both users can

only get the size of the common property set Then in thesecond phase they can only know the common property setwithout other information The matching protocol based oncommutative encryption function is efficient in defendingagainst passive attack

To prove that the matching protocol based on commuta-tive encryption function can defend against active attack weproposed 3 different situations We analyze the attack fromboth the initiator and the recommended friends to prove thatthematching protocol we proposed can protect the privacy ofthe user

Scenario 1 It can occur in the first phase of the protocol Theinitiator counterfeits its properties or sends fake message atthe last step which will get false ratio of the intersectionWhen someone finds the mistake the protocol can be termi-nated immediately and we can find out who the malicioususer is from the arbitration protocol Even if the malicioususer is not clear the common set will be incorrect in phasetwoThen theVS can still find out themalicious user throughthe arbitration protocol

Scenario 2 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is a nor-mal user At first Bob sends Alice (119883119886

119894 (119883119886

119894)119887) By receiving

(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886

119898)119887) Alice gets the intersection 119878

119860

Alice counterfeits (119884119887119895)119886 (eg replaces some part of (119884119887

119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878

119860) Bob gets the intersection 119878

119861 Because

119878119861is a subset of 119878

119860 Alice can get more information than Bob

This kind of attack cannot be detected In order to avoid the


Table 1 Abilities of defending against attacks

Protocols Passiveattack Scenario 1 Scenario 2 Scenario 3

PRUB radic radic radic radic

Xie andHengart-ner[6]

radic times radic radic

Agrawal etal [7] radic times times times

properties modification from the user we add promise fromAlice to Bob

1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)

Using the promise we can ensure that Alice sendsproper information after receiving Bobrsquos (119883119886

1 (119883119886

1)119887)

(119883119886

119898 (119883119886

119898)119887) If Bob receives different information fromAlice

Bob can terminate the process and report to the VS

Scenario 3 It can occur in the second phase of the protocolWe assume that Alice is the malicious user and Bob is anormal user Alice modifies its properties (eg using119883119886

119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885

119894is a random number)

Before Bob sends 119883119886

119894 (119885

119894) Alice should send the promise of

119883119886

119894 (119885

119894) to Bob Obviously Bob will think that the protocol is

processed normally and compute the information fromAliceIf there is no supervision Alice can get detailed properties ofBobHowever when they commute property set Bob canfindthe difference Then he can report to the VS

We compare our work with some other protocols shownin Table 1

Agrawal et alrsquos protocol can only defend against theattack from semihonest users Xie and Hengartner improvedAgrawal et alrsquos work the protocol can defend against someattack frommalicious users PRUB improved these protocolsby adding promise information and VS validation whichenhance the security of the protocol

6 Experiment

In this section we present the performance evaluation ofPRUB We first show how the user uses the system Afterthat we evaluate the recommendation performance using theanonymous data from a Chinese ISP

61 Using Process The user first registers on the VS and theVS requires some data from the user Figure 7 shows theregister interface of the user

The users are then asked what kind of informationthey are willing to share and the threshold on how manykinds of information should be the same for the friendrecommendation If the user chooses not to share one catalogof the browsing information the system will not utilize thecatalog to do recommendation

Figure 7 Registration interface

Figure 8 Recommendation list

After that the server returns the coarse recommendationresult to the client application Then the client applicationscans the recommended friends using the matching protocolwe proposed If a friend shares more common interestswhichmeet the threshold the application will add the personto the friend list Figure 8 shows the friend list

The user then can choose a friend in the list to exchangethe common interests If the protocol fails either one canask for arbitration to find out who the abnormal user is If itsucceeds the system will give a result with users of the sameinterest The result is shown in Figure 9

62 Recommendation Performance We now evaluate rec-ommendation performance using the anonymous data froma Chinese ISP The data contained 20000 usersrsquo browsinghistories for 3 months (October 2013 to December 2013) Theusers were told that their information would be recordedThen the browsing behavior is classified into 12 catalogs Wethen computed the ratio of the browsing histories andmarkedfrom 1 to 10 for each catalog to indicate the interest of the userThis data is used in the system as properties of the user A dataexample of 30 users is shown in Figure 10

The data is only from the browsing behavior The friendrelationship is not established According to the PewResearchonTeens SocialMedia and Privacy [24] teen Facebook usershave an average (mean number) of 4254 friends We assumethat every person has about 500 friends and apply 119896-mean


Figure 9 Recommendation result Users can check what kind ofinterests they share in common

Figure 10 30-user data from a Chinese ISP

to form the possible friend relationship of the users from thebrowsing data we get from a Chinese ISP Let 119866

119894denote the

set of possible friends for each user 119894Then we apply our recommendation scheme to the ISP

data of the user browsing behavior We then randomly selectuser to query the system and obtain its friend recommenda-tion results Let 119865

119894denote the set of recommended friends

The followingmeasurementmetrics are used for performanceevaluation

Recommendation Precision The average of the ratio of thenumber of recommended friends in the set of possible friendsof the query user over the total number of recommendedfriends is

119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)

where card(sdot) denotes the number of elements in a set Thedominator is 500 because 119877

119901is the average of 500 users in

one experiment

Recommendation Recall The average ratio of the number ofrecommended friends in the set of possible friends of thequery user over the number of the sets of possible friends ofthe query user is

119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)

Using different thresholds we calculated the averagerecommendation precision and recommendation recall of

10908070605040302010

20 40 50 60 80

()

Recommendation precisionRecommendation recall

Figure 11 The recommendation precision and recommendationrecall of 500 users The 119883-coordinate indicates the threshold ofmatching

the 500 randomly selected users Figure 11 presents theresult

With a higher threshold the recommendation recallis comparatively low Friends sharing more alike interestsare not easy to find However the precision is increasingalongside the threshold The more the browsing behaviorsimilarities are the more precise the recommendation resultwill be

The experiment shows that our system can achieve rela-tively high recommendation precision and recommendationrecall and the recommendation system receives remarkablerecommendation satisfaction

7 Conclusion

While enjoying the benefits brought about by the friend rec-ommendation systemon themobile social network users andresearchers begin to notice the personal privacy protectionon the social network platforms In centralized managementarchitectures all security is ensured by the central serverbut in distributed or hybrid architectures users can directlyexchange information with little or even without the involve-ment of the server The security of the network has to beguaranteed by other protocols In this paper we presented asecure friend recommendation system PRUB based on userbehavior which deploys hybrid management architecture asa way of reducing the pressure on servers PRUB can achievefine-grained recommendation to friends who share the samecharacteristics without exposing the actual user behavior InPRUB themodifiedmatching and authorization protocol canguarantee the privacy PRUB first uses KNN classificationalgorithm to do coarse friend recommendation and then usesmatching protocol to realize find-grained recommendationTo evaluate the security and performance of PRUB wetheoretically prove that our protocol can defend against attackin the aspect of initiator and matching target respectivelyand we utilize the anonymous data for realistic deploymentThe experiment result shows that PRUB not only realizes thefine-grained friend recommendation but also protects theprivacy information of users


Competing Interests

The authors declare that they have no competing interestsregarding the publication of this paper

Acknowledgments

This work is supported by Fundamental Research Fundsfor the Central Universities (nos ZYGX2014J051 andZYGX2014J066) Science and Postdoctoral Fund in China(2015M572464) and Technology Projects in Sichuan Prov-ince (2015JY0178) and the project sponsored by OATFUESTC

References

[1] H Shen Z Li G Liu and J Li ldquoSOS a distributedmobile QampAsystem based on social networksrdquo IEEE Transactions on Paralleland Distributed Systems vol 25 no 4 pp 1066ndash1077 2014

[2] J Liu P Dolan and E R Pedersen ldquoPersonalized news recom-mendation based on click behaviorrdquo in Proceedings of the 15thInternational Conference on Intelligent User Interfaces (IUI rsquo10)pp 31ndash40 ACM 2010

[3] A C Squicciarini F Paci and S Sundareswaran ldquoPrima acomprehensive approach to privacy protection in social net-work sitesrdquo Annals of Telecommunications vol 69 no 1-2 pp21ndash36 2014

[4] T R Hoens M Blanton A Steele and N V Chawla ldquoReliablemedical recommendation systems with patient privacyrdquo ACMTransactions on Intelligent Systems and Technology vol 4 no 4article 67 2013

[5] L Fang H Kim K LeFevre and A Tami ldquoA privacy rec-ommendation wizard for users of social networking sitesrdquo inProceedings of the 17th ACMConference on Computer and Com-munications Security (CCS rsquo10) pp 630ndash632 ACM Chicago IllUSA October 2010

[6] Q Xie and U Hengartner ldquoPrivacy-preserving matchmakingfor mobile social networking secure against malicious usersrdquoin Proceedings of the 9th Annual International Conference onPrivacy Security and Trust (PST rsquo11) pp 252ndash259 MontrealCanada July 2011

[7] R Agrawal A Evfimievski and R Srikant ldquoInformation shar-ing across private databasesrdquo in Proceedings of the ACM SIG-MOD International Conference onManagement of Data pp 86ndash97 June 2003

[8] M Moricz Y Dosbayev and M Berlyant ldquoPYMK friend rec-ommendation at myspacerdquo in Proceedings of the ACM SIGMODInternational Conference onManagement of Data pp 999ndash1002ACM June 2010

[9] B K Samanthula and W Jiang ldquoStructural and message basedprivate friend recommendationrdquo in Proceedings of the Interna-tional Conference on Advances in Social Networks Analysis andMining (ASONAM rsquo12) pp 684ndash690 IEEE Computer Society2012

[10] L M Aiello and G Ruffo ldquoLotusNet tunable privacy for dis-tributed online social network servicesrdquo Computer Communi-cations vol 35 no 1 pp 75ndash88 2012

[11] M Li S Yu N Cao and W Lou ldquoPrivacy-preserving dis-tributed profile matching in proximity-based mobile social net-worksrdquo IEEE Transactions on Wireless Communications vol 12no 5 pp 2024ndash2033 2013

[12] M Li N Cao S Yu and W Lou ldquoFindU privacy-preservingpersonal profile matching in mobile social networksrdquo in Pro-ceedings of the IEEE (INFOCOM rsquo11) pp 2435ndash2443 IEEEShanghai China April 2011

[13] S Alsaleh R Nayak Y Xu and L Chen ldquoImproving matchingprocess in social network using implicit and explicit userinformationrdquo inWebTechnologies andApplications pp 313ndash320Springer Berlin Germany 2011

[14] R Zhang Y Zhang J Sun and G Yan ldquoFine-grained privatematching for proximity-based mobile social networkingrdquo inProceedings of the IEEE Conference on Computer Communica-tions (INFOCOM rsquo12) pp 1969ndash1977 IEEE Orlando Fla USAMarch 2012

[15] M J Freedman K Nissim and B Pinkas ldquoEfficient privatematching and set intersectionrdquo in Advances in CryptologymdashEUROCRYPT 2004 pp 1ndash19 Springer Berlin Germany 2004

[16] M Von Arb M Bader M Kuhn and R Wattenhofer ldquoVenetaserverless friend-of-friend detection in mobile social network-ingrdquo in Proceedings of the IEEE International Conference onWireless and Mobile Computing Networking and Communica-tions (WIMOB rsquo08) pp 184ndash189 IEEE Avignon France 2008

[17] L Shundong W Daoshun D Yiqi and L Ping ldquoSymmetriccryptographic solution to Yaorsquos millionairesrsquo problem and anevaluation of secure multiparty computationsrdquo InformationSciences vol 178 no 1 pp 244ndash255 2008

[18] L Kissner and D Song ldquoPrivacy-preserving set operationsrdquoin Advances in CryptologymdashCCRYPTO 2005 pp 241ndash257Springer Berlin Germany 2005

[19] D Dachman-Soled T Malkin M Raykova and M YungldquoEfficient robust private set intersectionrdquo International Journalof Applied Cryptography vol 2 no 4 pp 289ndash303 2012

[20] R Lu X Lin X Liang and X S Shen ldquoSecure handshake withsymptoms-matching the essential to the success ofmhealthcaresocial networkrdquo in Proceedings of the 5th International ICSTConference on Body Area Networks (BodyNets rsquo10) pp 8ndash15ACM Corfu Island Greece September 2010

[21] C Hazay and Y Lindell ldquoEfficient protocols for set intersectionandpatternmatchingwith security againstmalicious and covertadversariesrdquo in Theory of Cryptography pp 155ndash175 SpringerBerlin Germany 2008

[22] Z Yang B Zhang J Dai A C Champion D Xuan and DLi ldquoE-SmallTalker a distributed mobile system for social net-working in physical proximityrdquo in Proceedings of the 30th IEEEInternational Conference on Distributed Computing Systems(ICDCS rsquo10) pp 468ndash477 IEEE Genova Italy June 2010

[23] D Dolev and A C Yao ldquoOn the security of public key proto-colsrdquo IEEE Transactions on Information Theory vol 29 no 2pp 198ndash208 1983

[24] M Madden A Lenhart S Cortesi et al ldquoTeens social mediaand privacy part 2 information sharing friending and privacysettings on social mediardquo 2013 httpwwwpewinternetorg20130521part-2-information-sharing-friending-and-privacy-settings-on-social-media

Submit your manuscripts athttpwwwhindawicom

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

MathematicsJournal of


Mathematical Problems in Engineering

Hindawi Publishing Corporationhttpwwwhindawicom

Differential EquationsInternational Journal of

Volume 2014

Applied MathematicsJournal of


Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Journal of


Mathematical PhysicsAdvances in

Complex AnalysisJournal of


OptimizationJournal of


CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of


Operations ResearchAdvances in

Journal of


Function Spaces

Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014

International Journal of Mathematics and Mathematical Sciences


The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Algebra

Discrete Dynamics in Nature and Society



Decision SciencesAdvances in

Discrete MathematicsJournal of


Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014

Stochastic AnalysisInternational Journal of


PRUB adds the person to the fine-grained friend recommen-dation list

This paper aims to make the following contributions(1) We present a hybrid management architecture

according to the mobile social networks platformcharacteristics easing the pressure from the serverand improving the user experience

(2) We propose a privacy supported matching proto-col Utilizing the usersrsquo behavior it can realize thepersonalized instead of the blindly recommendedresult At the same time the protocol ensures personalprivacy security users can protect their own sensitiveinformation and avoid exposing it to all the strangerson the platform

(3) We define a security model and theoretically analyzethe security of our protocol We aim to prove that ourprotocol can defend against attack in the position ofinitiator and matching target respectively

To evaluate our system PRUB we utilize anonymous datafrom aChinese ISP which records the user browsing behaviorfor 3 months The experiment result shows that our systemcan achieve a fine-grained recommendation and protect theprivacy of the user behavior information at the same time

The rest of the paper is organized as follows Section 2 dis-cusses related works Section 3 provides the system overviewof PRUB The secure matching protocol is discussed inSection 4 Section 5 analyzes the security of the system Theexperiment result is presented in Section 6 We conclude ourwork in Section 7

2 Related Works

Corresponding to the structure of the mobile social networkthere are three application patterns for friend recommenda-tion centralized management distributed management andhybrid management

CentralizedManagement In this pattern all the user informa-tion is stored on the central server As a trusted third partythe central server manages the whole system and handlesall the processes Users only need to access the server usinga mobile client and they can acquire the desired serviceThe central server will complete the characters matchingand return the recommended friend list to the users [8]Throughout the process there is no interaction between theusers In the centralized management the central serverholds all the information about user characteristics It caneffectively protect the user privacy through enhancing theserver security However the server cannot be accessed atany time this depends on the network conditions Thususer experience decreases under unstable network conditionApart from this not all the users are willing to deliver theirbehavior information to server providers especially somepersonal privacy information Some server providers mayutilize the information for illegal activities [9]

DistributedManagement In distributed social networks dataare stored and handled at the local clients and users can

directly interact with each other Clients broadcast theirown information and receive information of others at thesame time and then match characteristics based on theinformation to discover target users In this pattern thewholerecommendation process can be realized among clientswithout any server participation [10] This pattern certainlyrelieves the pressure of the server However clients mayunintentionally publish some unnecessary information evenuser privacy [11] In the distributed system the interactionprocess lacks control and fails to ensure the security of therecommendation processMany researchers presented securematching protocols to avoid the shortage such as [12] itutilizes Shamir secret dividing to complete matching

Hybrid Management In order to integrate the advantages ofcentralized and distributed management some researcherspresented hybrid management [13] In this pattern userscould interact directly but during the process of matchingappropriate server control is required such as storing tem-porary data and arbitrationThe hybrid management patterncan reduce the server stress and provide security mechanismas well The problem for researchers is how to minimizethe information provided by users how to realize securematching with server involvement as little as possible andhow to realize arbitration using minimal user informationand ensure accuracy [14]

Our recommendation system PRUB is built on the hybridmanagement Matching protocols is the core of hybrid man-agement users can find some friends who share commoninterests such as common browsing habits and also protecttheir private information The process of matching can beregarded as PSI (private set intersection) problem or PCSI(private cardinality of set intersection) problem [15] Cur-rently the popular resolution algorithm can be categorizedinto three types

Matching Protocol Based on Commutative Encryption Func-tion Agrawal et al [7] presented a commutative encryptionprotocol to solve PSIPCSI problem It used a pair of encryp-tion functions 119891 and 119892 and 119891(119892(119909)) = 119892(119891(119909)) the propertyof each function is that the encrypted result is independentof the calculation order such as 119891

119890(119909) = 119909119890 mod119901 where 119901

is safe prime This protocol is secure under the hypothesis ofDDH (Decisional Diffie-Hellman) hypothesis and only oneof the participators knows the intersection the other cannotacquire anything However this protocol cannot defendagainst malicious attacks

Von Arb et al [16] presented a social platform VENETAbased on the algorithm of Agrawal et al They rely on aconstruction based on commutative encryption Comparedto Agrawal et al they assume that the attack cannot causeany serious damage A victim only reveals a contact he waswilling to share without getting this information in returnVENETA enables two users to calculate the intersection oftheir characters in a certain range If it successfully matchesbetween two users VENETA will recommend this strangerto the user

Xie and Hengartner [6] presented a matching protocolin mobile social networks The protocol adds signature



119894 119891119890(119883

119894) 119884

119895 119891119890(119884119895)⟩ for fixed


⟨119883119894 119891119890(119883

119894) 119884








1


1198671205871

(119909 | 1198912(119909 119910))

1198671205872

(119909 | 1198912(119909 119910))

gt 1

or1198671205871

(119910 | 1198911(119909 119910))

1198671205872

(119910 | 1198911(119909 119910))

gt 1

or both hold

(1)







119862

=

1198621= 119903 (119875pub + 119867 (pid) 119875) where 119903 119877

larr997888 119885lowast119902

1198622= 119890 (119875119867


(2)



IBE119860 (119897) = 1] minus 1

= 2 sdot Pr [119887 = 1198871015840] minus 1(3)





((119879119898) 119901)

997891997888rarr

(120582 119894 | 119879119894= 119901) if 1003816100381610038161003816119901

1003816100381610038161003816 le 119898

(120582 119894 | 119879119894= 119901


119898) otherwise

(4)



set

(119894 119892119894= prod

log119873119895=1

119886

(119894)119895

119898+119895)119873minus119898+1

119894=1

(5)







VS

MSN

MSN







1 119883

2 119883

119898) to get Attr = (119883

1)119886

(1198832)119886 sdot sdot sdot (119883






119892119909 mod 119901997888997888997888997888997888997888997888rarr


1 get server

private key 119910(1198771)119892119909119910 119892119910 mod 119901


Hash(1198791198771)997888997888997888997888997888997888997888997888rarr




2

1198772 119892119909 mod 119901


119892119910[(119892119909119892119910)119870minus1

119887

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877

2



[(119892119909119892119910)119870minus1119886

1198772]119870119886119887










119860= 119892119909 mod119901 119870

119861= 119892119910 mod119901 and 119870

119860119861=




Attr119860= (119883

1)119886 (119883

2)119886 sdot sdot sdot (119883

119899)119886 Attr

119894= (119884

1198941)119887

(1198841198942)119887 sdot sdot sdot (119884



1198971

)119887 (119883119886

1198972

)119887 sdot sdot sdot (119883119886

119897119898

)119887

and Attr1015840119894= (119884119887

1198941198951

)119886 (1198841198871198941198952

)119886 sdot sdot sdot (119884119887119894119895119899

)119886



119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is a random


1198772]119870119886119887


1198772]119870119886119887




119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is an ordered


1198772]119870119886119887


1198772]119870119886119887










51 Definitions


0 le 119910 (119896) lt1

119901 (119896) (6)


User A VS

gx mod p

(R1)gxy gy mod p

Hash(IDA R1)





119899 and 119884



1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]

1003816100381610038161003816 lt1

119901 (119899) (7)

For 119863 119883119899 and 119884













User A User B

gxKab = gxy mod n


k119886119887

gx gykminus1119886 k119886119887







119872(sdot | sdot) and 119876





119890=

(1119870)sum119870

119896=1Pr119878119870 =

119870



1 119878

119896) and


119873)119883119873 in


119870

=

(1



0(0 lt 119875

0le 12) The


119873) so

that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =

(1 minus 1198750)120575119909 119911 + 119875

0(1 minus 120575119909 119911)) with Δ Δ






119875(119884119899119885119899

119883119899) =

119899

prod119894=1

119875119884119885119883

(119910119894119911119894

119909119894

) (8)





Wire-tap channel

SK XN YN

OM

sk

OW

ZN


Bob

Decoder

Eve

Decoder

XN

YN

ZN

P(y zx)

Alice

EncoderM0

M1

m0

m0

m1


(1) 1198720= 1 2 21198991198770 and119872

1= 1 2 21198991198771


0times 119872

1rarr 120594119899 (119898

0

1198981) isin 119872

0119872

1 119883119899 isin 120594119899


0times 119872

1and

ℎ119899 119885119899 rarr119872

0 119884119899 get (

0

1) 119885119899 get

0




1 119877


119875 [119892119899(119884119899) = (119872

0119872

1) or ℎ

119899(119885119899) = 119872

0] lt 120576

reliable condition

1

119899119867(

1198721

119885119899) ge 119877

119890minus 120576


(9)





100381610038161003816100381610038161003816

997888119881 (119860)

100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816

997888119881 (119861)

100381610038161003816100381610038161003816

(10)









119866 It holds

that 119881119861cap 119881

119866= 0 and 119881

119861cup 119881





BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0





119894 We extend




119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)






119894)119910 from the key



119894)119910








2 119883

119899


1 1198842 119884

119899 and secret







1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886


getting 119884119895from 119884119887


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886








119894 (119883119886


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886


119860


119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878


119861 Because

119878119861is a subset of 119878











1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra











119894 119891119890(119883

119894) 119884

119895 119891119890(119884119895)⟩ for fixed


⟨119883119894 119891119890(119883

119894) 119884








1


1198671205871

(119909 | 1198912(119909 119910))

1198671205872

(119909 | 1198912(119909 119910))

gt 1

or1198671205871

(119910 | 1198911(119909 119910))

1198671205872

(119910 | 1198911(119909 119910))

gt 1

or both hold

(1)







119862

=

1198621= 119903 (119875pub + 119867 (pid) 119875) where 119903 119877

larr997888 119885lowast119902

1198622= 119890 (119875119867


(2)



IBE119860 (119897) = 1] minus 1

= 2 sdot Pr [119887 = 1198871015840] minus 1(3)





((119879119898) 119901)

997891997888rarr

(120582 119894 | 119879119894= 119901) if 1003816100381610038161003816119901

1003816100381610038161003816 le 119898

(120582 119894 | 119879119894= 119901


119898) otherwise

(4)



set

(119894 119892119894= prod

log119873119895=1

119886

(119894)119895

119898+119895)119873minus119898+1

119894=1

(5)







VS

MSN

MSN







1 119883

2 119883

119898) to get Attr = (119883

1)119886

(1198832)119886 sdot sdot sdot (119883






119892119909 mod 119901997888997888997888997888997888997888997888rarr


1 get server

private key 119910(1198771)119892119909119910 119892119910 mod 119901


Hash(1198791198771)997888997888997888997888997888997888997888997888rarr




2

1198772 119892119909 mod 119901


119892119910[(119892119909119892119910)119870minus1

119887

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877

2



[(119892119909119892119910)119870minus1119886

1198772]119870119886119887










119860= 119892119909 mod119901 119870

119861= 119892119910 mod119901 and 119870

119860119861=




Attr119860= (119883

1)119886 (119883

2)119886 sdot sdot sdot (119883

119899)119886 Attr

119894= (119884

1198941)119887

(1198841198942)119887 sdot sdot sdot (119884



1198971

)119887 (119883119886

1198972

)119887 sdot sdot sdot (119883119886

119897119898

)119887

and Attr1015840119894= (119884119887

1198941198951

)119886 (1198841198871198941198952

)119886 sdot sdot sdot (119884119887119894119895119899

)119886



119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is a random


1198772]119870119886119887


1198772]119870119886119887




119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is an ordered


1198772]119870119886119887


1198772]119870119886119887










51 Definitions


0 le 119910 (119896) lt1

119901 (119896) (6)


User A VS

gx mod p

(R1)gxy gy mod p

Hash(IDA R1)





119899 and 119884



1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]

1003816100381610038161003816 lt1

119901 (119899) (7)

For 119863 119883119899 and 119884













User A User B

gxKab = gxy mod n


k119886119887

gx gykminus1119886 k119886119887







119872(sdot | sdot) and 119876





119890=

(1119870)sum119870

119896=1Pr119878119870 =

119870



1 119878

119896) and


119873)119883119873 in


119870

=

(1



0(0 lt 119875

0le 12) The


119873) so

that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =

(1 minus 1198750)120575119909 119911 + 119875

0(1 minus 120575119909 119911)) with Δ Δ






119875(119884119899119885119899

119883119899) =

119899

prod119894=1

119875119884119885119883

(119910119894119911119894

119909119894

) (8)





Wire-tap channel

SK XN YN

OM

sk

OW

ZN


Bob

Decoder

Eve

Decoder

XN

YN

ZN

P(y zx)

Alice

EncoderM0

M1

m0

m0

m1


(1) 1198720= 1 2 21198991198770 and119872

1= 1 2 21198991198771


0times 119872

1rarr 120594119899 (119898

0

1198981) isin 119872

0119872

1 119883119899 isin 120594119899


0times 119872

1and

ℎ119899 119885119899 rarr119872

0 119884119899 get (

0

1) 119885119899 get

0




1 119877


119875 [119892119899(119884119899) = (119872

0119872

1) or ℎ

119899(119885119899) = 119872

0] lt 120576

reliable condition

1

119899119867(

1198721

119885119899) ge 119877

119890minus 120576


(9)





100381610038161003816100381610038161003816

997888119881 (119860)

100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816

997888119881 (119861)

100381610038161003816100381610038161003816

(10)









119866 It holds

that 119881119861cap 119881

119866= 0 and 119881

119861cup 119881





BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0





119894 We extend




119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)






119894)119910 from the key



119894)119910








2 119883

119899


1 1198842 119884

119899 and secret







1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886


getting 119884119895from 119884119887


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886








119894 (119883119886


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886


119860


119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878


119861 Because

119878119861is a subset of 119878











1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra











((119879119898) 119901)

997891997888rarr

(120582 119894 | 119879119894= 119901) if 1003816100381610038161003816119901

1003816100381610038161003816 le 119898

(120582 119894 | 119879119894= 119901


119898) otherwise

(4)



set

(119894 119892119894= prod

log119873119895=1

119886

(119894)119895

119898+119895)119873minus119898+1

119894=1

(5)







VS

MSN

MSN







1 119883

2 119883

119898) to get Attr = (119883

1)119886

(1198832)119886 sdot sdot sdot (119883






119892119909 mod 119901997888997888997888997888997888997888997888rarr


1 get server

private key 119910(1198771)119892119909119910 119892119910 mod 119901


Hash(1198791198771)997888997888997888997888997888997888997888997888rarr




2

1198772 119892119909 mod 119901


119892119910[(119892119909119892119910)119870minus1

119887

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877

2



[(119892119909119892119910)119870minus1119886

1198772]119870119886119887










119860= 119892119909 mod119901 119870

119861= 119892119910 mod119901 and 119870

119860119861=




Attr119860= (119883

1)119886 (119883

2)119886 sdot sdot sdot (119883

119899)119886 Attr

119894= (119884

1198941)119887

(1198841198942)119887 sdot sdot sdot (119884



1198971

)119887 (119883119886

1198972

)119887 sdot sdot sdot (119883119886

119897119898

)119887

and Attr1015840119894= (119884119887

1198941198951

)119886 (1198841198871198941198952

)119886 sdot sdot sdot (119884119887119894119895119899

)119886



119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is a random


1198772]119870119886119887


1198772]119870119886119887




119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is an ordered


1198772]119870119886119887


1198772]119870119886119887










51 Definitions


0 le 119910 (119896) lt1

119901 (119896) (6)


User A VS

gx mod p

(R1)gxy gy mod p

Hash(IDA R1)





119899 and 119884



1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]

1003816100381610038161003816 lt1

119901 (119899) (7)

For 119863 119883119899 and 119884













User A User B

gxKab = gxy mod n


k119886119887

gx gykminus1119886 k119886119887







119872(sdot | sdot) and 119876





119890=

(1119870)sum119870

119896=1Pr119878119870 =

119870



1 119878

119896) and


119873)119883119873 in


119870

=

(1



0(0 lt 119875

0le 12) The


119873) so

that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =

(1 minus 1198750)120575119909 119911 + 119875

0(1 minus 120575119909 119911)) with Δ Δ






119875(119884119899119885119899

119883119899) =

119899

prod119894=1

119875119884119885119883

(119910119894119911119894

119909119894

) (8)





Wire-tap channel

SK XN YN

OM

sk

OW

ZN


Bob

Decoder

Eve

Decoder

XN

YN

ZN

P(y zx)

Alice

EncoderM0

M1

m0

m0

m1


(1) 1198720= 1 2 21198991198770 and119872

1= 1 2 21198991198771


0times 119872

1rarr 120594119899 (119898

0

1198981) isin 119872

0119872

1 119883119899 isin 120594119899


0times 119872

1and

ℎ119899 119885119899 rarr119872

0 119884119899 get (

0

1) 119885119899 get

0




1 119877


119875 [119892119899(119884119899) = (119872

0119872

1) or ℎ

119899(119885119899) = 119872

0] lt 120576

reliable condition

1

119899119867(

1198721

119885119899) ge 119877

119890minus 120576


(9)





100381610038161003816100381610038161003816

997888119881 (119860)

100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816

997888119881 (119861)

100381610038161003816100381610038161003816

(10)









119866 It holds

that 119881119861cap 119881

119866= 0 and 119881

119861cup 119881





BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0





119894 We extend




119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)






119894)119910 from the key



119894)119910








2 119883

119899


1 1198842 119884

119899 and secret







1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886


getting 119884119895from 119884119887


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886








119894 (119883119886


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886


119860


119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878


119861 Because

119878119861is a subset of 119878











1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra











119892119909 mod 119901997888997888997888997888997888997888997888rarr


1 get server

private key 119910(1198771)119892119909119910 119892119910 mod 119901


Hash(1198791198771)997888997888997888997888997888997888997888997888rarr




2

1198772 119892119909 mod 119901


119892119910[(119892119909119892119910)119870minus1

119887

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888(3) Calculate 119892119910 119877

2



[(119892119909119892119910)119870minus1119886

1198772]119870119886119887










119860= 119892119909 mod119901 119870

119861= 119892119910 mod119901 and 119870

119860119861=




Attr119860= (119883

1)119886 (119883

2)119886 sdot sdot sdot (119883

119899)119886 Attr

119894= (119884

1198941)119887

(1198841198942)119887 sdot sdot sdot (119884



1198971

)119887 (119883119886

1198972

)119887 sdot sdot sdot (119883119886

119897119898

)119887

and Attr1015840119894= (119884119887

1198941198951

)119886 (1198841198871198941198952

)119886 sdot sdot sdot (119884119887119894119895119899

)119886



119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is a random


1198772]119870119886119887


1198772]119870119886119887




119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is an ordered


1198772]119870119886119887


1198772]119870119886119887










51 Definitions


0 le 119910 (119896) lt1

119901 (119896) (6)


User A VS

gx mod p

(R1)gxy gy mod p

Hash(IDA R1)





119899 and 119884



1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]

1003816100381610038161003816 lt1

119901 (119899) (7)

For 119863 119883119899 and 119884













User A User B

gxKab = gxy mod n


k119886119887

gx gykminus1119886 k119886119887







119872(sdot | sdot) and 119876





119890=

(1119870)sum119870

119896=1Pr119878119870 =

119870



1 119878

119896) and


119873)119883119873 in


119870

=

(1



0(0 lt 119875

0le 12) The


119873) so

that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =

(1 minus 1198750)120575119909 119911 + 119875

0(1 minus 120575119909 119911)) with Δ Δ






119875(119884119899119885119899

119883119899) =

119899

prod119894=1

119875119884119885119883

(119910119894119911119894

119909119894

) (8)





Wire-tap channel

SK XN YN

OM

sk

OW

ZN


Bob

Decoder

Eve

Decoder

XN

YN

ZN

P(y zx)

Alice

EncoderM0

M1

m0

m0

m1


(1) 1198720= 1 2 21198991198770 and119872

1= 1 2 21198991198771


0times 119872

1rarr 120594119899 (119898

0

1198981) isin 119872

0119872

1 119883119899 isin 120594119899


0times 119872

1and

ℎ119899 119885119899 rarr119872

0 119884119899 get (

0

1) 119885119899 get

0




1 119877


119875 [119892119899(119884119899) = (119872

0119872

1) or ℎ

119899(119885119899) = 119872

0] lt 120576

reliable condition

1

119899119867(

1198721

119885119899) ge 119877

119890minus 120576


(9)





100381610038161003816100381610038161003816

997888119881 (119860)

100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816

997888119881 (119861)

100381610038161003816100381610038161003816

(10)









119866 It holds

that 119881119861cap 119881

119866= 0 and 119881

119861cup 119881





BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0





119894 We extend




119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)






119894)119910 from the key



119894)119910








2 119883

119899


1 1198842 119884

119899 and secret







1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886


getting 119884119895from 119884119887


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886








119894 (119883119886


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886


119860


119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878


119861 Because

119878119861is a subset of 119878











1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra











119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is a random


1198772]119870119886119887


1198772]119870119886119887




119860

Attr119860[(Attr119860)119870minus1119886

1198772]119870119886119887


119861

Attr119861 [(Attr119861)119870minus1119886

1198772]119870119886119887

larr997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888997888

(3) Calculate [(119884119895)119887]

119886

(3) Calculate [(119883119894)119886]

119887


1198941198951

)119886

(1198841198871198941198952

)119886

sdot sdot sdot (119884119887119894119895119899

)119886

] 119862119894= 119867[(119883119886

1198971

)119887

(119883119886

1198972

)119887


119897119898

)119887

]

among which 1198951 1198952 119895


1 1198972 119897

119898is an ordered


1198772]119870119886119887


1198772]119870119886119887










51 Definitions


0 le 119910 (119896) lt1

119901 (119896) (6)


User A VS

gx mod p

(R1)gxy gy mod p

Hash(IDA R1)





119899 and 119884



1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]

1003816100381610038161003816 lt1

119901 (119899) (7)

For 119863 119883119899 and 119884













User A User B

gxKab = gxy mod n


k119886119887

gx gykminus1119886 k119886119887







119872(sdot | sdot) and 119876





119890=

(1119870)sum119870

119896=1Pr119878119870 =

119870



1 119878

119896) and


119873)119883119873 in


119870

=

(1



0(0 lt 119875

0le 12) The


119873) so

that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =

(1 minus 1198750)120575119909 119911 + 119875

0(1 minus 120575119909 119911)) with Δ Δ






119875(119884119899119885119899

119883119899) =

119899

prod119894=1

119875119884119885119883

(119910119894119911119894

119909119894

) (8)





Wire-tap channel

SK XN YN

OM

sk

OW

ZN


Bob

Decoder

Eve

Decoder

XN

YN

ZN

P(y zx)

Alice

EncoderM0

M1

m0

m0

m1


(1) 1198720= 1 2 21198991198770 and119872

1= 1 2 21198991198771


0times 119872

1rarr 120594119899 (119898

0

1198981) isin 119872

0119872

1 119883119899 isin 120594119899


0times 119872

1and

ℎ119899 119885119899 rarr119872

0 119884119899 get (

0

1) 119885119899 get

0




1 119877


119875 [119892119899(119884119899) = (119872

0119872

1) or ℎ

119899(119885119899) = 119872

0] lt 120576

reliable condition

1

119899119867(

1198721

119885119899) ge 119877

119890minus 120576


(9)





100381610038161003816100381610038161003816

997888119881 (119860)

100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816

997888119881 (119861)

100381610038161003816100381610038161003816

(10)









119866 It holds

that 119881119861cap 119881

119866= 0 and 119881

119861cup 119881





BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0





119894 We extend




119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)






119894)119910 from the key



119894)119910








2 119883

119899


1 1198842 119884

119899 and secret







1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886


getting 119884119895from 119884119887


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886








119894 (119883119886


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886


119860


119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878


119861 Because

119878119861is a subset of 119878











1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










User A VS

gx mod p

(R1)gxy gy mod p

Hash(IDA R1)





119899 and 119884



1003816100381610038161003816Pr [119863 (119883119899) = 1] minus Pr [119863 (119884119899) = 1]

1003816100381610038161003816 lt1

119901 (119899) (7)

For 119863 119883119899 and 119884













User A User B

gxKab = gxy mod n


k119886119887

gx gykminus1119886 k119886119887







119872(sdot | sdot) and 119876





119890=

(1119870)sum119870

119896=1Pr119878119870 =

119870



1 119878

119896) and


119873)119883119873 in


119870

=

(1



0(0 lt 119875

0le 12) The


119873) so

that for 119909 119911 = 0 1 (1 le 119899 le 119873 Pr = 119885119899 = 119911 | 119883119899 = 119909 =

(1 minus 1198750)120575119909 119911 + 119875

0(1 minus 120575119909 119911)) with Δ Δ






119875(119884119899119885119899

119883119899) =

119899

prod119894=1

119875119884119885119883

(119910119894119911119894

119909119894

) (8)





Wire-tap channel

SK XN YN

OM

sk

OW

ZN


Bob

Decoder

Eve

Decoder

XN

YN

ZN

P(y zx)

Alice

EncoderM0

M1

m0

m0

m1


(1) 1198720= 1 2 21198991198770 and119872

1= 1 2 21198991198771


0times 119872

1rarr 120594119899 (119898

0

1198981) isin 119872

0119872

1 119883119899 isin 120594119899


0times 119872

1and

ℎ119899 119885119899 rarr119872

0 119884119899 get (

0

1) 119885119899 get

0




1 119877


119875 [119892119899(119884119899) = (119872

0119872

1) or ℎ

119899(119885119899) = 119872

0] lt 120576

reliable condition

1

119899119867(

1198721

119885119899) ge 119877

119890minus 120576


(9)





100381610038161003816100381610038161003816

997888119881 (119860)

100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816

997888119881 (119861)

100381610038161003816100381610038161003816

(10)









119866 It holds

that 119881119861cap 119881

119866= 0 and 119881

119861cup 119881





BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0





119894 We extend




119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)






119894)119910 from the key



119894)119910








2 119883

119899


1 1198842 119884

119899 and secret







1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886


getting 119884119895from 119884119887


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886








119894 (119883119886


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886


119860


119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878


119861 Because

119878119861is a subset of 119878











1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra











Wire-tap channel

SK XN YN

OM

sk

OW

ZN


Bob

Decoder

Eve

Decoder

XN

YN

ZN

P(y zx)

Alice

EncoderM0

M1

m0

m0

m1


(1) 1198720= 1 2 21198991198770 and119872

1= 1 2 21198991198771


0times 119872

1rarr 120594119899 (119898

0

1198981) isin 119872

0119872

1 119883119899 isin 120594119899


0times 119872

1and

ℎ119899 119885119899 rarr119872

0 119884119899 get (

0

1) 119885119899 get

0




1 119877


119875 [119892119899(119884119899) = (119872

0119872

1) or ℎ

119899(119885119899) = 119872

0] lt 120576

reliable condition

1

119899119867(

1198721

119885119899) ge 119877

119890minus 120576


(9)





100381610038161003816100381610038161003816

997888119881 (119860)

100381610038161003816100381610038161003816sdot100381610038161003816100381610038161003816

997888119881 (119861)

100381610038161003816100381610038161003816

(10)









119866 It holds

that 119881119861cap 119881

119866= 0 and 119881

119861cup 119881





BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0





119894 We extend




119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)






119894)119910 from the key



119894)119910








2 119883

119899


1 1198842 119884

119899 and secret







1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886


getting 119884119895from 119884119887


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886








119894 (119883119886


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886


119860


119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878


119861 Because

119878119861is a subset of 119878











1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










BadC D

Good CD

GoodC D

Good CD

Nminus E E minus N

Nminus E E minus N

0 0 0 0

0 0

minusE E

0 minusEminusE 0





119894 We extend




119877119894(119886119894| 119905119894) = sum

119895isin119873119894

119877119894(119886119894119886119895| 119905119894) (11)






119894)119910 from the key



119894)119910








2 119883

119899


1 1198842 119884

119899 and secret







1 1198841198872 119884119887

119899 (119883119886

1

(119883119886

1)119887) (119883119886

119898 (119883119886


getting 119884119895from 119884119887


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886








119894 (119883119886


(119883119886

1 (119883119886

1)119887) (119883119886

119898 (119883119886


119860


119895)119886 by

[(119884119887119895)119886] where119884

119895isin 119878


119861 Because

119878119861is a subset of 119878











1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra

















1198621015840119860= 119867[(119884119887

1)119886

(1198841198872)119886

sdot sdot sdot (119884119887119899)119886

] (12)


1 (119883119886

1)119887)

(119883119886

119898 (119883119886




119894 (119885

119894)

to replace (119883119886

119894 (119883119886

119894)119887) where 119885



119894 (119885


119883119886

119894 (119885





6 Experiment














119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra













119894denote the






119877119901=sum119894(card (119865

119894cap 119866

119894) card (119865

119894))

500 (13)



one experiment


119877119903=sum119894(card (119865

119894cap 119866

119894) card (119866

119894))

500 (14)


10908070605040302010

20 40 50 60 80

()






7 Conclusion



Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra










Competing Interests


Acknowledgments


References
































Volume 2014




Journal of











Journal of


Function Spaces






Algebra
















Volume 2014




Journal of











Journal of


Function Spaces






Algebra









Research Article PRUB: A Privacy Protection Friend Recommendation System Based...

Documents

Transcript of Research Article PRUB: A Privacy Protection Friend Recommendation System Based...