Privacy-Preserving Interest Matching for Mobile Social Networking
The success of online social networking has resulted in increased attention to mobile social networking research and applications. In mobile social networking, instead of looking for friends over the Internet, people look for friends who are physically located close and also based on other self-defined criteria. For example, a person could find other people who are nearby and who also share the same interests with her by using mobile social networking. As a result, they have common topics to talk about and may eventually become friends. There are two main approaches in the existing works. One approach focuses on efficiently establishing friendship and ignores the protection of private information of the participants. For example, some applications simply broadcast users’ personal information to everybody and rely on the other users to report the matches. From a privacy point of view, this approach is bad, since it makes the users vulnerable to context-aware attacks. The other approach requires a central server to participate in each matchmaking process. For example, an application deploys a central server, which stores the profile information of all users. When two nearby client devices query the central server at the same time, the central server fetches the profile information of both devices from the server’s database, performs matching based on the information, and reports the result back to the clients. However, a central server is not always available, so this approach does not scale. In addition, the central server not only learns all users’ personal information, it also learns which users become friends. This thesis proposes a privacy-preserving architecture for users to find potential friends with the same interests. The architecture has two matchmaking protocols to prevent privacy leaks. Our protocols let a user learn only the interests she has in common with the other party. One protocol is simpler, but works only if some assumptions hold. The other protocol is more secure, but requires longer execution time. Our architecture does not require any central server that is involved in the matchmaking process. We describe how the protocols work, analyze how secure the protocols are under different assumptions, and implement the protocols in a BlackBerry application. We test the efficiency of the protocols by conducting a number of experiments. We also consider the cheating-detection and friend-recognition problems.