Research On User Matching Method For Security And Privacy Protection In Mobile Social Networks

Nowadays,with the improvement of wireless network infrastructures and the growing popularization of smartphones,mobile social networks have become an indispensable part of people's lives,bringing unprecedented convenience and transformation to people's life and making friends.User matching,which means determing whether the relationship of the attributes provided by users meet the specific conditions,is often the key step in a variety of applications in mobile social networks.Only users who match each other successfully will be able to further establish contact and interaction.User-attribute-based and device-attribute-based matching are two common types of user matching.In the former type,user matching is based on the user's description of his or her own characteristics(e.g.hobbies)or the user's social relationship(e.g.circle of friends).In the latter type,user matching is based on the realistic feature information(e.g.geographical location information,physical environment characteristics,etc.)that can be perceived by the user's device.In essence,user matching is a specific process in which users implement mutual authentication and key agreement.Therefore,whether the matching process is secure and reliable has a direct and significant impact on the overall security of mobile social services,and is the cornerstone of the security of mobile social services.The security requirements of the user matching in mobile social networks can be presented from three aspects.First,the confidentiality,integrity and reliability of the information in the matching process should be guaranteed.Second,since user matching is based on the attribute information from users or devices,there is a need for a reasonable mechanism to ensure that access by other users or devices to the information is controllable.Without the protection,user matching may cause serious personal privacy leaks.Third,the authenticity of matching results should be ensured.In other words,malicious users can not falsify the information to match successfully.Unlike traditional online social networks,implementing the user matching that meet these security requirements in mobile social networks faces greater challenges.First,in the mobile social networks,especially distributed mobile social networks,user matching often can not rely on trusted third parties due to the lack of centralized management.Second,the broadcast nature of the wireless channel makes it more vulnerable to security threats such as wiretapping attacks,man-in-the-middle attacks and the like.Finally,the resource-constrained nature of mobile devices places higher demands on the communication and computation costs of user matching.Motivated by above challenges,this dissertation focuses on the key issue of how to implement secure and efficient user matching in mobile social networks and deeply studies the security and privacy protection of user matching in typical scenarios.By combining the specific matching scenes and using the latest achievements in the fileds of attribute-based encryption,identity-based encryption and secure multi-party computation,a number of specific and practical secure user matching methods are designed.The main research results include the following four aspects:1)Aiming at the privacy protection of user attribute matching in distributed mobile social networks,we propose an efficient privacy-preserving user attribute matching methods based on anonymous attribute-based encryption.Based on this method,users can implement matching according to their custom attributes(e.g.Hobbies,and friend preference),and can ensure that the access of the attribute information is controllable.Our method hides the initiator's attributes into the ciphertext policy and hides the responder's attributes into their attribute private key.Only those who meet the matching conditions can use their attribute key to correctly decrypt the ciphertext generated by the initiator to achieve the match.Compared with the existing methods,our method need only one round interaction,can provide verifiability,can resist the dictionary attacks and can quickly filter out the unmatched user to improve the matching efficiency.2)Aiming at the authentication of user attributes in user matching,we propose a privacy-preserving and trusted social relationship matching method.Based on this method,users can implement matching according to their common friends,and the authenticity of the friend relationship can be ensured.In this method,for each user,each friend in his friend list issues for him an identity key generated by identity-based encryption.In the process of matching,both sides can obtain a list of common friends through two-way challenge and response.Compared with the existing methods,the social relationship evidence designed by us is strongly bound with the evidence owner,and can provide a more secure and trustworthy friend relationship authentication while protecting user privacy.In addition,the detection and matching process is more simple,less communication and computation overhead,which has a higher practical value.3)Aiming at the problem of location privacy protection in location-based mobile dating application,we propose an efficient privacy-preserving proximity matching method based on private set intersection computation.Based on this method,users located in geographical proximity can quickly find each other without revealing their own location information.In this method,the map is divided into grids of controlled sizes,and the users vicinity region is represented as a nine-grid grid centered on its location.The private set intersection computation is adopted for privacy-preserving proximity testing.Compared with other existing methods,our method can protect the privacy of both the initiator and the responder fairly,can resist the collusion between the server and the user,and has high computation efficiency.4)Aiming at the problem of automatic authentication and key agreement of directconnected devices in mobile social networks,we propose a method of secure matching of direct-connected devices based on Wi Fi channel state information.This method enables co-located wireless devices to automatically authenticate each other and negotiate keys using the similarity of their channel state information.In this method,co-located devices,after synchronization,first sample and quantized the channel state information independently.Then,the bitstreams generated by quantizing are encoded into sets.Finally,by private set intersection calculating,both sides can obtain the consistent bits in two bitstreams.The consistent bits are further taken as the proof of authentication and the shared key.Compared with the existing methods,ours is more robust in terms of efficiency and authentication distance.