Skip to main content
SpringerLink
Log in

Mobile common friends discovery with friendship ownership and replay-attack resistance

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

Online social networking applications are nearly ubiquitous, but are currently limited to trusted infrastructure. For example, two unfamiliar users can exploit their social proximity to discover common friends, but otherwise face considerable difficulty in discovering of things they may have in common. However, social proximity depends on access personal data, raising concerns regarding potential data leakage from databases, the degree of trust in the particular social proximity, and user unwillingness to disclose the nature of personal friendships. Previous works have used mobile middleware to provide alternatives to hosting personal data in a fixed database, but these approaches still require users to divulge private information. Other approaches have used private-preserved decentralized online social networks to solve centralization and privacy issues, but these methods are still subject to other security problems such as mutual authentication, data-spoofing and replay attacks. This paper proposes the development of secure mobile common friends discovery methods to preserve the privacy of friendship data, establish mutual authentication between contact users, provide mutual proof of friendship, and provide protection against friendship spoofing and replay attacks. The proposed methods are shown to be secure and efficient, and are implemented in mobile phones that allow users to find common friends securely in seconds.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Agrawal, R., Evfimievski, A., & Srikant, R. (2003). Information sharing across private databases. In Proceedings of the 2003 ACM SIGMOD international conference on management of data, New York, NY: ACM, pp. 86–97.

  2. Bellare, M., Canetti, R., & Krawczyk, H. (1996). Keying hash functions for message authentication. In Advances in CryptologyXCRYPTO96 (pp. 1–15). Berlin: Springer.

  3. Bluetooth, S. (2012). Bluetooth specification. http://www.blueloolh.com/.

  4. Buchanan, W. J., Kwecka, Z., & Ekonomou, E. (2012). A privacy preserving method using privacy enhancing techniques for location based services. Mobile Networks and Applications. doi:10.1007/s11036-012-0362-6.

  5. Chatschik, B. (2001). An overview of the bluetooth wireless technology. Communications Magazine, IEEE, 39(12), 86–94.

    Google Scholar 

  6. Chow, C., & Mokbel, M. (2009). Privacy in location-based services: A system architecture perspective. Sigspatial Special, 1(2), 23–27.

    Article  Google Scholar 

  7. Cutillo, L., Molva, R., & Strufe, T. (2009). Privacy preserving social networking through decentralization. In Wireless on-demand network systems and services, 2009. WONS 2009. Sixth International Conference on IEEE, pp. 145–152.

  8. Facebook Inc.: Facebook Website. (2012). http://www.facebook.com/.

  9. Flickr lnc.: Flickr Website. (2012). http://www.flickr.com/.

  10. Freedman, M., Nissim, K., & Pinkas, B., et al. (2004). Efficient private matching and set iontersection. Lecture Notes in Computer Science, pp. 1–19.

  11. Gkoulalas-Divanis, A., Kalnis, P., & Verykios, V. (2010). Providing k-anonymity in location based services. ACM SIGKDD Explorations Newsletter, 12(1), 3–10.

    Article  Google Scholar 

  12. Kissner, L., & Song, D., SCIENCE, C.M.U.P.P.S.O.C. (2005). Privacy-preserving set operations. Lecture Notes in Computer Science, 3621, 241.

  13. Koblitz, N., Menezes, A., & Vanstone, S. (2000). The state of elliptic curve cryptography. Designs, Codes and Cryptography, 19(2), 173–193.

    Article  MathSciNet  MATH  Google Scholar 

  14. Li, M., Cao, N., Yu, S., & Lou, W. (2011). Findu: Privacy-preserving personal profile matching in mobile social networks. In INFOCOM, 2011 proceedings on IEEE, pp. 2435–2443.

  15. Li, Y., Tygar, J. D., & Hellerstein, J. M. (2005). Computer security in the 21st century, vol. Chapter 3. Berlin: Springer.

  16. Loopt, Inc.: Loopt. (2011). https://www.loopt.com/.

  17. Meet Gatsby Inc.: 2011 Meet Gatsby. (2011). http://meetgatsby.com/.

  18. Myspace Inc.: Myspace Website. (2012). http://www.myspace.com/.

  19. Paillier, P. (1999). Public-key cryptosystems based on composite degree residuosity classes. Lecture Notes in Computer Science, 1592, 223–238.

    Google Scholar 

  20. Pietiläinen, A., Oliver, E., LeBrun, J., Varghese, G., & Diot, C. (2009). Mobiclique: middleware for mobile social networking. In Proceedings of the 2nd ACM workshop on online social networks, ACM, pp. 49–54.

  21. Plurk lnc.: Plurk Website. (2012). http://www.plurk.com/.

  22. Rivest, R. (1992). RFC1321: The MD5 message-digest algorithm. RFC Editor United States.

  23. Rivest, R., Shamir, A., & Adleman, L. (1978). A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2), 120–126.

    Article  MathSciNet  MATH  Google Scholar 

  24. Scarfone, K., & Padgette, J. (2008). Guide to bluetooth security. NIST Special Publication, 800, 121.

    Google Scholar 

  25. Specification, A. (1998). Infrared data association (IrDA) Std.

  26. Standard, N. (1995). Federal information processing standards publication 180-1, Vol. 131. US Department of Commerce, National Institute of Standards and Technology.

  27. Tang, K., Keyani, P., Fogarty, J., & Hong, J. (2006). Putting people in their place: An anonymous and privacy-sensitive approach to collecting sensed data in location-based applications. In Proceedings of the SIGCHI conference on human Factors in computing systems, ACM, pp. 93–102.

  28. Twitter lnc. twitter website. (2012). https://twitter.com/.

  29. Um, J., Kim, H., Choi, Y., & Chang, J. (2009). A new grid-based cloaking algorithm for privacy protection in location-based services. In high performance computing and communications, 2009. HPCC’09. 11th IEEE international conference on IEEE, pp. 362–368.

  30. Wikipedia: Replay Attack. (2012). http://en.wikipedia.org/wiki/Replay_attack/.

  31. Wikipedia: Wi-Fi Direct. (2012). http://en.wikipedia.org/wiki/Wi-Fi_Direct/

  32. Xie, Q., & Hengartner, U. (2011). Privacy-preserving matchmaking for mobile social networking secure against malicious users. In Privacy, security and trust (PST), 2011 ninth annual international conference on IEEE, pp. 252–259.

Download references

Acknowledgments

This work was partially supported by the National Science Council under Grant NSC 101-2221-E-182-071 and by the CGURP project under Grant UERPD2B0021. The authors also gratefully acknowledge the helpful comments and suggestions of the reviewers, which have improved the presentation.

Author information

Authors and Affiliations

  1. Chang Gung University, Tao-Yuan, Taiwan

    Shin-Yan Chiou & Yao-Hsien Huang

Authors
  1. Shin-Yan Chiou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yao-Hsien Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shin-Yan Chiou.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chiou, SY., Huang, YH. Mobile common friends discovery with friendship ownership and replay-attack resistance. Wireless Netw 19, 1839–1850 (2013). https://doi.org/10.1007/s11276-013-0577-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-013-0577-x

Keywords

Search

Navigation