Candidate
Kuan Zhang
Title
Security and Privacy for Mobile Social Networks
Supervisor
Sherman Shen
Abstract
With the ever-increasing demands of people's social interactions, traditional online social networking applications are shifted to the mobile version, enabling users' social networking and interactions anywhere anytime. Due to the portability and pervasiveness of mobile devices, such as smartphones, wearable devices and tablets, Mobile Social Network (MSN), as a prestigious social network platform, has become increasingly popular and brought immense benefits. In MSN, users can easily discover and chat with social friends in the vicinity even without the Internet; vehicle drivers and passengers can exchange traffic information, videos or images with other vehicles on the road; customers in a shopping mall can share sale information and recommend it to their friends. With MSNs, massive opportunities are created to facilitate people's social interactions and enlarge the inherent social circle.
However, the flourish of MSNs still hinges upon fully understanding and managing the challenges, such as security threats and privacy leakage. Security and privacy concerns rise as the boom of MSN applications comes up, and few users have paid adequate attentions to protect their privacy-sensitive information from disclosing. First of all, to initiate the social interactions, users sometimes exchange their social interests or preferences with each other (including strangers in the vicinity) without sufficient protection. As such, some private information may be inferred from the exchanged social interests by attackers and untrusted users. Secondly, some malicious attackers might forge fake identities or false contents, such as spam and advertisements, to disrupt MSNs or mislead other users. These attackers could even collude and launch a series of threats to MSNs. In addition, massive social network data are usually stored in the untrusted cloud servers, where the data confidentiality, authentication, access control and privacy are of paramount importance. Last but not least, the trade-off between data availability and privacy should be taken into account when the data are stored, queried and processed for various MSN applications.
To address these challenges, security and privacy techniques become essential for MSN to provide sufficient and adjustable protection. In this thesis, we investigate security and privacy challenges in MSNs, and focus on adjustable and user-centric protections. Based on the MSN architecture and emerging applications, we first identify security and privacy requirements for MSNs and introduce several challenging issues, including spam, misbehaviors and privacy leakage. To tackle these problems, we propose efficient security and privacy preservation schemes for MSNs. Specifically, the main contributions of this thesis can be three-fold. Firstly, to address the issues of spam in autonomous MSNs, we propose a personalized fine-grained spam filtering scheme (PIF), which exploits social characteristics during message delivery. The PIF allows users to create personalized filters according to their social interests, and enables social friends to hold these filters, discarding the unwanted messages before delivery. We also propose privacy-preserving coarse-grained and fine-grained filtering mechanisms in the PIF to not only enable the filtering but also prevent users' private information included in the filters from disclosing to untrusted entities. Secondly, to detect misbehaviors during MSN data sharing, we propose a social-based mobile Sybil detection scheme (SMSD). The SMSD detects Sybil attackers by differentiate the abnormal pseudonym changing and contact behaviors, since Sybil attackers usually frequently or rapidly change their pseudonyms to cheat legitimate users. As the volume of contact data from users keeps increasing, the SMSD utilizes local cloud servers to store and process the users' contact data such that the burden of mobile users is alleviated. The SMSD also detects the collusion attacks and prevent user's data from modification when employing the untrusted local cloud server for the detection. Thirdly, to achieve the trade-off between privacy and data availability, we investigate a centralized social network application, which exploits social network to enhance human-to-human infection analysis. We integrate social network data and health data to jointly analyze the instantaneous infectivity during human-to-human contact, and propose a novel privacy-preserving infection analysis approach (PIA). The PIA enables the collaboration among different cloud servers (i.e., social network cloud server and health cloud server). It employs a privacy-preserving data query method based on conditional oblivious transfer to enable data sharing and protect data disclosure to untrusted entities. A privacy-preserving classification-based infection analysis method is also proposed to enable the health cloud server to infer infection spread and achieve data privacy simultaneously.
Finally, we summarize the thesis and point out several open research directions in MSNs. The developed security solutions and research results in this thesis provides a step towards better understanding and implementing secure and privacy-preserving MSNs.