06894195-1

A Trust-Based Privacy-Preserving FriendRecommendation Scheme for Online

Social NetworksLinke Guo,Member, IEEE, Chi Zhang,Member, IEEE, and Yuguang Fang, Fellow, IEEE

Abstract—Online social networks (OSNs), which attract thousands of million people to use everyday, greatly extend OSN users’

social circles by friend recommendations. OSN users’ existing social relationship can be characterized as 1-hop trust relationship,

and further establish a multi-hop trust chain during the recommendation process. As the same as what people usually experience

in the daily life, the social relationship in cyberspaces are potentially formed by OSN users’ shared attributes, e.g., colleagues,

family members, or classmates, which indicates the attribute-based recommendation process would lead to more fine-grained

social relationships between strangers. Unfortunately, privacy concerns raised in the recommendation process impede the

expansion of OSN users’ friend circle. Some OSN users refuse to disclose their identities and their friends’ information to the

public domain. In this paper, we propose a trust-based privacy-preserving friend recommendation scheme for OSNs, where OSN

users apply their attributes to find matched friends, and establish social relationships with strangers via a multi-hop trust chain.

Based on trace-driven experimental results and security analysis, we have shown the feasibility and privacy preservation of our

proposed scheme.

Index Terms—Privacy, online social networks, trust, social relationship

Ç

1 INTRODUCTION

ONLINE social networks (OSNs) provide people with aneasy way to communicate with each other and make

new friends in the cyberspace. Similar to what peopleusually do in real life, OSN users always try to expandtheir social circles in order to satisfy various socialdemands, e.g., business, leisure, and academia. In suchcases, OSN users may ask for the help from their exist-ing friends to obtain useful feedback and valuable rec-ommendations, and further establish new connectionswith friends of friends (FoFs). As several works [1], [2]indicates, the social relationship on the OSNs is an asym-metric context-aware trust relationship between twofriends, by which we consider the possibility of estab-lishing a multi-hop trust chain two strangers by usingexisting 1-hop trust of existing friends on the OSNs.However, the recommendation process poses severalcrucial privacy breaches in the cyberspace, such as OSNusers’ privacy concerns regarding their identities andsocial relationships, as well as the recommended infor-mation during the information exchange, all of whichshould be well addressed. Otherwise, it would be very

easy for malicious users to perform serious cyber andphysical attacks, such as identity theft [3], [4], inferringattack on social relationships [5], and profile leakage [6].

We consider an example that Alice wants to find a cardi-ologist over some professional OSNs, such as PatientLi-keMe,1 for helpful suggestions and preliminary diagnosis.On the one hand, directly asking recommendations tostrangers or a non-close friend not only reveals Alice’sidentity, but also reveals her health condition and medicalinformation. Even worse, traditional recommendationapproaches [7], [8] applying identity to recommend strang-ers will disclose OSN users’ social relationships to the pub-lic, which impede patients from utilizing it, and alsodecrease the possibility of establishing the multi-hop trustchain if one of OSN users on the chain returns a negativeresult. On the other hand, current approaches cannotachieve the fine-grained and context-aware results automat-ically, due to the fact that OSN users have to determine therecommended friends based on their own judgements onthe recommendation query. As in our example, Alice wouldlike to ask for help from her friends who work in a hospital,but not a truck driver. To overcome the above issue, weconsider the possibility of using OSN users’ social attributesto establish the multi-hop trust chain based on each context-aware 1-hop trust relationship, where most of trust relation-ships are formed and strengthened by the shared socialattributes.

In this paper, we design a light-weighted privacy-preserving friend recommendation scheme for OSNs by uti-lizing both users’ social attributes and their existing trustrelationships to establish a multi-hop trust chain between

� L. Guo is with the Department of Electrical and Computer Engineering,Binghamton University, State University of New York, Binghamton, NY13902. E-mail: [email protected].

� C. Zhang is with the School of Information Science and Technology,University of Science and Technology of China, Hefei 230026, China.E-mail: [email protected].

� Y. Fang is with the Department of Electrical and Computer Engineering,University of Florida, Gainesville, FL 32611. E-mail: [email protected].

Manuscript received 29 Apr. 2013; revised 30 July 2014; accepted 14 Aug.2014. Date of publication 7 Sept. 2014; date of current version 10 July 2015.For information on obtaining reprints of this article, please send e-mail to:[email protected], and reference the Digital Object Identifier below.Digital Object Identifier no. 10.1109/TDSC.2014.2355824 1. http://www.patientslikeme.com/

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 4, JULY/AUGUST 2015 413

1545-5971� 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

strangers. In our scheme, we jointly consider privacy lea-kages and preservation approaches regarding the identity,social attributes, and their trust relationships of OSN usersduring the recommendation process. By trace-driven exper-imental results, we demonstrate both the security and effi-ciency of our proposed scheme.

1.1 Related Works

1.1.1 Privacy Issues in OSNs

Several existing works [3], [9], [10] point out the potentialsecurity breaches on the OSNs, where they consideradversaries’s attack to OSN users’ identities, attributes, aswell as their social relationships. Fong et al. [11] propose anaccess model that formalize and generalize the privacy pres-ervation mechanism for Facebook. Carminati. et al. also pro-pose an access control mechanism for the informationsharing in web-based social networks (a.k.a. online socialnetworks) in [12], which jointly considers the relationshiptype, trust metric, and degree of separation in the policydesign. The major difference between their scheme and thework in [11] and ours is that they use the decentralizedarchitecture for the access control, which may incurpotential security breaches, like fabricating identity, attrib-utes, and trust information. Along this line of research,Squicciarini et al. in [13], [14] use game theory to model theprivacy management for content sharing, which has thesmiler idea as our design in terms of providing privacy forsocial profile and attributes. In particular, their work in [14]can provide automatic access policy generation for usersprofile information. Mislove et al. in [15] discuss the possi-ble inference on user profile based on existing relationships,which also could be a very powerful attack on identifyingreal identities using user attributes.

1.1.2 Trust Management

Comprehensive surveys [16], [17], [18] on trust and reputa-tion systems for online service provision and mobile ad hocnetworks describes the current trends and development inthis area. In the most recent survey [19], Sherchan et al. sum-marize the trust management in social networks into threeaspects, trust information collection, trust evaluation, andtrust dissemination. They also discuss the propagativeproperty of trust, which can be used to create trust chains.In our scheme, we assume the existence of propagative trustamong OSN users as the same as in [2], [20], [21]. In addi-tion, from the same source, we are along the line of discus-sing the context-specific or context-aware trust betweenOSN users, so that we can leverage it for establishing multi-hop trust chain for users with specific attributes. Lin et al.propose a peer-to-peer architecture for heterogeneous socialnetworks in [22], which allow users from different types ofsocial networks to communicate. The proposed architecturealso highlights trust management in different types of pro-fessional social networks.

1.1.3 Friend Recommendation

In terms of discovering friendships, Daly and Haahr in [23]discuss the establishment of friendship chains using socialattributes. Similarly, Chen and Fong in [24] use trust factor

in collaborative filtering (CF) algorithm to recommend OSNusers on Facebook, where they analyze the similarity basedon users’ interests and attributes. One of their followingwork [25] has the same idea, but try to use data miningapproach to gather users’ information to input to CF algo-rithm for recommendation. In [8], Dhekane and Vibber dis-cuss the friend finding problem on the Federated socialnetworks. However, the above works fail to consider users’privacy concerns on both identity and their social attributes.

1.1.4 Privacy-Preserving Profile Matching

Li. et al. [26] propose a privacy-preserving personal profilematching schemes for mobile social networks, by usingpolynomial secret sharing. In [27], Dong et al. design asecure friend discovery scheme based on verifiable securedot product protocol by using homomorphic encryption.Due to their distributed approaches, both of the aboveschemes lack of the ability to prevent active attacks whenusers change their attributes to satisfy the query require-ments. Our previous papers [28], [29], [30] also discuss theprivate matching schemes in eHealth/mHealth systems.

1.1.5 Our Contributions

Our major contributions are summarized as follows:

� We utilize OSN users’ social attributes and trust rela-tionship to develop the friend recommendationscheme in a progressive way while preserving theprivacy of OSN users’ identities and attributes.

� We use OSN users’ close friends to establish anony-mous communication channels.

� Based on the 1-hop trust relationships, we extendexisting friendships to multi-hop trust chains with-out compromising recommenders’ identity privacy.

� Our trust level derivation scheme enables strang-ers to obtain an objective trust level on a particu-lar trust chain.

� Extensive trace-driven experiment are deployed toverify the performance of our scheme in terms ofsecurity, efficiency, and feasibility.

The remainder of this paper is organized as follows.Section 2 introduces our intuitions and preliminaries on theproposed scheme. We describe the system and securityobjectives in Section 3, along with the adversary model ofour scheme. The proposed scheme of the trust-based friendrecommendation is presented in Section 4, followed by thescheme evaluation in Sections 5 and 6. Finally, Section 7concludes the paper.

2 PRELIMINARIES

2.1 Motivation

We first highlight our motivation on the trust-based multi-hop recommendation process. To expand their social circlesor find a particular user, they may use their existing trust-based friendships to help recommend friends. Traditionalapproaches, like ID-based recommendation, recommend afriend by returning a binary answer, “yes” or “no”, whichlower the possibility of finding friends of friends. From theperspective of social networks, most of this type of schemeswill fail to extend friendships more than two hops. To

414 IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 12, NO. 4, JULY/AUGUST 2015

increase the possibility of reaching more FoFs, we may haveto establish the multi-hop chain for the recommendation. Incorresponding with the observation from sociology, thehomophily phenomenon [31], [32], [33], OSN users may havesocial relationship with each other based on their sharedattributes. Contrary to the ID-based recommendation, a via-ble solution is to use each user’s social attributes for the rec-ommendation, which will help OSN users search friends ina progressive way. Thus, our scheme is trying to help OSNusers recommend FoFs by the increased number of identicalattributes hop-by-hop, and establish a multi-hop trust chainbetween two unknown users after the recommendation.

2.2 Definitions and Assumptions

2.2.1 Central Authority (CA)

The central authority is a fully-trusted infrastructure thatstores users’ social coordinates in its storage. It is alsoresponsible for system setup and generating public/privatekey pairs to OSN users in the system. In our scheme, werequire an always-online CA to provide the recommenda-tion service.

2.2.2 Trust Level

The trust level in our system is defined as the reliabilitytrust [16] with propagative property, and it is a numericvalue T 2 ½0; 1� between pair-wise OSN users, where 0denotes lowest trust level and 1 represents the highest levelwith full trust, respectively. We will use Tu1:u2 to denote

OSN user u1’s trust level on u2. This property denotes thatthe end-to-end trust relationship can be derived based oneach link value [34]. Note that the trust level in this work isalso defined as context-aware trust, in the sense that OSNusers will forward recommendation to different friendsbased on different context-aware queries. Here, the use ofcontext-aware trust is as the same as our basic motivationby using attribute-based recommendation, like forwardingrequest for searching a doctor to someone who is a nurse.

2.2.3 Roles of OSN Users

For the ease of description, OSN users are given differentroles in our scheme.

� Querier(Q). users who initiate the friend recommen-dation process.

� Friend(F). users who are 1-hop away from each otherwith established friendships.

� Recommender(R). users who are strangers to the que-rier and willing to help the querier discover anony-mous trust chain.

� Destination user(D). the one that the querier islooking for.

We note that the roles of friend and recommender will beinterchangeable in different stages of our scheme. However,from the aspect of the querier, he/she has only one 1-hopfriend on one particular trust chain, but may have multiplerecommenders depending on the recommendation results,where they are strangers to the querier. Meanwhile, OSNusers can bilaterally communicate with each other only ifthey are friends, while they fail to exchange information ifthey are strangers.

2.2.4 Social Coordinates

In our system, each user has a unique vector A 2 f0; 1gn torepresent his/her social attributes, e.g., age, gender, affilia-tion, etc, where we name it as social coordinate, and n is thelength of the vector. The central authority defines a publicattribute set consisting of d attributes, {A1;A2; . . .Ad}. Ineach attribute, CA assigns a unique vector to represent theattribute value, e.g., 0010 denotes the user is a student,while 0100 a faculty. Then, recommenders can use theresults of the dot-product of two vectors to determine thesimilarity on attributes. We assume that users’ social coordi-nates used for comparing the similarity would uniquelyidentify one particular user. In the following sections, wegenerally use A instead of using Ai to denote an OSN userin our scheme.

3 SYSTEM MODEL

3.1 Network Model

We first give a brief introduction to the network model ofthe proposed scheme. As shown in Fig. 1, apart from OSNusers, we have a central authority which is responsible forparameter distribution. The basic assumption of our net-work model is that there exists secure communication chan-nels between CA and each OSN user. The secure channelscan be set up by some authentication and key exchangeschemes [35], or by physically using encrypted phone or e-mail. This assumption guarantees the confidentiality of theinformation distribution from CA.

3.2 Design Objectives

Our privacy-preserving friend recommendation schemeshould achieve two main objectives:

� Trust-based recommendationThe multi-hop trust chain can be established by 1-hop trust relationship between pairwise OSN users.Subjective trust levels impact the recommendationperformance between two OSN users.

� Privacy preservation– Social coordinate privacy. Since OSN users are rep-

resented as unique sets of social coordinates,directly revealing one’s social coordinate vectorwould leak his/her social privacy and furthercompromise the identity privacy. We requiresthat both the recommendation and trust levelderivation process cannot reveal OSN users’social coordinates.

Fig. 1. System Model.

GUO ET AL.: A TRUST-BASED PRIVACY-PRESERVING FRIEND RECOMMENDATION SCHEME FOR ONLINE SOCIAL NETWORKS 415

– Identity and network address privacy. It requiresthat the identity and network addresses of boththe querier and recommenders will be hiddenfrom each other.

– Trust level privacy. We treat the trust level as pri-vate data since it potentially reveals informationon friendships and personal social circles. Itrequires that the trust level between two 1-hopfriends cannot be revealed to others during therecommendation process.

3.3 Threat Model

The threat model defines adversaries and their possibleattacks to the proposed scheme.

1. Type I adversary. They compromise OSN users’ iden-tity information and social relationship, and publishto the public domain.- The adversary steal OSN users’ identity informa-tion and further launch attacks to their social rela-tionships and trust levels. To achieve these, they cancollect and learn the information regarding the par-ticular trust chains, such as previously used pseudo-nyms and messages exchanged between friends.Moreover, adversaries can inject bogus data or blockusers’ messages, which tries to prevent the queriersfrom obtaining the correct aggregated trust level.

2. Type II adversary. This type of adversary uses knownMAC and IP addresses to track OSN users duringthe recommendation process.– When OSN users recommend friends based on

the query, the type II adversary tries to obtaintheir actual MAC and IP addresses, and it may tofurther use this information to locate or track thereal identity of particular OSN users.

3. Type III adversary. They launch impersonation attackson honest OSN users and deviate the recommenda-tion process.– Adversaries forward recommendation queries to

someone that does not satisfy the querier’srequirements or even drop the querier’s requests.Especially during the trust level derivation pro-cess, they can prevent queriers from knowingthe correct results.

4. Type IV adversary. Adversaries fabricate their ownsocial coordinates and social relationships, whichmay cause the incorrect recommendation.– They will claim they have some required social

coordinates as well as particular social relation-ships with some OSN users who are more similarto the query information. They can also changetheir social coordinates for malicious purposes,like compromising specific user or obtaining therequirements of some users. In addition, theywill compromise honest OSN users’ social attrib-utes via their coordinate vectors.

We exclude several attacks according to our design objec-tives and assumptions. Due to the subjective values on trustlevels, we prohibit users from changing it depending on thequery and recommendation results. We also exclude theattack launched by a global observer. For a large-scale social

network, it is infeasible for a particular user to monitor thewhole network except the central authority. Collusion attackis also prohibited in our system because the trust relation-ships are based on each hop, where users’ identities wouldbe revealed if 1-hop friends are involved in the attack.

4 SYSTEM DESIGN

4.1 Overview

We first give a brief introduction to our proposed scheme.The main design goal of our scheme is to help OSN userssecurely establish trust relationships with strangers viamulti-hop recommendation process. By leveraging existing1-hop trust relationships, the proposed scheme enables OSNusers to extend their social circles while maintaining theiridentity privacy. For example, imagine Alice(Q), is lookingfor a cardiologist on a medical OSN as shown in Figs. 1 and2. However, all of her 1-hop friends (Eve and Frank) do nothave the corresponding candidates to recommend. Fortu-nately, one of her close friends, Bob(F), whoworked in a hos-pital recently, recommends to Alice his best friend Carol(R)for further information. Then, Alice’s unknown stranger,Carol, helps her recommend a cardiologist, David(D), who isan acquaintance of Carol. Finally, although Alice and Davidare strangers before the multi-hop recommendation process,they are connected and form a trust chain via 1-hop friends.

4.2 Privacy-Preserving Friendship Establishment

Different from traditional ways to establish friendships, wedesign a privacy-preserving approach to set up the trust rela-tionships between two OSN users. In what follows, wedescribe our approach by leveraging users’ closest friend setsto enable the communication in a privacy-preservingway.

4.2.1 System Setup

To perfectly hide the identity and network address (IP orMAC address) of an OSN user, we assume each OSN user

Fig. 2. System diagram.


has a certain number of fully trusted friends, FCID, which

will not reveal any secret information of a user with the par-ticular ID. The assumption satisfies the circumstance in thereal life or OSNs with secure channels. For example, peoplemay have several closest friends whom they fully trust

FCID � F ID. In order to hide the network address and iden-

tity, users can route their packets to the destination via aspecific trusted friend, and thereby hide their identitieswith the help of their close friends.

We first list the notations in Table 1 and describe sys-tem setup of the proposed scheme. Before the schemeruns, CA assigns the ID-based public/private key pairsto each user in the system. The parameter generationprocedures are as follows, and we adopt the schemein [36]:

1. Input the security parameter � to the system and out-put a public parameter tuple ðq;G1; G2; e; g;HÞ.

2. Randomly select a domain master secret & 2 Z�q and

calculate the domain public key as gpub ¼ &g.where e is a bilinear map e : G1 �G2 ! GT which has theproperties of bilinearity, computability, and non-degeneracy[36], [37]. CA publishes the domain parameters tupleðq; G1; G2; e; g; H; gpubÞ and keeps & confidential, where

Hð�Þ is defined before as Hð�Þ : f0; 1g� ! G1, and g is a

generator of G1. Given a specific public ID 2 f0; 1gl, CAdistributes the public/private key ðpkID=skIDÞ pair asHðIDÞ=& �HðIDÞ.

In our scheme, OSN users enable their close friends touse their assigned pseudonyms in the communicationinstead of real IDs. Similar to the approach proposed in[38], [39], each OSN user assigns a set of collision-resistantpseudonyms to his/her close friends to guarantee the ano-nymity during recommendation process. We continue touse the previous example to describe the parameter distri-bution process, and for the ease of description, we useQ(querier) and F (1-hop friend) to represent Alice and Bob,respectively. In addition to the scheme in [36], Alice gives toher close friends a set of collision-resistant pseudonyms,

PSQ:i ¼ fPSkQ:ij14k4jPSQ:ij; i 2 FC

Qg and the correspond-

ing private keys as skPSQ:i¼ fskPSk

Q:ig ¼ f&QHðPSk

Q:iÞ 2 G1j14 k4jPSQ:ij; i 2 FC

Qg.2 Note CA distributes the public/

private key pairs of the pseudonym sets to each valid OSNuser and &Q 2 Z�

q is the master secret selected by CA for

Alice. Therefore, the close friend Q:i selected by Alice storesthe public/private key pairs of a set of pseudonyms for pro-viding anonymity for Alice.

4.2.2 Trust-Based Friendship Establishment

Similarly, as a friend of Bob, Alice also obtains a set ofpseudonyms to ensure anonymous communication duringthe recommendation process. However, different fromclose friends, we require OSN users assign different trustlevels T 2 ½0; 1� to each one of their 1-hop friends anddefine a map Qþ ! Zq that maps the reliability trust levelto an integer on Zq. We apply Pederson commitment [40]

scheme to preserve the trust level between pair-wise OSNusers. CA additionally chooses a set parameters ðp; g; hÞand distributes them to OSN users, where p is a largeprime and usually is 1,024 bits, g 2 G1, h ¼ ga mod p and ais a private parameter selected by CA. Once Bob acceptsAlice as his friends, he issues her a commitment

tF:Q ¼ gThs based on the trust level that Bob evaluates onAlice, where s 2 Zq is a random number selected by Bob.Moreover, Bob stores the commitment for respondingqueries or recommendation requests from Alice, in thesense that Alice or her friends may use pseudonyms tocommunicate with Bob, but they need to show the commit-ment so that Bob can ensure the trust relationship estab-lished with his 1-hop friend, Alice. Besides, the hidingproperty of the Pederson commitment scheme guaranteethat as a trustee, Alice is not able to uncover the trust levelgiven by Bob.

4.2.3 Privacy-Preserving Anonymous Communication

After giving the corresponding pseudonym sets to closefriends, OSN users within 1-hop can initiate the anony-mous communication. For privacy concerns, we designthe following scheme to hide users’ identities duringthe recommendation process. Suppose Bob issues Aliceseveral parameters for Alice to contact Bob in thefuture: EpkQðPSF:QÞ; exp; sskF ðEpkQðPSF:QÞjjexpÞ, whereEð�Þ denotes the ID-based encryption scheme. Note thatthe pseudonyms in the set will be arranged in a randomorder concatenated with each other, which is denoted asjj. The “exp” represents the expiration time for thePSF:Q, in the sense that if the expiration time passes, thefriends cannot use the original pseudonym set for estab-lishing the anonymous communication. Since the usersin the OSNs need to obtain friends’ names for communi-cation, we cannot hide users’ IDs when they initiate thefriendship establishment. To some extent, the reason thatwe implement the social approach for anonymouscommunication is to hide the identity and networkaddress during the recommendation procedure, not in

TABLE 1Main Notations

Notation Description

F u, FCu

Friend set and the closest friend set of a user u

PSu:i Pseudonym set that the user u assigns to user iPSk

u:i One of user i’s pseudonym that the user uassigns, where 14k4jPSA:ij

pku=sku User u or pseudonym’s public and private keypair

H, H,H0 Cryptographic hash function

&, &u User u’s master secret selected by CA, where&; &u 2 Z�

p

tu1 :u2 Trust level commitment that u1 evaluates u2

Cu1:u2 The certificate that user u1 issues to u2 for stor-ing u1’s encrypted social coordinates

Cu1:u2 The credential that u2 uses to query u1

A,Q User’s attribute vector and queried vectorBu1,Bu2 User u invertible matrices used to generate

encrypted social coordinate

2. If X is a set, jXj means its cardinality; if X is a number, jXjdenotes the length of bits representing the number.


the initiation step. Thus, exposing the real identity in thisstage does not impair users’ privacy.

In the following, we present a pairing-based anony-mous close friend authentication scheme as shown inFig. 3. Here, we define a global hash function Hð�Þ whichmaps an arbitrary inputs to a fix-length output. The pro-cess is as follows:

1. Q ! Q:j : EpkQ:jðPSa

F:Q jj skPSaF:Q

Þ; exp; sQ

2. Q:j ! PSbF:i : PS

aF:Q; n1; sQ:j

3. PSbF:i ! Q:j : PSb

F:i; n2;Fb;a ¼ Hðn1 jjn2 jj 0 jj Kb;aÞ4. Q:j ! PSb

F:i : Fa;b ¼ Hðn1 jjn2 jj 1 jj Ka;bÞNote Q:j 2 FC

Q is one of the close friends of Alice ands is the corresponding ID-based signature. Then Q:j usesPSa

F:Q as its own pseudonym to authenticate himself to

one of the pseudonyms that Bob gave to Alice during

the previous step, e.g., PSbF:i which is one of Bob’s close

friends. When the trusted user which behaves as PSbA:i

receives the packets, he/she will derive the session key

as Kb;a ¼ eðHðPSaF:QÞ; skPSb

F:iÞ. Then PSb

F:i sends back the

calculated Fb;a which includes the session key. Uponreceiving the packets, Q:j derives the Ka;b and checks

whether Fb;a ¼ Hðn1jjn2jj0jjKa;bÞ, since we can determinethe equation as follows,

Kb;a ¼ e�H�PSa

F:Q

�; &FH

�PSb

F:i

��

¼ e�&FH

�PSa

F:Q

�; H

�PSb

F:i

�� ¼ Ka;b:

Accordingly, Q:j knows that PSbF:i is Bob’s friend as

well. In order to authenticate Q:j to PSbF:i, Q:j returns

Fa;b back. PSbF:i can compute Hðn1 jjn2 jj 1 jj Kb;aÞ and

check whether it equals to the received packets whichincludes Fa;b. Therefore, two OSN users are able tomutually authenticate and securely communicate witheach other.

4.3 Trust-Based Friend Recommendation

The trust-based friend recommendation includes twomajor subprotocols, secure social coordinate matching andfriend recommendation process. Based on the matchingresults (inner product) of social coordinates and estab-lished trust relationships, recommenders determine theirrecommendation decision on whether continue to querytheir friends or not.

4.3.1 Secure Social Coordinate Matching

To achieve the secure social coordinate matching, we applythe secure kNN scheme in [41] and modify it as shown inAlgorithm 1. In our scheme, users’ social coordinates can be

formed into a set of binary vector A. Binary vector Q is thesocial coordinate vector that contains query information,which can be any possible user’s unique social coordinatein the OSN. Note that Q½k� 2 f0; 1g has the same definitionasA½k�.

We define the degree of similarity as the inner product ofthe above two vectors, P ¼ A � Q. At the beginning ofAlgorithm 1, CA selects a secret parameter S and twoinvertible matrices B1;B2 for each user as shown in Ln. 1-2.

From Ln. 3-15, CA creates the extended vectors A and Q forthe user’s social attributes and the queried vector, andfurther embeds a random number r to secure the confidenti-ality of the matching results P. Based on S, B1, and B2, CA

encrypts extended vectors as {BT1A

½1�, BT

2A½2�} and Q½2�

} as

{B�11 Q½1�

, B�12 Q½2�

} from Ln. 16-24. The final matching resultcan be derived in Ln. 25.

Encrypted social coordinate distribution. As an OSN user,he/she needs to obtain his/her 1-hop friends’ social coor-dinates so that he/she can perform the above matchedoperation to derive the “best” matching friends. We askCA to generate and distribute encrypted form of users’social coordinates to OSN users. We suppose both Bob(F)and Carol(R) are satisfied with the establishment of friend-ship, in the sense that Alice is able to query Bob for the rec-ommendation on Carol in the future. Then, they mutuallystore each other’s encrypted social coordinates. AssumingBob is trying to add Carol to its friend list, the distributionprocess is as follows: (Carol also can follow the same pro-cedure to add Bob as Carol’s friend, respectively), wherethe CR:F is a certificate that Carol gives to Bob, and itallows CA to issue the Carol’s encrypted social coordinateto Bob. Note that C will not reveal the specific value oftrust level. Bob stores the encrypted social coordinates ofall his 1-hops, which enables him to help recommendfriends. The Cert:Req and Cert:Resp are the header of eachof the packets to denote that their purposes are for certifi-cate request and response, respectively. As we assumedbefore, all the communication between CA and each userof the system in secure channels are supposed to beuncompromisable. In addition, once there is an update fora particular user, all of his/her friends need to periodicallyupdate the encrypted social coordinate according to theexpiration time, and this process can be done before therecommendation process initiates.

Query initiation. Here, we consider two possible searchpatterns, social coordinate search and ID search, both ofwhich can be done via current OSN service. First, weallow OSN users to search for a fuzzy identity without aspecific ID, such as a user-defined social coordinate vec-tor which represents the attributes of the user that theymay look for, e.g., a cardiologist, male, with more than20 years work experience. However, without involving thedestination user’s consent, Alice only needs to create thevector and sets the threshold that meets her desiredsocial coordinates.

1. R ! F : EpkF ðCR:F Þ; exp; sskRðEpkF ðCR:F Þ jj expÞ2. F ! CA : Cert:Req;CR:F ; exp

3. CA ! F : Cert:Resp;BTF1A

½1�R ;BT

F2A½2�R

Fig. 3. Anonymous close friend authentication.


Algorithm 1. Secure kNN Scheme

1: Randomly choose ðnþ 1Þ bit vector S2: Randomly choose ðnþ 1Þ � ðnþ 1Þ invertible matrices

B1;B2

3: Extend column vector A to ðnþ 1Þ dimension

4: if 14k4n then

5: set A½k� ¼ A½k�6: else

7: set A½k� ¼ �0:5jjA2jj8: end if

9: Extend column vector Q to ðnþ 1Þ dimension

10: if 14k4n then

11: setQ½k� ¼ Q½k�12: else

13: setQ½k� ¼ 1

14: end if

15: Extend Q to ðnþ 1Þ dimension Q, set the ðnþ 1Þ dimension

as 1, r > 0, scaleQ as ðrQ; rÞ16: if S½k� ¼ 0 then

17: set A½1�½k� ¼ A½k�, A½2�½k� ¼ A½k�18: Random set Q½1�½k�,Q½2�½k�, letQ½1�½k� þ Q½2�½k� ¼ Q½k�19: else

20: Random set A½1�½k�, A½2�½k�, let A½1�½k� þ A½2�½k� ¼ A½k�21: setQ½1�½k� ¼ Q½k�,Q½2�½k� ¼ Q½k�22: end if

23: Encrypt fA½1�,A½2�g as {BT

1A½1�,BT

2A½2�g

24: Encrypt fQ½1�,Q½2�g as fB�1

1 Q½1�,B�1

2 Q½2�g25: return fBT

1A½1�,BT

2A½2�g�fB�1

1 Q½1�,

B�12 Q½2�g ¼ rAQ� 0:5rjjA2jj

On the other hand, when Alice wants to find a particularOSN user, say David, among all users in the system, apartfrom knowing the real ID, Alice should know the encryptedsocial coordinate of David in order to let Alice’s friendshelp her discover and recommend the trust chain. Similar tothe above process, we do not allow Alice to obtain the plain-text of David’s social coordinate. So, suppose David(D)agrees Alice(Q) to search himself,

1. Q ! D : Cert:Req; EpkDðQÞ; t1; sskQðEpkDðQÞkt1Þ2. D ! Q : Cert:Resp,

EpkQðCD:QÞ; t2; exp; sskDðEpkQðCD:QÞkt2kexpÞwhere t1 and t2 are timestamps in order to prevent replay

attack. The Cred:Req and Cred:Resp denote the credential

request and response, CD:Q is the credential that David issues

to Alice, meaning that David allows Alice to obtain David’s

encrypted social coordinate and search over the friends in the

system and derive the corresponding trust level.

4.3.2 Trust-Based Privacy-Preserving Friend

Recommendation

Based on the intuition introduced in Section 2.1, we give theformal definition on our trust-based privacy-preserving rec-ommendation process on the aspects of trust level andsocial coordinate matching results.

Definition 1. Given three users Alice(Q), Bob(F), andCarol(R), Alice and Carol are 1-hop friends of Bob, butthey are strangers without the existing trust relationship.

The trust level criteria of recommendation process forBob is

TF:Q5TF:R;

where TF:Q is Bob’s trust level on Alice, and TF:R is histrust level on Carol, respectively. Note that the trust rela-tionship between strangers depends on the 1-hop trust.To extend Definition 1, we require the following inequal-ity is satisfied,

TR:F5TR:D;

such that Carol is able to recommend to Alice her friendDavid after Bob recommends Carol to Alice.

Definition 2. Suppose Alice(Q) has a query vector Q andinitiates the recommendation scheme, given P‘ ¼ A‘ � Qwhich denotes the ‘th recommender (includes 1-hopfriend), the criteria on the matching results shouldsatisfy,

P‘ ¼ P‘þ1; if P‘þ15P‘;abort; otherwise;

�

in the sense that the inner product of recommended friends’social coordinates and the query vector should increasewhen the recommendation process extends hop-by-hop.Therefore, Alice continues to extend her trust chain only ifthe next recommender better match the current candidates.Otherwise, she will abort the process and initiate the pro-cess from her 1-hop friends.

Recommendation process. The trust-based recommenda-tion process should satisfy the above requirements, suchthat the trust chain could be set up according to thematching results and the trust requirement. For the com-pleteness, we describe the whole algorithm pseudo-codein Algorithm 2. According to previous description, Aliceis able to use the credential CD:Q to obtain David’sencrypted social coordinate. Besides, Alice should spec-ify to CA that her 1-hop friends that she wants to query,so that CA can issue the corresponding encrypted socialcoordinate for the matching operation. Assuming thetrust relationships among Alice, Bob, and Carol satisfyDefinition 1, we give the privacy-preserving recommen-dation process as follows,

1. Q ! CA : FQ:Req; CD:S;CA:S; exp; t3

2. CA ! Q : FQ:Resp;B�1Q1Q

½1�D ;B�1

Q2Q½2�D ; t4

3. Q ! F : FM:Req;B�1Q1Q

½1�D ;B�1

Q2Q½2�D ; t5; sQ

4. F ! Q : FM:Resp;P1; EKFðCR:F jj expÞ;

EpkQðPSgR:F jj pkdR:F =skdR:F jj tR:F Þ; t6; sF

Note that K is a symmetric key shared between CA andeach OSN user, which intends to prevent queriers fromlearning each recommender’s certificate. After CA decryptsthe certificate C encrypted by K, it returns the correspond-ing encrypted social coordinates based on C or rejects thequery if it expires. Then, Alice sends the encrypted socialcoordinates to Bob. After Bob returns the best matchingresult on all his friends to Alice, she sends the query to herstranger Carol and repeats the same process until shereaches David.


Algorithm 2. Trust-Based Privacy-Preserving FriendRecommendation (Pseudo-Code)

1: for i ¼ 1 ! maxfhopg do2: if Piþ1 < Pi then3: abort;4: else5: Q ! RiðF Þ :Matching request;6: RiðF Þ ! Q : Return encryptedCRiðF Þ:Q;7: Q ! CA : Certificate CD:S , encryptedCRiðF Þ:Q;

8: CA ! Q : Social CoordinateB�1Ri1

Q½1�D ,B�1

Ri2Q½2�

D ;

9: Q ! RiðF Þ : Commitment tRi:Q;B�1Ri1

Q½1�D ,B�1

Ri2Q½2�

D ;10: for j ¼ 1 ! jFRiðF Þj do11: M ¼ fBT

Ri1A½1�

Ri:j;BT

Ri2A½2�

Ri:jg � fB�1

Ri1Q½1�

D ,B�1Ri2

Q½2�D g

12: if TRi:Riþ1< TRi:Ri�1

andMi < Miþ1 then13: ChoosemaxfMg and derive Pi;14: Return Riþ1 as next recommender;15: else16: Choose another Ri with lowerM;17: end if18: end for19: Ri ! S : Riþ1, pk=sk key pair, Commitment tRiþ1 :Ri

.20: end if21: end for

Privacy preservation approach. To provide the identity andsocial coordinate privacy, we apply parts of the secure kNNcomputation scheme [41], [42], [43] and implement severalmodifications. We change the ðnþ 1Þth entry of every user’s

social coordinate set A to 1 instead of �0:5jjA2jj during thedimension extension. The extended dimension of each

query vector Q is changed to Q ¼ ðrQ; tÞ, where t is a ran-dom number selected by OSN users, and they need to

report t to CA before the encrypted social coordinate distri-bution. After Bob receives Alice’s query, Bob first verifiesthe authenticity of the query vector. If the vector cannot beverified, he aborts the algorithm; otherwise, Bob checks allof his friends’ encrypted social coordinates stored in its localstorage to compute the inner product of two vectors as fol-lows,

M ¼ �BT

F1A½1�R ;BT

F2A½2�R

� � �B�1F1Q

½1�D ;B�1

F2Q½2�D

�¼ A½1�

R � Q½1�D þA½2�

R � Q½2�D ¼ AR � QD ¼ rðAR � QDÞ þ t:

Here, we use AR to denote the social coordinates of allthe possible recommenders within 1-hop friendshipswith Bob, e.g., Carol. Then, Bob ranks all of the matching

results of M according to the linearity on both r and t.However, based on the trust levels that Bob gives on hisfriends, he only returns the candidates both have themaxfMg and satisfy the trust level requirement in

Definition 1. Then, with the knowledge of r and t, Aliceis able to derive P1 based on the returned M. If theresults satisfy Definition 2, Alice repeats the same processto query Carol and further recommenders until discover-ing the destination user by observing the matchingresults. Finally, if all of the social coordinates arematched, the destination user, David, is reached basedon the anonymous trust chain.

4.4 Trust Level Derivation

4.4.1 Design Objective

The basic requirement of trust level derivation process issecurely collect the overall trust level based on each individ-ual’s value on the trust chain. According to the assumptionsin the previous section, OSN users treat their trust levels onthe friends as privacy and do not want to disclose. To solvethis dilemma, we apply part of the scheme in [44] to derivean overall value without compromising each user’s privatedata. Although there are numerous works discussing howto derive the overall trust level based on each individualvalue, few of them considers the problem of securely col-lecting without revealing each value. In this work, we give apossible solution on securely collecting and deriving theaverage trust level [16], [34] on a particular trust chain.

4.4.2 Basic Construction

In the previous recommendation process, to confirm thereceipt of the next hop’s information and correspondingtoken, Alice sends an acknowledgement packet back to eachof the recommended strangers. Here, we extend the formatof the original ACK packet into <ACK; sid; �QID; exp>,where ACK is the header of the packet, sid 2 Z is ansequence number to guarantee the correctness of packet

delivery, and �QID is a commitment used to certify the nexthop recommender. For example, Bob verifies the ACK

packet from Alice and store �QF for a record, in the sense thatBob knows that the record corresponds to the next hop OSNuser, Carol. When an OSN user sends Bob a packet withthis record, Bob sends back the trust level back to him/herwith privacy-preserving approach. Note that ID should bepseudonyms used for anonymous communication intro-duced in previous section.

In what follows, we provide a solution to derive the aver-age trust level on the trust chain to represent the end-to-endtrust level.

Setup: Alice asks CA to choose and publish a randompublic generator g 2 G1 and mþ 1 random secretsx0; x1; . . . ; xm 2 Zq according to the number of hops, m,

wherePm

i¼0 xi ¼ 0. Then, CA encrypts xi based on the pseu-donyms provided by Alice, such that only OSN users whohave been given the designated pseudonyms can obtain thesecret numbers. Here, we use Agg:Req and Agg:Resp to dis-tinguish the packets,

1. Q ! CA : Agg:Req; f�QRig; fRig; HMACKQ

ð�QRijjRiÞ

2. CA ! Ri : Agg:Resp; xi; �QRi;HMACKRi

ðxi jj �QRiÞ

where 04i4m� 1, and we use R0 to represent Alice’s 1-hop friend (F). Note that HMAC is hash-based messageauthentication code. We also refer Ri as the recommenders’pseudonyms that the querier used to communicate duringthe recommendation process. Similar to other recommen-ders, Alice is given the secret number x0.

Encryption. After receiving the encrypted secret number,recommenders can encrypt their trust level if they can verifythe authenticity of the packets,

Ri ! Q :

EpkQðgTiþ1H0ðsidÞxiÞ; sskRiðEpkQðgTiþ1H0ðsidÞxiÞÞ,


where the cryptographic hash function H0 is defined as amap H0 : Z ! G1, and Ti is the trust level from Ri�1 to Ri

(we refer R�1 as the querier). Based on the commitment �QRi,

recommenders are able to find out the next recommenderthat they send to the querier, such that they can locate theirrecords and generate the encrypted trust level.

Aggregation. Then, Alice collects all the results comingfrom Ri and derives the average value in the following way,

Va ¼ H0ðsidÞx0 � gT0 �Ymi¼1

gTi �H0ðsidÞxi ¼ gPm

i¼0Ti ;

where T0 is the trust level from the querier to her 1-hopfriend.

Decryption. To decrypt the sum ofPm

i¼0 Ti, it suffices tocompute the discrete log of 5 base with g. Since our plaintextspace is relatively small (we can define how fine-grained thetrust level would be), decryption can be achieved through abrute-force method. We will give an efficiency analysis inSection 5. A better approach would be the Pollard’s lambdamethod [45] which requires time roughly square root of theplaintext space.

Then, Alice can derive the average trust level as T ¼Pmi¼0 Ti=ðmþ 1Þ, which shows an average trust level on the

trust chain. Given this approach, we can modify it into amore complex transitive trust metric defined in the litera-ture or consider it in a multi-path scenario, where OSNusers can be reached via different trust chains. We canassign parameters or weights on different paths to achievemore reasonable results on deriving end-to-end trust level.

5 THEORETICAL EVALUATION

5.1 Security Analysis

In this section, we conduct the security analysis on our pro-posed scheme and discuss the possible attacks that ourscheme is able to defend against in each step of the scheme.

5.1.1 Attacks on Friendship Establishment

The identity and network address tracing attacks severelydeteriorate the user privacy and system reliability. Type Iand Type II adversaries may can collect OSN users’ pseudo-nyms in order to trace the real identity and the networkaddress.

Type I adversariesmay attempt to uncover the real identityof a particular OSN user. Our scheme enables OSN users toestablish anonymous trust chain with their strangers, whereusers are assigned a set of collision-resistant pseudonyms torealize anonymous communications. Active adversaries canobserve all the behaviors of a pseudonym, but OSN usersinvolved with in the recommendation scheme will fre-quently change their pseudonyms, which provides the pri-vacy of their real identities.

Another possible tracing attack can be considered asaddress attack, where both the MAC and IP address canbecome the targets of Type II adversaries. We suppose everyOSN user in our system is assigned an unique MAC addressand a variable IP address. Fortunately, our scheme is sur-vived from this kind of attack. Note that our end-to-endcommunication is based on the relay of trusted users.

Therefore, hidden by trusted users, the communication onlyexposes the trusted friends’ MAC addresses instead of theirreal MAC addresses, which means adversaries cannot tracethe interacted users by eavesdropping their MACaddresses. Similarly, we implement the sufficient large setsof pseudonyms for securing the anonymous communica-tion, where the address of the pseudonym helps the realend user hide from disclosing the real IP address. Further-more, analyzing the IP addresses of trusted users will nothelp locate the real IP address of end user, since the IPaddresses of the friends are independent in the online socialnetworks, e.g., everyone can have friends all around theworld. To the contrary, revealing the IDs of friends willeffectively enhance the possibility of tracing back the enduser, where we use pseudonyms to prevent the ID frombeing traced.

5.1.2 Attacks on Trust-Based Recommendation

In this process, we mainly discuss the possible attacks onthe social coordinate. Type IV adversaries may intend tochange their social coordinates in order to obtain other’ssocial attributes, which mostly happens if adversary per-forms as a querier and initiates multiple queries for recom-mendation. For example, Alice can change the values of twovectors B�1

F1Q½1�D and B�1

F2Q½2�D , both of which are directly

obtained from CA. Although they have been encryptedwith unknown parameters, the adversary is able to changethe value of each element in the two vectors, which mayresult in abnormal inner product results. However, for alarge dimensional vector, it is still infeasible for the adver-sary to derive others’ social coordinates, due to the fact thatthe original vector has been changed if the adversarychanges the encrypted vectors, in the sense, he/she cannottell the difference according to what he/she has changed.On the other hand, Type IV adversarymay be recommenders,where they intend to change their 1-hop friends’ encryptedsocial coordinates with the purpose of discovering the quer-ier’s social coordinates. For the same reason, adversariesmay fail to find out the true vectors.

One of the design goals is to provide the identity privacyof the querier, because, for example, the behavior of requir-ing a recommendation of a doctor may potentially leak herprivacy. Since we apply the encrypted social coordinate vec-tors to query, the privacy of queried information can be pre-served. For the Type IV adversaries who intend to obtain theinformation regarding the encrypted social coordinates,they can only perform the matching operations among their1-hop friends and derive the corresponding results.Although they are able to rank all the results, they cannotfind the matching detail without the value of r and t, e.g.,which one of the attributes are the same. Moreover, due tothe insufficient knowledge of their 1-hop friends, it also pre-vents them from knowing queried information. Therefore,we preserve the privacy of the querier in terms of what shequeries and her identity.

5.1.3 Attacks on Trust Level Derivation

During the trust level derivation process the Type I adversarywill launch active attacks like bogus data injection and pas-sive attacks during the packet delivery. By implementing


the ID-based signature scheme on every packet, adding newvalues or maliciously replacing the values will not helpenhance or decrease the existing trust level. Because everyrecommender issues the signature based on the identity, thequerier will not accept the result if the verification fails. Forthe malicious querier, he/she may want to compromiseeach recommender’s trust level on the friend chain. How-ever, no user is able to derive the Ti from gTi �H0ðsidÞxi dueto the assumption that Decisional Diffie-Hellman is hard.Note that although we can utilize brute force or Pollard

lambda method to deriveP

Ti from gP

Ti , we cannot imple-

ment the same approaches to obtain Ti from gTi �HðsidÞxidue to the plaintext space is much greater than

PTi and the

unknown secret xi.Another type of attack launched by the Type I adversary

is by requesting CA to generate multiple sets of secretnumbers on one trust chain to obtain private trust levels.For example, the adversary first requests the actual num-ber of hops as six, and fraudulent requests five for thesecond time. Then, by comparing different results withdifferent number of hops, he can discover the trust levelbetween the recommenders that have been excluded dur-ing the second request. However, our scheme is able todefend this attack by our anonymous authenticationscheme. Since most recommenders to the querier arestrangers, they use frequently changed pseudonyms dur-ing each process. What the querier obtains during therecommendation process is a pseudonym that each rec-ommender assigns to his/her close friends. Therefore,without a clear match between real identities and trustrelationships, the trust level cannot be leaked only basedon path information.

Type III adversaries, performed as malicious recommen-ders, may compromise the trust level on each trust chain.During the trust derivation process, they impersonate asgood OSN users and want to obtain trust level on a particu-lar trust chain that they do not belong to. To overcome thisattack, our scheme requires the same sid during the deriva-tion process. Without sufficient knowledge of both sid andthe corresponding secret number xi, the querier cannotderive the correct end-to-end trust level. Since the querierhas the recommender records during the recommendationprocess, the adversary can be identified during the signa-ture verification process.

5.2 Complexity Analysis

5.2.1 Storage Cost Analysis

In our simulation settings, we use the degree of the curve as2, which gives the element of size 512-bit in both G1 and G2.

For each OSN user, to store their assigned pseudonyms andkey pairs costs 2kjG1j. The encrypted social coordinatesof each friend may cost 160 bits, and the total storagecost for storing OSN users’ friends depends on the num-ber of their friends. Besides, the commitment of trustlevel for each OSN users’ friend costs jG1j. Based on theobservation over Facebook [46], the total cost for storingthe above parameters is less than 300 KB given the factthat the average number of friends is 150 and k ¼ 200.We also consider the storage cost for CA. In our scheme,the key for each OSN user’s social coordinate consists ofan OðnÞ �OðnÞ matrix and an OðnÞ vector. Assumingthere are jVj OSN users in the system, to store all thesocial coordinates costs OðjVjnÞ storage resources. Inaddition to the social coordinates, CA also needs to storeOSN users’ IDs and the corresponding pseudonyms,which costs OðjVjÞ. Thus, the total storage of CA would

be OðjVjnþ n2Þ, where n is a tunable parameter depend-ing the security level of the system.

5.2.2 Communication Cost Analysis

First, we consider the communication cost before the recom-mendation process. It requires Oð1Þ between CA and eachOSN user, while OðNÞ for storing friends’ encrypted socialcoordinates, where N denotes the number of friends of eachOSN user. Second, during the recommendation process, thequerier needs to communicate with CA for Oð‘Þ times. Forthe recommendation on the trust chain, it requires Oð‘NÞ todiscover the destination users. In the trust level derivationprocess, it requires Oð1Þ between recommenders and CA,and Oð‘Þ between recommenders and the querier.

6 PERFORMANCE EVALUATION

6.1 Experimental Evaluation

To evaluate the performance of our scheme, we use theFacebook dataset [47] and INFOCOM 2006 dataset [48] toanalyze the proposed scheme in terms of routing perfor-mance. Based on the scheme description, we may con-sider our scheme as a routing protocol among OSN users,where the routing metric jointly considers the trustrelationships and social coordinate matching results.Although the INFOCOM dataset that we use is not a realOSN, we assume that attendees form an OSN after theirfrequent social interactions during the conference. Wealso highlight the Number of Average friends in Table 2 andNumber of Average Contact Users in Table 3, both of whichdenote the average degree of nodes in the graph for theexperimental analysis.

In the experimental evaluation, we mainly focus on ana-lyzing the reachability between two arbitrary users in two

TABLE 2Facebook Dataset

University Name Caltech Reed Haverford

Number of Users 762 962 1,446Length of the Experiment 1 day 1 day 1 dayNumber of Existing Friendship 33,302 37,624 119,178Number of Possible Friendship 579,882 924,482 2,089,470Number of Average Friends 21.9 19.5 41.2Social attributes used/Total 7/7 7/7 7/7

TABLE 3INFOCOM 2006 Dataset

Number of Users 78

Length of the Experiment 4 daysContact Detection Period 120 secAverage Contact Duration 511.4 secNumber of Average Contact User 63.7Social attributes used/Total 11/17


datasets, where the reachability is defined as follows:

Ri ¼P

j Eij

Etotal;

where Eij is the jth trust chain between two strangersinvolving i recommenders (iþ 1 hops to reach the destina-tion user), and Etotal is the total number of possible connec-tions in the network. In addition, since the INFOCOM 2006dataset contains contact duration information, we furtherutilize this to evaluate its impact to the reachability.

For our experiment settings, we use different length ofbits to represent the attribute values, e.g., gender: male: 01,gender: female:10, or nationality: US: 000001, nationality:China:100,000, where the number of possible values is thelength of the social coordinates. We further use these attri-bute sets to represent each OSN user in the experiment. Forthe existing relationship and possible relationship, we con-sider it as asymmetric pairwise relationships.

6.1.1 Exprimental Results

� Facebook dataset. First of all, we carry out the analysis onthe reachability of our proposed scheme based on the col-lected Facebook data from three universities, CaliforniaInstitute of Technology, Reed College, and Haverford Col-lege. As shown in Fig. 4, our scheme greatly increases thereachability between two arbitrary users on Facebook, from5.74 to 81.56 percent, 4.07 to 84.54 percent, and 5.70 to 89.19percent, respectively. The result also indicates that themulti-hop trust chains between two arbitrary users could beestablished via the progressive matching results on users’identical attributes. Note that we consider the asymmetricfriendship chain in our experiment.

Among all the trust chain established between OSNusers, we investigate the distribution of the number of rec-ommenders on each trust chain in the OSN. As shown inFig. 5, most of the newly established trust chains requireless than three hops for completing the recommendationprocess, which are 75.9, 71.2, and 80.8 percent for Caltech,Reed, and Haverford, respectively. Particularly, we want topoint out that the numbers of ID-based recommendationwithin two hops are 340,332, 477,062, and 1,406,254, whichare greater than our scheme 212,664, 250,392, and 783,589.The reason for that is our scheme will first filter out“unqualified” recommenders, and only forward to friendswhose number of identical attributes with the destinationuser is greater than the current matching result. In addition,

the decision on progressive matching results requiresP‘þ1 5P‘, which indicates the possibility of the equality ofidentical attributes on two or more consecutive hops. Wecan see from Fig. 5, although the compared number ofattributes is seven in the Facebook dataset, but we mayhave multi-hop trust chains including more than eight rec-ommenders. Hence, we increase the possibility of reachingmore OSN users that are more than seven hops away.

� INFOCOM 2006 dataset. To better evaluate the impor-tant role of attributes, we take a step further to investigatethe INFOCOM dataset which contains more than 17attribute information. Different from the Facebook dataset,the users in the dataset are closely connected according tothe contacts. As we can compare from Tables 2 and 3, thedegree of each user in INFOCOM dataset is 63.7 (afterremoval of incorrect records), which are larger than thenumbers in Facebook dataset. However, some of the con-tacts either are incorrectly recorded or cannot reflect realphysical contacts. Therefore, we have to evaluate the impactof the contact duration and the reachability. The generalcontact duration for each interaction is shown in Fig. 6, andthere are more than 140,000 contacts collected by Bluetoothdevices. However, most of the contact durations are lessthan 2 min, where we consider that the involved users maynot have real interactions, rather, they may just stay in thetransmission range of their Bluetooth devices and leave theincorrect records.

In the experimental analysis on INFOCOM dataset, weraise a generally-accepted hypothesis on evaluating thetrust relationships in our scheme, where more number ofcontacts (above certain level of durations) means moretrustful [49]. Accordingly, if a pair of users frequentlycontacts with each other, we may consider they mutuallytrust each other compared to other users. The following

Fig. 4. Reachability comparison between existing friendship and ourscheme. Fig. 5. Reachability distribution against the number of recommender.

Fig. 6. Contact durations in INFOCOM 2006.


experiment results compare the different routing perfor-mance given progressive duration of contact duration (from0 to 10 min) and given trust levels.

We first evaluate the reachability in terms of establish-ing trust chain between two OSN users via the multi-hoprecommendation process. Based on the observation inFig. 7, the 1-hop reachability decreases dramatically whenthe contact duration is set larger, which has the similarresults as in Fig. 4. For the case that contact duration is setto 0, the multi-hop reachability is as low as 3.5 percent inFig. 8a, which shows most of the social relationships areformed using 1-hop trust relationship. For the same reason,we can only find less than four multi-hop trust chains withat least three recommenders. However, with the incrementof contact durations, which indicates only longer interac-tions are taken into consideration, the multi-hop socialrelationships become the major reason that forms the end-to-end trust relationship. As an example, the reachabilitybetween two strangers increases from 0.08 to 17 percent ona three-hop trust chain as shown in Figs. 8a and 8d. Asshown in Fig. 8c, the number of maximum recommenderson a trust chain achieves to 7 with the consideration ontrust level, while arbitrary two strangers are able to con-nect with each other within 4-hop without each other’srequirement on trust level. We can clearly see the increaseon the number of recommenders from Fig. 8, wherethe number of hops is 6 if we remove the criterion onDefinition 1, while OSN users create a 9-hop trust chain ifwe apply trust levels in recommending strangers. Com-pared with the performance of Facebook dataset, theyshare similar decrease trend in terms of the reachabilityratio, but the number of hops and the corresponding num-ber of possible connections in the Facebook dataset may belarger than that in the INFOCOM dataset, because Face-book dataset involves more users and possible connections.

The above observation verifies our motivation on design-ing the trust-based recommendation scheme, where thetrust relationship can be used to establish multi-hop rela-tionship, but the subjective trust level would lower its possi-bility and further extent the number of hops.

6.1.2 Comparison with Other Schemes

To further evaluate the performance of our scheme, we usethe Facebook dataset to compare the reachability of ourscheme and other recommendation schemes. In this experi-ment setting, we calculate the accumulated number ofconnections between two arbitrary users in the network. Wemainly compare our scheme with non-recommendation

performance (as the baseline), ID-based recommendationapproach [7], and Talash approach in [8]. As shown inFig. 9, since traditional ID-based recommendation schemeslack of ability of extending recommendation chain, it hasthe lowest reachability as 41.65, 31.15, and 43.21 percentin three datasets. Talash approach achieves better perfor-mance due to their analysis on social attributes, whichhas the same design intuition with our work. However,they did not discuss the possibility of multi-hop chainsthat are two hops, which becomes the main reason thatcauses the lower reachability than our scheme. For ourscheme, if we take 1-hop recommendation as successfultrust chain establishment, the accumulative reachabilityratio will be 85.71, 88.62, and 94.90 percent for Caltech,Reed, and Haverford, respectively.

We also compare our recommendation scheme withsome packet forwarding schemes in social networks inorder to analyze the performance against time constraint.We consider our approach is comparable with theseschemes in terms of choosing best relay users to improvereachability and reduce cost. In the following experiment,we choose two well known approaches, epidemic routing[50], and PROPHET [51], by using the INFOCOM 2006 data-set as our scheme. In Fig. 10a, we investigate the reachabilitychanges in corresponding with the time. The epidemic

Fig. 8. Reachability of the proposed scheme versus contact duration.

Fig. 7. Performance evaluation in INFOCOM 2006.

Fig. 9. Comparison with other recommendation schemes.


approach has the best reachability, and it reaches to nearly 89percent when the experiment lasts for more than 16 hours.The reason for that is users will automatically exchangeinformation when they contact each other. Although it hasthe best reachability performance, this approach brings a lotof network traffic burden. Our approach is obvious betterthan the PROPHET approach from the beginning of theexperiment, where the reachability our scheme is close to77 percent by the end of simulation. We also try to explorethe efficiency of our proposed scheme on the aspect ofnumber of hops. For a recommendation scheme, less numberof hops indicates that queriers would be easier to establish amulti-hop trust chain. As shown in Fig. 10b, the averagenumber of hops of our schemewill reach to 4:5 for multi-hoptrust chain when the time duration is set to 30 min, whileother two schemes have more cost on number of recommen-ders compared to ours. Generally speaking, in terms of cost,our scheme outperforms the other two schemes when thecontact duration is set less than 12min. For the delivery ratio,our scheme is better than PROPHET. In corresponding to theresults in Fig. 7, we use multi-hop trust chain and attributematching approach to compensate the deficiency the reach-ability given by 1-hop friendship, and efficiently achieve bet-ter reachability in terms of number of recommenders.

6.2 Efficiency Analysis

We will discuss the computational cost of our scheme in dif-ferent stages. We use Pairing-based Cryptography (0.5.12)Library to implement our simulation. We take Tate pairingas our basic pairing operation. The elliptic curve we use forour scheme is type A. A curve of such type has the form of

y2 ¼ x3 þ x. To achieve the 80-bit security level (same as1,024-bit RSA), the order of the curve is around 160 bits, andthe base field is Fp where jpj ¼ 512. For the experiments, weuse a laptop with an Intel processor 2.8 GHz and 1 GB RAMunder the platform Ubuntu 11.10. All the timing reportedare averaged over 100 randomized runs.

6.2.1 Privacy-Preserving Friendship Establishment

The major computational cost for OSN users during thisprocess is the authentication process. As in [36], our encryp-tion scheme will incur one pairing operations, one scalarmultiplication in G1 and one exponentiation operationover G2. The decryption process yields one pairing compu-tation as well. According to [52], the signing process for gen-erating ID-based signature costs one exponentiation in G2,and one multiplication in G1, while the verification incursone exponentiation operation in G2 and two pairing

operations. The verification in securing the anonymouscommunication will incur one encryption and one signing.For the trusted user, it has the burden of one pairing ondecryption and one on verification. Both of the users haveto derive the session key, which costs one pairing for each.Therefore, to establish the anonymous communicationbetween two OSN users will cost five pairing operationsand three exponentiations on G2 for each one. Based on ourresults, the exponentiation operation takes 5.3 ms, while apairing operation takes 15.2 ms.

6.2.2 Friend Recommendation Process

For the recommendation process, the querier consumes2‘þ 2 exponentiation operations over G2 and 3‘þ 2 pairingoperations, where ‘ is the number of recommenders. Aseach recommender, they take three exponentiation andthree pairing operations during this process apart from thematching computation over encrypted social coordinates.Since we require the 80-bit security level (same as 1,024-bitRSA), we set n5 80 in order to defend the attack whichtries to compromise the encryption scheme on the socialcoordinates.

6.2.3 Trust Level Derivation.

This process incurs one pairing and two exponentiationoperations for each recommender on the trust chain, whilethe querier consumes ‘ exponentiations and 3‘ pairing oper-ations. For implementing the brute-force in deriving the

average trust level from gP

Ti , according to [44], it takesonly 0.3 ms to compute a modular exponentiation usinghigh-speed elliptic curve as curve25519. The encryption partfor the trust level takes 0.6 ms. Thus, decryption requires adiscrete log which takes approximately 0.3 ms to try eachpossible plaintext. Based on our simulation settings, wehave the following results in Fig. 11, where we consider thelongest trust chain shown in Fig. 8d.

As we can see from Fig. 11a, the computational costs inthree phases grow nearly linearly when the number ofhops increases, since the querier mostly repeats the recom-mendation process until he/she finds the destination user.Especially, the trust level derivation process consists oftwo computational parts, one is decrypting the packetsfrom recommenders, while the other one is decrypting theend-to-end trust level. However, comparing to the formerpart, the computational cost of decrypting the final resultsconsumes negligible time. Thus, the total computationalcost in this stage is mainly on decrypting recommenders’ciphertexts. In general, even if the trust chain is set up to

Fig. 10. Comparison with other packet forwarding schemes.Fig. 11. Computational cost of the proposed scheme.


nine hops, the total costs for the querier is less than 2 s. Foreach recommender shown in Fig. 11b, the computationalcosts in the friendship establishment and trust level deriva-tion stages remain flat, where the most consuming parttakes less than 90 ms. Particularly, one feature in analyzingthe simulation results is that the computational cost in rec-ommendation phase slightly drops when the number ofhops increases. It may result from the fact that the numberof recommenders’ friends reduces, such that the time inderiving the matching results may decrease. Therefore,based on the above analysis, we show the efficiency ofeach OSN user in our proposed scheme.

7 CONCLUSION

In this paper, we propose a privacy-preserving trust-basedfriend recommendation scheme for online social networks,which enable two strangers establish trust relationshipsbased on the existing 1-hop friendships. For privacy con-cerns, we first design the anonymous close friend authenti-cation scheme to secure the communication among OSNusers. Then, we apply the secure kNN computation as therunning protocol to derive the encrypted social coordinatematching results. To derive the objective trust level, we pro-pose a solution to calculate the average trust level as thetransitive overall value without compromising each indi-vidual’s trust level. Through security analysis and experi-mental evaluation, we have shown the security andfeasibility of the proposed scheme.

ACKNOWLEDGMENTS

This work was partially supported by the US National Sci-ence Foundation under Grant CNS-1343356 and the NaturalScience Foundation of China under Grant 61328208. Thework of Chi Zhang was also partially supported by the Nat-ural Science Foundation of China under Grants 61202140and 61328208, by the Program for New Century ExcellentTalents in University under Grant NCET-13-0548, and bythe Innovation Foundation of the Chinese Academy ofSciences under Grand CXJJ-14-S132.

REFERENCES

[1] A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, and B. Bhat-tacharjee, “Measurement and analysis of online social networks,”in Proc. 7th ACM SIGCOMMConf. Internet Meas., 2007, pp. 29–42.

[2] C. Zhang, X. Zhu, Y. Song, and Y. Fang, “A formal study of trust-based routing in wireless ad hoc networks,” in Proc. IEEE 29th Int.Conf. Comput. Commun., Mar. 2010, pp. 1–9.

[3] B. Zhou and J. Pei, “Preserving privacy in social networks againstneighborhood attacks,” in Proc. IEEE 24th Int. Conf. Data Eng.,2008, pp. 506–515.

[4] T. H.-J. Kim, A. Yamada, V. Gligor, J. Hong, and A. Perrig,“RelationGram: Tie-strength visualization for user-controlledonline identity authentication,” in Proc. 17th Int. Conf. FinancialCryptography Data Security, 2013, pp. 69–77.

[5] L. Backstrom, E. Sun, and C. Marlow, “Find me if you can:Improving geographical prediction with social and spatialproximity,” in Proc. 19th Int. Conf. World Wide Web, 2010,pp. 61–70.

[6] R. Dey, C. Tang, K. Ross, and N. Saxena, “Estimating age privacyleakage in online social networks,” in Proc. IEEE Conf. Comput.Commun., 2012, pp. 2836–2840.

[7] M. von Arb, M. Bader, M. Kuhn, and R. Wattenhofer, “Veneta:Serverless friend-of-friend detection in mobile social networking,”in Proc. IEEE Int. Conf. Wireless Mobile Comput. Netw. Commun.,Oct. 2008, pp. 184–189.

[8] R. Dhekane and B. Vibber, “Talash: Friend finding in federatedsocial networks,” in Proc. Linked Data Web, 2011, pp. 1–8.

[9] C. Dwyer, S. R. Hiltz, and K. Passerini, “Trust and privacyconcern within social networking sites: A comparison of face-book and myspace,” in Proc. 13th Amer. Conf. Inf. Syst., 2007,p. 339.

[10] C. Zhang, J. Sun, X. Zhu, and Y. Fang, “Privacy and security foronline social networks: Challenges and opportunities,” IEEENetw., vol. 24, no. 4, pp. 13–18, Jul./Aug. 2010.

[11] P. W. L. Fong, M. Anwar, and Z. Zhao, “A privacy preservationmodel for facebook-style social network systems,” in Proc. 14thEur. Conf. Res. Comput. Security, 2009, pp. 303–320.

[12] B. Carminati, E. Ferrari, and A. Perego, “Enforcing access controlin web-based social networks,” ACM Trans. Inf. Syst. Security,vol. 13, no. 1, pp. 6:1–6:38, Nov. 2009.

[13] A. C. Squicciarini, M. Shehab, and F. Paci, “Collective privacymanagement in social networks,” in Proc. 18th Int. Conf. WorldWide Web, 2009, pp. 521–530.

[14] A. Squicciarini, F. Paci, and S. Sundareswaran, “PriMa: Acomprehensive approach to privacy protection in social net-work sites,” Ann. Telecommun., vol. 69, nos. 1/2, pp. 21–36,2014.

[15] A. Mislove, B. Viswanath, K. P. Gummadi, and P. Druschel, “Youare who you know: Inferring user profiles in online socialnetworks,” in Proc. 3rd ACM Int. Conf. Web Search Data Mining,2010, pp. 251–260.

[16] A. Jøsang, R. Ismail, and C. Boyd, “A survey of trust and reputa-tion systems for online service provision,” Decision Support Syst.,vol. 43, pp. 618–644, Mar. 2007.

[17] J.-H. Cho, A. Swami, and I.-R. Chen, “A survey on trust manage-ment for mobile ad hoc networks,” IEEE Commun. Survey Tutori-als, vol. 13, no. 4, pp. 562–583, Dec. 2011.

[18] K. Govindan and P. Mohapatra, “Trust computations and trustdynamics in mobile ad hoc networks: A survey,” IEEE Commun.Survey Tutorials, vol. 14, no. 2, pp. 279–298, Dec. 2012.

[19] W. Sherchan, S. Nepal, and C. Paris, “A survey of trust in socialnetworks,” ACM Comput. Survey, vol. 45, no. 4, pp. 47:1–47:33,Aug. 2013.

[20] R. Guha, R. Kumar, P. Raghavan, and A. Tomkins, “Propagationof trust and distrust,” in Proc. 13th Int. Conf. World Wide Web, 2004,pp. 403–412.

[21] L. Guo, X. Zhu, C. Zhang, and Y. Fang, “A multi-hop privacy-pre-serving reputation scheme in online social networks,” in Proc.IEEE Global Telecommun. Conf., Dec. 2011, pp. 1–5.

[22] P. Lin, P.-C. Chung, and Y. Fang, “P2P-iSN: A peer-to-peer archi-tecture for heterogeneous social networks,” IEEE Netw., vol. 28,no. 1, pp. 56–64, Jan./Feb. 2014.

[23] E. Daly and M. Haahr, “Social network analysis for informationflow in disconnected delay-tolerant manets,” IEEE Trans. MobileComput., vol. 8, no. 5, pp. 606–621, May 2009.

[24] W. Chen and S. Fong, “Social network collaborative filteringframework and online trust factors: A case study on face-book,” in Proc. 5th Int. Conf. Digital Inf. Manage., Jul. 2010,pp. 266–273.

[25] C. Wei, R. Khoury, and S. Fong, “Web 2.0 recommendation serviceby multi-collaborative filtering trust network algorithm,” Inf. Syst.Frontiers, vol. 15, no. 4, pp. 533–551, Sep. 2013.

[26] M. Li, N. Cao, S. Yu, and W. Lou, “FindU: Privacy-preserving per-sonal profile matching in mobile social networks,” in Proc. IEEE30th Conf. Comput. Commun., Apr. 2011, pp. 2435–2443.

[27] W. Dong, V. Dave, L. Qiu, and Y. Zhang, “Secure friend discoveryin mobile social networks,” in Proc. IEEE 30th Conf. Comput. Com-mun., Apr. 2011, pp. 1647–1655.

[28] L. Guo, X. Liu, Y. Fang, and X. Li, “User-centric private matchingfor ehealth networks—A social perspective,” in Proc. IEEE GlobalCommun. Conf., 2012, pp. 732–737.

[29] L. Guo, C. Zhang, J. Sun, and Y. Fang, “PAAS: Privacy-preservingattribute-based authentication system for ehealth networks,” inProc. IEEE 32nd Int. Conf. Distrib. Comput. Syst., Macau, China,2012, pp. 224–233.

[30] L. Guo, C. Zhang, J. Sun, and Y. Fang, “A privacy-preserving attri-bute-based authentication system for mobile health networks,”IEEE Trans. Mobile Comput., vol. 13, no. 9, pp. 1927–1941,Sep. 2014.

[31] M. McPherson, L. Smith-Lovin, and J. M. Cook, “Birds of afeather: Homophily in social networks,” Annu. Rev. Sociol., vol. 27,no. 1, pp. 415–444, 2001.


[32] L. Guo, C. Zhang, H. Yue, and Y. Fang, “A privacy-preservingsocial-assisted mobile content dissemination scheme in DTNs,” inProc. IEEE 32nd Int. Conf. Comput. Commun., Turin, Italy, 2013,pp. 2349–2357.

[33] L. Guo, C. Zhang, H. Yue, and Y. Fang, “PSaD: A privacy-preserv-ing social-assisted content dissemination scheme in DTNs,” IEEETrans. Mobile Comput., vol. 1, no. 99, p. 1, 2014.

[34] O. Richters and T. P. Peixoto. (2010). Trust transitivity in socialnetworks. CoRR [Online]. 6(4) Available: http://arxiv.org/abs/1012.1358

[35] A. Groce and J. Katz, “A new framework for efficient password-based authenticated key exchange,” in Proc. 17th ACM Conf. Com-put. Commun. Security, New York, NY, USA, 2010, pp. 516–525.

[36] D. Boneh and M. Franklin, “Identity-based encryption from theweil pairing,” in Proc. 21st Annu. Int. Cryptol. Conf. Adv. Cryptol.,2001, pp. 213–229.

[37] E.-J. Goh, “Encryption schemes from bilinear maps,” Ph.D. disser-tation, Dept. Comput. Sci., Stanford Univ., Standford, CA, USA,Sep. 2007.

[38] Y. Zhang, W. Liu, W. Lou, and Y. Fang, “Mask: Anonymous on-demand routing in mobile ad hoc networks,” IEEE Trans. WirelessCommun., vol. 5, no. 9, pp. 2376–2385, Sep. 2006.

[39] D. Balfanz, G. Durfee, N. Shankar, D. Smetters, J. Staddon,and H.-C. Wong, “Secret handshakes from pairing-basedkey agreements,” in Proc. Symp. Security Privacy, May 2003,pp. 180–196.

[40] T. P. Pedersen, “Non-interactive and information-theoretic secureverifiable secret sharing,” in Proc. 11th Annu. Int. Cryptol. Conf.Adv. Cryptol., London, U.K., 1992, pp. 129–140.

[41] W. Wong, D. Cheung, B. Kao, and N. Mamoulis, “Secure kNNcomputation on encrypted databases,” in Proc. 35th SIGMOD Int.Conf. Manage. Data, 2009, pp. 139–152.

[42] N. Cao, C. Wang, M. Li, K. Ren, and W. Lou, “Privacy-preservingmulti-keyword ranked search over encrypted cloud data,” inProc. IEEE Conf. Comput. Commun., Apr. 2011, pp. 829–837.

[43] W. Sun, B. Wang, N. Cao, M. Li, W. Lou, Y. T. Hou, and H. Li,“Privacy-preserving multi-keyword text search in the cloud sup-porting similarity-based ranking,” in Proc. 8th ACM SIGSACSymp. Inf., Comput. Commun. Security, New York, NY, USA, 2013,pp. 71–82.

[44] E. Shi, T.-H. H. Chan, E. G. Rieffel, R. Chow, and D. Song,“Privacy-preserving aggregation of time-series data,” in NDSS,vol. 2, no. 3, 2011.

[45] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook ofApplied Cryptography. Boca Raton, FL, USA: CRC Press, 2001.

[46] Facebook. [Online]. Available: http://newsroom.fb.com/company-info/, 2014.

[47] A. L. Traud, P. J. Mucha, and M. A. Porter, “Social structure offacebook networks,” arXiv:1102.2166, 2011.

[48] J. Scott, R. Gass, J. Crowcroft, P. Hui, C. Diot, and A. Chain-treau, “CRAWDAD trace cambridge/haggle/imote/info-com2006 (v. 2009-05-29),” May 2009.

[49] S. Trifunovic, F. Legendre, and C. Anastasiades, “Social trust inopportunistic networks,” in Proc. IEEE Conf. Comput. Commun.Workshops, Mar. 2010, pp. 1–6.

[50] A. Vahdat and D. Becker, “Epidemic routing for partially-connected ad hoc networks,” Tech. Rep. CS-200006, DukeUniversity, 2000.

[51] A. Lindgren, A. Doria, and O. Schel�en, “Probabilistic routing inintermittently connected networks,” SIGMOBILE Mobile Comput.Commun. Rev., vol. 7, no. 3, pp. 19–20, Jul. 2003.

[52] F. Hess, “Efficient identity based signature schemes based onpairings,” in Proc. 9th Annu. Int. Workshop Sel. Areas Cryptography,2003, pp. 310–324.

Linke Guo received the BE degree in electronicinformation science and technology from the Bei-jing University of Posts and Telecommunicationsin 2008. He received the MS and PhD degrees inelectrical and computer engineering from the Uni-versity of Florida in 2011 and 2014, respectively.Since August 2014, he has been an assistantprofessor in the Department of Electrical andComputer Engineering, Binghamton University,State University of New York. His research inter-ests include network security and privacy, social

networks, and applied cryptography. He has served as the TechnicalProgram Committee (TPC) members for several conferences includingIEEE INFOCOM, ICC, GLOBECOM, and WCNC. He is a member of theIEEE and ACM.

Chi Zhang received the BE and ME. degrees inelectrical and information engineering from theHuazhong University of Science and Technology,China, in 1999 and 2002, respectively, and thePhDdegree in electrical and computer engineeringfrom the University of Florida in 2011. He joinedthe University of Science and Technology of Chinain September 2011 as an associate professor ofthe School of Information Science and Technol-ogy. His research interests include the areas ofnetwork protocol design and performance analy-

sis, and network security particularly for wireless networks and social net-works. He has published more than 60 papers in journals such as IEEE/ACM Transactions on Networking, IEEE Journal on Selected Areas inCommunications, and IEEE Transactions on Mobile Computing and innetworking conferences such as IEEE INFOCOM, ICNP, and ICDCS. Hehas served as the Technical ProgramCommittee (TPC) members for sev-eral conferences including IEEE INFOCOM, ICC, GLOBECOM, WCNCand PIMRC. He received the 7th IEEE ComSoc Asia-Pacific OutstandingYoungResearcher Award. He is amember of the IEEE.

Yuguang Fang (F’08) received the PhD degreein systems engineering from Case WesternReserve University in January 1994 and the PhDdegree in electrical engineering from Boston Uni-versity in May 1997. He was an assistant profes-sor in the Department of Electrical and ComputerEngineering at New Jersey Institute of Technol-ogy from July 1998 to May 2000. He then joinedthe Department of Electrical and Computer Engi-neering at University of Florida in May 2000 asan assistant professor, got an early promotion to

an associate professor with tenure in August 2003 and a professorin August 2005. He has published more than 350 papers in refereedprofessional journals and conferences. He received the NationalScience Foundation Faculty Early Career Award in 2001 and the Officeof Naval Research Young Investigator Award in 2002. He won the BestPaper Award at IEEE ICNP’2006. He has served on many editorialboards of technical journals including IEEE Transactions on Communi-cations, IEEE Transactions on Wireless Communications, IEEETransactions on Mobile Computing, Wireless Networks, and IEEEWireless Communications (including the editor-in-chief). He is cur-rently serving as the Editor-in-Chief of IEEE Transactions on Vehicu-lar Technology. He is also serving as the technical program cochairfor IEEE INFOCOM’2014. He is a fellow of the IEEE.

" For more information on this or any other computing topic,please visit our Digital Library at www.computer.org/publications/dlib.


06894195-1

Documents

Transcript of 06894195-1