GeoPal: Friend Spam Detection in Social Networks with Private - - PowerPoint PPT Presentation

geopal friend spam detection in social networks with
SMART_READER_LITE
LIVE PREVIEW

GeoPal: Friend Spam Detection in Social Networks with Private - - PowerPoint PPT Presentation

Dec 07, 2022 140 likes •353 views

GeoPal: Friend Spam Detection in Social Networks with Private Location Proofs Bogdan Carbunar, Mizanur Rahman, Mozhgan Azimpourkivi, Debra Davis Florida International University carbunar@cs.fiu.edu Social Network Friend Spam Friend invitations

slide-1
SLIDE 1

Bogdan Carbunar, Mizanur Rahman, Mozhgan Azimpourkivi, Debra Davis

Florida International University

carbunar@cs.fiu.edu

GeoPal: Friend Spam Detection in Social Networks with Private Location Proofs

slide-2
SLIDE 2

Hidden Hidden Hidden

Social Network Friend Spam

Friend invitations from people you don’t know

75% of 68 participants did not remember at least one

  • f their 20 randomly

selected friends

slide-3
SLIDE 3

Friend Spam Consequences

Attackers can  collect private information from victims

 profiles, locations visited, friend lists

 spear phishing attacks  malware dissemination

slide-4
SLIDE 4

Assumptions

  • 1. People trust more the friends whom they have met or

are meeting more frequently in person

  • 2. Hard to guess locations frequented by the victim
  • 3. Hard to create during the attack a history of co-

locations with the victim

slide-5
SLIDE 5

Trust vs. Co-Location

Hidden Hidden

People trust more the friends whom they have met

  • r are meeting more frequently in person

GP.Quest: Mobile App Questionnaire

slide-6
SLIDE 6

Location vs. Friend Relationship Quality (Facebook)

 68 participants (18-50 years old, 57 male/11 female)

Never met in person Met daily

  • r weekly
slide-7
SLIDE 7

Location vs. Discussion Topics (Facebook)

 68 participants (18-50 years old, 57 male/11 female)

Never met in person Met daily

  • r weekly
slide-8
SLIDE 8

GeoPal

  • 1. People trust more the friends whom they have met or

are meeting more frequently in person

  • 2. It is hard to guess locations frequented by the victim
  • 3. It is hard to create during the attack a history of co-

locations with the victim  Mobile app that records locations visited by user  Use location history to establish trust with friends

  • with privacy
slide-9
SLIDE 9

GeoPal: Friend Spam Detection Framework

PLP1 PLP2

PLPi=π(Vi, ti), i=1,2

GeoCheck PAS GeoSignal 1. Private Location Proof Computation

  • 2. Friend Invitation

Venue V1 Venue V2 Alice’s Phone Bob PLP

slide-10
SLIDE 10

Confusion Zones

V3 = [( x-rx3, y+ry3 ), ( x+d-rx3, y-d+ry3 )] x, y V1 V2 V3 d3 y x rx3 ry3 time T3 = [ t-r3, t+t3-r3 ] T1 T2 T3 t r3 t3

Spatial Temporal

slide-11
SLIDE 11

Presence Tokens

Location V

TkV,e

Social network divides  Space at granularity of venues  Time at granularity of “epochs” (e.g., 10 min long)

Social Network

slide-12
SLIDE 12

Private Location Proofs

Two users are fuzzy co-located when present in the same confusion zone (spatial & temporal)

client pseudonym venue & time Presence token key material

  • bfuscated

confusion zones signature Private Location Proof

π(V,t) = (Ek(Id), V, t, e, TkV,e , KVi, KTi , V ̅ , T ̅ , ΕV, ΕT, σ)

slide-13
SLIDE 13

E(Id(A)), Time t, Location V

1

Generate confusion zones

2

V̅ = {V1, .., Vg}, T̅ = {T1, .., Tg}

Generate confusion keys

3

KVi, KTi i=1..g

Encrypt confusion zones

4

ΕV= {E(KVi,Vi) | i = 1..g}, ΕT= {E(KTi,Ti) | i = 1..g}

Sign location proof

5

σ= SGSN(E(Id(A)), EV, ET)

“Alice” preserves anonymity!

PLP Construction

Alice Location V (Ek(Id), V, t, e, TkV,e , KVi, KTi , V̅ , T̅, ΕV, ΕT, σ) Social Network

slide-14
SLIDE 14

GeoPal uses the PLP history to establish trust  GeoCheck: prove past presence at profile locations  PFAS: Privately infer co-location affinity with other users

 How many times the two users have been co-located

 GeoSignal: Privately infer present co-location events

PLP Based User Trust Establishment

slide-15
SLIDE 15

Prove presence around location V around time t with privacy

GeoCheck: Profile Location Verifications

Alice Bob

Verify σ

x, y V2 y x time T3 t ΕV= {E(KVi,Vi) | i = 1..g}, ΕT= {E(KTi,Ti) | i = 1..g},

σ= SGSN(E(Id(A)), EV, ET)

KV2, KT3

Decrypt & verify confusion zones

π(V,t) = (Ek(Id), V, t, e, TkV,e , KVi, KTi , V̅ , T̅, ΕV, ΕT, σ)

slide-16
SLIDE 16

Privately determine co-location frequency of A and B

PFAS: Private Fuzzy Affinity Score

Alice Bob Compute intersection of sets of tokens (secure multiparty computation)

π(V,t) = (Ek(Id), V, t, e, TkV,e , KVi, KTi , V̅ , T̅, ΕV, ΕT, σ)

slide-17
SLIDE 17

GeoPal Evaluation

 Motorola Milestone (CPU @ 600 MHz and 256MB RAM)  Nexus 5 with a Quad-core 2.3 GHz CPU and 2GB RAM  Industrial grade crypto  Signatures: RSA with 2048 bit keys

 Symmetric encryption: AES  Hashes: SHA-512

slide-18
SLIDE 18

GeoPal is Practical

Nexus 5:

 1.5ms to verify a location claim  1s to verify co-location over 20K+ location proofs

slide-19
SLIDE 19

Conclusions

 User study: trust vs. co-location frequency relationship  Friend relations stronger with increased co-location  More discussion topics with frequently met friends  GeoPal: seamless, location based friends spam detection  Exploit location history to establish trust with friends  With privacy:  Alice learns nothing from Bob  Alice controls what she reveals to Bob  The social network does not learn Alice’s locations

slide-20
SLIDE 20

Questions

x, y V1 V2 V3 d3 y x rx3 ry3 time T1 T2 T3 t r3 t3

Hidden