A Random-Walk Based Privacy-Preserving Access Control for Online Social Networks

Online social networks are popularized with people to connect friends, share resources etc. Meanwhile, the online social networks always suffer the problem of privacy exposure. The existing methods to prevent exposure are to enforce access control provided by the social network providers or social network users. However, those enforcements are impractical since one of essential goal of social network application is to share updates freely and instantly. To better the security and availability in social network applications, a novel random walking based access control of social network is proposed in this paper. Unlike using explicit attribute based match in the existing schemes, the results from random walking are employed to securely compute L1 distance between two social network users in the presented scheme, which not only avoids the leakage of private attributes, but also enables each social network user to define access control policy independently. The experimental results show that the proposed scheme can facilitate the access control for online social network. Keywords—online social networks; access control; random walk; privacy-preserving


I. INTRODUCTION
In recent years, the popularity of online social networks, such as Facebook and Twitter has grown tremendously.Users of social networks can easily establish relationships with people worldwide, and social network has become an indispensable communication platform in daily life.However, users usually obsessed with security risk when they shared pictures or news using on social network [1].To address this problem, the traditional solution is employ attribute based access control.For example, when an online social network user A views his friend B's page, he notices a message posted by C, then he attempts to view C's page by clicking the links of B and the request of A will be sent to C. However, A is not a friend of C as shown in Fig. 1,the access control mechanism will be enforced before C making a decision on A's request.In the traditional attribute based access control scheme, A's attribute information will be requested to match the access control policy.As shown in Fig. 1, each online social network user should have multiple attributes i a , which represent his social attributes, such as gender, age, email, contact, school etc.However, some attributes are sensible for the user, and the online social network user, such as A, is unwilling to reveal the attributes to others.Once the access control process is executed, C knows the attribute information of A. Undoubtedly; this attribute based access control method cannot prevent the user's privacy.To address these privacy leaking problems, a novel random walker based access control for social network has been proposed in this paper.Unlike the classic access control schemes use attribute directly, our scheme utilizes the results of random walking as the inputs for distance protocol [2], which is used to evaluate the close relationship between two users.Furthermore, Paillier homomorphic encryption is integrated to our scheme to prevent the derivation of relationship using the results of random walking.
The rest of this paper is organized as follows: The related works are described in Section II.Section III focuses on preliminaries of truncated random walking and Paillier www.ijacsa.thesai.orghomomorphic encryption.In Section IV, the concrete construction of the proposed access control is introduced.Implementation of our scheme and analysis are presented in Section V. Finally, the conclusion is made.

II. RELATED WORK
Previous researches on access control for OSNs mainly focus on social graph structure, such as [3][4][5].The D-FOAF system [3] is primarily of a friend ontology-based distributed identity management system for social networks, where access rights and trust delegation management are provided as additional services.In D-FOAF, relationships are associated with a trust level, which denotes the level of friendship existing between the users participating in a given relationship.Although the work discusses only generic relationships, corresponding to ones modeled by the FOAF: knows RDF property in the FOAF vocabulary [6], another D-FOAFrelated paper [7] considers also the case of multiple relationship types.As far as access rights are concerned, they denoted authorized users in terms of the minimum trust level and maximum length of the paths connecting the requester to the resource owner.In work [4], authors adopt a multi-level security approach, where trust is the only parameter used to determine the security level of both users and resources.In the work [8], a semi-decentralized discretionary access control model and a related enforcement mechanism for controlled sharing of information in OSNs is presented.The model allows the specification of access rules for online resources, where authorized users are denoted in terms of the relationship type, depth, and trust level existing between nodes in the network.Barbara [9] has proposed an extensible, fine-grained OSN access control model based on semantic web technologies, and the main idea is to encode social networkrelated information by means of ontology.Those works all base on classical access control, they have ignored the process of classical access control may also leak users' social attributes.Fu [10] has proposed an attribute privacy preservation scheme based on node anatomy.It allocates original node's attribute links and social links to new nodes to improve original node's anonymity, thus protects user from sensitive attribute disclosure.Meanwhile, it measures social structure influence on attribute distribution, and splits attributes according to attributes' correlations.
Random walking algorithm is used for privacy preserving widely.Pili et al. [11] designed a protocol, which transforms community detection to a series of Private Set Intersection instances using Random walking algorithm.Gabor et al. [12] introduced a light-weight protocol to quickly and securely compute the sum of the inputs of a subset of participants assuming a semi-honest adversary.In this protocol, random walkers are performed over the network.Prateek et al. [13] developed a system that mediates privacy-preserving access to social relationships.It takes users' social relationship graph as an input, then it performs Random walking algorithm to obfuscate the social graph topology.
Recently, approximation of 1 distance has been used for privacy preserving in social networks.EWPM [14] is a protocol which provides a realistic matching approach considering both the number of common interests and the corresponding weights on them.P-match [15] has been proposed to privately match the similarity with potential friends in vicinity.P-match also considers both the number of common interests and the corresponding priorities on each of them individually.Ben has proposed Weighted Average Similarity (WAS) algorithm [16], which considers both the number of common interests and the corresponding weights on them, to protect users' privacy without reliance on any Trusted Third Party.

III. PRELIMINARIES
In this section, some preliminaries about random walking and Paillier homomorphic encryption are briefly reviewed.

A. Truncated Random Walking Model
Since there is no direct attributes in our approach, another sort of attribute-like property to define the closeness between two users should be employed, that is results from random walking.So, some preliminaries about random walking model are briefly reviewed here.
, where V is a vertex set representing the social network users, and E is edge set representing the social relationships between users.The adjacent matrix is denoted as Then every node sends out W random walkers, and the random walker, who comes from user i v , is denoted as i w .And every random walker has a time-to-live (TTL) t , initially set to T , denoted as TTL wT  , which represents the hops number of every random walker can walk on the social graph.Once a node receiving a random walker, he records the ID of w and deducts its TTL t , and sends it to a random neighbor if 0 t  .We generate the random connection matrix as follows: Then random walkers go on random walking until 0 t  .

B. Paillier Homomorphic Encryption
The Paillier homomorphic encryption secure computation consists of the following stages.
 Key generation: The Key Generation Center (KGC) chooses two large prime numbers p and q , and computes N pq where   D  denotes the Paillier decryption operation.
Note that the entity who executes decryption does not learn the value of  used during encryption.The Paillier cryptosystem is probabilistic and semantically secure, because  is chosen randomly for every encryption.The Paillier cryptosystem has two useful properties.
 Homomorphic.For any 1 2 1 2 , , , , which implies that any ciphertext can be modified arbitrarily without knowing the plaintext.

A. Pre-processing of Random Walking Results
Through the execution of random walking algorithm stated in Section III, every online social network user (denoted as node i v ) should collect a set of random walkers.According to the identities of random walkers, every node can count the amount of walker j u issued by node j v .Next, this node forms a random walker vector u with j u , whose length is equal to V .
For example, a social network has 100 users, and user Alice has obtained a random walker set v .Then the corresponding random walker vector of Alice can be formed as

B. Computation of Closeness
With proper parameters W and T , the random walker issued by i v will more likely reach other nodes which is more close to i v .So that by inspecting the approximation of random walker vector u and v , namely 1  uv , we figure out how close node i v is with another node j v using 1 distance protocol [17].
Assume Alice is the resource owner and Bob is requestor.According to the random walk model described in section II, both of them have formed their own random walker vectors.The walker vectors of Alice and Bob are denoted as u , v respectively.On one hand, Alice has to compute the approximation of vector u and v to determine how they are close before she permits Bob's request; On the other hand, to prevent the privacy of Bob, v should not be presented to Alice directly.Fortunately, Paillier homomorphic encryption [18] can be used to deal with this dilemma.
One can see that Alice knows contains the cross terms and is unknown to both of Alice and Bob.For secure computation, Alice generates a public/ private key pair and shares only public key with Bob.Alice and Bob will follow the steps of the protocol for secure computation of the squared 2 distance as below.
For every   Bob transmits this result to Alice.One can see that the value of D  is implicit in the encryption result but is unknown to Bob, since he does not know the value of C  .

 
randomly and Note that, the value of  is also implicit in the encryption result but unknown to Alice because she does not know the value of B  .
Alice decrypts private key according to the decryption process of Paillier cryptosystem.
We can see that, this protocol does not reveal v to Alice or u to Bob.

C. Decision on Request
After the execution of computation of closeness, Alice would obtain the value of

  uv
, where A  is a permissible threshold set by Alice herself.If yes, she will allow Bob to access her data.Otherwise, she declines the request.

A. Data Sets and Preparation
We have implemented a preliminary prototype of the proposed scheme, which provides access control with privacy preserving.We use the Facebook friendship graph from the New Orleans regional network [20] to simulate the social graph in our scheme.This dataset describes the links between users from the Facebook New Orleans network, consisting of 63,732 nodes and 1.545 million edges.To show our experiment results clearly, only 100 access requests are shown.

Three parameters  
,, i WT need to be set initially before the experiments, where W is the random walker number of every node have issued, T represents time-to-live (TTL) of every random walker, and i  is the permissible threshold value set by node i v .Note that, in order to investigate how much the variation of parameters would affect the access control, we also set the value of  uniformly.When setting 10 W  and 10 T  , we have obtained100 approximation of 1 distances, who are shown in Table I.
We employ a variety of parameters combination to observe the influence on results.Firstly, we set     , , 10,10,5 i WT  , the outcome is shown as in Fig. 2, which depicts the number of passed the closed-relationship verification of access requests, such as the first dot in Fig. 2 represents two pairs of nodes could pass the access control when there are ten access requests.  .As shown in Fig. 3, the amount of passed requests is consistent with the variation of parameter W .This phenomenon is in accordance with our theoretical study.If W decrease, the amount of collected random walkers by every node would decrease as well.Since the number of common random walker is smaller, the amount of passed requests would be smaller than before when it proceeds to the computation of closeness.
Next, we investigate the influence from T .weset  One can see that the variation of the amount of passed requests is also consistent with the variation of parameter T .However, we have observed that the influence from T is much smaller than W 's when we decrease the same value of W and T .This is caused by chose relationship.So we have increased variation of T .Fig. 5.The number of passed the closed-relationship verification influenced by At last, we vary the value of parameter  .We set . Fig. 5 depicts the variation of the amount of passed requests is in the opposite trend of  's variation.This result is also consistent with our theoretical analysis.Although the amount of random walkers remains unchanged, when set the permissible threshold  to a smaller value, this means only those has much closer relationship with the owner can be allowed to access, so that the number of passed requests is smaller than before.Adamic et al. [21] has proposed a classical scheme (Adamic-Adar for short) to measure similarity between two users, and their scheme is based on common neighbors and the degrees of those common neighbors.The formulation expression of Adamic/Adar is: denotes the set of neighbors of node i in social graph.We have employed Adamic-Adar to evaluate the accuracy of our scheme.To find out which parameters setting is more practical for our proposed scheme in reality.We have counted the distribution of the similarity value in Adamic-Adar and our scheme.We have sampled the first ten percent, the middle ten percent and the last ten percent of the 100 similarity values to compare our scheme clearly.
After executing our scheme and computing the similarity of node pairs according to Adamic-Adar, we get the best parameter setting shown as in Fig. 6.One can see that the accuracy of our scheme is almost equal to the outcome of Adamic-Adar scheme when setting 10, 10 WT  .In this paper, a random walk based access control scheme is investigated in this paper. .The proposed novel approach employs random walking to form the profile for online social users.In terms of the formed profile, users can carry out access control according to the secure computation of closeness.Furthermore, the user can set the permissible threshold independently according to his access policy.In this way, the leakage of privacy existing in traditional attribute based access control has been removed.Experimental results show that the proposed scheme is reasonable and practical.In our future work, more efficient approach for computation of closeness will be investigated.

Fig. 1 .
Fig. 1.Social-attribute Network number, and   E  denotes the Paillier encryption operation. Decryption: Given a ciphertext 2 N c  .Then, the corresponding plaintext is given by walkers come from node 1

.
Note that Bob operates solely in the encrypted domain in this step, so the values of are unknown to him.www.ijacsa.thesai.

Fig. 2 .
Fig. 2. The number of passed the closed-relationship verification of access requests

Fig. 3 .
Fig. 3.The number of passed the closed-relationship verification influenced by W To figure out how much parameter W would affect the access control, we vary the value of W while keep T and  stable.We set     , , 5,10,5 WT  ,     , , 8,10,5 WT  and

.
The outcome shows as in Fig.4.

Fig. 4 .
Fig. 4. The number of passed the closed-relationship verification influenced by T www.ijacsa.thesai.org