Retrieving Hidden Friends: A Collusion Privacy Attack Against Online Friend Search Engine

Online social networks (OSNs) are providing a variety of applications for human users to interact with families, friends, and even strangers. One such application, the friend search engine, allows the general public to query individual users' friend lists and has been gaining popularity recently. However, without proper design, this application may mistakenly disclose users' private relationship information. Our previous work has proposed a privacy preservation solution that can effectively boost OSNs' sociability while protecting users' friendship privacy against attacks launched by individual malicious requestors. In this paper, we propose an advanced collusion attack, where a victim user's friendship privacy can be compromised through a series of carefully designed queries coordinately launched by multiple malicious requestors. The effect of the proposed collusion attack is validated through synthetic and real-world social network data sets. The in-depth research on the advanced collusion attacks will help us design a more robust and secure friend search engine on OSNs in the near future.