Conference Paper

Privacy preserving social networking through decentralization

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

The recent surge in popularity of on-line social network applications raises serious concerns about the security and privacy of their users. Beyond usual vulnerabilities that threaten any distributed application over Internet, on-line social networks raise specific privacy concerns due their inherent handling of personal data. In this paper we point to the centralized architecture of existing on-line social networks as the key privacy issue and suggest a solution that aims at avoiding any centralized control. Our solution is an on-line social network based on a peer-to-peer architecture. Thanks to its fully distributed nature, the peer-to-peer architecture inherently avoids centralized control by any potentially malicious service provider. In order to cope with the lack of trust and lack of cooperation that are akin to peer-to-peer systems and to assure basic privacy among the users of the social network, our solution leverages the trust relationships that are part of the social network application itself. Privacy in basic data access and exchange operations within the social network is achieved thanks to a simple anonymization technique based on multi-hop routing among nodes that trust each other in the social network. Similarly cooperation among peer nodes is enforced based on hop-by-hop trust relationships derived from the social network.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Moreover, those solutions still need certain additional infrastructure in the form of cryptographic key management and the client side tools to perform the encryption and decryption workload. Hence, recently, the issue of using decentralized infrastructures for organizing OSNs in a privacy-preserving manner, was addressed by the research community [45,50,88,114]. In [88], the authors perform an experimental evaluation of hosting OSN content from homes as a possible decentralized OSN with the motive of enabling the users to have full control on their content. They make use of social network workloads from YouTube and Flickr and the data of characteristics of home network infrastructures. ...
... Peers connect each other directly, exchange the content, and then disconnect. The work in [50] addresses privacy in OSNs by storing profile content in a P2P storage infrastructure. Each user in the OSN defines his own view ("matryoshka") of the system. ...
... In the DHT, an entry for a user with the list of nodes in the outermost ring is added. Thus, [50] achieves both content privacy (using encryption) and anonymity of searcher and hosting nodes, yet limited content discovery and profile availability, as opposed to our approach. DECENT [119] proposes a DHT based storage for OSNs with a special focus on security and privacy using encryption mechanisms. ...
... Användare som väljer att dela med sig av professionell information gör detta oftast för att etablera affärskontakter och väljer nätverk med yrkesmässig inriktning. De användare som väljer att dela med sig av privat information vill istället ha kontakt med vänner, familj och nya bekantskaper och väljer därmed nätverk som är mer inriktade på underhållning och bekantskapskretsar (Cutillo et al., 2009). ...
... Krishnamurthy och Willis (2008) påpekar dock att applikationer är en potentiell källa till informationsläckage, då de kan spåra användarens aktioner. Oron för säkerheten och privatlivet i applikationer förstärks än mer i sociala nätverk jämfört med andra distribuerade applikationer över Internet menar Cutillo et al. (2009), då de sociala nätverken har specifika sekretessfrågor till följd av deras hantering av personliga uppgifter. Till kategorin applikationer över Internet hör bland annat Wikipedia [6] och Google Calendar [7], men även webmail och online-auktioner hör hit. ...
... Informationen får alltså inte bli publik eller säljas vidare utan användarens medgivande (Danezis, 2009). Även möjligheten att dölja information från systemet skall finnas enligt Cutillo et al. (2009) som också menar att all information skall enligt standardinställningarna vara gömt, så att användaren själv får ändra inställningarna ifall han/hon vill att de skall vara publika. ...
... However, the intuition is that users do not breach the delegation responsibilities because of social pressure and monitoring. Alternative solutions, which employ encryption mechanisms for access control and content storage [8], not only involve complicated key management issues, but also, are highly inefficient in terms of storage overhead, as the same data item may need to be encrypted multiple times for different users with different access rights. However, trust in a user, may not translate to trust in his machine/ node. ...
... Recently, the issue of using decentralized infrastructures for organizing OSNs in a privacy-preserving manner, was addressed by the research community [22], [8], [23]. In [24], the authors perform an experimental evaluation of hosting OSN content from homes as a possible decentralized OSN. ...
... Peers connect each other directly, exchange the content, and then disconnect. The work in [8] addresses privacy in OSNs by storing profile content in a P2P storage infrastructure. Each user in the OSN defines his own view ("matryoshka") of the system. ...
Conference Paper
Full-text available
Unprecedented growth of online social networks (OSNs) increasingly makes privacy advocates and government agencies worrisome alike. In this paper, we propose My3, a privacy-friendly decentralized alternative for online social networking. The My3 system exploits well-known interesting properties of the current online social networks in its novel design namely, locality of access, predictable access times, geolocalization of friends, unique access requirements of the social content, and implicit trust among friends. It allows users to exercise finer granular access control on the content, thus making My3 extremely privacy-preserving. Moreover, we propose different replication strategies that users may independently choose for meeting their personalized performance objectives. A detailed performance study evaluates the system regarding profile availability, access delay, freshness and storage load. By using real-world data traces, we prove that My3 offers high availability even with low average online time of users in the network.
... This challenge motivated a number of works that proposed decentralized privacy schemes. Similar, in spirit, to decentralized approaches overcoming disadvantages of centralized approaches for privacy-related problems in many areas [24,17,12], LBSs user privacy protection can be achieved in a collaborative manner: without relying on an anonymizer. In particular, users can hide from the LBS server by obtaining LBS-provided information from their neighbors [29]. ...
... For example, the honest LBS responses can help finding out which of the contradictory responses to a query is/are bogus information. When a misbehavior is detected by a node, (12) it sends to the Resolution Authority (RA), the messages related to the misbehavior with pseudonyms attached. In case (13) the messages are proved to be related to a misbehavior case, (14) it sends the pseudonym (or multiple pseudonyms) to the PCA, and (15) the PCA derives the SN ticket of the ticket that had been used to issue the pseudonym. ...
Preprint
Full-text available
Location-based Services (LBSs) provide valuable services, with convenient features for users. However, the information disclosed through each request harms user privacy. This is a concern particularly with honest-but-curious LBS servers, which could, by collecting requests, track users and infer additional sensitive user data. This is the motivation of both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome the disadvantages of centralized schemes, eliminating anonymizers and enhancing users' control over sensitive information. However, an insecure decentralized system could pose even more serious security threats than privacy leakage. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. Our design leverages architectures proposed for large scale mobile systems, while it incurs minimal changes to LBS servers as it can be deployed in parallel to the LBS servers. This further motivates the adoption of our design, in order to cater to the needs of privacy-sensitive users. We provide an analysis of security and privacy concerns and countermeasures, as well as a performance evaluation of basic protocol operations showing the practicality of our design.
... Beyond the usual vulnerabilities that threaten any distributed application over the Internet, online social networks raise specific privacy concerns due to their inherent handling of personal data [1]. Social network penetration worldwide is ever-increasing. ...
... Social network penetration worldwide is ever-increasing. In 2021, it is projected that there will be about 3.02 billion social media users 1 . This expansion will have a direct impact on the privacy and trust exhibited by users of these systems. ...
... Safebook [79,80,81] provides access control via a set of nested rings called a matryoshka within an overlay network above a peer-to-peer overlay network. These rings consist of concentric circles of friendship relations: close friends, friends of close friends, etc. ...
... The correct operation of the P2P overlay requires a "Trusted Identification Service" to guard against Sybil attacks [93] and impersonation. The authors claim that "this does not contrast [sic] our goal of privacy preservation through decentralization" [81] because "this service's jusrisdiction [sic] is limited to the purpose of authentication" [80], but the TIS is capable of violating the policy that "only trusted contacts of a node are able to link" that node's user ID and P2P node ID. Either this policy is important or it is not; the authors of Safebook want to have it both ways. ...
Article
In this dissertation, I enumerate several privacy problems in online social networks (OSNs) and describe a system called Footlights that addresses them. Footlights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today's centralised OSNs, but it does not trust centralised infrastructure to enforce security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users' interactions with OSNs, providing real control over online sharing. I also demonstrate that today's OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights' storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year. It is the foundation for a practical shared filesystem, a perfectly unobservable communications channel and a distributed application platform. The Footlights application platform allows third-party developers to write social applications without direct access to users' private data. Applications run in a confined environment with a private-by-default security model: applications can only access user information with explicit user consent. I demonstrate that practical applications can be written on this platform. The security of Footlights user data is based on public-key cryptography, but users are able to log in to the system without carrying a private key on a hardware token. Instead, users authenticate to a set of authentication agents using a weak secret such as a user-chosen password or randomly-assigned 4-digit number. The protocol is designed to be secure even in the face of malicious authentication agents.
... This challenge motivated a number of works that proposed decentralized privacy schemes. Similar, in spirit, to decentralized approaches overcoming disadvantages of centralized approaches for privacy-related problems in many areas [12,17,24], LBSs user privacy protection can be achieved in a collaborative manner: without relying on an anonymizer. In particular, users can hide from the LBS server by obtaining LBS-provided information from their neighbors [29]. ...
... When a misbehavior is detected by a node, (10) it sends to the Resolution Authority (RA), the messages related to the misbehavior with pseudonyms attached. In case (11) the messages are proved to be related to a misbehavior case, (12) it sends the pseudonym (or multiple pseudonyms) to the PCA, and (13) the PCA derives the SN ticket of the ticket that had been used to issue the pseudonym. (14)(15) With the help of the LTCA, the misbehaving node is exposed (and possibly evicted from the system). ...
Chapter
Full-text available
Location-based Services (LBSs) provide valuable services, with convenient features for users. However, the information disclosed through each request harms user privacy. This is a concern particularly with honest-but-curious LBS servers, which could, by collecting requests, track users and infer additional sensitive user data. This is the motivation of both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome the disadvantages of centralized schemes, eliminating anonymizers and enhancing users’ control over sensitive information. However, an insecure decentralized system could pose even more serious security threats than privacy leakage. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. Our design leverages architectures proposed for large scale mobile systems, while it incurs minimal changes to LBS servers as it can be deployed in parallel to the LBS servers. This further motivates the adoption of our design, in order to cater to the needs of privacy-sensitive users. We provide an analysis of security and privacy concerns and countermeasures, as well as a performance evaluation of basic protocol operations showing the practicality of our design.
... Due to the private nature of the shared information, data privacy is an indispensable security requirement in OSN applications. For solving the privacy-related problem, scholars use some valuable methods such as oblivious transfer (OT) [1], identity-based encryption (IBE) [2], searchable encryption [3], privacy-preserving profiles searching (PPPS) [4], access-right revocable scheme [5], middleware for mobile social networking [6], privacy-preserving matchmaking protocol [7], and decentralization-based scheme [8]. ...
... A decentralization-based scheme [8], for privacy issue, suggests a peer-to-peer architecture solution to avoid centralized control for the existing online centralized architecture. It is based on hop-by-hop trust relationships. ...
Article
Full-text available
The increase of mobile device use for social interaction drives the proliferation of online social applications. However, it prompts a series of security and existence problems. Some common problems are the authenticity of social contacts, the privacy of online communication, and the lack of physical interaction. This work presents mobile private matchmaking protocols that allow users to privately and immediately search the targets which match their planning purposes via mobile devices and wireless network. Based on social networks, the relationships of targets can be unlimited or limited to friends or friends of friends. It considers the privacy of users and the authenticity of friendships. The privacy means that no private information, except chosen targets, is leaked and the authenticity that signifies no forgery relationships can be successfully claimed. It applies to many applications such as searching for a person to talk to, to dine with, to play games with, or to see a movie with. The proposed scheme is demonstrated to be secure, effective, and efficient. The implementation of the proposed algorithms on Android system mobile devices allows users to securely find their target via mobile phones.
... The model can be instantiated to express policies which are currently not supported by Facebook and gives a formal framework for the analysis of such policies in other OSNs. In [8] decentralization is used to construct a privacypreserving OSN. Centralization is seen as the key privacy issue because a potentially malicious service provider is in control of all data. ...
... Safebook [Cutillo et al., 2009b;Cutillo et al., 2009a] is a decentralized OSN, which uses a peer-topeer architecture to get rid of a central, omniscient authority. Safebook has three main components: a trusted identification service for certification of public keys and the assignment of pseudonyms; matryoshkas, a set of concentric shells around each user, which serve to replicate the profile data and anonymizes traffic; and a peer to peer substrate (e.g., DHT) for the location of matryoshkas that enables access to profile data and exchange messages. ...
Article
Full-text available
Online Social Networks (OSN) are a permanent presence in today's personal and professional lives of a huge segment of the population, with direct consequences to offline activities. Built on a foundation of trust-users connect to other users with common interests or overlapping personal trajectories-online social networks and the associated applications extract an unprecedented volume of personal information. Unsurprisingly, serious privacy and security risks emerged, positioning themselves along two main types of attacks: attacks that exploit the implicit trust embedded in declared social relationships; and attacks that harvest user's personal information for ill-intended use. This article provides an overview of the privacy and security issues that emerged so far in OSNs. We introduce a taxonomy of privacy and security attacks in OSNs, we overview existing solutions to mitigate those attacks, and outline challenges still to overcome.
... SNS makes it possible to make new contacts online and to establish communication with government agencies, companies, and celebrities. In addition, users are able to share many kinds of content on an SNS [1,2]. However, these contents are stored in a "Temporary Internet Files" folder on the user's PC when the user accesses another SNS user's content. ...
Article
Full-text available
A social networking service (SNS) is an open service that enables its users to communicate freely without being constrained by time or space. In an SNS, users can share various types of content (such as pictures and videos) with government agencies, celebrities, and many other users online. If a person is able to access the content of another user, that content is automatically downloaded and stored in the "Temporary Internet Files" folder in the SNS user's PC. Moreover, the content stored in this folder remains there even when the content owner removes it from his SNS. Thus, the stored content is vulnerable to an invasion of privacy due to malicious user abuse. To address this possibility, we propose a content reuse prevention scheme based on digital right management (DRM) techniques to solve the problem of the unwanted reuse of stored content in a malicious user's "Temporary Internet Files" folder.
... Online social network (OSN) is defined as a digital representation of the relations between registered entities, individuals or institutions [1] used to maintain, strengthen, and support offline social relations. ...
Article
Full-text available
Online social networks (OSNs) contain data about users, their relations, interests and daily activities andthe great value of this data results in ever growing popularity of OSNs. There are two types of OSNs data,semantic and topological. Both can be used to support decision making processes in many applicationssuch as in information diffusion, viral marketing and epidemiology. Online Social network analysis (OSNA)research is used to maximize the benefits gained from OSNs’ data. This paper provides a comprehensive study of OSNs and OSNA to provide analysts with the knowledge needed to analyse OSNs. OSNs’internetworking was found to increase the wealth of the analysed data by depending on more than one OSNas the source of the analysed data. Paper proposes a generic model of OSNs’ internetworking system that an analyst can rely on. Twodifferent data sources in OSNs were identified in our efforts to provide a thorough study of OSNs, whichare the OSN User data and the OSN platform data. Additionally, we propose a classification of the OSNUser data according to its analysis models for different data types to shed some light into the current usedOSNA methodologies. We also highlight the different metrics and parameters that analysts can use toevaluate semantic or topologic OSN user data. Further, we present a classification of the other data typesand OSN platform data that can be used to compare the capabilities of different OSNs whether separate orin a OSNs’ internetworking system. To increase analysts’ awareness about the available tools they can use,we overview some of the currently publically available OSNs’ datasets and simulation tools and identifywhether they are capable of being used in semantic, topological OSNA, or both. The overview identifiesthat only few datasets includes both data types (semantic and topological) and there are few analysis toolsthat can perform analysis on both data types. Finally paper present a scenario that shows that an integration of semantic and topologic data (hybrid data) in the OSNA is beneficial.
... Fortunately, private matching schemes provide many solutions for privacy protection, such as Freedman et al's FNP protocol [14], the hash protocol (HP) [18], AgES [1] and Chious RR-FDS [6]. These techniques are becoming increasingly mature and have become a part of everyday life [5,7,10,21,28]. However, these discussions of such private matching schemes are usually limited to interaction between two parties. ...
Article
Full-text available
Social networking sites have emerged as a powerful tool for maintaining contact and sharing information between people, allowing users to quickly and easily communicate and interact over the Internet. However, such services have raised serious privacy concerns, especially in terms of ensuring the security of users’ personal information in the process of data exchange while also allowing for effective and complete data matching. Many studies have examined privacy matching issues and proposed solutions which could be applied to the current private matching issue. However, these solutions are almost entirely based on dual-matching designs. Therefore, this paper proposes a tripartite privacy matching protocol between common friends. In contexts with multiple users, this protocol searches for matching problems for common friends to produce a new solution. This approach does not rely on a trusted third party, and can be used on most mobile devices. In addition to providing outstanding operating performance and effective communication, this approach also accounts for context-specific privacy preservation, mutual authentication, mutual friendship certification, prevention of privacy spoofing and replay attack resistance, allowing users to safely and effectively identify mutual friends. The proposed methods are shown to be secure and efficient, and are implemented in mobile phones that allow users to find common friends securely in seconds. To the best of our knowledge, this is the first work done on mobile common friends discovery for three parties with advanced privacy preservation.
... A:2 • S. Roos and T. Strufe or peer-to-peer OSNs [Buchegger et al. 2009;Cutillo et al. 2009] avoid data collection at one central point, but arbitrary participants can track others. Darknets by design protect users from being tracked by a foreign party, be it a governmental or commercial institution or a curious individual. ...
Article
Darknets, membership-concealing peer-to-peer networks, suffer from high message delivery delays due to insufficient routing strategies. They form topologies restricted to a subgraph of the social network of their users by limiting connections to peers with a mutual trust relationship in real life. Whereas centralized, highly successful social networking services entail a privacy loss of their users, Darknets at higher performance represent an optimal private and censorship-resistant communication substrate for social applications. Decentralized routing so far has been analyzed under the assumption that the network resembles a perfect lattice structure. Freenet, currently the only widely used Darknet, attempts to approximate this structure by embedding the social graph into a metric space. Considering the resulting distortion, the common greedy routing algorithm is adapted to account for local optima. Yet the impact of the adaptation has not been adequately analyzed. We thus suggest a model integrating inaccuracies in the embedding. In the context of this model, we show that the Freenet routing algorithm cannot achieve polylog performance. Consequently, we design NextBestOnce, a provable poylog algorithm based only on information about neighbors. Furthermore, we show that the routing length of NextBestOnce is further decreased by more than a constant factor if neighbor-of-neighbor information is included in the decision process.
... In [24], another privacy-preserving decentralized OSN is presented. Trust relationships from the real social networks are used to create anonymization through multi-hop routing between trusted peers. ...
Thesis
Full-text available
Online social networks (OSNs) are used worldwide and currently have around 4.2 billion active users. On average, users spend more than two hours a day on these platforms; for example, to consume news, communicate with friends, or share pictures and videos. The operators collect all kind of personal data shared and created by their users that are interesting in the eyes of advertisers and other parties. When such data ends up with third parties, the privacy of the users is attacked. This work focuses on protecting communication data in these networks to ensure users privacy. For this purpose, four different systems are presented to encrypt communication and safeguard other information exchange on OSNs. The first system enables end-to-end encrypted chatrooms for communication within OSNs or as a standalone program. As the users of the rooms change, new keys are distributed among the participants so that users are only able to decrypt messages that were sent during the time when they are participating in a chatroom. In the second system, information in forums, wikis, or groups within OSNs is encrypted. In this case, the ciphertexts are modified by the server so that each user receives unique ciphertexts. The parameters can be deleted to destroy the keys obtained. In the third system, a quorum system is used to manage access rights and decrypt content of an OSN. Again, encryption parameters can be deleted from the server to revoke the distributed keys of participants. In addition to encryption, the fourth system also allows metadata to be obfuscated. This means that neither the operator nor any other party can deduce which users are communicating with each other or what data they are accessing. For this purpose, random addresses are created on the server, which can only be read or modified by proving knowledge of a private key associated with the address. The second part describes secure recovery procedures of private keys and passwords. Normally, when private keys are lost, access to private encrypted communication is no longer possible. For this purpose, novel types of shares for the secret sharing schemes of Shamir and Simmons are presented: redundant shares are considered only once when recovering a secret and they are therefore arbitrarily interchangeable. On the other hand, crucial shares are always required during recovery and cannot be replaced. Subsequently, protocols are presented on how private keys can be recovered using a combination of two different secret sharing schemes. Parts of the keys can be recovered even though the number of collaborating shareholders is lower than the actual threshold value.
... It has proposed the corresponding solutions in paper [15][16] adjective node as long as gets user's part information can do some attack after the massive data release. ...
Article
With the advent of the big data era, people's lifestyles are quietly changing. Social networking has become an Indispensable part, but there is a great leaks risk of user's privacy in social network. Based on the problems of big data, social network big data and privacy data on the social network, this paper has analyzed privacy protection methods and problems in traditional social network, described the current privacy protection research status and its key technologies of social network in current big data environment, given the future development direction. Only the effective privacy protection technologies combined with related policies and regulations, the problem of personal user information security can be solved. It can provide protection for the healthy development of social networks on big data era.
... They contended that it is important that such solutions be accepted as mobile social networks continue to grow exponentially. (Molva & Strufe, 2009) pointed out that centralized architecture of existing on-line social networks as the key privacy issue and suggested a solution that aimed at avoiding any centralized control. Their solution was an on-linenetwork based on peer-to-peer architecture. ...
Chapter
Full-text available
Social Networking Sites (SNS) users are concerned of their Internet privacy and security and intend to achieve total anonymity while communicating online. In order to keep their information private, they need to be careful on what they submit and look at online. Hence it becomes important to study these security and privacy issues for the better management of future internet search and access. We attempt to study the behavior of users towards security and privacy issues on social networking sites across various demographics selected for the study. 200 questionnaires were distributed among the various majors in the five major cities of Rajasthan and of which only 128 responses were complete in all respects and hence were considered for the study. Cronbach alpha values were found to be 0.78 indicating the data to be reliable. F-test ANNOVA was used to find out the significance of association/ non association between the variables selected for the study. It was found that users of SNS were fearful about photos and other articles being downloaded , about information displayed being inappropriately used by others about intellectual rights being infringed, copied or abused by others, about identity theft, profiling or phishing and a significant concern that the SNS provider might divulge information to other parties without ones' explicit consent. Different demographics have a different impact on the perception towards security and privacy issues. The concern towards who one was talking to when online was less but in the other cases the concern was significantly high.
... Nevertheless, privacy exposure is still a problem, becomes sensitive data generated by users stores in central server. To overcome this problem, many previous researches suggest decentralized system SNS [3], [4], [5]. Unlike the centralized system, the systems have the concept of peer to peer network. ...
... Ideal SNS should fulfill the following privacy requirements [11]: 1. End-to-end Confidentiality: All interactions are needed to be confidential and only sender and receiver should have access to data. ...
Article
Full-text available
Social Networking Sites (SNS) are being used for over a decade, and has exponentially grown in popularity in the recent few years. They are web based services that allow individuals to: (a) make a public or semipublic profile (b) share contents with many users (c) view and traverse other user list. SNS allow users to connect, share information and other comments, chat, play games, and even add comments. Social networking sites are very useful in sharing information, making friends and keeping in touch with old friends. It is an online service, platform, or site that focuses on facilitating the building of social networks and social elation among peoples for sharing interests, activities, backgrounds, or real-life connections. But with the increasing demand of social networking sites (SNS) privacy and security concern have also increased. The focus of our study is to measure the amount of Privacy in SNS, and based on these current techniques and attack strategies I propose a model designed in PHP to handle the privacy and security issues of SNS's. We propose a policy based infrastructure, with the help of a SNS designed in PHP, that allows: 1. Users to express their privacy preferences with respect to who can access their data and for what purpose. 2. Data provider support to enforce user privacy preferences, and supporting additional access models. 3. Handling privacy issues and access of data in SNS.
... The analysis of these data is obvious to address various important problems such as disease transmission, fraud detection, accurate marketing, and many others. The demand for privacy protection has led to the rapid development of algorithms for safely releasing of network data or the aggregation of network data (Zhou, Pei, and Luk 2008;Yuan, Lei, and Yu 2010;Cutillo, Molva, and Strufe 2010;Lu and Miklau 2014). At the same time, analysis based on noisy data presents challenges for statistical inference. ...
Article
In the case of differential privacy under the Laplace mechanism, the asymptotic properties of parameter estimator have been derived in some special models such as β− model, but under a general noisy mechanism, the results are lacking. In this article, we release the degree sequences of undirected weighted networks under a general noisy mechanism with the discrete Laplace mechanism as a special case. We establish a unified asymptotic result including the consistency and asymptotically normality of the parameter estimator. We apply it to the β− model, log -linear model, maximum entropy models with discrete weights.
... Several approaches to decentralize this architecture have been reported in the literature. Cutillo et al. (2009) apply the model of privacy preservation in OSN, while a de-anonymization attack model has been proposed by Wondracek et al. (2010). In Tai et al. (2011) a scheme that re-identifies victims using adversary's information was ...
Article
Full-text available
The global computing scale of the Internet has made it possible for users globally to Ubiquitously Interact Socially (UIS). This level of interaction and its gains have influenced the cases of privacy disclosures and data breaches, which are rampant due to the vulnerability of users' personal information. The centralized architecture that drives UIS also contributed to this influence. There are also documented evidences of efforts to deal with this and enforce Sensitive Data Protection (SDP). Of particular interest in this paper is the use of the Theoretic of Leveraging the Technology of Blockchain (ToLToB) due to the synergistic techniques it offers to realise SDP. However, the right requirements and methods of elicitation must be applied to use the ToLToB in order to provide deployable software artifacts for SDP among untrusted peers. Interestingly, there is yet no known systematic approach to the best of the authors' knowledge to elicit suitable requirements to use the ToLToB within the context of softwarization for SDP. To fill this gap, this work presents a user requirement engineering-based framework that is reproducible going by the outcomes from its use. These outcomes and paper's contribution include a taxonomy, scenarios, functional and non-functional requirements, and examples profiling of attackers. In the future, personas will be extensively considered along with analysis using theoretic models to further expand and deepen the knowledge and understanding of specific protection mechanisms for online sensitive data. Resumen El desarrollo informático global y el uso de Internet han hecho posible que los usuarios de todo el mundo interactúen socialmente de forma ubicua (UIS). Este nivel de interacción y sus beneficios han influido en la divulgación de privacidad y violaciones de datos, debido a vulnerabilidad, obteniéndose informaciones personales de los usuarios. La arquitectura centralizada que impulsa a UIS también contribuyó a esta influencia. También hay evidencias documentadas de esfuerzos para mitigar y hacer cumplir la Protección de Datos Sensibles (SDP). De particular interés en este artículo es el uso de la Teoría del Aprovechamiento de la Tecnología de Blockchain (ToLToB) debido a las técnicas sinérgicas que ofrece para realizar SDP. Sin embargo, se deben aplicar los requisitos y métodos de obtención correctos para usar ToLToB a fin de proporcionar artefactos de software implementados para SDP entre pares que no son de confianza. Curiosamente, todavía no existe un enfoque sistemático conocido en el mejor de los conocimientos de los autores para obtener los requisitos adecuados para utilizar ToLToB en el contexto del desarrollo de Esta obra está bajo una licencia Creative Commons de tipo Atribución 4.0 Internacional (CC BY 4.0) Grupo Editorial "Ediciones Futuro" Universidad de las Ciencias Informáticas. La Habana, Cuba seriecientifica@uci.cu 2 software para SDP. Para llenar este vacío, este trabajo presenta un marco basado en ingeniería de requisitos de usuario que es reproducible según los resultados de su uso. Estos resultados y la contribución del documento incluyen una taxonomía, escenarios, requisitos funcionales y no funcionales y ejemplos de perfiles de atacantes. En el futuro, las personas se considerarán ampliamente junto con el análisis utilizando modelos teóricos para ampliar y profundizar aún más el conocimiento y la comprensión de los mecanismos de protección específicos para datos sensibles en línea. Palabras clave: Internet y tecnología de la información; Requerimientos funcionales; Tecnología Blockchain; Protección de datos sensibles; Ingeniería de requisitos.
... The model can be instantiated to express policies which are currently not supported by Facebook and gives a formal framework for the analysis of such policies in other OSNs. In [8] decentralization is used to construct a privacypreserving OSN. Centralization is seen as the key privacy issue because a potentially malicious service provider is in control of all data. ...
Preprint
When using Online Social Networks, users often share information with different social groups. When considering the backgrounds of the groups there is often no or little intersection within the members. This means that a user who shares information often has to share it with all members of all groups. It can be problematic that the user cannot decide which group sees which information. Our approach therefore, allows users to decide for every bit of information who can access it. Further, protected circles can be created, where users can share information within. Shared information and circles are encrypted and the keys can be distributed by proxies.
... However, these adjustments provided little relief to the issues of privacy and intellectual property. Other research tackled the privacy issues with web-based SONs, but they demonstrated very limited control over the webbased SONs [10]. ...
Conference Paper
ABSTACT With the emergence of Facebook, Twitter, and LinkedIn, web-based social online networks have become increasingly popular among users worldwide as a way to connect with friends, family, and colleagues. There are however some serious drawbacks with many of these social online networks; including false user identity, security of private data, server farms' consumption of energy, etc. This paper proposes a Decentralized BitTorrent Social Online Network that builds on open source protocol. The design goals of this novel model confidentiality, integrity, scalability, and authenticity.
Chapter
Recently, Social Network Service market is getting bigger and bigger. Then there are many security threats by malicious users. In addition, because sensitive data is concentrated on the central server, privacy can be exposed to SNS provider as well as malicious users. To overcome this problem, many previous researches suggest decentralized systems for SNS. In these systems, sensitive data may not be stored in central server. When a user transmits a message, the server does not interfere with the process. Thus, the user who transmits a message needs way to manage the keys that are used for message encryption scheme. In this paper, we suggest the efficient key management scheme using Dynamic Identity-Based Broadcast Encryption. Using this scheme, it is possible to communicate securely between users in decentralized social network.
Article
Finding common items privately usually assumes the existence of a trusted infrastructure. However, a social proximity has to hold personal data in its database. It causes some concerns about data leakage from server database, trustfulness of the social proximity, unwilling disclosure of personal friendship, etc. The authenticity between users and the ownership of items also remain a difficult problem. This work presents private common friend matching algorithms that allow users to privately and immediately match their common friends via mobile devices or via remote connection. It considers the privacy of users and the authenticity of friend relationships, where the privacy means no private items, except common ones, is leaked, and the authenticity signifies no forgery relationships can be successfully claimed. Besides that, the matching probability shows its practicality. The algorithms are demonstrated to be secure, effective, and efficient. The implementation on mobile devices allows users securely finding their common friends.
Article
In the past few years, there has been a substantial growth in the number of users who employ social network services (SNS) for communicating and sharing information with their friends. Notwithstanding many plus points of SNSs, they have some drawbacks which can be potentially misused by perpetrators for their destructive goals. Owing to a massive amount of personal data stored and exchanged on SNSs and the simplicity of gaining access to the vast majority of data using illegitimate methods like social engineering techniques, these services are highly vulnerable to privacy intrusion threats. Moreover, the tremendous number of users of SNSs and a variety of communication features provided by these services, make SNSs as a suitable target for virus authors to employ them for infecting users' machines. This paper investigates threats, vulnerabilities, and risks that endanger privacy of SNS users. It also encompasses techniques used by cybercriminals for propagating malicious software (malware) and launching attacks against victims' machines through these services. The paper eventually presents a set of recommendations to eliminate or mitigate the privacy and malware risks of SNS.
Article
This paper presents a novel key issuing scheme for distributed online social networks based on identity-based encryption (IBE). The scheme involves two essential objects, Key Privacy Authority (KPA) and Privacy Chum (PC). KPA and PC cannot impersonate network users to obtain users' private keys. The experiment results indicate that the scheme is feasible and efficient, and it can sustain large-scale online social networks
Conference Paper
The use of social networks has grown exponentially in recent years, and these social networks continue to have an ever-increasing impact on human lives. There are many concerns regarding the privacy of users in these environments, such as how trustworthy the social network operators are, in addition to the external adversaries. In this paper we propose a new architecture for online social networking, based on distributed cloud-based datacenters and using secret sharing as the method of encrypting user profile data, for enhanced privacy and availability. This proposed architecture is theoretically analyzed for its security and performance along with some experimental analysis. We show that the proposed architecture is highly secure at an acceptable level of time complexity overhead in comparison to existing online social networks, as well as the models proposed in previous studies targeting the same research problem.
Article
An Online Social Network (OSN) is a platform to build social networks or social relations among people. The OSN’s allow users to share interests, activities, social details and professional details. Some of the OSN’s that are currently being used are Facebook, Twitter, Orkut etc. The major problem of social networks is providing privacy to the users. Social privacy, institutional privacy and surveillance are the key problems that are being faced by the OSN users. We developed a novel method to provide institutional privacy and surveillance to the OSN users. We introduced a new algorithm HSurveillance, which effectively implements the surveillance in OSN. The institutional privacy is provided to the users using locking mechanism. We believe that the proposed method will resolve the key security and privacy problems experienced by the OSN users.
Article
Recent scientific results have shown that social network Likes, such as the "Like Button" records of Facebook, can be used to automatically and accurately predict even highly sensitive personal attributes. Although this could be the goal of a number of non-malicious activities, to improve products, services, and targeting, it represents a dangerous invasion of privacy with possible intolerable consequences. However, completely defusing the information power of Likes appears improper. In this paper, we propose a protocol able to keep Likes unlinkable to the identity of their authors, in such a way that the user may choose every time she expresses a Like, those non-identifying (even sensitive) attributes she wants to reveal. This way, analysis anonymously relating Likes to various characteristics of people is preserved, with no risk for users' privacy. The protocol is shown to be secure and also ready to the possible future evolution of social networks towards P2P fully distributed models.
Article
Recently, social network sites are very popular with the enhancement of mobile device function and distribution. This gives rise to the registrations of the people on the social network sites and the usage of services on the social sites is also getting active. However, social network sites` venders do not provide services enough compared to the demand of users` to share contents from diverse roots by users effectively. In addition, the personal information can be revealed improperly in processes sharing policies and it is obvious that it raises a privacy invasion problem when users access the contents created from diverse devices according to the relationship by policies. However, the existing methods for the integration management of social network are weak to solve this problem. Thus, we propose a model to preserve user privacy, categorize contents efficiently, and give the access control permissions at the same time. In this paper, we encrypt policies and the trusted third party classifies the encrypted policies when the social network sites share the generated contents by users. In addition, the proposed model uses the RCBAC model to manage the contents generated by various devices and measures the similarity between relationships after encrypting when the user policies are shared. So, this paper can contribute to preserve user policies and contents from malicious attackers.
Chapter
Full-text available
This work covers the research work on decentralization of Online Social Networks (OSNs), issues with centralized design are studied with possible decentralized solutions. Centralized architecture is prone to privacy breach, p2p architecture for data and thus authority decentralization with encryption seems a possible solution. OSNs' users grow exponentially causing scalability issue, a natural solution is decentralization where users bring resources with them via personal machines or paid services. Also centralized services are not available unremittingly, to this end decentralization proposes replication. Decentralized solutions are also proposed for reliability issues arising in centralized systems and the potential threat of a central authority. Yet key to all problems isn't found, metadata may be enough for inferences about data and network traffic flow can lead to information on users' relationships. First issue can be mitigated by data padding or splitting in uniform blocks. Caching, dummy traffic or routing through a mix of nodes can be some possible solutions to the second.
Article
In the case of the differential privacy under the Laplace mechanism, the asymptotic properties of parameter estimators have been derived in some special network models with common binary values, but the asymptotic properties in network models with the ordered values are lacking. In this paper, the authors release the degree sequences of the ordered networks under a general noisy mechanism with the discrete Laplace mechanism as a special case. The authors establish the asymptotic result including the consistency and asymptotical normality of the parameter estimator when the number of parameters goes to infinity. Simulations and a real data example are provided to illustrate asymptotic results.
Chapter
Online social networks are used frequently: staying in contact with friends and sharing experiences with them is very important. However, users are increasingly concerned that their data will end up in the hands of strangers or that personal data may even be misused. Secure OSNs can help. These often use encryption to keep the communication between the participants incomprehensible to outsiders. However, participants in such social networks cannot be sure that their data is secure. Various approaches show that even harmless-looking metadata, such as the number of contacts of a user, can be evaluated to draw conclusions about a user and the communication. These attack methods are analyzed and existing secure OSNs are examined, whether these attack methods can be utilized to violate the user’s privacy. To prevent these privacy attacks, protocols for a secure centralized OSN are developed. Metadata is obscured in the presented OSN and end-to-end encryption is used for secure communication. Additionally, communication channels are concealed like in mix networks such that adversaries cannot determine which user is accessing which data or which user is communicating with whom even with full access to the server.
Article
Full-text available
Affiliation network is one kind of two-mode social network with two different sets of nodes (namely, a set of actors and a set of social events) and edges representing the affiliation of the actors with the social events. The asymptotic theorem of a differentially private estimator of the parameter in the private \(p_{0}\) model has been established. However, the \(p_{0}\) model only focuses on binary edges for one-mode network. In many case, the connections in many affiliation networks (two-mode) could be weighted, taking a set of finite discrete values. In this paper, we derive the consistency and asymptotic normality of the moment estimators of parameters in affiliation finite discrete weighted networks with a differentially private degree sequence. Simulation studies and a real data example demonstrate our theoretical results.
Chapter
Data privacy plays a noteworthy part in today's digital world where information is gathered at exceptional rates from different sources. Privacy preserving data publishing refers to the process of publishing personal data without questioning the privacy of individuals in any manner. A variety of approaches have been devised to forfend consumer privacy by applying traditional anonymization mechanisms. But these mechanisms are not well suited for Big Data, as the data which is generated nowadays is not just structured in manner. The data which is generated at very high velocities from various sources includes unstructured and semi-structured information, and thus becomes very difficult to process using traditional mechanisms. This chapter focuses on the various challenges with Big Data, PPDM and PPDP techniques for Big Data and how well it can be scaled for processing both historical and real-time data together using Lambda architecture. A distributed framework for privacy preservation in Big Data by combining Natural language processing techniques is also proposed in this chapter.
Chapter
Data privacy plays a noteworthy part in today's digital world where information is gathered at exceptional rates from different sources. Privacy preserving data publishing refers to the process of publishing personal data without questioning the privacy of individuals in any manner. A variety of approaches have been devised to forfend consumer privacy by applying traditional anonymization mechanisms. But these mechanisms are not well suited for Big Data, as the data which is generated nowadays is not just structured in manner. The data which is generated at very high velocities from various sources includes unstructured and semi-structured information, and thus becomes very difficult to process using traditional mechanisms. This chapter focuses on the various challenges with Big Data, PPDM and PPDP techniques for Big Data and how well it can be scaled for processing both historical and real-time data together using Lambda architecture. A distributed framework for privacy preservation in Big Data by combining Natural language processing techniques is also proposed in this chapter.
Chapter
Complex networks are characterized by having a scale-free power-law (PL) degree distribution, a small world phenomenon, a high average clustering coefficient, and the emergence of community structure. Most proposed models did not incorporate all of these statistical properties and neglected incorporating the heterogeneous nature of network nodes. Even proposed heterogeneous complex network models were not generalized for different complex networks. We define a novel aspect of node-heterogeneity which is the node connection standard heterogeneity. We introduce our novel model “settling node adaptive model” SNAM which reflects this new nodes' heterogeneous aspect. SNAM was successful in preserving PL degree distribution, small world phenomenon and high clustering coefficient of complex networks. A modified version of SNAM shows the emergence of community structure. We prove using mathematical analysis that networks generated using SNAM have a PL degree distribution.
Chapter
Despite research work achieving progress in preserving the privacy of user profiles and visual surveillance, correcting problems in social media have not taken a great step. The reason is the lack of effective modelling, computational algorithms, and resultant evaluations in quantitative research. In this article, the authors take social media into consideration and link users together under the umbrella of social networks so as to exploit a way that the potential problems related to media privacy could be solved. The author’s contributions are to propose tensor product-based progressive scrambling approaches for privacy preservation of social media and apply our approaches to the given social media which may encapsulate privacy before being viewed so as to achieve the goal of privacy preservation in anonymity, diverse and closeness. These approaches fully preserve the media information of the scrambled image and make sure it is able to be restored. The results show the proposed privacy persevering approaches are effective and have outstanding performance in media privacy preservation.
Article
Full-text available
Social network is term used to refer to the social structure that is made up of a set of social actors. The social actors in this case include organizations or individuals. Social networks allow people to interact and socialize as they get to learn and know each other. Through social networking sites, people from different parts of a country or the world also get to meet and interact. However, there have been issues with regards to social network privacy for those who use the internet to use social network sites. This paper will look at some of the factors that affect trust of the users as well as the privacy issues related to social networks (Fernandez, 2009).
Article
Over the past decade, the way people communicate, share content and eventually conduct business has been disrupted by social networking platforms. By bringing together pervasive social computing with social networking under a common modelling methodology and common social rules based on human activities in accordance with the Activity Theory, our work aims at contributing to the standardisation of the Social Web in a way that is independent from proprietary solutions, interoperable and semantically rich for applications beyond social networking. The concept of a Social Agent is introduced as a set of micro-services to handle digital traces of human activities for further analysis, respecting both users’ privacy and the business models of companies that build personalised services or applications in the web. In this paper, the landscape of social networking, social pervasive computing and social agency is presented in detail, the research questions driving our work are explained and the fundamentals of a Social Agent along with the pervasive social network it may build are set. A quantitative evaluation based on the Technology Acceptance Model methodology is implemented on a sample of 200 interviewees, evaluating the concepts of the Social Agent, while its technical feasibility is proven and presented through a prototype.
Conference Paper
P2P SN is emerging as a promising technique for allowing to members to exchange messages or files to a members of group However, the growing number of users who use DSN for sending and receiving messages or sharing their files is increasingly challenging users' privacy and security. In this paper, we propose a flexible privacy-preserving file sharing scheme over DSN that ensures both semantic security and effective availability of receivers. We call the proposed scheme as Partitioned scheme. In this paper, we suggest the partitioned scheme using Dynamic Identity-Based Broadcast Encryption for encryption in P2P SN. The system does not have the central server, each user has a key and roll to decrypt a special part of your file. This paper focuses on providing a dependable and secure DSN file sharing service that allows users' group dynamic access to that shared files.
Article
Full-text available
This publication contains reprint articles for which IEEE does not hold copyright. Full text is not available on IEEE Xplore for these articles.
Article
Full-text available
A fundamental problem that confronts peer-to-peer applications is the efficient location of the node that stores a desired data item. This paper presents Chord, a distributed lookup protocol that addresses this problem. Chord provides support for just one operation: given a key, it maps the key onto a node. Data location can be easily implemented on top of Chord by associating a key with each data item, and storing the key/data pair at the node to which the key maps. Chord adapts efficiently as nodes join and leave the system, and can answer queries even if the system is continuously changing. Results from theoretical analysis and simulations show that Chord is scalable: Communication cost and the state maintained by each node scale logarithmically with the number of Chord nodes.
Conference Paper
Full-text available
In this paper we describe Turtle, a peer-to-peer architecture for safe sharing of sensitive data. The truly revolutionary aspect of Turtle rests in its novel way of dealing with trust issues: while existing peer-to-peer architectures with similar aims attempt to build trust relationships on top of the basic, trust-agnostic, peer-to-peer overlay, Turtle takes the opposite approach, and builds its overlay on top of pre-existent trust relationships among its users. This allows both data sender and receiver anonymity, while also protecting each and every intermediate relay in the data query path. Furthermore, its unique trust model allows Turtle to withstand most of the denial of service attacks that plague other peer-to-peer data sharing networks.
Conference Paper
Full-text available
This paper describes how anonymity is achieved in gnunet, a framework for anonymous distributed and secure networking. The main focus of this work is gap, a simple protocol for anonymous transfer of data which can achieve better anonymity guarantees than many traditional indirection schemes and is additionally more efficient. gap is based on a new perspective on how to achieve anonymity. Based on this new perspective it is possible to relax the requirements stated in traditional indirection schemes, allowing individual nodes to balance anonymity with efficiency according to their specific needs.
Article
Full-text available
Abstract Social network,sites,(SNSs) are increasingly attracting the attention of academic,and,industry researchers intrigued by their affordances and reach.,This special theme section of the,Journal,of Computer-Mediated,Communicationbrings ,together scholarship on these emergent phenomena.,In this introductory article, we describe features of SNSs and propose a comprehensive definition. We then present one perspective on the history of such sites, discussing key changes and developments. After briefly summarizing existing scholarship concerning SNSs, we discuss the articles,in this special section and conclude with considerations for future,research.
Conference Paper
Full-text available
We describe a peer-to-peer system which has provable consistency and performance in a fault-prone environment. Our system routes queries and locates nodes using a novel XOR-based metric topology that simplifies the algorithm and facilitates our proof. The topology has the property that every message exchanged conveys or reinforces useful contact information. The system exploits this information to send parallel, asynchronous query messages that tolerate node failures without imposing timeout delays on users.
Article
Full-text available
Efficiently determining the node that stores a data item in a distributed network is an important and challenging problem. This paper describes the motivation and design of the Chord system, a decentralized lookup service that stores key/value pairs for such networks. The Chord protocol takes as input an m-bit identifier (derived by hashing a higher-level application specific key), and returns the node that stores the value corresponding to that key. Each Chord node is identified by an m-bit identifier and each node stores the key identifiers in the system closest to the node's identifier. Each node maintains an m-entry routing table that allows it to look up keys efficiently. Results from theoretical analysis, simulations, and experiments show that Chord is incrementally scalable, with insertion and lookup costs scaling logarithmically with the number of Chord nodes.
Article
In this paper we describe Turtle, a peer-to-peer architecture for safe sharing of sensitive data. The truly revolutionary aspect of Turtle rests in its novel way of dealing with trust issues: while existing peer-to-peer architectures with similar aims attempt to build trust relationships on top of the basic, trust-agnostic, peer-to-peer overlay, Turtle takes the opposite approach, and builds its overlay on top of pre-existent trust relationships among its users. This allows both data sender and receiver anonymity, while also protecting each and every intermediate relay in the data query path. Furthermore, its unique trust model allows Turtle to withstand most of the denial of service attacks that plague other peer-to-peer data sharing networks.
Article
We describe a peer-to-peer distributed hash table with provable consistency and performance in a fault-prone environment. Our system routes queries and locates nodes using a novel XOR-based metric topology that simplifies the algorithm and facilitates our proof. The topology has the property that every message exchanged conveys or reinforces useful contact information. The system exploits this information to send parallel, asynchronous query messages that tolerate node failures without imposing timeout delays on users.
Article
A major hurdle to deploying a distributed storage infras-tructure in peer-to-peer systems is storing data reliably using nodes that have little incentive to remain in the sys-tem. We argue that a node should choose its neighbors (the nodes with which it shares resources) based on ex-isting social relationships instead of randomly. This ap-proach provides incentives for nodes to cooperate and results in a more stable system which, in turn, reduces the cost of maintaining data. The cost of this approach is decreased flexibility and storage utilization. We describe our approach and sketch two applications for which this approach is viable: a cooperative backup system and a Usenet replacement.
Conference Paper
Protecting user privacy in network communication is vital in todaypsilas open networking environment. Current anonymous routing protocols provide anonymity by forwarding traffic through a static path of randomly selected relay nodes. In practice, however, malicious relays can perform passive logging attacks to compromise the anonymity of a flow. This degradation is accelerated when nodes fail, forcing source node to reconstruct a path, and in doing so, leaking more information to passive loggers. This ldquopredecessor attackrdquo is highly effective and difficult to defend against on current systems. In this paper, we propose a highly effective approach to blocking predecessor attacks by leveraging trusted links from social networks. We first show how users can completely shield themselves from traditional logging attacks. We then propose a hybrid logging attack optimized for social networks, and perform detailed analysis to show that we can defend against it using optimized path selection techniques. Finally, we analyze detailed measurement traces from Facebook to show that our approach is indeed feasible given the user behavior in social networks today.
Conference Paper
Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these “Sybil attacks” is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
Conference Paper
Social networking sites have been increasingly gaining popu- larity. Well-known sites such as Facebook have been report- ing growth rates as high as 3% per week (5). Many social networking sites have millions of registered users who use these sites to share photographs, contact long-lost friends, establish new business contacts and to keep in touch. In this paper, we investigate how easy it would be for a po- tential attacker to launch automated crawling and identity theft attacks against a number of popular social networking sites in order to gain access to a large volume of personal user information. The first attack we present is the auto- mated identity theft of existing user profiles and sending of friend requests to the contacts of the cloned victim. The hope, from the attacker's point of view, is that the con- tacted users simply trust and accept the friend request. By establishing a friendship relationship with the contacts of a victim, the attacker is able to access the sensitive per- sonal information provided by them. In the second, more advanced attack we present, we show that it is effective and feasible to launch an automated, cross-site profile cloning attack. In this attack, we are able to automatically create a forged profile in a network where the victim is not regis- tered yet and contact the victim's friends who are registered on both networks. Our experimental results with real users show that the automated attacks we present are effective and feasible in practice.
Article
Diese Studie untersucht Mechanismen zum Privatsphärenschutz von sieben "Soziale- Netzwerke-Plattformen" (myspace, facebook, studiVZ, wer-kennt-wen, lokalisten, X ING und LinkedIn). "Soziale-Netzwerke-Plattformen" sind internetbasierte Anwendungen, in die Nutzer ihre Beziehungen zu anderen Personen abbilden, um diese Daten für wesentliche Dienstfunktionen weiterzuverwenden. Die verarbeiteten Daten sind fast ausschließlich personenbezogener Natur. Entsprechend hoch ist das Gefährdungspotential für die Nutzer, wenn Sicherheitsschwachstellen existieren und Schutzmechanismen fehlen. Mit einem Test aus der Perspektive eines regulären Internetnutzers (Black-Box-Test), wurden die Sicherheitsmaßnahmen und Schutzmechanismen der geprüften Plattformen erfasst und bewertet. Ein solcher Test bietet zwar methodisch bedingt keine umfassende Sicherheitsanalyse. Auch lassen sich aus den Testergebnissen keine Aussagen ableiten, inwiefern die Dienstbetreiber rechtlichen Anforderungen aus dem Datenschutz nachkommen. Der Test ist jedoch ausreichend um Nutzern wertvolle Hinweise zur sicheren Verwendung der Internetdienste zu liefern und Dienstanbietern erste Verbesserungsmöglichkeiten aufzuzeigen. Prüf- und Bewertungsgrundlage ist ein für diese Studie erarbeiteter Kriterienkatalog, der spezifische Gefährdungen von Soziale-Netzwerke-Plattformen berücksichtigt und an ausgewählte Konzepte aus dem Datenschutz angelehnt ist. Die Tester wendeten die erstellten Kriterien einheitlich auf alle getesteten Plattformen an.
Conference Paper
Many different Distributed Hash Tables (DHTs) have been designed, but only few have been successfully deployed. The implementation of a DHT needs to deal with practical aspects (e.g. related to churn, or to the delay) that are often only marginally considered in the design. In this paper, we analyze in detail the content retrieval process in KAD, the implementation of the DHT Kademlia that is part of several popular peer-to-peer clients. In particular, we present a simple model to evaluate the impact of different design parameters on the overall lookup latency. We then perform extensive measurements on the lookup performance using an instrumented client. From the analysis of the results, we propose an improved scheme that is able to significantly decrease the overall lookup latency without increasing the overhead.
Conference Paper
In this work wepsilare dealing with security in highly distributed systems, namely in peer-to-peer networks. We are describing some known theoretical attacks and defenses in these kinds of networks and comparing them against real world data. This should lead to creation of models for peer-to-peer networks defense and for detection of Malware spreading. Also we are proposing our system for automatic downloading and detection of new viruses in peer-to-peer networks with all possible extensions.
Article
This paper describes how anonymity is achieved in GNUnet, a framework for anonymous distributed and secure networking. We describe gap, a simple protocol for anonymous transfer of data which achieves better anonymity guarantees than traditional indirection schemes and is more efficient. While the building blocks of our technique are similar to previous work, we offer a new perspective on how to perceive and measure anonymity. Based on this new perspective we are able to modify the protocol to allow individual nodes to trade anonymity for efficiency.
Article
We describe Freenet, an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity of both authors and readers. Freenet operates as a network of identical nodes that collectively pool their storage space to store data files and cooperate to route requests to the most likely physical location of data. No broadcast search or centralized location index is employed. Files are referred to in a location-independent manner, and are dynamically replicated in locations near requestors and deleted from locations where there is no interest. It is infeasible to discover the true origin or destination of a le passing through the network, and difficult for a node operator to determine or be held responsible for the actual physical contents of her own node.
Satan is on My Friends List: Attacking Social Networks
  • S Moyer
  • N Hamiel
Security issues and recommendations for online social networks
  • G Hogben
  • Springer-Verlag
Springer-Verlag, LNCS 2760, 2003, pp. 141–160.