1 / 27

Social Networking with Frientegrity : Privacy and Integrity with an Untrusted Provider

This article discusses the challenges to privacy and integrity faced by social networking services and presents Frientegrity as a framework that protects user data from malicious providers while maintaining the benefits of centralization.

gracegriffin
Télécharger la présentation

Social Networking with Frientegrity : Privacy and Integrity with an Untrusted Provider

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9th 2014

  2. Social Networks Social Networking services require users to trust the service provider with Confidentiality and Integrity of Data

  3. Threats to Confidentiality • Theft by Hackers • Hacker got access to accounts of • Several prominent members Source: Federal Trade Commission • Privacy Policy and setting changes Source: Electronic Frontier Foundation (2010) • Pressure from government agencies to release information on demand Source: The wall Street Journal-Tech(2012)

  4. Threats to Integrity Server Equivocation Malicious service presents different clients with the divergent views of system state Example: Sina Weibo tried to disguise its censorship of a user posts by hiding them from user’s followers but still showing them to user

  5. Online Social Networks are Centralized • Advantages: • Global Accessibility • Availability • Convenience • Disadvantages: • Attractive targets for attack by malicious insiders and outsiders • Threat to confidentiality and Integrity of user data

  6. Frientegrity • Framework for building Social Networking services • Protects the privacy and integrity of users data from malicious provider • Preserves the availability, reliability and usability benefits of centralization • Supports social networking features like walls, news feeds, comment threads and photos • Supports access control mechanisms such as friends, friends of friends and followers

  7. Goals of Frientegrity • Broadly Applicable : Must Support features like • Facebook like walls, twitter like feeds • Friend of friend relationships (like facebook) and follower relationships ( like twitter) • Confidentiality: Frientegrity must ensure that • Only clients of authorized users obtain the necessary encryption keys • Detection of misbehavior: Frientegrity must guarantee that • Clients must be able to detect the misbehavior of the users • Efficient: Frientegrity should be scalable • Access control list changes must be performed in time • Display only most recent updates

  8. Frientegrity • Provider servers only see encrypted data • Clients can also collaborate and verify the provider hasn’t corrupted

  9. Detecting Server Equivocation • Problem: Frientegrity clients digitally sign all the operations with their users private keys but malicious provider could still equivocate the history of operations • Solution: Enforcefork* consistency • Clients share information about their individual views of the history by embedding it in every operation they send • Clients detect equivocation after exchanging two messages

  10. Detecting Server Equivocation (Continued) Alice and Bob detect Equivocation after exchanging two messages

  11. Frientegrity System Model Source: Usenix.org

  12. Frientegrity System Model (Continued) • Bob checks: • Whether the provider has not equivocated about the wall’s contents • Every operation was created by an authorized user • The provider has not equivocated about the set of authorized users • ACL is not outdated

  13. Access Control Lists (ACL) • User’s profile consists of multiple objects like photos, videos and comments • Frientegrity uses ACL to allow only certain friends to access the objects • ACLs store user’s pseudonyms and every operation is labeled with the pseudonym of its creator ACL – List of Permissions attached to an object

  14. Access Control Lists (ACL) (Continued) • Frientegrity also uses ACL’s to store the key material with which authorized users can decrypt the operations on walls and encrypt new ones • Social Networks ACLs are large • ACL modifications and associated rekeying must be efficient ACL Rollbacks: Situation where malicious provider give Bob an outdated ACL Solution: Operations in Alice’s wall are annotated with dependencies on Alice‘s ACL history particular operation in one object happened after a particular operation in another object

  15. Frientegrity Object Representation • Objects are represented as history trees • Operations are stored in the leaves • Each internal node stores the hash of the sub tree below it • Hash of the root covers the tree entire contents • New leaves can be added to the right side of the tree

  16. Verifying Objects in Frientegrity Bob’s op Clients collaborate to verify the history Charlie’s op Alice’s op 15 8 11 0 4 C0 C11 C4 C8

  17. Tolerating Malicious users in Frientegrity Tolerate up to f malicious users Bob’s ops Charlie’s ops Alice’s ops op15 op9 C11 C9

  18. Access Control Raj Thomas Bob Alice Charlie John Every node contains hash of the children and root node is signed by Alice

  19. Efficient Key Distribution KEY GRAPHS Ek3(k1) || Ek4(k1) k0=kalice_friend Raj k0 Thomas k2 Bob k1 Charlie k4 Alice k3 John k5 Advantage : Allows any user who can decrypt the particular node can follow the path of decryption upto the root and obtain the root key to encrypt the data

  20. Unfriend and Add friend in Frientegrity Alice ACL Raj k0 Raj k0’ Bob k1 Thomas k2 Thomas k2 Bob k1’ Rahul k6 Alice k3 Charlie k4 John k5 Charlie k4 John k5 Raju k7 Alice k3 Unfriend: Update k0’ and k1’ Add friend: Update node Ek5(k2)|| Ek7(k2)

  21. Implementation • Approximately 4700 lines of Java code • Protobuf-socket-rpc library for network communication • 2048- bit RSA spliced signatures – To sign and verify operations in batch • Simulate basic Facebook features (user has wall and ACL)

  22. Experimental EvaluationSingle-Object Read and Write Latency Frientegrity HashChain Verifying an object with history size of 25K operations would take approximately 10s in hash chain and 6s in Frientegrity

  23. Experimental Evaluation (Continued)Latency of ACL modifications: Latency of Fetching a News Feed: Fetching wall posts from 500 friends would require approximately 1.8 seconds

  24. Strengths and Weakness Strengths: • Frientegrity provides the much needed framework for privacy and integrity in social networking applications • Clients collaborate to defend against equivocation • Scalable and verifiable access control and key distribution • Benefit from Centralization Weakness: • Still uses untrusted third party infrastructure Future Work • Development of business model that can support privacy-preserving services hosted with third party providers

  25. Conclusion • Provides data confidentiality and integrity • Efficient, scalable and usable • Detects server equivocation • Efficient access control • Provides satisfactory response times

  26. References • Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider – Arial J Feldman, Aaron Blankstein, Michael J Freedman and Edward W. Felten Princeton University 21st Usenix Security Symposium • Facebook Inc, Anatomy of Facebook

  27. THANK YOU QUESTIONS?

More Related