1 / 28

Privacy in Online Social Networks

Privacy in Online Social Networks. Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011. www.soniajahid.com. Outline. Statistics Privacy Issues Research on Online Social Network security and privacy flyByNight Persona EASiER NOYB.

dick
Télécharger la présentation

Privacy in Online Social Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011 www.soniajahid.com

  2. Outline • Statistics • Privacy Issues • Research on Online Social Network security and privacy • flyByNight • Persona • EASiER • NOYB

  3. Statistics Facebook Case: • More than 500 million active users • 50% of active users log on to Facebook in any given day • Average user has 130 friends • People spend over 700 billion minutes per month on Facebook • There are over 900 million objects that people interact with • Average user is connected to 80 community pages, groups and events • Average user creates 90 pieces of content each month • More than 30 billion pieces of content shared each month. [1] [2] [3]

  4. Privacy Issues • Information leak by the Online Social Network (OSN) • Intentional • “You’ve Been Poked by University Police” • “More Advertising Issues on Facebook” • Accidental • “Facebook Revealed Private Email Addresses Last Night” • “Facebook suspends app that permitted peephole” • Attacks • Spam • Phishing • Oversharing • Stalking 60% users trust their friends 18% users trust the provider 6% users trust strangers [4, 5, 6, 7, 8, 9]

  5. Privacy Policies • Isn’t privacy protected by policies? • Privacy policy changes over time • Confusing! • Leads to unwanted information leak to users! [10]

  6. Research on Privacy in OSN Today’s Focus Cryptography

  7. flyByNight: Mitigating the Privacy Risks of Social Networking Matthew M. Lucas, Nikita Borisov WPES, October 2008

  8. Overview • A facebook application designed to encrypt and decrypt data with an aim to mitigate privacy risks in social networks. • Primary goal: • Hide information transferred through the OSN from the provider and the application server. • Key idea: • Encrypt sensitive data using JavaScript on the client side and send the cipher text to intended parties, i.e., facebook friends. • Uses • El-Gamal encryption • Proxy Cryptography

  9. Architecture • Initialization • Client generates Public/Private key pair, password • Client transfers encrypted private key to flyByNight server, and saves in key Database • Send Data: • Client encrypts private data M with friends’ PK, and tags the encrypted data with friends’ ID, saves encrypted data in message Database on flyByNight server • Receive Data: • Client decrypts private key with password, decrypts M with the private key

  10. One-to-Many Communication • User encrypts the data • User gives the ciphertext to a proxy • User generates a key for the proxy, and for the friend • Proxy transforms the ciphertext for an intended party using El-Gamal encryption

  11. Discussion • One encryption per recipient • A partial solution

  12. Persona: An Online Social Network with User-Defined Privacy Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee SIGCOMM 2009

  13. Overview • A new architecture for OSN that provides privacy • Encryption, Distributed Storage • Key Idea: • Defines social relationships by attribute-key assignment • Encrypts data once for an attribute policy • Provides confidentiality through various cryptographic mechanisms • Stores user information in distributed storage • Provides OSN functionality as services

  14. 1 1 1 1 Cryptography (Background on Attribute-based Encryption) PK MSK Key Authority • Message1 can be viewed by • Professor OR (RA AND Security) Professor OR (RA AND Security) PK SKSarah Attribute: Professor, Architecture Professor OR (RA AND Security) SKSam Attribute: RA, Networking Professor OR (RA AND Security) Professor OR (RA AND Security)

  15. Cryptography • Symmetric Keys (AES) • Data Encryption • Attribute-based Encryption (CPABE) • Distribute the AES keys for groups • Distribute RSA keys for group identities • Asymmetric (RSA) keys • Distribute attribute-secret key • Idea: • Generate Attribute Secret Key for U1: ASK1 • Encrypt ASK1 with PK1- EncPK1(ASK1) • Enc(M, K), ABE(K, policy, APK) U1: • Decrypt EncPK1(ASK1) with her RSA private key to get ASK1 • Use ASK1 to get K from ABE(K, policy, APK) • Use K to get M from Enc(M,K) A.APK colleague, neighbor friend, neighbor friend

  16. Architecture • Data storage • Stored/retrieved through get/put • No authentication for get • Functionalities like wall, profile provided through a multiple reader/writer application • Users register for application • Users add ACL to the application page • Application page contains metadata, i.e., references to data • Encryption/Decryption done at client side using browser extension Post (data) Post (ref) ref Application Server (Wall) Storage Service authenticate Alice posts on Bob’s wall

  17. Discussion • Persona does not support efficient revocation • Have to rekey rest of the group just to revoke one user from the group • Though it says distributed storage, physically it is implemented on the same server

  18. EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation Sonia Jahid, Prateek Mittal, and Nikita Borisov ASIACCS, March 2011 (to appear)

  19. Overview • An ABE scheme to enhance privacy in OSN with support for efficient revocation • Supports complete or partial relationship revocation • Primary Goal: • Support efficient revocation in ABE for OSN for fine-grained access control • Key Idea: • Social relationships defined using attribute keys • Introduces a minimally trusted proxy • Rekeys the proxy each time some key is revoked

  20. OR AND Colleague 1 Friend Neighbor Architecture PK, MK KeyProxy (Revoke u1, u2) (SK2) (SK3) (SK1) Proxy CTcomponent Modified CTcomponent u2 u3 u1 21

  21. Discussion • Revoked users can not decrypt future data, and even past data assuming they do not store data. • EASiER efficiently supports the fine-grained access control in existing OSNs • EASiER can be used in any domain that implements ABE • EASiER does not support access delegation • The proxy has to forget old key

  22. NOYB: Privacy in Online Social Networks SaikatGuha, Kevin Tang, and Paul Francis WOSN 2008

  23. Overview • An architecture where user data is scattered and public, and a collection of other users’ data • Key Idea: • Encrypt user data such that the ciphertext follows semantic and statistical properties of legitimate data • Allow the service provider to work on ciphertext

  24. Architecture • Uses out of band channel for key management • User data is divided into atoms • Atoms of similar type constitute a dictionary • Atoms are replaced with other atoms from the dictionary (Carol, F, 27) (Bob, M, 30) (Alice, F, 26) (Alice, F) (26) (Bob, M) (30) (Carol, F) (27) (Alice, F, 27) (Bob, M, 26)

  25. Discussion • Hiding in the crowd • Needs character level substitution for unique values, e.g., email addresses

  26. Conclusion • Online Social Networks need more privacy aware architecture • Lot of research work on OSN security and privacy • Privacy aware works include • Cryptography • Programming language-based access control enforcement • Decentralization of OSN Online Social Network in Real Life

  27. References • Facebook Statistics • Facebook Statistics, Stats & Facts For 2011 • Infographic: Twitter Statistics, Facts & Figures • EDITORIAL: You've been poked by University police • More Advertising Issues on Facebook • Facebook Revealed Private Email Addresses Last Night • Facebook suspends app that permitted peephole • Social phishing, T. N. Jagatic, N. A. Johnson, M. Jakobsson • Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook,” Alessandro Acquisti and Ralph Gross. PET, 2006 • Facebook's Eroding Privacy Policy: A Timeline

More Related