Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.

Slides:



Advertisements
Similar presentations
Error-Tolerant Password Recovery Niklas Frykholm and Ari Juels RSA Laboratories.
Advertisements

ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Accountability and Resource Management A discussion of issues for peer-to-peer systems Roger Dingledine Reputation Technologies Michael.
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Computer Security CIS326 Dr Rachel Shipsey.
Macroeconomic Themes: 121 ABC of Financial Markets.
5 Medium. CONTENT CONTAINER? CC: Olivander, Flickr.
Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Quid-Pro-Quo-tocols Strengthening Semi-Honest Protocols with Dual Execution Yan Huang 1, Jonathan Katz 2, David Evans 1 1. University of Virginia 2. University.
online ordering system.
1 | © 2012 V-Key.com – Proprietary and Confidential Bugatti Veyron Super SportBugatti Veyron Super Sport: 267 mph (429 km/h), 0-60 in 2.4 secs.
Chapter 10 Real world security protocols
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
Whats New in Microsoft Office 365 Module 01 | Daniel Sierra | Account Technology Strategist Microsoft Education México.
Directed Graphs 3/6/121. Normal Person’s Graph x y y = f(x) 3/6/122.
COMOS Mobile Solutions 1.0 Simplified global collaboration
By Md Emran Mazumder Ottawa University Student no:
Services Course Windows Live SkyDrive Participant Guide.
Uncountable Sets 2/22/121. Countably Infinite 2/13/122 There are as many natural numbers as integers … 0, -1, 1, -2, 2, -3, 3, -4, 4.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Public Key Infrastructure Alex Bardas. What is Cryptography ? Cryptography is a mathematical method of protecting information –Cryptography is part of,
Cloud Computing Security Monir Azraoui, Kaoutar Elkhiyaoui, Refik Molva, Melek Ӧ nen, Pasquale Puzio December 18, 2013 – Sophia-Antipolis, France.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Off-the-Record Communication, or, Why Not To Use PGP
Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A. Haeberlen Having your Cake and Eating it too: Routing Security with Privacy Protections 1 HotNets-X (November 15, 2011) Alexander Gurney * Andreas Haeberlen.
CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptographic Technologies
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security Jonathan Calazan December 12, 2005.
SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.
Security Protocols in Automation Dwaine Clarke MIT Laboratory for Computer Science January 8, 2002 With help from: Matt Burnside, Todd.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Presented by: Sanketh Beerabbi University of Central Florida.
Cachet: A Decentralized Architecture for Privacy Preserving Social Networking with Caching Shirin Nilizadeh, 1 Sonia Jahid, 2 Prateek Mittal, 3 Nikita.
Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Enhancing Security and Privacy in Online Social Networks Sonia Jahid University of Illinois at Urbana-Champaign PhD Forum.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Efficient Fork-Linearizable Access to Untrusted Shared Memory Presented by: Alex Shraer (Technion) IBM Zurich Research Laboratory Christian Cachin IBM.
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
1 Cryptography Troy Latchman Byungchil Kim. 2 Fundamentals We know that the medium we use to transmit data is insecure, e.g. can be sniffed. We know that.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
CMSC 818J: Privacy enhancing technologies Lecture 2.
Conflict Resolution (OT), Crypto, and Untrusted Cloud Services
Security Outline Encryption Algorithms Authentication Protocols
Computer Communication & Networks
Radius, LDAP, Radius used in Authenticating Users
Message Digest Cryptographic checksum One-way function Relevance
The Secure Sockets Layer (SSL) Protocol
Presentation transcript:

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/121 Joint work with: Aaron Blankstein, Michael J. Freedman, and Edward W. Felten Ariel J. Feldman PrincetonUPenn

Online social networks are centralized Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/122 Pro: Availability, reliability, global accessibility, convenience Con: 3 rd party involved in every social interaction Must trust provider for confidentiality & integrity

Google Transparency Report Jan. – Jun Threats to confidentiality Theft by attackers Accidental leaks Privacy policy changes Government pressure Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/123 PC World. Dec. 6, 2011 WSJ. Feb. 22, 2012 EFF. Apr. 28, 2010 Ars Technica. Mar. 11, 2011

Threats to integrity Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/124 Simple: Corrupting messages Complex: Server equivocation Alice 123 Equivocation in the wild: (translated by Google) (e.g to disguise censorship)

Limits of prior work Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/125 1.Cryptographic 2.Decentralized Run your own server OR Trust a provider Dont protect integrity (sacrifice availability, convenience, etc.)(who you may not know either)

Frientegritys approach Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/126 Client Server Provider Client Benefit from a centralized provider Support common features (e.g. walls, feeds, friends, FoFs, followers) Assume untrusted provider

Enforce confidentiality Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/127 Client Server Provider Client Provider only observes encrypted data (Need dynamic access control and key distribution) State Encrypted state Encrypted state

Verify integrity Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/128 Client Server Provider Client Clients verify that the provider: Hasnt corrupted individual updates Hasnt equivocated Enforced access control on writes

Scalability challenges Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/129 Long histories; only want tail Many objects (walls, comment threads, photos, etc.) Many friends and FoFs Dont verify whole history each time Support sharding O(log n) (un)friending …

Server 1 Frientegrity overview Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1210 Server 2 Bobs profile Server n Bob Read Alices wall Verify & decrypt Alices wall Alices photo album Alices ACL Comment thread Alices profile Optionally entangled Checked for equivocatio n 3.Proof of ACL enforcement 4.Decryption keys 3.Proof of ACL enforcement 4.Decryption keys 1.Latest updates 2.Proof of no equivocation 1.Latest updates 2.Proof of no equivocation

Detecting equivocation Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1211 Honest server: linearizability Malicious server: Alice and Bob detect equivocation after exchanging 2 messages Compare histories Provider can still fork the clients, but cant unfork Alice 123 Enforce fork* consistency [LM07]

Comparing histories Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1212 op 0 op 1 op 2 op 3 op 4 op 5 op 6 op 7 h n = H(h n-1 || op n ) Hash chains are O(n) (and must download the whole history) Previously: use a hash chain

Objects in Frientegrity Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1213 op 0 op 1 op 2 op 3 op 4 op 5 op 6 op 7 op 8 op 9 op 10 op 11 op 12 op 13 op 14 op 15 History tree [CW09] h root commits to entire history Let C 15 be a server- signed commitment to h root up to op 15 h i = H(h leftChild(i) || h rightChild(i) )

Objects (cont.) Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1214 op 0 op 1 op 8 op 9 op 14 op 15 C 15 Is C 8 consistent with C 15 ?

Verifying an object Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1215 op 0 op 1 op 2 op 3 op 4 op 5 op 6 op 7 op 8 op 9 op 10 op 11 op 12 op 13 op 14 op 15 C11C11 Is C 11 consistent with C 15 ? C8C8 C4C4 C0C0 Alices ops Bobs ops Charlies ops Clients collaborate to verify the history

Tolerating malicious users Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1216 op 0 op 1 op 8 op 9 op 10 op 11 op 12 op 13 op 14 op 15 C11C11 Alices ops Bobs ops Charlies ops C9C9 Tolerate up to f malicious users

Server Access control Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1217 Bob Verify & decrypt Alices wall Alices photo album Alices ACL Comment thread Prove ACL enforcement Efficient key distribution O(log n) (un)friending

Server Proving ACL enforcement Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1218 Bob Verify & decrypt Alices wall Alices photo album Alices ACL Comment thread AliceCharlie Bob Emma Sean David h i = H(h leftChild(i) || h rightChild(i) ) h root signed by Alice Persistent authenticated dictionary [AGT01] Persistent authenticated dictionary [AGT01]

Server Efficient key distribution Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1219 Bob Verify & decrypt Alices wall Alices photo album Alices ACL Comment thread AliceCharlie Bob Emma Sean David Key graph [WGL98] Key graph [WGL98] k 0 = k alice_friend E k3 (k 1 ) || E k4 (k 1 ) David, k 0 Bob, k 1 Sean, k 2 Alice, k 3 Charlie, k 4 Emma, k 5 E charlie_pk (k 4 )

Server Adding a friend Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1220 Bob Verify & decrypt Alices wall Alices photo album Alices ACL Comment thread David, k 0 Bob, k 1 Sean, k 2 Alice, k 3 Charlie, k 4 Emma, k 5 E k5 (k 2 ) || E k6 (k 2 ) E zack_pk (k 6 ) Zack, k 6

Server Removing a friend Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1221 Bob Verify & decrypt Alices wall Alices photo album Alices ACL Comment thread David, k 0 Bob, k 1 Sean, k 2 Alice, k 3 Charlie, k 4 Emma, k 5 Zack, k 6 Bob, k 1 David, k 0 k 0 = k alice_friend

Efficient enough in practice? Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1222 Setup Java client & server Simulate basic Facebook features (each user has wall & ACL) 2048-bit RSA sign & verify batched via spliced signatures [CW10] Experiments on LAN (8-core 2.4 GHz Intel Xeon E5620s, Gigabit network) Measurements Latency of reads & writes to objects Latency of ACL changes Throughput (in paper) Effect of tolerating malicious users

Object read & write latency Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1223 Frientegrity (collaborative verification) Hash chain Constant cost of signatures dominates

Latency of ACL changes Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1224

Tolerating malicious users Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/ writers 5000 operations

Summary Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1226 Both confidentiality & integrity need protection Benefit from centralization, but provider is untrusted Clients collaborate to defend against equivocation Scalable, verifiable access control & key distribution

Social Networking with Frientegrity Ariel J. Feldman Usenix Security 8/10/1227 Thank you Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.