Secure and Flexible Framework for Decentralized Social Network Services Luca Maria Aiello, Giancarlo Ruffo Università degli Studi di Torino Computer Science.

Slides:

Advertisements

Similar presentations

Luca Maria Aiello. Università degli Studi di Torino – Dipartimento di Informatica – SecNet Group 1 Secure distributed applications: a case study Luca Maria.

Advertisements

Embedding identity in DHT systems: security, reputation and social networking management 1 Embedding Identity in DHT Systems: Security, Reputation and.

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Access Control Methodologies

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Tagging with DHARMA A DHT-based Approach for Resource Mapping through Approximation Luca Maria Aiello, Marco Milanesio Giancarlo Ruffo, Rossano Schifanella.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE

Object Naming & Content based Object Search 2/3/2003.

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

A Survey on Interfaces to Network Security

A glimpse on social influence and link prediction in OSNs

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Outlook Lesson 4 Managing Messages Microsoft Office 2010 Advanced Cable / Morrison 1.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

On P2P Collaboration Infrastructures Manfred Hauswirth, Ivana Podnar, Stefan Decker Infrastructure for Collaborative Enterprise, th IEEE International.

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

Social scope: Enabling Information Discovery On Social Content Sites

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

CSC8320. Outline Content from the book Recent Work Future Work.

PRIVACY PRESERVING SOCIAL NETWORKING THROUGH DECENTRALIZATION AUTHORS: L.A. CUTILLO, REFIK MOLVA, THORSTEN STRUFE INSTRUCTOR DR. MOHAMMAD ASHIQUR RAHMAN.

AMPol-Q: Adaptive Middleware Policy to support QoS Raja Afandi, Jianqing Zhang, Carl A. Gunter Computer Science Department, University of Illinois Urbana-Champaign.

1 Security on Social Networks Or some clues about Access Control in Web Data Management with Privacy, Time and Provenance Serge Abiteboul, Alban Galland.

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Presented by: Sanketh Beerabbi University of Central Florida.

Telecom and Informatics 1 Security and Privacy in Distributed Services Trial lecture: Security and Privacy in Distributed Services Richard Torbjørn Sanders.

Freelib: A Self-sustainable Digital Library for Education Community Ashraf Amrou, Kurt Maly, Mohammad Zubair Computer Science Dept., Old Dominion University.

Cachet: A Decentralized Architecture for Privacy Preserving Social Networking with Caching Shirin Nilizadeh, 1 Sonia Jahid, 2 Prateek Mittal, 3 Nikita.

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

Enhancing Security and Privacy in Online Social Networks Sonia Jahid University of Illinois at Urbana-Champaign PhD Forum.

11 WiMAX 安全子層於嵌入式系統下之探討與實現 Speaker: Yen-Jen Chen ( 陳燕仁 ) Advisor: Dr. Kai-Wei Ke ( 柯開維博士 ) Date: 07/28/2008 The research and implementation of WiMAX.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Digital Libraries1 David Rashty. Digital Libraries2 “A library is an arsenal of liberty” Anonymous.

Cachet: A Decentralized Architecture for Privacy Preserving Social Networking with Caching Shirin Nilizadeh, 1 Sonia Jahid, 2 Prateek Mittal, 3 Nikita.

Muhammad Mahmudul Islam Ronald Pose Carlo Kopp School of Computer Science & Software Engineering Monash University Australia.

Peer-to-Peer Systems: An Overview Hongyu Li. Outline  Introduction  Characteristics of P2P  Algorithms  P2P Applications  Conclusion.

Newcastle uopn Tyne, September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.

Fall 2006CS 395: Computer Security1 Key Management.

Innovations in P2P Communications David A. Bryan College of William and Mary April 11, 2006 Advisor: Bruce B. Lowekamp.

CS457 Introduction to Information Security Systems

Grid Computing Security Mechanisms: the state-of-the-art

Peer-to-peer networking

CHAPTER 3 Architectures for Distributed Systems

Security & .NET 12/1/2018.

Architecture Competency Group

Presentation transcript:

Secure and Flexible Framework for Decentralized Social Network Services Luca Maria Aiello, Giancarlo Ruffo Università degli Studi di Torino Computer Science Department Keywords : social networks, privacy, access control, peer-to-peer SESOC 2010: IEEE International Workshop on SECurity and SOCial Networking Speaker: Luca Maria Aiello, PhD student

Privacy in OSNs Online Social Networks are brimful of precious user information ◦ Sensitive user data ◦ User-generated content (photos, posts, feedbacks, activity…) Social Network Service providers can arrange customizable privacy policies, but… ◦ Not every provider adequately meets users’ privacy needs ◦ Some users do not even accept to make their data available to the SNS providers 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino2

The p2p solution When centralized data management is the problem, decentralization is the way Replace the SNS centralized architecture with a peer-to-peer layer ◦ PeerSon [1], Safebook [2], … The new paradigm brings new challenges ◦ Reliability: structured p2p systems are very vulnerable to attacks  Poisoning, Pollution, Sybil, Eclipse, MITM… ◦ QoS and security : availability, updates, access control 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino3 [1] Buchegger, Schöiberg, Vu, Datta – 2009 [2] Cutillo, Molva, Strufe – 2009

Reconciliation User demand for privacy and application reliability/security should be assured both Our solution ◦ A DHT-based framework ◦ Strong identity is embedded at overlay level Features (contributions) ◦ Security to common attacks ◦ Integration on an identity basis ◦ Reputation management ◦ Discretionary Access Control ◦ (+ P2P tag-based search engine) 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino4

Likir[3] : a quick overview An OpenId is coupled with ordinary DHT Id in a single identifier, signed by a Certification Service Customized node interaction protocol ◦ Two-way authentication ◦ Verifiable content ownership (data are signed) Effective protection against attacks ◦ Widely shown by p2p community This solves our first problem: reliability 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino5 [3] Aiello, Milanesio, Ruffo, Schifanella – 2008

The idea: The idea: “SNS can be seen as a customizable suite of interoperable, identity-based applications” 29/03/2010 SESOC Luca Maria Aiello, Università degli Studi di Torino6 Social Networking Service built on a identity-aware DHT User Identity Application logic Widget DHT Overlay node Put-get 2 tasks: Share data Gather contents How do we build a OSN on Likir?

Identity-based services The Likir layer offers identity-aware services to the widgets Improved set of APIs ◦ PUT (key, obj, ttl, type, public) ◦ GET (key, type, userId, recent, grant) ◦ BLACKLIST (userId) Such simple primitives allow to reach important goals 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino7

Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino8

Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino9

Integration Data exchange between different widgets GET (key, type, userId, recent, grant) ◦ Allows identity based-filtering UserId-driven search is ◦ Safe (certificates) ◦ Sharp (only one content is retrieved) Mash-up on an identity basis Likir applications provide public APIs for key/type production rules Example ◦ Wall posts can be fetched and displayed by other applications (e.g. instant messengers) 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino10

Tear down the wall! OSNs are often “walled gardens” ◦ Information flow between different OSNs is difficult In a open and decentralized environment, this is no more a problem! A single social graph emerges through widgets integration 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino11

Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino12

Privacy There is no privacy in a open environment! Simple data encryption is too little flexible We need a system granting highly dynamic group membership 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino13

Discretionary Access Control (DAC) Index nodes are the gatekeepers ◦ They can perform identity-based access control because overlay interaction is authenticated PUT (key, obj, ttl, type, public) ◦ Private resources are returned only if a proper grant certificate is shown GET (key, type, userId, recent, grant) ◦ Grants are distributed by an applicative DAC module 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino14

DACM: how does it work? (1) The DAC module listens for incoming friendship requests Accepted requests receive a signed grant certificate in response, which contains ◦ The granted userId ◦ A regular expression which determines allowed types An additional encryption key is exchanged Grants have an expiration time 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino15

DACM: how does it work? (2) When a index node receive a request for a private resource, it verifies ◦ Grant signature ◦ Querier’s userId = grant userId ◦ Requested content types matches the grant’s regular expression If control fail a generic “content unavailable” message is returned 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino16

Privacy properties Confidentiality ◦ Contents saved in the DHT readable only to authorized users ◦ Index nodes cannot read private data because of encryption Anonymity ◦ Participation to specific SNSs is private Authorized disclosure ◦ If the grant mechanism is extended also to local widgets, only authorized widgets can access to other widget’s data (no trojan horses) 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino17

Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino18

Reputation Reliable partner selection through reputation Applicative Reputation System (RS) Widgets give feedback to the RS on other users When the reputation score of a user falls below a threshold, the RS calls: ◦ BLACKLIST (userId) Subsequent interactions with “userId” are avoided at overlay level Cross-application reputation  no whitewashing 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino19

Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino20

Resource search OSNs use often folksonomies to categorize items In p2p OSNs, folksonomic search could fill another functional gap with corresponding, centralized web-services Task ◦ Mapping a bipartite graph on a DHT ◦ Mapping a tag-tag graph useful for navigation Issue ◦ Mapping of dense tag-tag graph is very inefficient 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino21

DHARMA DHT-based Approach for Resource Mapping through Approximation Idea: cutting off edges representing weak correlations between tags ◦ Efficient tag insertion and navigation The implementation details will be presented at HotP2P /03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino22

SOCIAL NETWORK CLIENT ARCHITECTURE 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino23

Conclusions Embedding strong identity at overlay level grants ◦ Reliability ◦ Flexible privacy services (Discretionary Access Control) ◦ Reputation management Proposal for implementing collaborative tagging system in p2p OSNs Implementation ◦ Likir, DHARMA and LiCha (simple IM application) are available ◦ DACM is on the way 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino24

References L. M. Aiello, M. Milanesio, G. Ruffo, R. Schifanella “Tempering Kademlia with a Robust Identity Based System”, P2P 2008 L. Maccari M. Rosi and R. Fantacci and L. Chisci and M. Milanesio and L. Aiello, “Avoiding Eclipse attacks on Kad/Kademlia an identity based approach”, ICC 2009 L. M. Aiello, M. Milanesio, G. Ruffo, R. Schifanella “Tagging with DHARMA, a DHT-based Approach for Resource Mapping through Approximation” HOTP2P 2010, to appear. April 23 rd 29/03/2010SESOC Luca Maria Aiello, Università degli Studi di Torino25

SESOC 2010: IEEE International Workshop on SECurity and SOCial Networking Speaker: Luca Maria Aiello, PhD student Thank you for your attention!