Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.

Slides:



Advertisements
Similar presentations
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.
Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
By Md Emran Mazumder Ottawa University Student no:
A Survey of Key Management for Secure Group Communications Celia Li.
Enhancing Demand Response Signal Verification in Automated Demand Response Systems Daisuke Mashima, Ulrich Herberg, and Wei-Peng Chen SEDN (Solutions for.
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.
Computer Security Key Management
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
SPORC: Group Collaboration using Untrusted Cloud Resources OSDI 2010 Presented by Yu Chen.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
PRIVACY PRESERVING SOCIAL NETWORKING THROUGH DECENTRALIZATION AUTHORS: L.A. CUTILLO, REFIK MOLVA, THORSTEN STRUFE INSTRUCTOR DR. MOHAMMAD ASHIQUR RAHMAN.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Network Security David Lazăr.
Presented by: Sanketh Beerabbi University of Central Florida.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.
Chapter 4 Using Encryption in Cryptographic Protocols & Practices.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Efficient Fork-Linearizable Access to Untrusted Shared Memory Presented by: Alex Shraer (Technion) IBM Zurich Research Laboratory Christian Cachin IBM.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Deck 10 Accounting Information Systems Romney and Steinbart Linda Batch March 2012.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Digital Signatures and Digital Certificates Monil Adhikari.
The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”
Twitter: What can you do in 140 characters or less? COM 160: New Communications Technologies.
Design Review Presentation. Project Plan Problem Statement As of now, no available social network will allow a user to create it’s own sub social network.
April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Database Laboratory Regular Seminar TaeHoon Kim Article.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
CMSC 818J: Privacy enhancing technologies Lecture 2.
Key management issues in PGP
Conflict Resolution (OT), Crypto, and Untrusted Cloud Services
Computer Communication & Networks
CS 465 Secure Last Updated: Nov 30, 2017.
Public-Key, Digital Signatures, Management, Security
Chapter 5 Computer Security
Presentation transcript:

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014

University of Central Florida Social Networks Social Networking services require users to trust the service provider with Confidentiality and Integrity of Data

University of Central Florida Threats to Confidentiality Theft by Hackers Hacker got access to accounts of Several prominent members Source: Federal Trade Commission Source: Electronic Frontier Foundation (2010) Privacy Policy and setting changes Pressure from government agencies to release information on demand Source: The wall Street Journal-Tech(2012)

University of Central Florida Threats to Integrity Server Equivocation Malicious service presents different clients with the divergent views of system state Example: Sina Weibo tried to disguise its censorship of a user posts by hiding them from user’s followers but still showing them to user

University of Central Florida Online Social Networks are Centralized Advantages: Global Accessibility Availability Convenience Disadvantages: Attractive targets for attack by malicious insiders and outsiders Threat to confidentiality and Integrity of user data

University of Central Florida Frientegrity Framework for building Social Networking services Protects the privacy and integrity of users data from malicious provider Preserves the availability, reliability and usability benefits of centralization Supports social networking features like walls, news feeds, comment threads and photos Supports access control mechanisms such as friends, friends of friends and followers

University of Central Florida Goals of Frientegrity  Broadly Applicable : Must Support features like Facebook like walls, twitter like feeds Friend of friend relationships (like facebook) and follower relationships ( like twitter)  Confidentiality: Frientegrity must ensure that Only clients of authorized users obtain the necessary encryption keys  Detection of misbehavior: Frientegrity must guarantee that Clients must be able to detect the misbehavior of the users  Efficient: Frientegrity should be scalable Access control list changes must be performed in time Display only most recent updates

University of Central Florida Frientegrity Provider servers only see encrypted data Clients can also collaborate and verify the provider hasn’t corrupted

University of Central Florida Detecting Server Equivocation  Problem: Frientegrity clients digitally sign all the operations with their users private keys but malicious provider could still equivocate the history of operations  Solution: Enforce fork* consistency Clients share information about their individual views of the history by embedding it in every operation they send Clients detect equivocation after exchanging two messages

University of Central Florida Detecting Server Equivocation (Continued) Alice and Bob detect Equivocation after exchanging two messages

University of Central Florida Frientegrity System Model Source: Usenix.org

University of Central Florida Frientegrity System Model (Continued) Bob checks: Whether the provider has not equivocated about the wall’s contents Every operation was created by an authorized user The provider has not equivocated about the set of authorized users ACL is not outdated

University of Central Florida Access Control Lists (ACL) User’s profile consists of multiple objects like photos, videos and comments Frientegrity uses ACL to allow only certain friends to access the objects ACLs store user’s pseudonyms and every operation is labeled with the pseudonym of its creator ACL – List of Permissions attached to an object

University of Central Florida Access Control Lists (ACL) (Continued) Frientegrity also uses ACL’s to store the key material with which authorized users can decrypt the operations on walls and encrypt new ones Social Networks ACLs are large ACL modifications and associated rekeying must be efficient ACL Rollbacks: Situation where malicious provider give Bob an outdated ACL Solution: Operations in Alice’s wall are annotated with dependencies on Alice‘s ACL history particular operation in one object happened after a particular operation in another object

University of Central Florida Frientegrity Object Representation Objects are represented as history trees Operations are stored in the leaves Each internal node stores the hash of the sub tree below it Hash of the root covers the tree entire contents New leaves can be added to the right side of the tree

University of Central Florida Verifying Objects in Frientegrity C11 C8C4 C0 Clients collaborate to verify the history Bob’s op Charlie’s op Alice’s op

University of Central Florida Tolerating Malicious users in Frientegrity Bob’s ops Charlie’s ops Alice’s ops C11 op15 Tolerate up to f malicious users C9 op9

University of Central Florida Access Control Raj Bob Thomas AliceCharlieJohn Every node contains hash of the children and root node is signed by Alice

University of Central Florida Efficient Key Distribution Raj k0 Bob k1 Thomas k2 Alice k3 Charlie k4 John k5 KEY GRAPHS Advantage : Allows any user who can decrypt the particular node can follow the path of decryption upto the root and obtain the root key to encrypt the data E k3 (k1) || E k4 (k1) k 0 =k alice_friend

University of Central Florida Unfriend and Add friend in Frientegrity Alice ACL Raj k0’ Bob k1’ Alice k3 Charlie k4 Thomas k2 John k5 Rahul k6 Raj k0 Bob k1Thomas k2 Alice k3 Charlie k4John k5Raju k7 Unfriend: Update k0’ and k1’ Add friend: Update node E k5 (k2)|| E k7 (k2)

University of Central Florida Implementation Approximately 4700 lines of Java code Protobuf-socket-rpc library for network communication bit RSA spliced signatures – To sign and verify operations in batch Simulate basic Facebook features (user has wall and ACL)

University of Central Florida Experimental Evaluation Single-Object Read and Write Latency HashChain Frientegrity Verifying an object with history size of 25K operations would take approximately 10s in hash chain and 6s in Frientegrity

University of Central Florida Experimental Evaluation (Continued) Latency of ACL modifications: Latency of Fetching a News Feed: Fetching wall posts from 500 friends would require approximately 1.8 seconds

University of Central Florida Strengths and Weakness Strengths: Frientegrity provides the much needed framework for privacy and integrity in social networking applications Clients collaborate to defend against equivocation Scalable and verifiable access control and key distribution Benefit from Centralization Weakness:  Still uses untrusted third party infrastructure Future Work Development of business model that can support privacy-preserving services hosted with third party providers

University of Central Florida Conclusion Provides data confidentiality and integrity Efficient, scalable and usable Detects server equivocation Efficient access control Provides satisfactory response times

University of Central Florida References Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider – Arial J Feldman, Aaron Blankstein, Michael J Freedman and Edward W. Felten Princeton University 21 st Usenix Security Symposium Facebook Inc, Anatomy of Facebook

University of Central Florida THANK YOU QUESTIONS?