Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hummingbird: Privacy at the time of Twitter

Published byDonald Reeves Modified over 6 years ago

Similar presentations

Presentation on theme: "Hummingbird: Privacy at the time of Twitter"— Presentation transcript:

1 Hummingbird: Privacy at the time of Twitter
Emiliano De Cristofaro Claudio Soriente Gene Tsudik Andrew Williams Presented by Hongyu Gao, Northwestern University

2 Motivation Recall the three types of OSN privacy breaches? Facts:
Breach from the service provider Breach from other user Breach from 3rd party apps Facts: Now Twitter boasts over 100 million subscribers Users have very little control over privacy Second, we target at designing a system that can be deployed and protect OSNs in real-time. …. In addition, we want it to be tolerant for incomplete training data, since we can never collect all spam campaigns to train the system. At last, the system doesn’t need frequent re-training, which lowers the maintenance cost after deployment. There is an abundance of work in OSNs spam study. Ourselves did a offline spam analysis more than 1 year ago. It received wide media coverage. Grier et.al. did a similar study and reached similar conclusion. Thomas et.al deveoped the Monarch system that classifies URLs in real-time to identify spam messages. Our approach is complementary to theirs in the sense that we mainly use information in the messages and the senders, rather than the landing pages. , featured in Wall Street Journal, MIT Technology Review, and ACM Tech News

3 Motivation, cont’d Motivating examples
Looking for tweets with #TeaParty might expose one’s political views. Search for #HIVcure might reveal one’s medical condition. What could happen if data is stored in the server in clear text? Mining by service provider Hacker break-in Insider attack Second, we target at designing a system that can be deployed and protect OSNs in real-time. …. In addition, we want it to be tolerant for incomplete training data, since we can never collect all spam campaigns to train the system. At last, the system doesn’t need frequent re-training, which lowers the maintenance cost after deployment. There is an abundance of work in OSNs spam study. Ourselves did a offline spam analysis more than 1 year ago. It received wide media coverage. Grier et.al. did a similar study and reached similar conclusion. Thomas et.al deveoped the Monarch system that classifies URLs in real-time to identify spam messages. Our approach is complementary to theirs in the sense that we mainly use information in the messages and the senders, rather than the landing pages. , featured in Wall Street Journal, MIT Technology Review, and ACM Tech News

4 Related Works A Lot different! Quite different
xBook, protects user privacy from 3rd party apps Hummingbird, protects user privacy from the server Quite different De-centralized OSNs [7,15] Hummingbird preserves the central server to guarantee availability Second, we target at designing a system that can be deployed and protect OSNs in real-time. …. In addition, we want it to be tolerant for incomplete training data, since we can never collect all spam campaigns to train the system. At last, the system doesn’t need frequent re-training, which lowers the maintenance cost after deployment. There is an abundance of work in OSNs spam study. Ourselves did a offline spam analysis more than 1 year ago. It received wide media coverage. Grier et.al. did a similar study and reached similar conclusion. Thomas et.al deveoped the Monarch system that classifies URLs in real-time to identify spam messages. Our approach is complementary to theirs in the sense that we mainly use information in the messages and the senders, rather than the landing pages. , featured in Wall Street Journal, MIT Technology Review, and ACM Tech News

5 Related Works, cont’d Other designs that keep the central server
#h00t [6] encrypts/decrypts tweets and the contained hashtag with secret shared within a user group. Facecloak [38] provides fake info to the server. VPSN [17] also provides fake into to the server. Second, we target at designing a system that can be deployed and protect OSNs in real-time. …. In addition, we want it to be tolerant for incomplete training data, since we can never collect all spam campaigns to train the system. At last, the system doesn’t need frequent re-training, which lowers the maintenance cost after deployment. There is an abundance of work in OSNs spam study. Ourselves did a offline spam analysis more than 1 year ago. It received wide media coverage. Grier et.al. did a similar study and reached similar conclusion. Thomas et.al deveoped the Monarch system that classifies URLs in real-time to identify spam messages. Our approach is complementary to theirs in the sense that we mainly use information in the messages and the senders, rather than the landing pages. , featured in Wall Street Journal, MIT Technology Review, and ACM Tech News

6 Privacy Goals Server: learns minimal information beyond that obtained from performing the matching function. Tweeter: learns who subscribes to its hashtags but not which hashtags have been subscribed to. Follower: learns nothing beyond its own subscriptions. It learns no information about other subscribers or any tweets that do not match its subscriptions. Second, we target at designing a system that can be deployed and protect OSNs in real-time. …. In addition, we want it to be tolerant for incomplete training data, since we can never collect all spam campaigns to train the system. At last, the system doesn’t need frequent re-training, which lowers the maintenance cost after deployment. There is an abundance of work in OSNs spam study. Ourselves did a offline spam analysis more than 1 year ago. It received wide media coverage. Grier et.al. did a similar study and reached similar conclusion. Thomas et.al deveoped the Monarch system that classifies URLs in real-time to identify spam messages. Our approach is complementary to theirs in the sense that we mainly use information in the messages and the senders, rather than the landing pages. , featured in Wall Street Journal, MIT Technology Review, and ACM Tech News

7 Privacy Non-Goals Server learns who follows whom.
Server learns whenever multiple tweets from a given tweeter contain the same hashtag. Server learns whenever multiple followers are subscribed to the same hashtag of a given tweeter. Second, we target at designing a system that can be deployed and protect OSNs in real-time. …. In addition, we want it to be tolerant for incomplete training data, since we can never collect all spam campaigns to train the system. At last, the system doesn’t need frequent re-training, which lowers the maintenance cost after deployment. There is an abundance of work in OSNs spam study. Ourselves did a offline spam analysis more than 1 year ago. It received wide media coverage. Grier et.al. did a similar study and reached similar conclusion. Thomas et.al deveoped the Monarch system that classifies URLs in real-time to identify spam messages. Our approach is complementary to theirs in the sense that we mainly use information in the messages and the senders, rather than the landing pages. , featured in Wall Street Journal, MIT Technology Review, and ACM Tech News

8 Roadmap Key System Design System Prototype Performance Overhead
Discussions and Conclusions Next in this talk, I will first give our detailed system design, followed by the experimental evaluation of the system. After that, I’d like to share some potential future work, and finally conclude this talk. 8 8

9 Hummingbird Protocol After deployment, the system sees a stream of incoming messages. There is one new message, and a set of messages that have been observed in the past. The past messages have already been organized into clusters. The system performs incremental clustering, to update the clustering result given the new message.

10 Crucial Background: OPRF
Name: Oblivious PseudoRandom Functions Effect: Securely compute fs(x) Input: s from sender and x from receiver Guarantee: Sender learns nothing about x Receiver only learns the value of fs(x) Incremental clustering requires that the clustering result of (k+1) messages can be obtained by updating the result of the first k messages with the k+1th message. There’s no need to repeat the whole clustering process.

11 Key Design Bob encrypts a message and Alice decrypts it
Bob and Alice share the secret fs(ht) fs(ht) is a cryptographic primitive that prevents Bob from learning ht (OPRF technique) The server forwards Bob’s message to Alice Both Bob and Alice submit a cryptographic token, H2(fs(ht)), to the server Incremental clustering requires that the clustering result of (k+1) messages can be obtained by updating the result of the first k messages with the k+1th message. There’s no need to repeat the whole clustering process.

12 Privacy Goals, re-visit
Server: learns minimal information beyond that obtained from performing the matching function. Tweeter: learns who subscribes to its hashtags but not which hashtags have been subscribed to. Follower: learns nothing beyond its own subscriptions. It learns no information about other subscribers or any tweets that do not match its subscriptions. Second, we target at designing a system that can be deployed and protect OSNs in real-time. …. In addition, we want it to be tolerant for incomplete training data, since we can never collect all spam campaigns to train the system. At last, the system doesn’t need frequent re-training, which lowers the maintenance cost after deployment. There is an abundance of work in OSNs spam study. Ourselves did a offline spam analysis more than 1 year ago. It received wide media coverage. Grier et.al. did a similar study and reached similar conclusion. Thomas et.al deveoped the Monarch system that classifies URLs in real-time to identify spam messages. Our approach is complementary to theirs in the sense that we mainly use information in the messages and the senders, rather than the landing pages. , featured in Wall Street Journal, MIT Technology Review, and ACM Tech News

13 System Prototype Another key component of our system is the trained classifier, which requires a careful selection of features. It ensures that it is relatively hard for spammers to manipulate the campaigns to evade detection. The reason is that some campaigns may be absent in the training set. In addition, after the training phase, new campaigns will emerge. Given these two problems, the features that are specific to any campaigns would have limited effectiveness.

14 Performance Overhead <1ms
Also negligible comparing to web transactions Comparable to current Twitter 14 14

15 Discussions The collusion disaster:
By colluding with Alice, for all hashtags that Alice follows, the server can learn H2(fs(ht)), thus learn the identify of all other followers on ht. By colluding with Bob, the server can learn the interest (the subscribed hashtag) of all Bob’s followers. Incremental clustering requires that the clustering result of (k+1) messages can be obtained by updating the result of the first k messages with the k+1th message. There’s no need to repeat the whole clustering process.

16 Discussions BIG (??) sacrifice of functionality: No retweets.
No replying. No tweets without hashtags. No following a user (must follow a (user, hashtag) pair). Do you still want to use Hummingbird? Incremental clustering requires that the clustering result of (k+1) messages can be obtained by updating the result of the first k messages with the k+1th message. There’s no need to repeat the whole clustering process.

17 Conclusions One the first efforts to mitigate privacy breach from service providers. Propose Hummingbird architecture. Implemented a prototype and demonstrated its low performance overhead Incremental clustering requires that the clustering result of (k+1) messages can be obtained by updating the result of the first k messages with the k+1th message. There’s no need to repeat the whole clustering process.

18 Thank you!

Download ppt "Hummingbird: Privacy at the time of Twitter"

Similar presentations

Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Off-the-Record Communication, or, Why Not To Use PGP

Off-the-Record Communication, or, Why Not To Use PGP
Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.

Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.
P3: Toward Privacy-Preserving Photo Sharing Moo-Ryong Ra, Ramesh Govindan, and Antonio Ortega Networked Systems Laboratory & Signal and Image Processing.

P3: Toward Privacy-Preserving Photo Sharing Moo-Ryong Ra, Ramesh Govindan, and Antonio Ortega Networked Systems Laboratory & Signal and Image Processing.
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Non-tracking Web Analytics Istemi Ekin Akkus 1, Ruichuan Chen 1, Michaela Hardt 2, Paul Francis 1, Johannes Gehrke 3 1 Max Planck Institute for Software.

Non-tracking Web Analytics Istemi Ekin Akkus 1, Ruichuan Chen 1, Michaela Hardt 2, Paul Francis 1, Johannes Gehrke 3 1 Max Planck Institute for Software.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis Sarmenta Srini Devadas MIT Computer.

Offline Untrusted Storage with Immediate Detection of Forking and Replay Attacks Marten van Dijk, Jonathan Rhodes, Luis Sarmenta Srini Devadas MIT Computer.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.
Privacy Preserving Data Mining Yehuda Lindell & Benny Pinkas.

Privacy Preserving Data Mining Yehuda Lindell & Benny Pinkas.
PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.

PRIAM: PRivate Information Access Management on Outsourced Storage Service Providers Mark Shaneck Karthikeyan Mahadevan Jeff Yongdae Kim.
Towards Online Spam Filtering in Social Networks Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary Lab for Internet and Security Technology.

Towards Online Spam Filtering in Social Networks Hongyu Gao, Yan Chen, Kathy Lee, Diana Palsetia and Alok Choudhary Lab for Internet and Security Technology.
1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:

1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:
WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.

WARNINGBIRD: A Near Real-time Detection System for Suspicious URLs in Twitter Stream.
Cryptanalysis of Two Dynamic ID-based Authentication

Cryptanalysis of Two Dynamic ID-based Authentication

Similar presentations

Ads by Google