Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure and Flexible Framework for Decentralized Social Network Services Luca Maria Aiello, Giancarlo Ruffo Università degli Studi di Torino Computer Science.

Published byHugh Austin Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure and Flexible Framework for Decentralized Social Network Services Luca Maria Aiello, Giancarlo Ruffo Università degli Studi di Torino Computer Science."— Presentation transcript:

1 Secure and Flexible Framework for Decentralized Social Network Services Luca Maria Aiello, Giancarlo Ruffo Università degli Studi di Torino Computer Science Department Keywords : social networks, privacy, access control, peer-to-peer SESOC 2010: IEEE International Workshop on SECurity and SOCial Networking Speaker: Luca Maria Aiello, PhD student aiello@di.unito.it

2 Privacy in OSNs Online Social Networks are brimful of precious user information ◦ Sensitive user data ◦ User-generated content (photos, posts, feedbacks, activity…) Social Network Service providers can arrange customizable privacy policies, but… ◦ Not every provider adequately meets users’ privacy needs ◦ Some users do not even accept to make their data available to the SNS providers 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino2

3 The p2p solution When centralized data management is the problem, decentralization is the way Replace the SNS centralized architecture with a peer-to-peer layer ◦ PeerSon [1], Safebook [2], … The new paradigm brings new challenges ◦ Reliability: structured p2p systems are very vulnerable to attacks  Poisoning, Pollution, Sybil, Eclipse, MITM… ◦ QoS and security : availability, updates, access control 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino3 [1] Buchegger, Schöiberg, Vu, Datta – 2009 [2] Cutillo, Molva, Strufe – 2009

4 Reconciliation User demand for privacy and application reliability/security should be assured both Our solution ◦ A DHT-based framework ◦ Strong identity is embedded at overlay level Features (contributions) ◦ Security to common attacks ◦ Integration on an identity basis ◦ Reputation management ◦ Discretionary Access Control ◦ (+ P2P tag-based search engine) 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino4

5 Likir[3] : a quick overview An OpenId is coupled with ordinary DHT Id in a single identifier, signed by a Certification Service Customized node interaction protocol ◦ Two-way authentication ◦ Verifiable content ownership (data are signed) Effective protection against attacks ◦ Widely shown by p2p community This solves our first problem: reliability 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino5 [3] Aiello, Milanesio, Ruffo, Schifanella – 2008

6 The idea: The idea: “SNS can be seen as a customizable suite of interoperable, identity-based applications” 29/03/2010 SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino6 Social Networking Service built on a identity-aware DHT User Identity Application logic Widget DHT Overlay node Put-get 2 tasks: Share data Gather contents How do we build a OSN on Likir?

7 Identity-based services The Likir layer offers identity-aware services to the widgets Improved set of APIs ◦ PUT (key, obj, ttl, type, public) ◦ GET (key, type, userId, recent, grant) ◦ BLACKLIST (userId) Such simple primitives allow to reach important goals 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino7

8 Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino8

9 Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino9

10 Integration Data exchange between different widgets GET (key, type, userId, recent, grant) ◦ Allows identity based-filtering UserId-driven search is ◦ Safe (certificates) ◦ Sharp (only one content is retrieved) Mash-up on an identity basis Likir applications provide public APIs for key/type production rules Example ◦ Wall posts can be fetched and displayed by other applications (e.g. instant messengers) 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino10

11 Tear down the wall! OSNs are often “walled gardens” ◦ Information flow between different OSNs is difficult In a open and decentralized environment, this is no more a problem! A single social graph emerges through widgets integration 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino11

12 Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino12

13 Privacy There is no privacy in a open environment! Simple data encryption is too little flexible We need a system granting highly dynamic group membership 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino13

14 Discretionary Access Control (DAC) Index nodes are the gatekeepers ◦ They can perform identity-based access control because overlay interaction is authenticated PUT (key, obj, ttl, type, public) ◦ Private resources are returned only if a proper grant certificate is shown GET (key, type, userId, recent, grant) ◦ Grants are distributed by an applicative DAC module 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino14

15 DACM: how does it work? (1) The DAC module listens for incoming friendship requests Accepted requests receive a signed grant certificate in response, which contains ◦ The granted userId ◦ A regular expression which determines allowed types An additional encryption key is exchanged Grants have an expiration time 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino15

16 DACM: how does it work? (2) When a index node receive a request for a private resource, it verifies ◦ Grant signature ◦ Querier’s userId = grant userId ◦ Requested content types matches the grant’s regular expression If control fail a generic “content unavailable” message is returned 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino16

17 Privacy properties Confidentiality ◦ Contents saved in the DHT readable only to authorized users ◦ Index nodes cannot read private data because of encryption Anonymity ◦ Participation to specific SNSs is private Authorized disclosure ◦ If the grant mechanism is extended also to local widgets, only authorized widgets can access to other widget’s data (no trojan horses) 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino17

18 Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino18

19 Reputation Reliable partner selection through reputation Applicative Reputation System (RS) Widgets give feedback to the RS on other users When the reputation score of a user falls below a threshold, the RS calls: ◦ BLACKLIST (userId) Subsequent interactions with “userId” are avoided at overlay level Cross-application reputation  no whitewashing 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino19

20 Goals 1. Easy integration between widgets 2. Privacy 3. Cross-application reputation management 4. Efficient resource indexing 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino20

21 Resource search OSNs use often folksonomies to categorize items In p2p OSNs, folksonomic search could fill another functional gap with corresponding, centralized web-services Task ◦ Mapping a bipartite graph on a DHT ◦ Mapping a tag-tag graph useful for navigation Issue ◦ Mapping of dense tag-tag graph is very inefficient 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino21

22 DHARMA DHT-based Approach for Resource Mapping through Approximation Idea: cutting off edges representing weak correlations between tags ◦ Efficient tag insertion and navigation The implementation details will be presented at HotP2P 2010 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino22

23 SOCIAL NETWORK CLIENT ARCHITECTURE 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino23

24 Conclusions Embedding strong identity at overlay level grants ◦ Reliability ◦ Flexible privacy services (Discretionary Access Control) ◦ Reputation management Proposal for implementing collaborative tagging system in p2p OSNs Implementation ◦ Likir, DHARMA and LiCha (simple IM application) are available ◦ DACM is on the way 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino24

25 References http://likir.di.unito.it L. M. Aiello, M. Milanesio, G. Ruffo, R. Schifanella “Tempering Kademlia with a Robust Identity Based System”, P2P 2008 L. Maccari M. Rosi and R. Fantacci and L. Chisci and M. Milanesio and L. Aiello, “Avoiding Eclipse attacks on Kad/Kademlia an identity based approach”, ICC 2009 L. M. Aiello, M. Milanesio, G. Ruffo, R. Schifanella “Tagging with DHARMA, a DHT-based Approach for Resource Mapping through Approximation” HOTP2P 2010, to appear. April 23 rd 29/03/2010SESOC 2010 - Luca Maria Aiello, Università degli Studi di Torino25

26 SESOC 2010: IEEE International Workshop on SECurity and SOCial Networking Speaker: Luca Maria Aiello, PhD student aiello@di.unito.it Thank you for your attention!

Download ppt "Secure and Flexible Framework for Decentralized Social Network Services Luca Maria Aiello, Giancarlo Ruffo Università degli Studi di Torino Computer Science."

Similar presentations

Luca Maria Aiello. Università degli Studi di Torino – Dipartimento di Informatica – SecNet Group 1 Secure distributed applications: a case study Luca Maria.

Luca Maria Aiello. Università degli Studi di Torino – Dipartimento di Informatica – SecNet Group 1 Secure distributed applications: a case study Luca Maria.
Embedding identity in DHT systems: security, reputation and social networking management 1 Embedding Identity in DHT Systems: Security, Reputation and.

Embedding identity in DHT systems: security, reputation and social networking management 1 Embedding Identity in DHT Systems: Security, Reputation and.
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.

Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Access Control Methodologies

Access Control Methodologies
Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.

Raphael Frank 20 October 2007 Authentication & Intrusion Prevention for Multi-Link Wireless Networks.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.
SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.

SIP roaming solution amongst different WLAN-based service providers Julián F. Gutiérrez 1, Alessandro Ordine 1, Luca Veltri 2 1 DIE, University of Rome.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.

Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Tagging with DHARMA A DHT-based Approach for Resource Mapping through Approximation Luca Maria Aiello, Marco Milanesio Giancarlo Ruffo, Rossano Schifanella.

Tagging with DHARMA A DHT-based Approach for Resource Mapping through Approximation Luca Maria Aiello, Marco Milanesio Giancarlo Ruffo, Rossano Schifanella.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues.

ODISSEA Mehdi Kharrazi Kulesh Shanmugasundaram Security Issues.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
E-mail: kemal@cs.siu.edu Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE 802.11.

Department of Computer Science Southern Illinois University Carbondale Wireless and Network Security Lecture 9: IEEE
Object Naming & Content based Object Search 2/3/2003.

Object Naming & Content based Object Search 2/3/2003.

Similar presentations

Ads by Google