Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011 www.soniajahid.com.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011 www.soniajahid.com."— Presentation transcript:

1 Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011 www.soniajahid.com

2 2

3 Statistics Privacy Issues Research on Online Social Network security and privacy – flyByNight – Persona – EASiER – NOYB Outline 3

4 Facebook Case: More than 500 million active users 50% of active users log on to Facebook in any given day Average user has 130 friends People spend over 700 billion minutes per month on Facebook There are over 900 million objects that people interact with Average user is connected to 80 community pages, groups and events Average user creates 90 pieces of content each month More than 30 billion pieces of content shared each month. Statistics 4 [1] [2] [3]

5 Information leak by the Online Social Network (OSN) – Intentional “You’ve Been Poked by University Police” “More Advertising Issues on Facebook” – Accidental “Facebook Revealed Private Email Addresses Last Night” “Facebook suspends app that permitted peephole” Attacks – Spam – Phishing Oversharing Stalking Privacy Issues 5 60% users trust their friends 18% users trust the provider 6% users trust strangers [4, 5, 6, 7, 8, 9]

6 Isn’t privacy protected by policies? – Privacy policy changes over time – Confusing! – Leads to unwanted information leak to users! Privacy Policies 6 [10]

7 Research on Privacy in OSN Today’s Focus Cryptography

8 flyByNight: Mitigating the Privacy Risks of Social Networking Matthew M. Lucas, Nikita Borisov WPES, October 2008 8

9 A facebook application designed to encrypt and decrypt data with an aim to mitigate privacy risks in social networks. Primary goal: – Hide information transferred through the OSN from the provider and the application server. Key idea: – Encrypt sensitive data using JavaScript on the client side and send the cipher text to intended parties, i.e., facebook friends. – Uses El-Gamal encryption Proxy Cryptography Overview 9

10 Initialization – Client generates Public/Private key pair, password – Client transfers encrypted private key to flyByNight server, and saves in key Database Send Data: – Client encrypts private data M with friends’ PK, and tags the encrypted data with friends’ ID, saves encrypted data in message Database on flyByNight server Receive Data: – Client decrypts private key with password, decrypts M with the private key Architecture 10

11 User encrypts the data User gives the ciphertext to a proxy User generates a key for the proxy, and for the friend Proxy transforms the ciphertext for an intended party using El-Gamal encryption One-to-Many Communication 11

12 One encryption per recipient A partial solution Discussion 12

13 Persona: An Online Social Network with User-Defined Privacy Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee SIGCOMM 2009 13

14 A new architecture for OSN that provides privacy – Encryption, Distributed Storage Key Idea: – Defines social relationships by attribute-key assignment – Encrypts data once for an attribute policy – Provides confidentiality through various cryptographic mechanisms – Stores user information in distributed storage – Provides OSN functionality as services Overview 14

15 Cryptography (Background on Attribute-based Encryption) 15 1 Professor OR (RA AND Security) 1 Message 1 can be viewed by – Professor OR (RA AND Security) Professor OR (RA AND Security) SK Sarah Attribute: Professor, Architecture SK Sam Attribute: RA, Networking 11 PK MSK Key Authority PK

16 Symmetric Keys (AES) – Data Encryption Attribute-based Encryption (CPABE) – Distribute the AES keys for groups – Distribute RSA keys for group identities Asymmetric (RSA) keys – Distribute attribute-secret key Idea: – Generate Attribute Secret Key for U 1 : ASK 1 – Encrypt ASK 1 with PK 1 - Enc PK1 (ASK 1 ) – Enc(M, K), ABE(K, policy, APK) U1:U1: Decrypt Enc PK1 (ASK1) with her RSA private key to get ASK 1 Use ASK 1 to get K from ABE(K, policy, APK) Use K to get M from Enc(M,K) 16 Cryptography friend, neighbor colleague, neighbor friend A.APK

17 Data storage – Stored/retrieved through get/put – No authentication for get Functionalities like wall, profile provided through a multiple reader/writer application – Users register for application – Users add ACL to the application page – Application page contains metadata, i.e., references to data Encryption/Decryption done at client side using browser extension Architecture 17 Storage Service Application Server (Wall) Application Server (Wall) Post (data) ref Post (ref) authenticate Alice posts on Bob’s wall

18 Persona does not support efficient revocation – Have to rekey rest of the group just to revoke one user from the group Though it says distributed storage, physically it is implemented on the same server Discussion 18

19 EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation Sonia Jahid, Prateek Mittal, and Nikita Borisov ASIACCS, March 2011 (to appear) 19

20 An ABE scheme to enhance privacy in OSN with support for efficient revocation Supports complete or partial relationship revocation Primary Goal: – Support efficient revocation in ABE for OSN for fine-grained access control Key Idea: – Social relationships defined using attribute keys – Introduces a minimally trusted proxy – Rekeys the proxy each time some key is revoked Overview 20

21 Architecture 21 21 (SK 1 ) (SK 2 )(SK 3 ) u1u1 u2u2 u3u3 KeyProxy (Revoke u 1, u 2 ) Proxy Modified CT component CT component PK, MK 1 AND Colleague Neighbor OR Friend

22 Revoked users can not decrypt future data, and even past data assuming they do not store data. EASiER efficiently supports the fine-grained access control in existing OSNs EASiER can be used in any domain that implements ABE EASiER does not support access delegation The proxy has to forget old key Discussion 22

23 NOYB: Privacy in Online Social Networks Saikat Guha, Kevin Tang, and Paul Francis WOSN 2008 23

24 An architecture where user data is scattered and public, and a collection of other users’ data Key Idea: – Encrypt user data such that the ciphertext follows semantic and statistical properties of legitimate data – Allow the service provider to work on ciphertext Overview 24

25 Uses out of band channel for key management User data is divided into atoms Atoms of similar type constitute a dictionary Atoms are replaced with other atoms from the dictionary Architecture 25 (Alice, F, 26) (Bob, M, 30) (Alice, F)(26)(Bob, M)(30) (Alice, F, 27)(Bob, M, 26) (Carol, F, 27) (Carol, F)(27)

26 Hiding in the crowd Needs character level substitution for unique values, e.g., email addresses Discussion 26

27 Online Social Networks need more privacy aware architecture Lot of research work on OSN security and privacy Privacy aware works include – Cryptography – Programming language-based access control enforcement – Decentralization of OSN Conclusion 27 Online Social Network in Real Life

28 1.Facebook StatisticsFacebook Statistics 2.Facebook Statistics, Stats & Facts For 2011Facebook Statistics, Stats & Facts For 2011 3.Infographic: Twitter Statistics, Facts & FiguresInfographic: Twitter Statistics, Facts & Figures 4.EDITORIAL: You've been poked by University policeEDITORIAL: You've been poked by University police 5.More Advertising Issues on FacebookMore Advertising Issues on Facebook 6.Facebook Revealed Private Email Addresses Last NightFacebook Revealed Private Email Addresses Last Night 7.Facebook suspends app that permitted peepholeFacebook suspends app that permitted peephole 8.Social phishing, T. N. Jagatic, N. A. Johnson, M. JakobssonSocial phishing, T. N. Jagatic, N. A. Johnson, M. Jakobsson 9.Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook,” Alessandro Acquisti and Ralph Gross. PET, 2006Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook,” Alessandro Acquisti and Ralph Gross. PET, 2006 10.Facebook's Eroding Privacy Policy: A TimelineFacebook's Eroding Privacy Policy: A Timeline References 28

Download ppt "Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011 www.soniajahid.com."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.

Efficient Private Techniques for Verifying Social Proximity Michael J. Freedman and Antonio Nicolosi Discussion by: A. Ziad Hatahet.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Reusable Anonymous Return Channels

Reusable Anonymous Return Channels
A Versatile Storage System for Future Networking Architecture Prof. Xiaohua Jia City University of Hong Kong 1.

A Versatile Storage System for Future Networking Architecture Prof. Xiaohua Jia City University of Hong Kong 1.
DECENT: A Decentralized Architecture for Enforcing Privacy in Online Social Networks Sonia Jahid 1, Shirin Nilizadeh 2, Prateek Mittal 1, Nikita Borisov.

DECENT: A Decentralized Architecture for Enforcing Privacy in Online Social Networks Sonia Jahid 1, Shirin Nilizadeh 2, Prateek Mittal 1, Nikita Borisov.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Copyright © 2003-2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1 Security Systems Lecture notes Dr.

Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
Key Management in Cryptography

Key Management in Cryptography
Computer Science Public Key Management Lecture 5.

Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography

Introduction to Public Key Cryptography

Similar presentations

Ads by Google