privacy in online social networks sonia jahid department of computer science university of illinois...
Post on 21-Dec-2015
215 views
TRANSCRIPT
![Page 1: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/1.jpg)
Privacy in Online Social Networks
Sonia Jahid
Department of Computer ScienceUniversity of Illinois at Urbana-Champaign
March 10, 2011
www.soniajahid.com
![Page 2: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/2.jpg)
![Page 3: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/3.jpg)
3
• Statistics• Privacy Issues• Research on Online Social Network security and
privacy– flyByNight– Persona– EASiER– NOYB
Outline
![Page 4: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/4.jpg)
4
Facebook Case:• More than 500 million active users• 50% of active users log on to Facebook in any given day• Average user has 130 friends• People spend over 700 billion minutes per month on
Facebook• There are over 900 million objects that people interact
with • Average user is connected to 80 community pages, groups
and events• Average user creates 90 pieces of content each month• More than 30 billion pieces of content shared each
month.
Statistics
[1] [2] [3]
![Page 5: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/5.jpg)
5
• Information leak by the Online Social Network (OSN)– Intentional
• “You’ve Been Poked by University Police”• “More Advertising Issues on Facebook”
– Accidental• “Facebook Revealed Private Email Addresses Last Night”• “Facebook suspends app that permitted peephole”
• Attacks– Spam– Phishing
• Oversharing• Stalking
Privacy Issues
60% users trust their friends18% users trust the provider6% users trust strangers
[4, 5, 6, 7, 8, 9]
![Page 6: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/6.jpg)
6
• Isn’t privacy protected by policies?– Privacy policy changes over time– Confusing!– Leads to unwanted information leak to users!
Privacy Policies
[10]
![Page 7: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/7.jpg)
Research on Privacy in OSN
Today’s Focus
Cryptography
![Page 8: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/8.jpg)
flyByNight: Mitigating the Privacy Risks of Social Networking
Matthew M. Lucas, Nikita BorisovWPES, October 2008
8
![Page 9: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/9.jpg)
9
• A facebook application designed to encrypt and decrypt data with an aim to mitigate privacy risks in social networks.
• Primary goal:– Hide information transferred through the OSN from the provider and the
application server.
• Key idea:– Encrypt sensitive data using JavaScript on the client side and send the
cipher text to intended parties, i.e., facebook friends.– Uses
• El-Gamal encryption• Proxy Cryptography
Overview
![Page 10: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/10.jpg)
10
• Initialization– Client generates Public/Private key pair, password– Client transfers encrypted private key to flyByNight server, and saves in key Database
• Send Data:– Client encrypts private data M with friends’ PK, and tags the encrypted data with friends’ ID, saves
encrypted data in message Database on flyByNight server
• Receive Data:– Client decrypts private key with password, decrypts M with the private key
Architecture
![Page 11: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/11.jpg)
11
• User encrypts the data• User gives the ciphertext to a proxy• User generates a key for the proxy, and for the
friend• Proxy transforms the ciphertext for an intended
party using El-Gamal encryption
One-to-Many Communication
![Page 12: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/12.jpg)
12
• One encryption per recipient• A partial solution
Discussion
![Page 13: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/13.jpg)
Persona: An Online Social Network with User-Defined Privacy
Randy Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee
SIGCOMM 2009
13
![Page 14: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/14.jpg)
14
• A new architecture for OSN that provides privacy– Encryption, Distributed Storage
• Key Idea:– Defines social relationships by attribute-key assignment– Encrypts data once for an attribute policy– Provides confidentiality through various cryptographic
mechanisms– Stores user information in distributed storage– Provides OSN functionality as services
Overview
![Page 15: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/15.jpg)
Cryptography (Background on Attribute-based Encryption)
15
1
Professor OR (RA AND Security)
Professor OR (RA AND Security)
1
• Message1 can be viewed by – Professor OR (RA AND Security)Professor OR (RA AND Security)
Professor OR (RA AND Security)
SKSarah
Attribute: Professor, Architecture
SKSam
Attribute:RA, Networking
1
1
PK
MSKKey Authority
PK
![Page 16: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/16.jpg)
16
• Symmetric Keys (AES) – Data Encryption
• Attribute-based Encryption (CPABE) – Distribute the AES keys for groups– Distribute RSA keys for group identities
• Asymmetric (RSA) keys– Distribute attribute-secret key
• Idea:– Generate Attribute Secret Key for U1:
ASK1
– Encrypt ASK1 with PK1 - EncPK1(ASK1)
– Enc(M, K), ABE(K, policy, APK)
U1:
• Decrypt EncPK1(ASK1) with her RSA private key to get ASK1
• Use ASK1 to get K from ABE(K, policy, APK)
• Use K to get M from Enc(M,K)
Cryptography
friend, neighbor
colleague, neighbor
friend
A.APK
![Page 17: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/17.jpg)
17
• Data storage– Stored/retrieved through get/put– No authentication for get
• Functionalities like wall, profile provided through a multiple reader/writer application– Users register for application– Users add ACL to the application
page– Application page contains
metadata, i.e., references to data
• Encryption/Decryption done at client side using browser extension
Architecture
Storage Service
Application Server(Wall)
Post (data)ref
Post (ref)
authenticate
Alice posts on Bob’s wall
![Page 18: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/18.jpg)
18
• Persona does not support efficient revocation– Have to rekey rest of the group just to revoke one
user from the group
• Though it says distributed storage, physically it is implemented on the same server
Discussion
![Page 19: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/19.jpg)
EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation
Sonia Jahid, Prateek Mittal, and Nikita Borisov
ASIACCS, March 2011 (to appear)
19
![Page 20: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/20.jpg)
20
• An ABE scheme to enhance privacy in OSN with support for efficient revocation
• Supports complete or partial relationship revocation
• Primary Goal:– Support efficient revocation in ABE for OSN for fine-grained access
control
• Key Idea:– Social relationships defined using attribute keys– Introduces a minimally trusted proxy– Rekeys the proxy each time some key is revoked
Overview
![Page 21: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/21.jpg)
21
Architecture
21
(SK1) (SK2) (SK3)
u1 u2 u3
KeyProxy (Revoke u1, u2)
Proxy
Modified CTcomponent
CTcomponent
PK, MK
1 AND Colleague
Neighbor
OR
Friend
![Page 22: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/22.jpg)
22
• Revoked users can not decrypt future data, and even past data assuming they do not store data.
• EASiER efficiently supports the fine-grained access control in existing OSNs
• EASiER can be used in any domain that implements ABE
• EASiER does not support access delegation• The proxy has to forget old key
Discussion
![Page 23: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/23.jpg)
NOYB: Privacy in Online Social Networks
Saikat Guha, Kevin Tang, and Paul Francis
WOSN 2008
23
![Page 24: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/24.jpg)
24
• An architecture where user data is scattered and public, and a collection of other users’ data
• Key Idea:– Encrypt user data such that the ciphertext follows
semantic and statistical properties of legitimate data– Allow the service provider to work on ciphertext
Overview
![Page 25: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/25.jpg)
25
• Uses out of band channel for key management
• User data is divided into atoms
• Atoms of similar type constitute a dictionary
• Atoms are replaced with other atoms from the dictionary
Architecture
(Alice, F, 26) (Bob, M, 30)
(Alice, F) (26) (Bob, M) (30)
(Alice, F, 27) (Bob, M, 26)
(Carol, F, 27)
(Carol, F) (27)
![Page 26: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/26.jpg)
26
• Hiding in the crowd
• Needs character level substitution for unique values, e.g., email addresses
Discussion
![Page 27: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/27.jpg)
27
• Online Social Networks need more privacy aware architecture
• Lot of research work on OSN security and privacy• Privacy aware works include– Cryptography– Programming language-based access control
enforcement– Decentralization of OSN
Conclusion
Online Social Network in Real Life
![Page 28: Privacy in Online Social Networks Sonia Jahid Department of Computer Science University of Illinois at Urbana-Champaign March 10, 2011](https://reader035.vdocuments.net/reader035/viewer/2022062714/56649d605503460f94a42111/html5/thumbnails/28.jpg)
28
1. Facebook Statistics2. Facebook Statistics, Stats & Facts For 20113. Infographic: Twitter Statistics, Facts & Figures4. EDITORIAL: You've been poked by University police5. More Advertising Issues on Facebook6. Facebook Revealed Private Email Addresses Last Night7. Facebook suspends app that permitted peephole8. Social phishing, T. N. Jagatic, N. A. Johnson, M. Jakobsson9. Imagined
Communities: Awareness, Information Sharing, and Privacy on the Facebook,” Alessandro Acquisti and Ralph Gross. PET, 2006
10. Facebook's Eroding Privacy Policy: A Timeline
References