Keywords. Social network security, social engineering, XSS, CSRF, DoS, stalking, OpenID, Facebook, twitter, LinkedIn, phishing, information theft, identity, identity.
White Papers and Scientific Research. Security and Privacy in Social Networks Bibliography. “Security and Privacy in Social Networks Bibliography.
Social Networks and Privacy OLEKSANDR BODRIAGOV Licentiate Thesis Stockholm, Sweden, 2015 TRITA-CSC-A 2015:07 ISSN-1653-5723 ISBN 978-91-7595-571-1 KTH Royal Institute of Technology School of Computer Science and Communications Department of Theoretical Computer Science SE-100 44 Stockholm SWEDEN Akademisk avhandling som med tillst˚ and av Kungl Tekniska hă ogskolan framlă agges till offentlig granskning fă or avlă aggande av teknologie licentiatexamen i datalogi den 09 juni, 2015 i sal E2 Lindstedsvă agen 3, Kungliga Tekniska Hă ogskolan, Stockholm. c Oleksandr Bodriagov, January 13, 2015 Tryck: Universitetsservice US AB Abstract Centralized online social networks pose a threat to their users’ privacy as social network providers have unlimited access to users’ data. Decentralized social networks address this problem by getting rid of the provider and giving control to the users themselves, meaning that only the end-users themselves should be able to control access of other parties to their data. While there have been several proposals and advances in the development of privacypreserving decentralized social networks, the goal of secure, ecient, and available social network in a decentralized setting has not been fully achieved. This thesis contributes to the research in the eld of security for social networks with focus on decentralized social networks. It studies encryption-based access control and management of cryptographic keys/credentials (required for this access control) via user accounts with password-based login in decentralized social networks. First, this thesis explores the requirements of encryption for decentralized social networks and proposes a list of criteria for evaluation that is then used to assess existing encryptionbased access control systems. We nd that all of them provide condentiality guarantees (of the content itself), while privacy (of information about the content or access policies) is either not addressed at all or it is addressed at the expense of system’s performance and exibility. We highlight the potential of two classes of privacy preserving schemes in the decentralized online social network (DOSN) context: broadcast encryption schemes with hidden access structures and predicate encryption (PE) schemes, and propose to use them. Both of these classes contain schemes that exhibit desirable properties and better fulll the criteria. Second, the thesis analyses predicate encryption and adapts it to the DOSN context as it is too expensive to use out of the box. We propose a univariate polynomial construction for access policies in PE that drastically increases performance of the scheme but leaks some part of the access policy to users with access rights. We utilize Bloom lters as a means of decreasing decryption time and indicate objects that can be decrypted by a particular user. The thesis demonstrates that adapted scheme shows good performance and thus user experience by making a newsfeed assembly experiment. Third, the thesis presents a solution to the problem of management of cryptographic keys for authentication and communication between users in decentralized online social networks. We propose a password-based login procedure for the peer-to-peer (P2P) setting that allows a user who passes authentication to recover a set of cryptographic keys required for the application. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as remembered logins, password change, and recovery of the forgotten password. The combination of these protocols allows emulating password logins in centralized systems. The results of performance evaluation indicate that time required for logging in operation is within acceptable bounds. 3 Sammanfattning Centraliserade sociala online nă atverk utgă or ett hot mot anvă andarnas integritet. Detta eftersom leverantă orer av sociala nă atverkstjă anster har obegră ansad tillg˚ ang till anvă andarnas information. Decentraliserade sociala nă atverk lă oser integritetsproblemet genom att eliminera leverantă orer och ge anvă andarna kontroll ă over deras data. Innebă orden av detta ă ar att anvă andarna sjă alva f˚ ar ă bestă amma vem som f˚ ar tillg˚ ang till deras data. Aven om det nns era fă orslag och vissa framsteg i utvecklingen avseende integritetsbevarande decentraliserade sociala nă atverk, har m˚ alet om să akra, eektiva, och tillgă angliga sociala nă atverk i en decentraliserad miljă o inte uppn˚ atts fullt ut. Denna avhandling bidrar till forskning inom să akerhet avseende sociala nă atverk med fokus p˚ a decentraliserade sociala nă atverk. Avhandlingen inriktas p˚ a krypteringsbaserad ˚ atkomstkontroll och hantering av kryptograska nycklar (som kră avs fă or denna ˚ atkomstkontroll) med hjă alp av anvă andarkonton med lă osenordsbaserad inloggning i decentraliserade sociala nă atverk. Fă orst undersă oker denna avhandling krav p˚ a kryptering fă or decentraliserade sociala nă atverk och fă oresl˚ ar utvă arderingskriterier. Dessa utvă arderingskriterier anvă ands sedan fă or bedă omning av bentliga krypteringsbaserade system fă or ˚ atkomstkontroll. V˚ ar utredning visar att samtliga garanterar sekretess av sjă alva inneh˚ allet. Integritet av information om inneh˚ allet eller˚ atkomstprinciper ar dock inte skyddat alls, alternativt skyddade p˚ ă a bekostnad av systemets prestanda och exibilitet. Vi lyfter fram potentialen i tv˚ a klasser av integritetsbevarande system i DOSN sammanhang: broadcast-krypteringssystem med dolda tillg˚ angsstrukturer och predikat krypteringssystem; vi fă oresl˚ ar anvă andning av dessa system. B˚ ada dessa klasser inneh˚ aller system som uppvisar onskvă ă arda egenskaper och uppfyller kriterier p˚ a ett bă attre să att. Fă or det andra analyserar avhandlingen predikat kryptering och anpassar denna till DOSN sammanhang, eftersom det ă ar fă or dyrt att anvă anda som det ă ar. Vi fă oresl˚ ar en ”univariate polynomial construction” fă or ˚ atkomstprinciper i predikat kryptering som drastiskt ă okar systemets prestanda, men lă acker n˚ agon del av ˚ atkomstprincipen till anvă andare med ˚ atkomstră attigheter. Vi anvă ander Bloom-lter fă or att minska dekrypteringstiden och indikera objekt som kan dekrypteras av en viss anvă andare. Genom att gă ora ett experiment med nyhetsă odessammansă attning visas att det anpassade systemet ger goda resultat och dă armed anvă andarupplevelse. Fă or det tredje presenterar avhandlingen en lă osning p˚ a problemet avseende hanteringen av kryptograska nycklar fă or autentisering och kommunikation mellan anvă andare i decentraliserade sociala online nă atverk. Vi fă oresl˚ ar en lă osenordsbaserad inloggningsprocedur fă or peer-to-peer (P2P) miljă on, som gă or att anvă andaren som passerar autentisering f˚ ar ˚ atervinna en uppsă attning kryptograska nycklar som kră avs fă or applikationen. Fă orutom lă osenordsinloggning presenterar vi ocks˚ a stă odprotokoll fă or att ge relaterat funktionalitet, s˚ asom inloggning med lagrade lă osenord, lă osenordsbyte, och ˚ aterstă allning av bortglă omda lă osenord. Kombinationen av dessa protokoll till˚ ater simulera lă osenordsinloggning i centraliserade system. Prestandautvă arderingen visar att tiden som kră avs fă or inloggning ă ar inom acceptabla gră anser. Acknowledgements It took me a few years to write this thesis, and I must say that it was not the easiest task in my life. It required a lot of time, dedication, and concentration. I would like to express my gratitude to all people that helped me on this way. First and foremost, I would like to thank my adviser Sonja Buchegger for her help, support, invaluable advices, and guidance. She was the one who taught me how to do research in a structured way. Her simple and elegant guidelines, like a rule of thumb for writing introduction in papers, have been very useful to me in various situations beyond academic context. Second, I would like to thank my colleagues from our small but quite ecient research group: Gunnar Kreitz, Benjamin Greschbach, and Guillermo Rodṛ ıguez-Cano. I really enjoyed working with you all! I would also like to express my gratitude to Siavash Soleimanifard, Oliver Schwarz, and Pedro de Carvalho Gomes for sharing their thoughts and comments whenever I asked them. Thanks to Dilian Gurov for his counsel on writing this thesis. I am thankful to all members of the theoretical computer science group at KTH for making this group a very friendly place to work in. Special thanks to Benjamin Greschbach, Guillermo Rodṛ ıguez-Cano, Oliver Schwarz, Pedro de Carvalho Gomes, and Siavash Soleimanifard for many fun and interesting conversations. Last but not least, a big thanks to my friends at NGO “Unga Ukrainare i Sverige”: Max, Vira, Ola, Kostya, Oksana, Alyona, Sergii, Tetiana, and Roman. You all are great people, and I am grateful for your support, company, and for the fantastic and unforgettable experience we have had. Oleksandr Bodriagov, Stockholm, January 2015. Table of Contents Table of Contents List of Figures List of Tables 1 Introduction 1.1 Background . . . . . . . . . . 1.2 Motivation and related work . 1.3 Research methodology . . . . 1.4 Thesis contribution . . . . . . 1.5 Conclusions and Future work 7 9 9 11 11 13 17 17 21 23 25 29 29 31 33 34 36 37 39 40 43 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Errata for included publications Bibliography 3 Encryption for Peer-to-Peer Social Networks 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . 3.2 Essential criteria for the P2P encryption systems . 3.3 Existing P2P OSN Architectures . . . . . . . . . . 3.4 Evaluation of existing encryption schemes based on 3.5 Broadcast Encryption . . . . . . . . . . . . . . . . 3.6 Predicate Encryption . . . . . . . . . . . . . . . . . 3.7 Comparison and Discussion . . . . . . . . . . . . . 3.8 Conclusions . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . our criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Access Control in Decentralized Online Social Networks: Applying a PolicyHiding Cryptographic Scheme and Evaluating Its Performance 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 Predicate Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 47 49 50 54 57 58 5 Passwords in Peer-to-Peer 61 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 5.2 Related Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 7 5.3 System Overview and Assumptions 5.4 Password-based P2P Login . . . . 5.5 Password Recovery . . . . . . . . . 5.6 Security . . . . . . . . . . . . . . . 5.7 Evaluation . . . . . . . . . . . . . . 5.8 Conclusions and Future Work . . . References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 64 69 73 75 78 79 8 List of Figures 4.1 4.2 5.1 5.2 5.3 PE scheme performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 News feed assembly time for 300 proles . . . . . . . . . . . . . . . . . . . . . . . . . 57 Overview of the system. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Storage structure and login procedure . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Login latency CDF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 List of Tables 3.1 5.1 5.2 5.3 Comparison of encryption systems of P2P social networks . . . . . . . . . . . . . . . 42 Protocol Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Recovery Protocol Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Latencies of protocols, in milliseconds. . . . . . . . . . . . . . . . . . . . . . . . . . . 77 9 Chapter 1 Introduction Technological advances of mankind made mass communication and information sharing possible. By the end of the 19th century invasion of an individual’s privacy due to electrical telegraph, photography, and newspapers rst occurred. In 1890 L. Brandeis and S.Warren published an article called ”The Right to Privacy” [1]. It was one of the rst to advocate a right to privacy and its protection via legislative means. It became clear that privacy had to be protected. Nowadays, with the emergence of social media, additional risks to an individual’s privacy have appeared. Nevertheless, information technology gives us necessary mechanisms to protect our privacy, we do not have to rely solely on the legislative privacy protection. This thesis contributes to the research in the eld of social media security and is aimed at protecting privacy in social networks via technological means. 1.1 Background Social networks have seen a dramatic growth during the past decade. For users, the benets provided by the services outweighed any risks to privacy imposed by usage of these services. The privacy concerns and awareness did not stop users from revealing large amounts of personal information [2, 3]. In fact, in 2005, the majority of users opted to use default privacy settings, which were quite loose [4]. This combined with security aws existing in these services [5] created a favorable environment for collecting of private data not only by the service provider, but also by various third parties. Gradually, the awareness of privacy risks among users increased. According to [6], in 2009 the majority of surveyed Facebook users were already using much stricter access policies. Furthermore, users started actively defending their privacy. Changes, introduced by the social network provider, that users considered as a potential threat to their privacy were met with protests [5]. While security patches and additional privacy mechanisms developed by social network providers gave users the impression that they were in control of their data, in reality it has always been a social network service provider (SNP) that has had full control. For example, Facebook’s Terms of Services (TOS) [7] up till November 2013 stated that it gets ”perpetual, non-exclusive, transferable, fully paid, worldwide ” license to any content user posts and that it can use it for commercial or advertising purposes. Google’s TOS [8] up till March 2012 stated that the company had perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to user content and that it could make this content available to other companies, organizations or individuals for the provision of syndicated services. Other services like Twitter, Instagram, and Linkedin have TOS [9] that gives them similar rights to the user content. While Google’s current TOS [10] are much more modest and state that ”The rights you grant in this license are 11 for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.”, Facebook according to its current TOS [11] still retains: ”non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post ”. Even if the policy states that it is a user who owns the information, de facto it is SNP who is the real owner of the information. SNPs have the right to change TOS at any moment and they can introduce any changes to the service they wish (e.g. Facebook that unveiled privacy changes in 2009 [12]), and only a massive public protest can stop it. A user who is not happy with a service has mainly two options: either quitting the service or following its terms. The user cannot easily switch to another provider, especially if the majority of his friends still uses the old provider. Users are locked in the system, and consequently they have less means to inuence SNPs. Providers take advantage of this situation and set the rules as they like. The user, in some sense, has no control over his/her information after it is posted. According to [5], in 2007, Privacy International listed Facebook among companies with ”severe privacy threats” because of data mining, transfer of data to third parties, etc. The recent study [13] has shown that half of the users that leave Facebook do this because of the privacy concerns. Since locking gives providers bigger revenues and better control over the users, they have no incentives to switch to an open inter provider communication. The business model of SNPs is based on data aggregation, data mining, and targeted advertisements as the main end product. According to Facebook’s annual report 2013 [14], more than 90 percent of all revenues comes from advertising. The research community realized the importance of privacy in social networks and came up with a number of proposals to tackle the privacy problem. Some researchers concentrated on anonymization techniques for mitigating a privacy threat associated with sharing of social data (e.g. a social network graph) with third parties. Social network APIs like Facebook API and OpenSocial API developed by Google allowed third-party applications to access a social graph and personal data of a user [15]. To anonymize data Felt et. al. [15] proposed to transform all user IDs in query responses, eectively prohibiting an application to access actual user IDs. However, according to Zhou et.al. [16], having some information about the connections of a user and the relationship between these connections, it was possible to reidentify the user in the social network graph. Therefore they proposed an anonymization technique that modies the graph [16]. The aforementioned solutions protected only against malicious third parties. Besides, their implementation depended on the good will of SNPs. Researchers realized that SNP itself posed a threat and proposed to take control of the user data from SNPs by creating overlay systems that used online social network service as a communication medium or(and) as a storage. FlyByNight [17] is a third-party Facebook application that uses Facebook servers as a middle-ware for all interaction between FlyByNight servers and end users. All messages are stored in encrypted form on the specially dedicated FlyByNight server. FaceCloak [18] allows users to hide any chosen piece of information from the SNP by storing it in encrypted form on a third-party server. When a user wants to post some hidden information, fake information is sent to SNP, while real information is sent to the third-party server. Fake information is used to nd out the identier of the real information on the third-party server. NOYB [19] hides real information from the SNP by using pseudorandom blocks of information (that look like real data to the SNP) and substituting real data with these blocks, thus the SNP operates on the fake data. The system works as a substitution cipher. All data is partitioned into chunks which are indexed and then substituted by the chunks of encrypted data. The chunks for substitution are picked from the dictionary. The index of the real data chunk is encrypted and the ciphered index is used to choose the chunk for substitution. These overlay solutions were not self-contained. They were entirely dependent on the good 12 will of the social network provider, which could stop the ”parasitic” services at any moment. Besides, these solutions have completely neglected the nancial side of the problem connected with creating an altruistic provider of the ”privacy-enhancing service”. Other researchers focused on the problem of locking of users. Lockr [20] decouples stored social information from functionality, thus allowing users to be registered to dierent SNPs while maintaining a social connection. Lockr can operate both in a centralized and in a decentralized mode. In the centralized mode the SNP is responsible for the access control enforcement and data storage. SNPs do not store users’ social networks, only personal information. The stored data is unencrypted. SNPs continue to serve user data as well as host third-party social applications. In the decentralized mode, information is stored by the user himself, and the user is responsible for access control. 1.2 Motivation and related work Giving the full control to the end-user would be a solution to the privacy problem, meaning that only the end-user himself should be able to control access of other parties to his data. An unauthorized party should not have any technical means to access the end-user’s data. Full data control There are several approaches to achieve full control over one’s data: • hosting user’s data on a constantly available paid server • personal server for each user • personal virtual machine in a paid cloud • personal mobile devices with Internet connectivity acting as servers • decentralized network The rst approach is to host users’ data on a constantly available server to achieve the same level of service and interactivity that is provided by online social networks (OSNs). However, this kind of service provided by a third party cannot be free unless the user is willing to allow data mining and to receive advertisements. The problem is that research shows that users are not willing to pay for the social network service, though they are willing to use it [21]. Thus, it is doubtful that users will pay for the service with some security benets if there is a similar one for free. Therefore a concept of a paid service with security guarantees for the end user is currently infeasible. Any solution with a central server raises payment and privacy concerns. For example, the ad-free, paid online social networking platform and microblogging service App.net [22] gives users control over their data. The users give permissions to social applications/services running on top of the App.net platform to access their data. Yet, the users can neither prevent App.net that manages this platform from accessing their data for purposes beyond operating services nor prevent transfer of their data to third parties (e.g. recent reports on National Security Agency’s global surveillance program [23]). The App.net’s revenue model is based on subscription fees paid by users and developers, but their subscription renewal rate in 2014 was so low that they did not have sucient budget for full-time employees [24]. Another way would be to use a decentralized, provider-independent approach and have each user run his/her own server. The problem is that most of the users do not have sucient expertise for that, and it would be much more troublesome for them to keep it constantly 13 running and maintain it than using an ordinary social network. A decentralized social network Diaspora [25], that has taken this approach, is a good example. Any user can join Diaspora by setting up a private server, and users who decide not to set up their own servers can choose from one of the existing servers to store their data. According to their statistics [26], only a very small percentage of users decided to set up their own server, while 90% of all users are registered on just 5 top servers (by the number of active users). It is important to point out that data that is stored on these servers is not encrypted, and people running the server have full access to users’ data [27]. Privacy can be ensured only by running a personal server. Besides, there is no guarantee that one of these servers will not be shut down later in the future, potentially resulting in a complete loss of all data for the users of that server. Taking into account the previous arguments about the paid services and Diaspora’s experience with personal servers, one can claim that a Vis-a‘-Vis [28] model of the decentralized OSN based on personal virtual machines running in a paid cloud is currently infeasible. Another option would be to use mobile phones/tablets as servers. Users could download an app on their mobile phones/tablets and run some kind of a server to achieve a fully decentralized network. However, the homogeneous network of mobile phones will hardly be able to provide any connectivity at all because, to the best of our knowledge, all of the 3G/4G networks are behind NAT (or two NATs) and rewalls [29] and NAT-traversal techniques [30] will not work when all devices are behind the NAT and there are no rendezvous points. Even if we assume that the transition to IPv6 and consequent disappearance of NATs happens very soon, this approach has still some other disadvantages: a lost or stolen phone equals to loosing all information and the prole; a forgotten phone means that it is impossible to access the prole; connection loss means that none of your friends can access your prole, popular high-denition videos or photo albums can result in hundreds of megabytes of outgoing trac that would be a big burden for the battery. Consequently, user data should be backed-up on and served from some external storage managed by some other party. So, even if we assume that transition to IPv6 has happened and mobile phones can act as servers, user data should still be replicated regularly to some external storage to achieve 24/7 data availability and integrity. A more realistic view of the fully decentralized network for social networking is a heterogeneous P2P network consisting of various devices having dierent Internet connectivity and availability. Devices in this network act as building blocks for a decentralized storage with replication that stores all user data. Due to replication, data will still be available even if the node from which this data originated goes o-line. There has been a lot of research on distributed storage systems [31–39] that has shown that such systems are feasible under realistic assumptions for node availability and replication degree. This thesis follows this last approach and focuses on building a decentralized social network on top of existing decentralized storage systems in order to give full control to the end-user and to ensure privacy. Encryption-based access control Replication of user data to untrusted storage in the decentralized social network creates many privacy issues. An access control mechanism should tackle these issues since we considered decentralized networks with an aim of creating a privacy-preserving social network. The basic requirement to an access control mechanism in this case is that it should prevent a node which stores the replicated data from seeing it, except for meta information that identies the data to be served. It should also guarantee that the user data is available only to a set of people authorized by the owner of the data. Data encryption is one of the mechanisms that helps to solve these two problems. It prevents the untrusted node that stores and serves the data 14 from seeing it, and it works as an access control mechanism as only people who were given cryptographic keys for decrypting data by the data owner should be able to decrypt it. Encryption-based access control for decentralized social networks has received a lot of attention recently and many solutions have been developed [40–45]. An early version of the PeerSoN [40, 46] P2P social network used a distributed hash table (DHT) to look up data and a combination of symmetric and asymmetric cryptography for encryption-based access control on untrusted storage. Data was rst encrypted with a symmetric key and then this key was encrypted with a public key of each of the data recipients. Privacy was not suciently addressed since user Ids (or public keys) were stored alongside encrypted data. Consequently, it was possible to infer who could decrypt the data. The two-layered encryption, which is used in PeerSon, where the rst layer is the symmetric encryption and the second layer encrypts the secret key used in the rst layer is called a key encapsulation mechanism (KEM). KEM is benecial when encrypting the same object for multiple recipients as it helps reduce encryption time and the resulting size of the encrypted object. As far as we know, KEM is used in all solutions for decentralized social networks. Persona [43] relies on untrusted storage and uses ciphertext-policy attribute-based encryption (ABE) with KEM for access control. ABE is used to encrypt data for groups of recipients and dierent combinations of these groups. To provide specic rights to stored objects, the prole owner denes access control lists (ACLs) and the storage enforces them. This scheme, however, does not guarantee privacy as the storage can see these ACLs in plaintext. ACLs contain the users’ public keys and their access rights. The storage authenticates the users and authorizes their actions based on the entries in the ACL. This scheme provides limited data integrity protection since the storage is supposed to reliably store and serve data, and protect it from unauthorized modication or deletion. Yet, the credibility of access control enforced by untrusted storage is not that strong, so the main protection mechanism is encryption, and it ensures only condentiality. A user retrieving data (unlike the user writing data) does not need to authenticate with the storage, so the storage does not know the identity of the user but knows which groups of users can read data requested by the user as this this information is leaked by the ABE encryption. From privacy perspective, Persona has a small improvement compared to PeerSon if there are many users who have only the right to read data. Safebook [42] solves the problem of untrusted storage by using trusted friends to store data on their computers and to ensure privacy. Condentiality is again achieved with a combination of symmetric and asymmetric encryption, and a DHT is used as a lookup service to nd a path to the stored data. Unlike other systems for decentralized social networks, Safebook provides untraceability of communication as an integral part of the system. The privacy of the scheme is partial because explicitly trusted parties (most trusted friends that serve as mirrors) can trace communication parties, but communication privacy is protected from external observers via multi-hop routing. We argue that reliance on friendships and trust may be harmful. Friendships may fade with time or may end suddenly, and trust can be betrayed. It has been shown that half of adult friendships are lost in seven years [47]. In comparison to PeerSon, Safebook has a slight improvement in privacy as only trusted friends can see who can decrypt the data of the prole owner. Cachet [44] is an update of the Decent architecture [48]. It uses a DHT to store data and uses ABE for encryption. In the used variant of ABE, the access policy is described openly in the header of the ciphertext. The authors observe the resulting privacy violation, but only address it partially by hiding these headers from the storage system. Users can still observe headers and thus can see plaintext ABE access policies. For eciency, the authors used caching 15 of information and store the unencrypted version of this information on the nodes that satisfy the ABE policy (nodes that are able to decrypt). Thus users will know for whom the content is encrypted, and they may even be able to trace the requests of other people who also can decrypt the same information. Gă unther et. al. [45] describe two solutions for publishing of content on social network proles. One solution uses broadcast encryption with pseudonyms. Pseudonyms are needed to provide privacy protection and patch the used BE scheme which leaks the set of recipients. Pseudonyms give a limited anonymity property [45], but it is still possible to see which pseudonym is authorized to decrypt what. Taking into account that other users might have some additional information about an event/question that the encrypted message covers, we argue that the protection is not sucient as users may infer the identity behind the pseudonym. Their second construction is based on symmetric encryption. It requires for each attribute-value pair in the system and for each user from the set of recipients of that value to have a separate decryption key. This approach scales poorly to large system sizes. Tahoe [49], a distributed le system, uses symmetric encryption. Each encrypted le is associated with at least two unique cryptographic values/capabilities. One is a symmetric encryption key and the other one is a hash value for checking integrity. To give access to an encrypted le to a user, one has to share these two cryptographic capabilities with this user. Taking into account the large number of friends in social networks, such sharing results in too much overhead and becomes prohibitively expensive. By grouping a set of les into a directory (a le that contains all cryptographic capabilities required to read/write any le from the set [49]) and then sharing cryptographic capabilities only for this directory we could partially solve the problem, but then we lose exibility of ne-grained access to les. Anderson et. al [41] describe a social network that divides a user prole in discrete encrypted blocks. Symmetric secret keys for these blocks are shared between users who should have access to information stored in these blocks by using hierarchical group key management schemes. We argue, that it is not obvious that there exists a hierarchy of users/groups (unlike the hierarchy of les and directories) in a prole of an average user besides the most simple one, in which any group is a subset of group “friends” containing all connections of the prole owner. In a system without access rights hierarchy, a hierarchical group key management scheme will perform no better than a simple system based on shared keys for groups. Issues covered in this thesis All of the aforementioned systems ensure condentiality of the users’ content, but information about access policies, which describe who has access to this content, is either not protected at all or it is protected in a way that system’s performance and exibility suers. An accesscontrol mechanism of the DOSN should be privacy-preserving, i.e. it should not reveal access policies, and performant at the same time; and these depend on the underlying cryptographic primitive(s). Taking into account the large number of objects and users in the social network and the constrained resources of the distributed P2P storage, the cryptographic system used for encryption/decryption should have low cryptographic overhead, exibility to support typical data sharing and communication functions of the social network, and adequate performance. What is the best encryption system for DOSNs? How should it be applied to the DOSN? All cryptographic systems use secret cryptographic keys/credentials. In general, the more entities/communicating parties the system includes, the bigger number of cryptographic keys is needed. A typical social network user has hundreds of friends, which means many cryptographic keys/credentials. All of the aforementioned decentralized social networks assume that a user owns a device that has all cryptographic keys/credentials needed to interact with the system. However, if this device is lost or gets broken and there is no backup, then the user becomes cut 16 o from the system. This device becomes a single point of failure. Moreover, it is common that a user owns several devices, so they have to be synchronized. We could of course require users to carry with them USB sticks containing necessary cryptographic keys. As another option, we could encrypt these keys, store them in the cloud and require users to remember only one key needed to decrypt and fetch all other keys belonging to them. Either of these variants would decrease usability. In centralized online social networks users have only one password instead of many cryptographic keys, and they can log in from any computer in the world. Is it possible to use globally accessible accounts, stable network-wide identities, and usernamepassword authentication in decentralized social networks? What would account registration, login, password change, remembered logins, and logout procedures look like? 1.3 Research methodology This thesis follows the design science research methodology principles [50]. It involves the qualitative and quantitative analysis of existing design artifacts/DOSN architectures followed by the design of new artifacts and their evaluation. In particular, for the research of encryption-based access control in DOSN, the design artifacts were evaluated according to the following categories: eciency, functionality, and privacy. By eciency we mean how much eort the used encryption scheme creates in terms of storage, computational cost, and communications overhead. By functionality we categorize possibilities of using the encryption scheme to manage permissions. By privacy we denote the side-eects of the decentralized system of leaking information about the user data and not only the user data itself (condentiality). For the research of password-based authentication in decentralized systems, the authentication mechanisms of P2P backup and storage systems were analyzed. The analysis was followed by the design of the new protocols for the password-based authentication and the new encryption-based access control mechanism aimed at solving the privacy problem without sacricing performance. Lightweight custom simulators were developed to evaluate the eciency of the design. The data used in simulations was taken from the realworld performance measurements of the BitTorrent Mainline DHT overlay and statistical data from Facebook. Security properties of the proposed architectures were thoroughly analyzed, but no formal security proofs were made. 1.4 Thesis contribution A total of 4 research papers have been co-authored during the licentiate thesis. They can be broadly characterized into three topics: encryption protocols for encryption-based access control, management of cryptographic keys/credentials via user accounts with password-based login in decentralized P2P networks, and communication protocols and general architecture for decentralized social networks. The thesis focuses on the rst two topics. List of Papers 1. O. Bodriagov and S. Buchegger, “Encryption for peer-to-peer social networks,” in Security and Privacy in Social Networks, Y. Altshuler, Y. Elovici, A. B. Cremers, N. Aharony, and A. Pentland, Eds. Springer New York, 2013, pp. 47–65. Abstract. To address privacy concerns over online social networking services, several decentralized alternatives have been proposed. These peer-to-peer (P2P) online social networks do not rely on centralized storage of user data. Instead, data can be stored not 17 only on a computer of a prole owner but almost anywhere (friends’ computers, random peers from the social network, third-party external storage, etc.). Since the external storage is often untrusted or only semi-trusted, encryption plays a fundamental role in the security of P2P social networks. Such a system needs to be ecient to be used on a large scale, provide the functionality of changing access rights suitable for social networks, and, crucially, it should preserve privacy properties itself. That is, beyond user data condentiality, it has to protect against information leakage about users’ access rights and behavior. In this paper we explore the requirements of encryption for P2P social networks and propose a list of criteria for evaluation that we then use to compare a set of existing approaches. We nd that none of the current P2P architectures for social networks achieve secure, ecient, 24/7 access control enforcement and data storage. They either rely on trust, require constantly running servers for each user, use expensive encryption, or fail to protect the privacy of access information. In the search for a solution that better fullls the criteria, we found that some broadcast encryption (BE) and predicate encryption (PE) schemes exhibit several desirable properties. Contribution statement. Oleksandr Bodriagov was the main contributor of this work. Sonja Buchegger provided valuable feedback and contributed to parts of the writing, particularly the abstract and introduction. 2. O. Bodriagov, G. Kreitz, and S. Buchegger, ”Access control in decentralized online social networks: Applying a policy-hiding cryptographic scheme and evaluating its performance,” Pervasive Computing and Communications Workshops (PERCOM Workshops), 2014 IEEE International Conference on , vol., no., pp.622,628, 24-28 March 2014 Abstract. Privacy concerns in online social networking services have prompted a number of proposals for decentralized online social networks (DOSN) that remove the central provider and aim at giving the users control over their data and who can access it. This is usually done by cryptographic means. Existing DOSNs use cryptographic primitives that hide the data but reveal the access policies. At the same time, there are privacy-preserving variants of these cryptographic primitives that do not reveal access policies. They are, however, not suitable for usage in the DOSN context because of performance or storage constraints. A DOSN needs to achieve both privacy and performance to be useful. We analyze predicate encryption (PE) and adapt it to the DOSN context. We propose a univariate polynomial construction for access policies in PE that drastically increases performance of the scheme but leaks some part of the access policy to users with access rights. We utilize Bloom lters as a means of decreasing decryption time and indicate objects that can be decrypted by a particular user. We evaluate the performance of the adapted scheme in the concrete scenario of a news feed. Our PE scheme is best suited for encrypting for groups or small sets of separate identities. Contribution statement. Oleksandr Bodriagov was the main contributor of this work. Gunnar Kreitz contributed to active discussion and parts of the writing. Sonja Buchegger provided valuable feedback and contributed to parts of the writing, particularly introduction. 3. G. Kreitz, O. Bodriagov, B. Greschbach, G. Rodriguez-Cano, and S. Buchegger, “Passwords in peer-to-peer,” in Peer-to-Peer Computing (P2P), 2012 IEEE 12th International Conference on, sept. 2012, pp. 167–178. 18 Abstract. One of the dierences between typical peer-to-peer (P2P) and client-server systems is the existence of user accounts. While many P2P applications, like public le sharing, are anonymous, more complex services such as decentralized online social networks require user authentication. In these, the common approach to P2P authentication builds on the possession of cryptographic keys. A drawback with that approach is usability when users access the system from multiple devices, an increasingly common scenario. In this work, we present a scheme to support logins based on users knowing a usernamepassword pair. We use passwords, as they are the most common authentication mechanism in services on the Internet today, ensuring strong user familiarity. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as resetting a forgotten password via e-mail or security questions. Together, these allow P2P systems to emulate centralized password logins. The results of our performance evaluation indicate that incurred delays are well within acceptable bounds. Contribution statement. Gunnar Kreitz was the main contributor of this work. Oleksandr Bodriagov contributed to active discussion, protocols design (all except for the password recovery mechanism), and the adaptation of functional requirements for the password-based authentication from the ISO 27002 standard. The protocols were jointly designed by all authors. Sonja Buchegger provided valuable feedback. Other papers (not included in thesis) 4. O. Bodriagov and S. Buchegger, “P2P social networks with broadcast encryption protected privacy,” in Privacy and Identity Management for Life, ser. IFIP Advances in Information and Communication Technology, J. Camenisch, B. Crispo, S. Fischer-Hbner, R. Leenes, and G. Russello, Eds. Springer Berlin Heidelberg, 2012, vol. 375, pp. 197–206. Summary of Contribution The contribution of this thesis falls in two topics: encryption-based access control and management of cryptographic keys/credentials (required for this access control) via user accounts with password-based login in decentralized social networks. Encryption-based access control (papers 1 and 2) • Four types of encryption systems for decentralized social networks found in the literature are: symmetric cryptography with key sharing according to hierarchical group key management schemes, combination of asymmetric and symmetric cryptographies, CP-ABE, and broadcast encryption with pseudonyms. To nd the most suitable encryption system, we investigated the scenario of decentralized social networks without trusted parties and the impact this environment has on encryption-based access control systems. Based on this analysis we formulated the following evaluation criteria that encompass eciency, functionality, and privacy areas: eciency of addition/removal of users from a group, efciency of user key revocation, encryption/decryption eciency, encryption header overhead, ability to encrypt for the conjunction/disjunction of groups, ability to encrypt for a group that one is not a member of, ability to encrypt for ”friends of friends”, ability not to reveal access structures in the header. • The existing access control systems based on symmetric cryptography with key sharing, although being very fast, do not have sucient functionality and thus have excessive cryptographic overhead in complex information sharing scenarios with ne-grained rights 19 management. We evaluated three other types of encryption systems in terms of their suitability for the decentralized social network scenario looking at the stated criteria. We found that the combination of asymmetric and symmetric cryptography does not have sucient eciency and functionality. CP-ABE schemes have favourable computational cost and functionality, but there are no CP-ABE schemes with hidden access structures and low storage and computational cost at the same time. The class of CP-ABE schemes reveals access structures [51]. The only ABE scheme with hidden ciphertext policies [52] that we know of and that was named/classied as ”HP-ABE” by Camenisch et al [53], is not suitable for decentralized social networks because of the quadratic growth of the ciphertext size in the number of attributes. Broadcast encryption with pseudonyms gives only a limited anonymity property. Users may infer the identity behind the pseudonym as it is still possible to see which pseudonym is authorized to decrypt what. • We proposed to use two classes of privacy preserving schemes in the DOSN context: broadcast encryption schemes with hidden access structures and predicate encryption (PE) schemes. Both of these schemes do not have the mentioned drawbacks, though we note that current PE schemes are relatively slow compared to BE schemes. • We applied inner-product predicate encryption to the DOSN context. It is too expensive to use out of the box. Therefore, for PE we developed a construction for access policies that drastically increases performance, but introduces some trade-os: it allows encrypting for a bounded set of groups/users; this bound is a trade-o between eciency and functionality of the scheme; the number of groups in the system is unlimited; a user has 2g dierent decryption keys, where g is the number of groups a user is a member of; having multiple keys leaks some information about access policies. We designed an experiment that showed that for newsfeed assembly from all friends (one of the most time consuming operations) our scheme shows good performance and thus user experience. • For schemes that do not reveal access policies and have relatively slow decryption, we proposed to use Bloom lters to indicate to users which les they can decrypt. Bloom lters are both fast and space-ecient, and thus are suitable for DOSNs. Management of cryptographic keys, user accounts, and login (paper 3) • Decentralized online social networks require cryptographic keys for authentication and communication between users. With users having and using multiple devices (which often do not belong to them) to interact, direct usage of cryptographic keys for authentication drastically decreases usability. We propose a password-based login procedure for the P2P setting that allows a user who passes authentication to recover a set of cryptographic keys required for the application. Password-based authentication being the most common authentication mechanism on the Internet today has strong user familiarity. As far as we know, our work was the rst to focus on password-based logins in a P2P setting in general and decentralized social networks in particular. Our security questions are similar to [54], but the protocols are new and relatively straightforward. • In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as remembered logins, password change, and recovery of the forgotten password via e-mail or security questions. The combination of these protocols allows to emulate password logins in centralized systems. 20 • The performance of our mechanisms in terms of delay depends on the underlying P2P system in general and on amount of intentional delay added by parametrizing cryptographic functions. We developed a lightweight custom simulator to evaluate the performance of the login operation. The results indicate that incurred delays are well within acceptable bounds [55]. 1.5 Conclusions and Future work This thesis focuses on the problem of privacy in current online social networks and develops a solution to it in the domain of encryption-based decentralized social networks. First, we described the potential of broadcast encryption schemes with hidden access structures and predicate encryption schemes for the decentralized social networks and their advantages compared to encryption systems used in existing decentralized social networks. Second, we designed an encryption-based access control system using predicate encryption with specially crafted access policies. As a proof of concept, we performed a simulation reecting the realistic scenario of assembling the news feed which demonstrated feasibility of predicate encryption for decentralized social networks. Third, we proposed a mechanism of managing and retrieving the cryptographic keys used by encryption-based decentralized social networks that uses password-based authentication, meaning a strong user familiarity and ease of usage. We also presented supporting protocols for password change, remembered logins, and recovery of the forgotten password. The encryption-based access control system and the key management system with passwordbased login that we designed are independent and can be used separately. Directions for Future work While the thesis includes initial discussions of security properties of our constructions, the next step should be a thorough security analysis. In the proposed encryption-based access control system we should analyze the leakage of information about access policies to people who have access according to these policies. Another issue worth considering is protection against malicious/curious storage nodes that try to map identities of nodes requesting information to the requested information. This mapping would potentially allow these storage nodes to nd out the network identities of friends of a person whose content is stored on these storage nodes. Although the problem of anonymous communications has been mostly addressed by onion routing networks, recent studies and reports [56, 57] show that a well-known onion routing network Tor is vulnerable. We should investigate if onion routing can protect against the identity mapping and if it can be incorporated into the system. Another direction is adaptation of broadcast encryption schemes with hidden access structures for the decentralized social networks. We have advanced considerably in this direction while working with anonymous broadcast encryption (ANOBE) [58]. Our ultimate goal is to design an encryption-based access control system for decentralized systems without any trade-os between privacy and performance. In the area of key management we have only touched upon the question of key revocation, but it deserves a thorough investigation. Another question related to key revocation is the eect of forward-secrecy on encryption-based access control systems and whether this property is benecial for decentralized social networks. 21 All measurements and estimations for cryptographic schemes in this thesis were made at a 128-bit security level. While a security-strength time frame for this level according to NIST spans beyond 2031 [59], it is worth considering higher security levels for long-term privacy. It is also worth investigating applicability of the developed encryption-based access control mechanisms to decentralized systems with a multi-recipient communication pattern other than social networks. 22 Chapter 2 Errata for included publications Two articles included in the thesis that deal with encryption for P2P social networks are ”Encryption for Peer-to-Peer Social Networks” and ”Access Control in Decentralized Online Social Networks: Applying a Policy-Hiding Cryptographic Scheme and Evaluating Its Performance”. The time dierence between these two papers is a couple of years. The rst paper states: ”CP-ABE and PE decryption algorithms contain bilinear pairing operations, and since they are computationally expensive and their number linearly depends on the number of attributes, we can conclude that this operation is quite expensive ”. At the same time encryption operation is considered far less time consuming than decryption: ”the encryption time is very favorable ” in this paper. We assumed that bilinear pairing are very expensive and should be the dominant component in the total operation latency. However, after the rst article had been published, an article with extremely ecient implementation of pairing-based protocols [60] appeared. The authors achieved signicantly lower timings than predecessors, in some cases ”more than 30 times faster ” [60]. The authors measured the performance of the implemented CP-ABE scheme by Waters [61] and observed that ”the Encrypt step for this implementation of this protocol is actually more time-consuming than the pairing-heavy Decrypt step. This goes counter to the received wisdom ”. So in fact, for this CP-ABE scheme encryption was slightly faster than decryption even though decryption contained bilinear pairings. By the time we were writing our second article, we already knew about these results, and applied predicate encryption scheme, which also contained bilinear pairing operations, to the P2P social networks context. 23 Bibliography [1] [2] Samuel D Warren and Louis D Brandeis. “The right to privacy”. In: Harvard law review (1890), pp. 193–220. Alessandro Acquisti and Ralph Gross. “Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook”. In: Privacy Enhancing Technologies. Ed. by George Danezis and Philippe Golle. Vol. 4258. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2006, pp. 36–58. Zeynep Tufekci. “Can You See Me Now? Audience and Disclosure Regulation in Online Social Network Sites”. In: Bulletin of Science, Technology & Society 28.1 (2008), pp. 20–36. url: userpages.umbc.edu/%5C~ {}zeynep/papers/ZeynepCanYouSeeMeNowBSTS. pdf. Ralph Gross and Alessandro Acquisti. “Information Revelation and Privacy in Online Social Networks”. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society. WPES ’05. Alexandria, VA, USA: ACM, 2005, pp. 71–80. Bernhard Debatin et al. “Facebook and Online Privacy: Attitudes, Behaviors, and Unintended Consequences”. In: J. Computer-Mediated Communication 15.1 (2009), pp. 83– 108. Sonja Utz and N Kramer. “The privacy paradox on social network sites revisited: The role of individual characteristics and group norms”. In: Cyberpsychology: Journal of Psychosocial Research on Cyberspace 3(2), article 1 (2009). url: http://www.cyberpsychology. eu/view.php?cisloclanku=2009111001&article=1. [3] [4] [5] [6] [7] Facebook’s New Terms Of Service: ”We Can Do Anything We Want With Your Content. Forever.”. Consumerist, 2009. url: http://consumerist.com/2009/02/15/facebooksnew - terms - of - service - we - can - do - anything - we - want - with - your - content forever/. [8] Google Terms of Service. Google, 2007. url: http : / / www . google . com / intl / en / policies/terms/archive/20070416/. [9] Oliver Smith. Facebook terms and conditions: why you don’t own your online life. 2013. url: http://www.telegraph.co.uk/technology/social-media/9780565/Facebookterms-and-conditions-why-you-dont-own-your-online-life.html. [10] Google Terms of Service. Google, 2014. url: http : / / www . google . com / intl / en / policies/terms/. [11] Facebook’s New Terms Of Service: ”We Can Do Anything We Want With Your Content. Forever.”. Facebook, 2013. url: https://www.facebook.com/legal/terms. [12] Facebook unveils privacy changes. CNN, 2009. url: http://edition.cnn.com/2009/ TECH/12/10/facebook.privacy/. 25 [13] Stefan Stieger et al. “Who commits virtual identity suicide? Dierences in privacy concerns, Internet addiction, and personality between facebook users and quitters”. In: Cyberpsychology, Behavior, and Social Networking 16.9 (2013), pp. 629–634. [14] Facebook annual report 2013. Facebook, 2013. url: http://files.shareholder.com/ downloads/AMDA-NJ5DZ/3101818145x0x741493/EDBA9462-3E5E-4711-B0B4-1DFE9B541222/ FB_AR_33501_FINAL.pdf. [15] [16] Adrienne Felt and David Evans. Privacy Protection for Social Networking Platforms. W2SP ’08: Workshop on Web 2.0 Security and Privacy. Oakland, California, May 2008. Bin Zhou and Jian Pei. “Preserving Privacy in Social Networks Against Neighborhood Attacks”. In: ICDE ’08: Proceedings of the 2008 IEEE 24th on Data Engineering. Cancun, Mexico, Apr. 2008, pp. 506–515. Matthew Lucas and Nikita Borisov. “FlyByNight: mitigating the privacy risks of social networking”. In: Proceedings of the 5th Symposium on Usable Privacy and Security. SOUPS ’09. Mountain View, California, 2009, 37:1–37:1. url: http://doi.acm.org/10. 1145/1572532.1572577. Wanying Luo, Qi Xie, and U. Hengartner. “FaceCloak: An Architecture for User Privacy on Social Networking Sites”. In: Computational Science and Engineering, 2009. CSE ’09. International Conference on. Vol. 3. Aug. 2009, pp. 26–33. Saikat Guha, Kevin Tang, and Paul Francis. “NOYB: Privacy in Online Social Networks”. In: Proceedings of the First Workshop on Online Social Networks. WOSN ’08. Seattle, WA, USA: ACM, 2008, pp. 49–54. Amin Tootoonchian et al. “Lockr: Better Privacy for Social Networks”. In: Proceedings of the 5th International Conference on Emerging Networking Experiments and Technologies. CoNEXT ’09. Rome, Italy: ACM, 2009, pp. 169–180. BO Han and John Windsor. “USER’S WILLINGNESS TO PAY ON SOCIAL NETWORK SITES.” In: Journal of computer information systems 51.4 (2011). Glenn Greenwald and Ewen MacAskill. NSA Prism program taps in to user data of Apple, Google and others. 2013. url: http://www.guardian.co.uk/world/2013/jun/06/ustech-giants-nsa-data. Dalton Caldwell. App.net State of the Union. May 2014. url: https://app.net/about/. [17] [18] [19] [20] [21] [22] About App.net. 2014. url: https://app.net/about/. [23] [24] [25] Welcome to diaspora*. May 2014. url: https://diasporafoundation.org. [26] How many users are in the DIASPORA network? May 2014. url: https://diasp.eu/ stats.html. [27] Diaspora*: FAQ for users. May 2014. url: https://wiki.diasporafoundation.org/ FAQ_for_users#Account_and_data_management. [28] [29] Amre Shakimov et al. “Vis-` a-Vis: Privacy-preserving online social networking via Virtual Individual Servers”. In: COMSNETS. 2011, pp. 1–10. Zhaoguang Wang et al. “An untold story of middleboxes in cellular networks”. In: Proceedings of the ACM SIGCOMM 2011 conference. SIGCOMM ’11. Toronto, Ontario, Canada: ACM, 2011, pp. 374–385. isbn: 978-1-4503-0797-0. doi: 10.1145/2018436.2018479. url: http://doi.acm.org/10.1145/2018436.2018479. Pyda Srisuresh, Bryan Ford, and Dan Kegel. State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs). IETF Informational. 2008. url: https : //tools.ietf.org/html/rfc5128#page-7. 26 [30] [31] [32] B. Amann et al. “IgorFs: A Distributed P2P File System”. In: Peer-to-Peer Computing , 2008. P2P ’08. Eighth International Conference on. Sept. 2008, pp. 77–78. Dinh Nguyen Tran, Frank Chiang, and Jinyang Li. “Friendstore: Cooperative Online Backup Using Trusted Nodes”. In: Proceedings of the 1st Workshop on Social Network Systems. SocialNets ’08. New York, NY, USA: ACM, 2008, pp. 37–42. Fay Chang et al. “Bigtable: A distributed storage system for structured data”. In: ACM Transactions on Computer Systems (TOCS) 26.2 (2008), p. 4. H.B. Ribeiro and E. Anceaume. “DataCube: A P2P Persistent Data Storage Architecture Based on Hybrid Redundancy Schema”. In: Parallel, Distributed and Network-Based Processing (PDP), 2010 18th Euromicro International Conference on. Feb. 2010, pp. 302– 306. doi: 10.1109/PDP.2010.60. R. Sharma et al. “An empirical study of availability in friend-to-friend storage systems”. In: Peer-to-Peer Computing (P2P), 2011 IEEE International Conference on. Aug. 2011, pp. 348–351. R. Sharma and A. Datta. “SuperNova: Super-peers based architecture for decentralized online social networks”. In: Communication Systems and Networks (COMSNETS), 2012 Fourth International Conference on. Jan. 2012, pp. 1–10. R. Gracia-Tinedo, M. Sanchez Artigas, and P. Garda Lopez. “Analysis of data availability in F2F storage systems: When correlations matter”. In: Peer-to-Peer Computing (P2P), 2012 IEEE 12th International Conference on. Sept. 2012, pp. 225–236. K. Rzadca, A. Datta, and S. Buchegger. “Replica Placement in P2P Storage: Complexity and Game Theoretic Analyses”. In: Distributed Computing Systems (ICDCS), 2010 IEEE 30th International Conference on. June 2010, pp. 599–609. Rammohan Narendula, Thanasis G. Papaioannou, and Karl Aberer. “Towards the Realization of Decentralized Online Social Networks: An Empirical Study”. In: Proceedings of the 2012 32Nd International Conference on Distributed Computing Systems Workshops. ICDCSW ’12. IEEE Computer Society, 2012, pp. 155–162. isbn: 978-0-7695-4686-5. Sonja Buchegger et al. “PeerSoN: P2P social networking: early experiences and insights”. In: Proceedings of the Second ACM EuroSys Workshop on Social Network Systems. SNS ’09. 2009, pp. 46–52. Jonathan Anderson et al. “Privacy-enabling Social Networking over Untrusted Networks”. In: Proceedings of the 2Nd ACM Workshop on Online Social Networks. WOSN ’09. Barcelona, Spain: ACM, 2009, pp. 1–6. L.A. Cutillo, R. Molva, and T. Strufe. “Safebook: A privacy-preserving online social network leveraging on real-life trust”. In: Communications Magazine, IEEE 47.12 (Dec. 2009), pp. 94–101. issn: 0163-6804. Randy Baden et al. “Persona: an online social network with user-dened privacy”. In: SIGCOMM Comput. Commun. Rev. 39 (4 Aug. 2009), pp. 135–146. Shirin Nilizadeh et al. “Cachet: a decentralized architecture for privacy preserving social networking with caching”. In: CoNEXT. Nice, France: ACM, 2012, pp. 337–348. isbn: 978-1-4503-1775-7. doi: 10.1145/2413176.2413215. Felix Gă unther, Mark Manulis, and Thorsten Strufe. “Cryptographic treatment of private user proles”. In: Financial Cryptography. Vol. 7126. LNCS. Rodney Bay, St. Lucia: Springer-Verlag, 2012, pp. 40–54. isbn: 978-3-642-29888-2. [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] 27 [46] [47] [48] [49] Youssef Afy. “Access Control in a Peer-to-peer Social Network”. MA thesis. Lausanne, Switzerland: EPFL, 2008. Gerrit Willem Mollenhorst. Networks in contexts: How meeting opportunities aect personal relationships. Vol. 150. Utrecht University, 2009. Sonia Jahid et al. “DECENT: A decentralized architecture for enforcing privacy in online social networks”. In: PerCom Workshops. 2012, pp. 326–332. Zooko Wilcox-O’Hearn and Brian Warner. “Tahoe: The Least-authority Filesystem”. In: Proceedings of the 4th ACM International Workshop on Storage Security and Survivability. StorageSS ’08. Alexandria, Virginia, USA: ACM, 2008, pp. 21–26. Ken Peers et al. “A Design Science Research Methodology for Information Systems Research”. In: J. Manage. Inf. Syst. 24.3 (Dec. 2007), pp. 45–77. url: http://dx.doi. org/10.2753/MIS0742-1222240302. Allison Lewko et al. “Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption”. In: Advances in Cryptology - EUROCRYPT 2010. Vol. 6110. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2010, pp. 62–91. Takashi Nishide, Kazuki Yoneyama, and Kazuo Ohta. “Attribute-based encryption with partially hidden encryptor-specied access structures”. In: ACNS. Vol. 5037. LNCS. NewYork, NY, USA: Springer-Verlag, 2008, pp. 111–129. Jan Camenisch et al. “Oblivious Transfer with Hidden Access Control from Attributebased Encryption”. In: Proceedings of the 8th International Conference on Security and Cryptography for Networks. SCN’12. Amal, Italy: Springer-Verlag, 2012, pp. 559–579. Niklas Frykholm and Ari Juels. “Error-tolerant password recovery”. In: CCS. ACM, 2001, pp. 1–9. isbn: 1-58113-385-5. Niraj Tolia, David G. Andersen, and Mahadev Satyanarayanan. “Quantifying Interactive User Experience on Thin Clients”. In: IEEE Computer Society 39.3 (2006), pp. 46–52. Aaron Johnson et al. “Users Get Routed: Trac Correlation on Tor by Realistic Adversaries”. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. CCS ’13. Berlin, Germany: ACM, 2013, pp. 337–348. url: http://doi.acm.org/10.1145/2508859.2516651. [50] [51] [52] [53] [54] [55] [56] [57] Thoughts and Concerns about Operation Onymous. The Tor Project, Inc, 2014. url: https://blog.torproject.org/category/tags/operation-onymous. [58] Benoˆ ıt Libert, Kenneth G. Paterson, and Elizabeth A. Quaglia. “Anonymous broadcast encryption: adaptive security and ecient constructions in the standard model”. In: PKC. Vol. 7293. LNCS. Springer-Verlag, 2012. Elaine Barker et al. NIST SP 800-57: Recommendation for Key Management – Part 1: General(Revision 3). NIST, 2012. Michael Scott. “On the Ecient Implementation of Pairing-Based Protocols”. In: Cryptography and Coding. Ed. by Liqun Chen. Vol. 7089. LNCS. Springer-Verlag, 2011, pp. 296– 308. isbn: 978-3-642-25515-1. doi: 10.1007/978-3-642-25516-8_18. Brent Waters. “Ciphertext-Policy Attribute-Based Encryption: An Expressive, Ecient, and Provably Secure Realization”. English. In: Public Key Cryptography – PKC 2011. Ed. by Dario Catalano et al. Vol. 6571. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2011, pp. 53–70. isbn: 978-3-642-19378-1. [59] [60] [61] 28
Abstract. This survey highlights the major issues concerning privacy and security in online social networks. Firstly, we discuss research that aims to protect user.
Abstract: Online social networks are becoming a major growth point of the internet, as individuals, companies and governments constantly desire to interact with one.
Abstract Centralized online social networks pose a threat to their users’ privacy as social network providers have unlimited access to users’ data.
Social Networks and Privacy