Leveraging Social Links for Trust and Privacy

Transcription

1 Leveraging Social Links for Trust and Privacy Antonio Cutillo, Refik Molva, Melek Önen, Thorsten Strufe EURECOM Sophia Antipolis

2 Security and privacy issues in OSNs Threats Current Status of OSNs Cloning Harvesting Hijacking ID Theft DoS Pollution Ease of data leakage Ease of impersonation Limited privacy support Lack of flexibility in privacy OSN as Big Brother 2 of

3 The Big Brother problem with OSN Privacy protection against Intruders Crawlers Third parties Does not prevent Application Server from disclosing/exploiting your data All existing OSN suffer from it! 3 of

4 The Big Brother problem OSNs market value is increasing 580 million US$ myspace (2005) billion US$ Facebook (2007) Do users actually care about privacy? 4 of

5 Safebook - Design Principles Decentralization -P2P architecture Cooperation enforcement -Friends cooperate Leveraging existing Trust -Social trust trusted link -Friend = neighbor Privacy -Simple anonymous routing -Based on trusted links -Group Encryption 5 of

6 Safebook - Components 3 Trusted Id System Id Management 1 Matryoshka Data storage Cooperation Communication with privacy 2 Peer-to-peer substrate Lookup 6/17

7 Safebook - Overlays a Social network overlay b Peer to peer overlay Internet b 7/17

8 Safebook - Matryoshka Outer shell k e a Trust relationship for i c s friend Entry nodes Inner shell i c d j i s node l f b d friend of c c friend of i d friend of i Trust relationship for c User i s friends End to end privacy based on hop -Store by hop i s encrypted trust profile data 8/17

9 Join process User Registration User a Node Get credentials Join the DHT Create Matryoshka 9/17

10 a looks for b f a e d b c a e b s outer shell d b s profile c k b s outer shell: h(b), e h(b), f lookup a looks for b s entry nodes k provides b s outer shell nodes data request a sends profile data request to an entry node serving b Data reply One of b s inner shell nodes answers 10 of

11 Data retrieval User 1 wants to get User 2 s profile data User 2 s data is stored by User 3 Lookup for User 2 s data along untrusted links P2P User 2 Trust User 1 Transfer of User 2 data along trusted links User 3 11/17

12 Safebook Prototype Safebook = Resident Program User User interface Trust logic Data P2P logic interface Encryption logic Communication Interface 12/17

13 Privacy by Design Privacy through layering Unlinkability of IDs across layers Anonymous communication in matryoshkas End-to-end privacy based on User keys User Id Hop-by-hop privacy based on Node keys u DHT d c b a v Node Id V s matryoshka Social trust: link = friendship 13 of

14 Security and Privacy Privacy Friendship relations hidden through Matryoshkas Untraceability - pseudonymity and anonymous routing Cloning and DoS prevention ID mgr Access control data encryption and key management Availability - replication at friends nodes 14 of

15 Guessing inner layers Span = 1 of

16 Guessing inner layers - Span =2 16 of

17 Performance P2P overlay Rely on existing studies Matryoshka End-to-end reachability/delay based on node liveness Analogy with P2P Derive architectural parameters 17 of

18 Reachability Too many contacts? 30% online probability (Skype data) 80 to to250+ contacts required to be reachable at 90% with 3 or 4 hops Number of contacts in the inner shell 18 of

19 Delay Delay 1 st Lookup for further delay -lookups CDF for -a CDF 4 shell for a matryoshka 4 shell matryoshka (*) 90 th percentile: 90 th percentile: 5,42 s13,49 s Total lookup time: T dl = T DHT + T Mat Median: Median: 1,73 s8,04 s Further lookups: T DHT =0 thanks to caching Average: 9,17 2,71 ss Time [ms] (*) Data computed by applying the montecarlo sampling technique on single hop delay measurements and on delay measurement for a successful DHT key lookup in KAD 19 of

20 Safebook Summary New New Applications Applications New Applications Super DNS for Communications trusted service API Privacy Cooperation enforcement Decentralization Trusted links P2P Social trust Group encryption 20 of

21 Publications Leucio Antonio Cutillo, Refik Molva, Thorsten Strufe Privacy preserving social networking through decentralization WONS 2009, 6th International Conference on Wireless On-demand Network Systems and Services, February 2-4, 2009, Snowbird, Utah, USA, Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda All your contacts are belong to us : automated identity theft attacks on social networks WWW'09, 18th Int. World Wide Web Conference, April 20-24, Madrid, Spain Leucio Antonio Cutillo, Refik Molva, Thorsten Strufe Leveraging Social Links for Trust and Privacy in Networks INetSec 2009, Open Research Problems in Network Security, April 23-24, 2009, Zurich, Switzerland Leucio Antonio Cutillo, Refik Molva, Thorsten Strufe Safebook: Feasibility of Transitive Cooperation for Privacy on a Decentralized Social Network 3rd IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications 21/17