Leveraging Social Links for Trust and Privacy

Similar documents
OSN Attack Automated Identity Theft Attacks

New Applications for P2P

Identifying Close Friends on the Internet

P2P Social Networks With Broadcast Encryption Protected Privacy

Trusted Profile Identification and Validation Model

Privacy, Cost, and Availability Tradeoffs in Decentralized OSNs

A First Step Towards User Assisted Online Social Networks

FOSP. Towards a Federated Object Sharing Protocol that Unifies Operations on Social Content Felix Maurer June 16,

Reciprocal Access Direct for Online Social Networks: Model and Mechanisms

LifeSocial.KOM: A Secure and P2P-based Solution for Online Social Networks. In: IEEE International

Mechanisms of Multiparty Access Control in Online Social Network

A Case For OneSwarm. Tom Anderson University of Washington.

A WebRTC DHT. Andres Ledesma (UCY) in cooperation with Mikael (Peerialism).

Security and Privacy in Online Social Networks

Venugopal Ramasubramanian Emin Gün Sirer SIGCOMM 04

Towards an algorithm for efficient use of social network resources by using web scraping techniques

PRIVACY BY DESIGN FOR DELAY TOLERANT NETWORKS

Cooperation in Open Distributed Systems. Stefan Schmid

Telecommunication Services Engineering Lab. Roch H. Glitho

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

0x1A Great Papers in Computer Security

PoX: Protecting Users from Malicious Facebook Applications

P2PNS: A Secure Distributed Name Service for P2PSIP

Privacy-Preserving Decentralized Communications

C4PS - Helping Facebookers Manage their Privacy Settings

Social Network Privacy Protection Research in Big Data Era Shuang LIANG

Overlay and P2P Networks. Unstructured networks: Freenet. Dr. Samu Varjonen

IEEE 2013 JAVA PROJECTS Contact No: KNOWLEDGE AND DATA ENGINEERING

Paradigm Shift in the Security-n-Privacy Implementation of Semi-Distributed Online Social Networking

Distributed Systems. peer-to-peer Johan Montelius ID2201. Distributed Systems ID2201

DMAP : Global Name Resolution Services Through Direct Mapping

MIX Network for Location Privacy First Draft

Scalable overlay Networks

Overlay networks. Today. l Overlays networks l P2P evolution l Pastry as a routing overlay example

Trust embedded business model of Online Service Network (OSN)

Ensuring β-availability in P2P Social Networks

SOCIAL NETWORKING IN TODAY S BUSINESS WORLD

NETWORKING. 8. ITDNW08 Congestion Control for Web Real-Time Communication

Architectures for Distributed Systems

JXTA TM Technology for XML Messaging

Decentralized Online Social Network Using Peer-to-Peer Technology

Ian Clarke Oskar Sandberg

Lecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011

An Offline Foundation for Accountable Pseudonyms

Anonymous Communications

NodeId Verification Method against Routing Table Poisoning Attack in Chord DHT

Addressing the P2P Bootstrap Problem for Small Overlay Networks

Inference Attacks by Third-Party Extensions to Social Network Systems

CS 134 Winter Privacy and Anonymity

SOCIAL NETWORKING'S EFFECT ON BUSINESS SECURITY CONTROLS

A SIMPLE INTRODUCTION TO TOR

CS 640 Introduction to Computer Networks. Today s lecture. What is P2P? Lecture30. Peer to peer applications

MOBILE THREAT LANDSCAPE. February 2018

Overlay networks. To do. Overlay networks. P2P evolution DHTs in general, Chord and Kademlia. Turtles all the way down. q q q

Peer-to-Peer Systems and Security IN2194. Chapter 1 Peer-to-Peer Systems 1.1 Basics

P2P Based Architecture for Global Home Agent Dynamic Discovery in IP Mobility

Protocol for Tetherless Computing

Distributed Social Network in Browsers. Yang Ji Michael Puckett

Empirical Characterization of P2P Systems

Credit-based Network Management

GNUnet Distributed Data Storage

Analysis of Mobile Social Networking & Emergence of Proximity Based Mobile

Ensuring β-availability in P2P Social Networks

Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cloud Computing

Generalization Algorithm For Prevent Inference Attacks In Social Network Data

Host Website from Home Anonymously

Introduction on Peer to Peer systems

NearBucket-LSH: Efficient Similarity Search in P2P Networks

A Traceback Attack on Freenet

Protocols for Anonymous Communication

The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla

pweb : A Personal Interface to the World Wide Web

Peer-to-peer computing research a fad?

Unit 8 Peer-to-Peer Networking

Five Reasons It s Time For Secure Single Sign-On

Cloud-Security: Show-Stopper or Enabling Technology?

Verified Secure Routing

Today. Why might P2P be a win? What is a Peer-to-Peer (P2P) system? Peer-to-Peer Systems and Distributed Hash Tables

Identifying and Preventing Conditions for Web Privacy Leakage

Bitcoin, Security for Cloud & Big Data

What is peer to peer?

Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2

From POTS to VoP2P: Step 1. P2P Voice Applications. Renato Lo Cigno

ICT 6544 Distributed Systems Lecture 2: ARCHITECTURES

Distributed Automatic Configuration of Complex IPsec-Infrastructures

Content Overlays. Nick Feamster CS 7260 March 12, 2007

Experiences Leveraging DHTs for a Security Application

Abusing Social Networks for Automated User Profiling

Anonymity in P2P Systems

ETHERNITY DECENTRALIZED CLOUD COMPUTING

Mobile Device Management

Problems in Reputation based Methods in P2P Networks

How Alice and Bob meet if they don t like onions

A Brief Comparison of Security Patterns for Peer to Peer Systems

You are Who You Know and How You Behave: Attribute Inference Attacks via Users Social Friends and Behaviors

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

416 Distributed Systems. Mar 3, Peer-to-Peer Part 2

Multi-Factor Authentication (MFA) Interoperability Profile. Karen Herrington, Virginia Tech David Walker, Internet2 September 26, 2016

Feasibility, Effectiveness, Performance and Potential Solutions on Distributed Content Sharing System

Distributed Hash Tables

Transcription:

Leveraging Social Links for Trust and Privacy Antonio Cutillo, Refik Molva, Melek Önen, Thorsten Strufe EURECOM Sophia Antipolis refik.molva@eurecom.fr

Security and privacy issues in OSNs Threats Current Status of OSNs Cloning Harvesting Hijacking ID Theft DoS Pollution Ease of data leakage Ease of impersonation Limited privacy support Lack of flexibility in privacy OSN as Big Brother 2 of

The Big Brother problem with OSN Privacy protection against Intruders Crawlers Third parties Does not prevent Application Server from disclosing/exploiting your data All existing OSN suffer from it! 3 of

The Big Brother problem OSNs market value is increasing 580 million US$ myspace (2005) billion US$ Facebook (2007) Do users actually care about privacy? 4 of

Safebook - Design Principles Decentralization -P2P architecture Cooperation enforcement -Friends cooperate Leveraging existing Trust -Social trust trusted link -Friend = neighbor Privacy -Simple anonymous routing -Based on trusted links -Group Encryption 5 of

Safebook - Components 3 Trusted Id System Id Management 1 Matryoshka Data storage Cooperation Communication with privacy 2 Peer-to-peer substrate Lookup 6/17

Safebook - Overlays a Social network overlay b Peer to peer overlay Internet b 7/17

Safebook - Matryoshka Outer shell k e a Trust relationship for i c s friend Entry nodes Inner shell i c d j i s node l f b d friend of c c friend of i d friend of i Trust relationship for c User i s friends End to end privacy based on hop -Store by hop i s encrypted trust profile data 8/17

Join process User Registration User a Node Get credentials Join the DHT Create Matryoshka 9/17

a looks for b f a e d b c a e b s outer shell d b s profile c k b s outer shell: h(b), e h(b), f lookup a looks for b s entry nodes k provides b s outer shell nodes data request a sends profile data request to an entry node serving b Data reply One of b s inner shell nodes answers 10 of

Data retrieval User 1 wants to get User 2 s profile data User 2 s data is stored by User 3 Lookup for User 2 s data along untrusted links P2P User 2 Trust User 1 Transfer of User 2 data along trusted links User 3 11/17

Safebook Prototype Safebook = Resident Program User User interface Trust logic Data P2P logic interface Encryption logic Communication Interface http://localhost:8080 12/17

Privacy by Design Privacy through layering Unlinkability of IDs across layers Anonymous communication in matryoshkas End-to-end privacy based on User keys User Id Hop-by-hop privacy based on Node keys u DHT d c b a v Node Id V s matryoshka Social trust: link = friendship 13 of

Security and Privacy Privacy Friendship relations hidden through Matryoshkas Untraceability - pseudonymity and anonymous routing Cloning and DoS prevention ID mgr Access control data encryption and key management Availability - replication at friends nodes 14 of

Guessing inner layers Span = 1 of

Guessing inner layers - Span =2 16 of

Performance P2P overlay Rely on existing studies Matryoshka End-to-end reachability/delay based on node liveness Analogy with P2P Derive architectural parameters 17 of

Reachability Too many contacts? 30% online probability (Skype data) 80 to to250+ contacts required to be reachable at 90% with 3 or 4 hops Number of contacts in the inner shell 18 of

Delay Delay 1 st Lookup for further delay -lookups CDF for -a CDF 4 shell for a matryoshka 4 shell matryoshka (*) 90 th percentile: 90 th percentile: 5,42 s13,49 s Total lookup time: T dl = T DHT + T Mat Median: Median: 1,73 s8,04 s Further lookups: T DHT =0 thanks to caching Average: 9,17 2,71 ss Time [ms] (*) Data computed by applying the montecarlo sampling technique on single hop delay measurements and on delay measurement for a successful DHT key lookup in KAD 19 of

Safebook Summary New New Applications Applications New Applications Super DNS for Communications trusted service API Privacy Cooperation enforcement Decentralization Trusted links P2P Social trust Group encryption 20 of

Publications Leucio Antonio Cutillo, Refik Molva, Thorsten Strufe Privacy preserving social networking through decentralization WONS 2009, 6th International Conference on Wireless On-demand Network Systems and Services, February 2-4, 2009, Snowbird, Utah, USA, Leyla Bilge, Thorsten Strufe, Davide Balzarotti, Engin Kirda All your contacts are belong to us : automated identity theft attacks on social networks WWW'09, 18th Int. World Wide Web Conference, April 20-24, Madrid, Spain Leucio Antonio Cutillo, Refik Molva, Thorsten Strufe Leveraging Social Links for Trust and Privacy in Networks INetSec 2009, Open Research Problems in Network Security, April 23-24, 2009, Zurich, Switzerland Leucio Antonio Cutillo, Refik Molva, Thorsten Strufe Safebook: Feasibility of Transitive Cooperation for Privacy on a Decentralized Social Network 3rd IEEE WoWMoM Workshop on Autonomic and Opportunistic Communications 21/17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback