Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2012: Network and System Security pp 430–444Cite as

Private Friends on a Social Networking Site Operated by an Overly Curious SNP

  • Conference paper

  • 1238 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7645))

Abstract

These days, social networking sites are more popular than ever, with some sites having dozens or even hundreds of millions of users. At the same time, users on these sites are sharing an unprecedented amount of personal information, generating serious privacy concerns. Personal and sensitive content shared by users on social network sites is barely protected from access by unauthorized users and the Social Networking Provider (SNP) itself always has access to all content. To solve this problem, some existing solutions solicit an external third-party server to provide online privacy protection of content shared by users on social networking sites; other solutions incur a key distribution overhead among the users who are sharing content. These solutions usually have a noticeable impact on the user experience, or are susceptible to single-point-of-failure problems by requiring an external server.

In this paper, we propose a new solution which can achieve the following two desirable features through a novel application of a constant-size-ciphertext broadcast encryption scheme: (1) content posted by a user can only be read by authorized users and nobody else, not even the SNP itself; (2) no key distribution or any external server is necessary during normal operations. Apart from a key extraction server which is contacted only once by each user during an initial registration, the system is self-contained within the web browser (using a plugin) of each user. The system can be used directly with existing social networking sites. We also implemented a prototype for Facebook and perform a thorough evaluation which shows that the scheme is feasible, scalable and practical.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: WPES 2005, pp. 71–80. ACM (2005)

    Google Scholar 

  2. Facebook Statistics (November 2011), http://www.facebook.com/press/info.php?statistics

  3. Boyd, D.: Facebook’s privacy trainwreck. Convergence: The International Journal of Research into New Media Technologies 14(1), 13–20 (2008)

    Article  Google Scholar 

  4. Symantec: Facebook Applications Accidentally Leaking Access to Third Parties (2011), http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties

  5. MediaPost: Facebook’s Data-Leak Woes Worsening (2010), http://www.mediapost.com/publications/article/138132/facebooks-data-leak-woes-worsening.html

  6. Digital Trends: Facebook closes loophole that exposes private photos (2011), http://www.digitaltrends.com/social-media/facebook-closes-loophole-that-exposes-private-photos/

  7. Acquisti, A., Gross, R.: Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 36–58. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Delerablée, C.: Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 200–215. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Dhawan, M., Shan, C.-C., Ganapathy, V.: The case for javascript transactions: position paper. In: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS 2010, pp. 6:1–6:7. ACM, New York (2010)

    Google Scholar 

  10. Yu, D., Chander, A., Islam, N., Serikov, I.: Javascript instrumentation for browser security. In: POPL 2007, pp. 237–249. ACM, New York (2007)

    Chapter  Google Scholar 

  11. Toubiana, V., Narayanan, A., Boneh, D., Nissenbaum, H., Barocas, S.: Adnostic: Privacy preserving targeted advertising. In: NDSS (2010)

    Google Scholar 

  12. Guha, S., Cheng, B., Francis, P.: Privad: Practical Privacy in Online Advertising. In: Proceedings of the 8th Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA (March 2011)

    Google Scholar 

  13. Lucas, M.M., Borisov, N.: flyByNight: mitigating the privacy risks of social networking. In: SOUPS (2009)

    Google Scholar 

  14. Guha, S., Tang, K., Francis, P.: Noyb: privacy in online social networks. In: Proc. of the First Workshop on Online Social Networks, WOSN 2008, pp. 49–54. ACM (2008)

    Google Scholar 

  15. Luo, W., Xie, Q., Hengartner: Facecloak: An architecture for user privacy on social networking sites. In: Computational Science and Engineering, CSE 2009, vol. 3, pp. 26–33 (2009)

    Google Scholar 

  16. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. In: Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication, SIGCOMM 2009, pp. 135–146. ACM, New York (2009)

    Chapter  Google Scholar 

  17. Jahid, S., Mittal, P., Borisov, N.: EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation. In: ASIACCS, Hong Kong (March 2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, City University of Hong Kong, Hong Kong

    Roman Schlegel & Duncan S. Wong

Authors
  1. Roman Schlegel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Duncan S. Wong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Mathematics and Computer Science, Fujian Normal University, 350108, Fuzhou, Fujian, China

    Li Xu

  2. Department of Computer Science, CERIAS and Cyber Center, Purdue University, 47907-2107, West Lafayette, IN, USA

    Elisa Bertino

  3. School of Computer Science and Software Engineering, University of Wollongong, 2522, Wollongong, NSW, Australia

    Yi Mu

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schlegel, R., Wong, D.S. (2012). Private Friends on a Social Networking Site Operated by an Overly Curious SNP. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34601-9_33

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34600-2

  • Online ISBN: 978-3-642-34601-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation