Abstract
These days, social networking sites are more popular than ever, with some sites having dozens or even hundreds of millions of users. At the same time, users on these sites are sharing an unprecedented amount of personal information, generating serious privacy concerns. Personal and sensitive content shared by users on social network sites is barely protected from access by unauthorized users and the Social Networking Provider (SNP) itself always has access to all content. To solve this problem, some existing solutions solicit an external third-party server to provide online privacy protection of content shared by users on social networking sites; other solutions incur a key distribution overhead among the users who are sharing content. These solutions usually have a noticeable impact on the user experience, or are susceptible to single-point-of-failure problems by requiring an external server.
In this paper, we propose a new solution which can achieve the following two desirable features through a novel application of a constant-size-ciphertext broadcast encryption scheme: (1) content posted by a user can only be read by authorized users and nobody else, not even the SNP itself; (2) no key distribution or any external server is necessary during normal operations. Apart from a key extraction server which is contacted only once by each user during an initial registration, the system is self-contained within the web browser (using a plugin) of each user. The system can be used directly with existing social networking sites. We also implemented a prototype for Facebook and perform a thorough evaluation which shows that the scheme is feasible, scalable and practical.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: WPES 2005, pp. 71–80. ACM (2005)
Facebook Statistics (November 2011), http://www.facebook.com/press/info.php?statistics
Boyd, D.: Facebook’s privacy trainwreck. Convergence: The International Journal of Research into New Media Technologies 14(1), 13–20 (2008)
Symantec: Facebook Applications Accidentally Leaking Access to Third Parties (2011), http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties
MediaPost: Facebook’s Data-Leak Woes Worsening (2010), http://www.mediapost.com/publications/article/138132/facebooks-data-leak-woes-worsening.html
Digital Trends: Facebook closes loophole that exposes private photos (2011), http://www.digitaltrends.com/social-media/facebook-closes-loophole-that-exposes-private-photos/
Acquisti, A., Gross, R.: Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 36–58. Springer, Heidelberg (2006)
Delerablée, C.: Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 200–215. Springer, Heidelberg (2007)
Dhawan, M., Shan, C.-C., Ganapathy, V.: The case for javascript transactions: position paper. In: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS 2010, pp. 6:1–6:7. ACM, New York (2010)
Yu, D., Chander, A., Islam, N., Serikov, I.: Javascript instrumentation for browser security. In: POPL 2007, pp. 237–249. ACM, New York (2007)
Toubiana, V., Narayanan, A., Boneh, D., Nissenbaum, H., Barocas, S.: Adnostic: Privacy preserving targeted advertising. In: NDSS (2010)
Guha, S., Cheng, B., Francis, P.: Privad: Practical Privacy in Online Advertising. In: Proceedings of the 8th Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA (March 2011)
Lucas, M.M., Borisov, N.: flyByNight: mitigating the privacy risks of social networking. In: SOUPS (2009)
Guha, S., Tang, K., Francis, P.: Noyb: privacy in online social networks. In: Proc. of the First Workshop on Online Social Networks, WOSN 2008, pp. 49–54. ACM (2008)
Luo, W., Xie, Q., Hengartner: Facecloak: An architecture for user privacy on social networking sites. In: Computational Science and Engineering, CSE 2009, vol. 3, pp. 26–33 (2009)
Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. In: Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication, SIGCOMM 2009, pp. 135–146. ACM, New York (2009)
Jahid, S., Mittal, P., Borisov, N.: EASiER: Encryption-based Access Control in Social Networks with Efficient Revocation. In: ASIACCS, Hong Kong (March 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schlegel, R., Wong, D.S. (2012). Private Friends on a Social Networking Site Operated by an Overly Curious SNP. In: Xu, L., Bertino, E., Mu, Y. (eds) Network and System Security. NSS 2012. Lecture Notes in Computer Science, vol 7645. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34601-9_33
Download citation
DOI: https://doi.org/10.1007/978-3-642-34601-9_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34600-2
Online ISBN: 978-3-642-34601-9
eBook Packages: Computer ScienceComputer Science (R0)