Privacy Analysis of a Hidden Friendship Protocol

Kammüller, Florian; Preibusch, Sören

doi:10.1007/978-3-642-54568-9_6

Florian Kammüller²⁰ &
Sören Preibusch²¹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8247))

Included in the following conference series:

1335 Accesses

Abstract

Friendship relations are a defining property of online social networks. On the one hand, and beyond their cultural interpretation, they sustain access control mechanisms and are privacy-enhancing by limiting the proliferation of personal information. On the other hand, the publicity of friendship links is privacy-invasive. We outline a distributed authentication protocol based on hidden friendship links that has been suggested in earlier work. We then investigate its formalisation and, using model-checking, we carry out a mechanised analysis of the protocol that enables the revision and rectification of the earlier version. We thus demonstrate more generally how model-checking and epistemic logic can be used for the detection of privacy and security vulnerabilities in authentication protocols for social networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). http://www.avispa-project.org/publications.html
Lowe, G.: An attack on the needham-schroeder public-key authentication protocol. Inf. Process. Lett. 56, 131–133 (1995)
Article MATH Google Scholar
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)
Article Google Scholar
Brickley, D., Miller, L.: FOAF Vocabulary Specification 0.97. Namespace document, January 2010
Google Scholar
Bonneau, J., Preibusch, S.: The privacy jungle: on the market for data protection in social networks. In: The Ninth Workshop on the Economics of Information Security (WEIS 09), March 2009
Google Scholar
Blanchet, B., Smyth, B.: ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial (2011)
Google Scholar
Cohen, M., Dam, M.: A complete axiomatization of knowledge and cryptography. In: Proceedings of the 22nd IEEE Symposium on Logic in Computer Science (LICS 2007), 10–12 July 2007, Wroclaw, Poland, pp. 77–88. IEEE Computer Society (2007)
Google Scholar
Dam, M.: A little knowledge goes a bit further. invited talk. In: Annual Meeting of Priority Program RS3 – Reliably Secure Software Systems (2011)
Google Scholar
Facebook. Updates on your new privacy tools (2009)
Google Scholar
Federated Social Web Europe. Federated social architectures and protocols, privacy on the federated social web (2011)
Google Scholar
FOAF project. The Friend of a Friend (FOAF) project (2010)
Google Scholar
Kammüller, F., Mapp, G., Patel, S., Sani, A.S.: Engineering security pro tocols with modelchecking – radius-sha256 and secured simple protocol. In: International Conference on Internet Monitoring and Protection, ICIMP’12 (2012)
Google Scholar
Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: Workshop on Research in Insider Threats WRIT’13 - IEEE CS Security and Privacy Workshops, SPW (2013)
Google Scholar
Lomuscio, A., Qu, H., Raimondi, F.: MCMAS: a model checker for the verification of multi-agent systems. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 682–688. Springer, Heidelberg (2009)
Google Scholar
MySpace. Profile 2.0 launch - check it out :) (2008)
Google Scholar
Preibusch, S., Beresford, A.R.: Establishing distributed hidden friendship relations. In: Seventeenth International Workshop on Security Protocols (2009)
Google Scholar
Stanford Encyclopedia of Philosophy. Epistemic logic (2006)
Google Scholar
Zheleva, E., Getoor, L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th International Conference on World Wide Web (WWW ’09), pp. 531–540. ACM, New York (2009)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Middlesex University, London, UK
Florian Kammüller
Microsoft Research, Cambridge, UK
Sören Preibusch

Authors

Florian Kammüller
View author publications
You can also search for this author in PubMed Google Scholar
Sören Preibusch
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Florian Kammüller .

Editor information

Editors and Affiliations

TELECOM SudParis, Evry, France
Joaquin Garcia-Alfaro
National Technical University of Athens, Athens, Greece
Georgios Lioudakis
TELECOM Bretagne, Cesson Sévigné, France
Nora Cuppens-Boulahia
University College Cork, Cork, Ireland
Simon Foley
IDA Ovens, EMC Information Systems International, Cork, Ireland
William M. Fitzgerald

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kammüller, F., Preibusch, S. (2014). Privacy Analysis of a Hidden Friendship Protocol. In: Garcia-Alfaro, J., Lioudakis, G., Cuppens-Boulahia, N., Foley, S., Fitzgerald, W. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2013 2013. Lecture Notes in Computer Science(), vol 8247. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54568-9_6

Download citation

DOI: https://doi.org/10.1007/978-3-642-54568-9_6
Published: 21 March 2014
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54567-2
Online ISBN: 978-3-642-54568-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics