privacy enabling social networking over untrusted networks
play

Privacy-Enabling Social Networking Over Untrusted Networks Jonathan - PowerPoint PPT Presentation

Oct 21, 2022 •34 likes •574 views

Privacy-Enabling Social Networking Over Untrusted Networks Jonathan Anderson, Claudia Diaz * , Joseph Bonneau and Frank Stajano {jonathan.anderson,joseph.bonneau,frank.stajano}@cl.cam.ac.uk claudia.diaz@esat.kuleuven.be Computer Laboratory *

  1. Privacy-Enabling Social Networking Over Untrusted Networks Jonathan Anderson, Claudia Diaz * , Joseph Bonneau and Frank Stajano {jonathan.anderson,joseph.bonneau,frank.stajano}@cl.cam.ac.uk claudia.diaz@esat.kuleuven.be Computer Laboratory * K.U. Leuven ESAT/COSIC Monday, August 17, 2009 1

  2. Outline • Social networks require absolute trust • Operators don’t protect their users • Smart clients can protect themselves • Protocols • Privacy • Performance 2 Monday, August 17, 2009 2

  3. Social Networks Require Absolute Trust 3 Monday, August 17, 2009 3

  4. Social Networks Require Absolute Trust 3 Monday, August 17, 2009 3

  5. Social Networks Require Absolute Trust 3 Monday, August 17, 2009 3

  6. Social Networks Require Absolute Trust 3 Monday, August 17, 2009 3

  7. Social Networks Require Absolute Trust 3 Monday, August 17, 2009 3

  8. Social Networks Require Absolute Trust 3 Monday, August 17, 2009 3

  9. Network Operators Don’t Protect Their Users 4 Monday, August 17, 2009 4

  10. Network Operators Don’t Protect Their Users 4 Monday, August 17, 2009 4

  11. Smart Clients Can Protect Themselves • Stop trusting the network! • Smart clients, dumb servers 5 Monday, August 17, 2009 5

  12. How Do You Facebook? Monday, August 17, 2009 6

  13. How Do You Facebook? Monday, August 17, 2009 6

  14. Decentralised Architecture 7 Monday, August 17, 2009 7

  15. Decentralised Architecture 7 Monday, August 17, 2009 7

  16. Decentralised Architecture 7 Monday, August 17, 2009 7

  17. Privacy Requirements • Protect content and links • Adversaries: • Other users • Application developers • Network operator • Reduce to social contract 8 Monday, August 17, 2009 8

  18. Software Architecture 9 Monday, August 17, 2009 9

  19. Software Architecture                       9 Monday, August 17, 2009 9

  20. Software Architecture            10 Monday, August 17, 2009 10

  21. Application Layer • Sandboxed applications • Security API • Restrictive default policies • User policy specification 11 Monday, August 17, 2009 11

  22. Software Architecture            12 Monday, August 17, 2009 12

  23. Data Structures Layer 13 Monday, August 17, 2009 13

  24. Data Structures Layer 13 Monday, August 17, 2009 13

  25. Data Structures Layer 13 Monday, August 17, 2009 13

  26. Data Structures Layer 14 Monday, August 17, 2009 14

  27. Data Structures Layer 14 Monday, August 17, 2009 14

  28. Data Structures Layer 15 Monday, August 17, 2009 15

  29. Data Structures Layer 15 Monday, August 17, 2009 15

  30. Data Structures Layer 15 Monday, August 17, 2009 15

  31. Software Architecture            16 Monday, August 17, 2009 16

  32. Cryptography Layer • Encryption, digital signatures, etc. • Key Management • Identity Verification • Link Hiding 17 Monday, August 17, 2009 17

  33. Encrypted Blocks • Unique symmetric key per block per ACL revision • This sounds familiar... • No revocation guarantees 18 Monday, August 17, 2009 18

  34. Key Management • Direct distribution via PK • Key hierarchy • “Group key” blocks • Hidden links 19 Monday, August 17, 2009 19

  35. Link Hiding 03 00 4d 0b 59 7a e5 b0 7a bf 89 c8 f6 b0 2d 74 76 2d 30 64 67 9a 42 f6 34 15 bc 66 71 91 2a 34 0e e6 45 c4 ff 8f d7 90 95 4a e3 a8 2e 20 Monday, August 17, 2009 20

  36. Link Hiding E K 1 03 00 4d 0b 59 7a e5 b0 7a bf 89 c8 f6 b0 2d + 74 76 2d 30 64 67 9a 42 f6 34 15 bc 66 71 91 2a 34 0e e6 45 c4 ff 8f d7 90 95 4a e3 a8 2e E K 2 + 20 Monday, August 17, 2009 20

  37. Link Hiding E K 1 03 00 4d 0b 59 7a e5 b0 7a bf 89 c8 f6 b0 2d + 74 76 2d 30 64 67 9a 42 f6 34 15 bc 66 71 91 2a 34 0e e6 45 c4 ff 8f d7 90 95 4a e3 a8 2e E K 2 + 20 Monday, August 17, 2009 20

  38. Link Hiding E K 1 03 00 4d 0b 59 7a e5 b0 7a bf 89 c8 f6 b0 2d + 74 76 2d 30 64 67 9a 42 f6 34 15 bc 66 71 91 2a 34 0e e6 45 c4 ff 8f d7 90 95 4a e3 a8 2e 1e fb L I N K : a b c .. .. 92 71 44 99 1c ff bf d9 5a e1 03 08 8e 7d 9b c2 45 56 aa dd 0e 64 fc 7f a3 c4 77 77 e6 a0 81 c4 5a E K 2 + ad e6 e1 69 fd 4e 70 3c da ce f8 c6 94 0f e7 3c 6b 66 c5 39 6c 1c 74 c1 14 ef 53 L I N K : d e f .. .. 70 32 22 12 37 9d 92 e4 20 Monday, August 17, 2009 20

  39. Messaging • Asynchronous • Encryption • Signing • Synchronous • OTR 21 Monday, August 17, 2009 21

  40. Identity Verification • PKI • Web of Trust • Fingerprint Exchange • Multi-Channel Protocol 22 Monday, August 17, 2009 22

  41. Fingerprint Exchange • CryptoIDs • “a little longer than most email addresses, a little shorter than most postal addresses, and about the same size as a credit card plus its 4- digit expiration date” • f3v4g.ifcen.r3rj5.embx8 • small enough for a business card 23 Monday, August 17, 2009 23

  42. Mutual Identity Verification • Wong-Stajano protocol • Exchange of small nonces • Nonces can be cryptographically weak • Relies on data origin authenticity 24 Monday, August 17, 2009 24

  43. Joint Content • Digital signature convention • Sign content and context 25 Monday, August 17, 2009 25

  44. Software Architecture            26 Monday, August 17, 2009 26

  45. Network Layer • GET, POST • Access control • Not for confidentiality • Ok for integrity • Extra: mailboxes? 27 Monday, August 17, 2009 27

  46. Implementation 28 Monday, August 17, 2009 28

  47. Implementation 28 Monday, August 17, 2009 28

  48. Implementation 28 Monday, August 17, 2009 28

  49. Performance • Server • Storage scales (roughly) linearly with users • Computation scales linearly with storage • I/O-bound clients (branching factor) 29 Monday, August 17, 2009 29

  50. Open Problems • Usability of policy specification • End user development • Security API 30 Monday, August 17, 2009 30

  51. Discussion ? 31 Monday, August 17, 2009 31

  52. Appendix • Wong-Stajano protocol • Crypto performance 32 Monday, August 17, 2009 32

  53. Wong-Stajano Protocol A → B : K A B → A : K B A → B : H(A | K A | K B | R a | K a ) B → A : H(B | K A | K B | R b | K b ) A ⇒ B : R a B ⇒ A : R b A → B : K a B → A : K b A ⇒ B : outcome B ⇒ A : outcome 33 Monday, August 17, 2009 33

  54. Crypto Performance • SunJCE v1.7 on Intel Core2 Quad CPU Q6600 @ 2.4 GHz • RSA • 1024b en/decryption @ 600 kB/s, 30 kB/s • 2048b RSA en/decryption @ 200 kB/s, 7 kB/s • AES: 128b @ 35 MB/s 34 Monday, August 17, 2009 34

Recommend

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Ariel J. Feldman Princeton UPenn Joint work with: Aaron Blankstein, Michael J. Freedman, and Edward W. Felten Social Networking with

661 views • 27 slides
xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social

xBook: Redesigning Privacy Control in Social xBook: Redesigning Privacy Control in Social Networking Platforms Networking Platforms Kapil Singh, Sumeer Bhola and Wenke Lee Social networking is growing 2 Privacy concerns are growing

779 views • 54 slides
Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play

Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play

Learwood Middle School Parent Handbook Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play an important role in connecting the lives of people. Research has shown that social media is the preferred

542 views • 9 slides
Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau

Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau

Privacy Implications of Social Networks Gates Scholars' Symposium 1 March 2009 Joseph Bonneau Security Research Group Computer Laboratory Outline Why Privacy Matters How Social Networks Change The Game The Current Mess

495 views • 46 slides
privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How

privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How

privacy (and trust) for SNS me ! " many social networks (fragmented?) diversity is good! How do we manage our diversity? (identities) Privacy is difficult. Tech? Legal? action: collecting current practices (many) Me, You, Us. social

438 views • 14 slides
Characterizing Privacy in Online Social Networks Balachander Krishnamurthy, AT&T Labs

Characterizing Privacy in Online Social Networks Balachander Krishnamurthy, AT&T Labs

Characterizing Privacy in Online Social Networks Balachander Krishnamurthy, AT&T Labs Research Craig E. Wills, Worcester Polytechnic Institute ACM SIGCOMM Workshop on Online Social Networks Seattle, Washington USA August 2008 1

297 views • 17 slides
and Privacy in Online Social Networks Ralph Gross Alessandro Acquisti Presenter: Chris Kelley

and Privacy in Online Social Networks Ralph Gross Alessandro Acquisti Presenter: Chris Kelley

Information Revelation and Privacy in Online Social Networks Ralph Gross Alessandro Acquisti Presenter: Chris Kelley Outline Motivation Online Vs. Offline Networks Online Social Networks - Privacy Implications Analysis: The

635 views • 41 slides
The Price of Privacy In Untrusted Recommendation Engines Siddhartha Banerjee, Nidhi Hegde &

The Price of Privacy In Untrusted Recommendation Engines Siddhartha Banerjee, Nidhi Hegde &

The Price of Privacy In Untrusted Recommendation Engines Siddhartha Banerjee, Nidhi Hegde & Laurent Massouli UT Austin Technicolor Privacy efficiency trade-offs q Google & FaceBook track online browsing behaviour q Apple

610 views • 27 slides
K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang 515030910412 ABSTRACT The rapid development of social communication network has increased the risk in privacy protection, the association between people has

385 views • 4 slides
CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks

CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks

CS525: Who s Your Best Friend? Targeted Privacy Attacks In Location sharing Social Networks Wei Wang ECE Dept. Worcester Polytechnic Institute (WPI) Security and Privacy Problems in the mobile and cloud computing Security and Privacy

608 views • 19 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Privacy Leakage in Mobile Online Social Networks Balachander Krishnamurthy, AT&T Labs

Privacy Leakage in Mobile Online Social Networks Balachander Krishnamurthy, AT&T Labs

Privacy Leakage in Mobile Online Social Networks Balachander Krishnamurthy, AT&T Labs Research Craig E. Wills, Worcester Polytechnic Institute Workshop on Online Social Networks Boston, MA USA June 2010 1 Introduction Previously

775 views • 20 slides
Privacy Crisis and Alternative Social Networking Sites: Empirical Findings and Critical

Privacy Crisis and Alternative Social Networking Sites: Empirical Findings and Critical

Privacy Crisis and Alternative Social Networking Sites: Empirical Findings and Critical Reflections Sebastian Sevignani Presentation at Communication, Crisis, and Critique in Contemporary Capitalism: Conference of the European Sociological

495 views • 11 slides
LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek

LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek

Outline Introduction LinkMirage Conclusion LinkMirage: Enabling Privacy-preserving Analytics on Social Relationships Changchang Liu, Prateek Mittal Email: cl12@princeton.edu, pmittal@princeton.edu Princeton University February 23, 2016 1 /

917 views • 42 slides
Multilateral Privacy Requirements Analysis in Online Social Networks Seda Grses COSIC, K.U.

Multilateral Privacy Requirements Analysis in Online Social Networks Seda Grses COSIC, K.U.

Multilateral Privacy Requirements Analysis in Online Social Networks Seda Grses COSIC, K.U. Leuven 18. February, 2011 CRID University of Namur, Belgium 1 x close this advertisement security and priv acy in online social networks K.U.

1.33k views • 81 slides
PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo

PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo

PRIVACY IN EVOLVING SOCIAL NETWORKS Ral Pardo, Musard Balliu, Gerardo Schneider - @raparuldo NWPT 2015 DataBIN Data-driven Secure Business Intelligence FACEBOOK PRIVACY SETTINGS Imagine you only want your friends to know your location 2

683 views • 27 slides
Designing Privacy-Aware Social Networks: A Mul:-Agent Approach

Designing Privacy-Aware Social Networks: A Mul:-Agent Approach

4th workshop on Web Intelligence & Communities, Lyon, 16th April 2012 Designing Privacy-Aware Social Networks: A Mul:-Agent Approach Andrei Ciortea 1 , Yann Krupa 2 , Laurent

630 views • 21 slides
Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer

Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer

Building Blocks for Privacy- Preserving Decentralized Online Social Networks iSocial Summer School Sonja Buchegger, Assoc. Prof. Computer Science KTH ! Online Privacy Problematic Current services (FB, GMail, GCal, Flickr, Pinterest) are

398 views • 18 slides
Synergy of social networks defeats online privacy Eleonora Petridou Marek Kuczy nski System

Synergy of social networks defeats online privacy Eleonora Petridou Marek Kuczy nski System

Synergy Of Social Networks Defeats Online Privacy, www.socialsynergy.nl Synergy of social networks defeats online privacy Eleonora Petridou Marek Kuczy nski System And Network Engineering University of Amsterdam February 2, 2011 Synergy

710 views • 37 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Modeling Social Networking Privacy Carolina Dania IMDEA Software Institute - Spain Universidad

Modeling Social Networking Privacy Carolina Dania IMDEA Software Institute - Spain Universidad

Modeling Social Networking Privacy Carolina Dania IMDEA Software Institute - Spain Universidad Complutense de Madrid (Partially funded by NeSSOS) Supervisors Manuel Clavel Marina Egea IMDEA Software Institute Atos Research & Innovation

1.31k views • 109 slides
Security and Privacy in Vehicular Social Networks Hongyu Jin, Mohammad Khodaei, and Panos

Security and Privacy in Vehicular Social Networks Hongyu Jin, Mohammad Khodaei, and Panos

KTH ROYAL INSTITUTE OF TECHNOLOGY Security and Privacy in Vehicular Social Networks Hongyu Jin, Mohammad Khodaei, and Panos Papadimitratos Networked Systems Security Group (NSS) www.eecs.kth.se/nss Security and Privacy for Vehicular

385 views • 16 slides
How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication

How to get a trustworthy DNS Privacy enabling recursive resolver an analysis of authentication mechanisms for DNS Privacy enabling recursive resolvers Benno Overeinder Melinda Shore Willem Toorop Fastly NLnet Labs NLnet Labs (presenter)

321 views • 21 slides
Temporal Privacy in Wireless Sensor Networks Temporal Privacy in Wireless Sensor Networks

Temporal Privacy in Wireless Sensor Networks Temporal Privacy in Wireless Sensor Networks

Temporal Privacy in Wireless Sensor Networks Temporal Privacy in Wireless Sensor Networks Pandurang Kamat, Wenyuan Xu, Wade Trappe and Yanyong Zhang WINLAB Rutgers University 1 Temporal Privacy in Sensor Networks Temporal Privacy in Sensor

280 views • 14 slides

More recommend