EASiER: encryption-based access control in social networks with efficient revocation

A promising approach to mitigate the privacy risks in Online Social Networks (OSNs) is to shift access control enforcement from the OSN provider to the user by means of encryption. However, this creates the challenge of key management to support complex policies involved in OSNs and dynamic groups. To address this, we propose EASiER, an architecture that supports fine-grained access control policies and dynamic group membership by using attribute-based encryption. A key and novel feature of our architecture, however, is that it is possible to remove access from a user without issuing new keys to other users or re-encrypting existing ciphertexts. We achieve this by creating a proxy that participates in the decryption process and enforces revocation constraints. The proxy is minimally trusted and cannot decrypt ciphertexts or provide access to previously revoked users. We describe EASiER architecture and construction, provide performance evaluation, and prototype application of our approach on Facebook.

[1]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[2]  Vipul Goyal,et al.  Identity-based encryption with efficient revocation , 2008, IACR Cryptol. ePrint Arch..

[3]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[4]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[5]  A. Miyaji,et al.  New Explicit Conditions of Elliptic Curve Traces for FR-Reduction , 2001 .

[6]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.

[7]  Xiaohui Liang,et al.  Attribute based proxy re-encryption with delegating capabilities , 2009, ASIACCS '09.

[8]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[9]  Qi Xie,et al.  FaceCloak: An Architecture for User Privacy on Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[10]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[11]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[12]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[13]  Krishna P. Gummadi,et al.  Measurement and analysis of online social networks , 2007, IMC '07.

[14]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.