Extended U+F Social Network Protocol: Interoperability, reusability, data protection and indirect relationships in Web Based Social Networks

An interconnected world is what current technologies look for, being Web Based Social Networks (WBSNs) a promising development in this regard. Four desirable WBSN features are identied, namely, interoperability, reusability, protection against WBSNs providers and indirect relationships. A protocol, called U+F, addressed interoperability and reusability of identity data, resources and access control policies between dierent WBSNs. In order to address the remaining couple of features, that is, achieving the protection of data against WBSNs providers and indirect relationships management across dierent WBSNs, this paper presents eU+F, an extension of U+F. A prototype is developed to verify the feasibility of implementing the proposed protocol in a real environment, as well as to compare its workload regarding three well-known WBSNs, Facebook, MySpace and LinkedIn.

[1]  Preethi Srinivas,et al.  Key allocation schemes for private social networks , 2009, WPES '09.

[2]  William P. Marnane,et al.  Identity- Based Cryptography , 2008 .

[3]  José María de Fuentes,et al.  U+F Social Network Protocol: Achieving Interoperability and Reusability between Web Based Social Networks , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[5]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[6]  Günther Pernul,et al.  Provider-Independent Online Social Identity Management--Enhancing Privacy Consistently Across Multiple Social Networking Sites , 2012, 2012 45th Hawaii International Conference on System Sciences.

[7]  Kenneth G. Paterson,et al.  Identity-based cryptography for grid security , 2005, First International Conference on e-Science and Grid Computing (e-Science'05).

[8]  Giancarlo Ruffo,et al.  LotusNet: Tunable privacy for distributed online social network services , 2012, Comput. Commun..

[9]  Bhavani M. Thuraisingham,et al.  A semantic web based framework for social network access control , 2009, SACMAT '09.

[10]  Barbara Carminati,et al.  Private Relationships in Social Networks , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[11]  José María de Fuentes,et al.  User-Managed Access Control in Web Based Social Networks , 2013, Security and Privacy Preserving in Social Networks.

[12]  Ralf Steinmetz,et al.  LifeSocial.KOM: A P2P-Based Platform for Secure Online Social Networks , 2010, 2010 IEEE Tenth International Conference on Peer-to-Peer Computing (P2P).

[13]  Paul Anderson,et al.  Prometheus: User-Controlled P2P Social Data Management for Socially-Aware Applications , 2010, Middleware.

[14]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[15]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[16]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[17]  Jerry Kang Self-surveillance privacy & the Personal Data Guardian , 2011, Datenschutz und Datensicherheit - DuD.

[18]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[19]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[20]  James A. Landay,et al.  Approximate Information Flows: Socially-Based Modeling of Privacy in Ubiquitous Computing , 2002, UbiComp.

[21]  Eve Maler,et al.  User-managed access to web resources , 2010, DIM '10.

[22]  Sushil Jajodia,et al.  A data outsourcing architecture combining cryptography and access control , 2007, CSAW '07.

[23]  Richard Chbeir,et al.  Security and Privacy Preserving in Social Networks , 2013, Lecture Notes in Social Networks.

[24]  M. Hoffmann,et al.  An architecture for user-managed location sharing in the Future Internet of Services , 2010 .

[25]  Sushil Jajodia,et al.  Selective data outsourcing for enforcing privacy , 2011, J. Comput. Secur..

[26]  Jennifer Seberry,et al.  Public Key Cryptography , 2000, Lecture Notes in Computer Science.

[27]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[28]  Sudheendra Hangal,et al.  PrPl: a decentralized social networking infrastructure , 2010, MCS '10.

[29]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[30]  Nalini Venkatasubramanian,et al.  iDataGuard: an interoperable security middleware for untrusted internet data storage , 2008, Companion '08.

[31]  U. Maurer,et al.  A non-interactive public-key distribution system , 1996 .

[32]  A. Ribagorda,et al.  SoNeUCON ABC , an expressive usage control model for Web-Based Social Networks , 2014 .

[33]  Andreas Pfitzmann,et al.  Privacy 3.0 := Data Minimization + User Control + Contextual Integrity , 2011, it Inf. Technol..

[34]  Seok-Won Seong PRPL: A DECENTRALIZED SOCIAL NETWORKING , 2010 .

[35]  José María de Fuentes,et al.  SoNeUCONABC, an expressive usage control model for Web-Based Social Networks , 2014, Comput. Secur..

[36]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.

[37]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[38]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[39]  Mauro Conti,et al.  Virtual private social networks , 2011, CODASPY '11.

[40]  Deborah Estrin,et al.  Self-Surveillance Privacy , 2010 .