A Framework for Enabling User-Controlled Persona in Online Social Networks

As the use of personal information in social network sites seems manifold, including the representation of an individual's digital persona (or social role) and identification, so does the abuse or misuse of the information. The issue of privacy is critically important in this context. In this paper we present a novel framework for enabling user-controlled sharing of sensitive personal information for better privacy protection in current online social networks. Specifically, the framework called U-Control is proposed to facilitate digital persona and privacy management (DPPM) in a user-centric way that it can satisfy diverse privacy requirements and specification, and social network environments. We discuss the design of a security system based on the proposed framework. Finally we discuss a proof-of-concept implementation, along with performance evaluation.

[1]  Gail-Joon Ahn,et al.  Ensuring information assurance in federated identity management , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[2]  Dongwan Shin,et al.  Enabling Interoperable and Selective Data Sharing among Social Networking Sites , 2008, CollaborateCom.

[3]  Gail-Joon Ahn,et al.  Managing privacy preferences for federated identity management , 2005, DIM '05.

[4]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.

[5]  Fernanda B. Viégas,et al.  Bloggers' Expectations of Privacy and Accountability: An Initial Survey , 2006, J. Comput. Mediat. Commun..

[6]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[7]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[8]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[9]  Hugo Liu InterestMap : Harvesting Social Network Profiles for Recommendations , 2004 .

[10]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[11]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[12]  Gail-Joon Ahn,et al.  Risk Evaluation for Personal Identity Management Based on Privacy Attribute Ontology , 2008, ER.

[13]  Gail-Joon Ahn,et al.  Towards IA-aware web services for federated identity management , 2003 .

[14]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[15]  William R. Claycomb,et al.  Authenticated Dictionary-Based Attribute Sharing in Federated Identity Management , 2009, 2009 Sixth International Conference on Information Technology: New Generations.

[16]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.