A Privacy-Preserving Framework With Self-Governance and Permission Delegation in Online Social Networks

With the wide use of online social networks (OSNs), the problem of data privacy has attracted a lot of attention from not only the research community but also the general public. To meet the privacy needs of OSNs, we present a new framework for protecting information published through online social network websites through encryption by taking into account special features of OSNs. In this framework, autonomous private communities, called as zones, are set up by one or a set of mutually-trusted users collaboratively without any third party intervention. Sensitive information (i.e., posts, photos, etc.) within a zone can only be accessed by authorized members of the zone. A user joins a zone by obtaining a permission from an authorized zone member and uses it along with her private key to access contents inside the zone. One striking feature about our design of permission is that it is not secret information and thus can be left in the user’s account in the OSN. Compared with prior work, this design of public permission greatly reduces user-side overhead on secret key management as a user only needs to maintain one secret key and use as many public permissions as she wants to access contents in different zones. Furthermore, our framework allows efficient access permission delegation and revocation. We develop a prototype to evaluate its computation performance in an acceptable level. Meanwhile, we prove that our construction is semantically secure against chosen plaintext attack, existential forgery attack and key forgery attack.

[1]  Moawwad E. A. El-Mikkawy Inversion Of A Generalized Vandermonde Matrix , 2003, Int. J. Comput. Math..

[2]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[3]  Roberto Di Pietro,et al.  A Logical Key Hierarchy Based Approach to Preserve Content Privacy in Decentralized Online Social Networks , 2020, IEEE Transactions on Dependable and Secure Computing.

[4]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[5]  Vladimir A. Oleshchuk,et al.  Analysis of key management protocols for social networks , 2015, Social Network Analysis and Mining.

[6]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[7]  Chun-Ta Li,et al.  A Provably Secure Group Key Agreement Scheme With Privacy Preservation for Online Social Networks Using Extended Chaotic Maps , 2018, IEEE Access.

[8]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[9]  Dongho Won,et al.  Key Management Scheme Using Dynamic Identity-Based Broadcast Encryption for Social Network Services , 2014 .

[10]  Gail-Joon Ahn,et al.  Access control for online social networks third party applications , 2012, Comput. Secur..

[11]  Barbara Carminati,et al.  Collaborative access control in on-line social networks , 2011, 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom).

[12]  Mauro Conti,et al.  Virtual private social networks , 2011, CODASPY '11.

[13]  Gail-Joon Ahn,et al.  Multiparty Access Control for Online Social Networks: Model and Mechanisms , 2013, IEEE Transactions on Knowledge and Data Engineering.

[14]  Qin Liu,et al.  Hierarchical Multi-Authority and Attribute-Based Encryption Friend Discovery Scheme in Mobile Social Networks , 2016, IEEE Communications Letters.

[15]  M. Shamim Hossain,et al.  An efficient key agreement protocol for Sybil-precaution in online social networks , 2017, Future Gener. Comput. Syst..

[16]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.

[17]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[18]  Livio Bioglio,et al.  Network-aware privacy risk estimation in online social networks , 2019, Social Network Analysis and Mining.

[19]  Gail-Joon Ahn,et al.  Multiparty Authorization Framework for Data Sharing in Online Social Networks , 2011, DBSec.

[20]  Yixian Yang,et al.  DECENT: Secure and fine-grained data access control with policy updating for constrained IoT devices , 2017, World Wide Web.

[21]  Nazanin Andalibi,et al.  Announcing Pregnancy Loss on Facebook: A Decision-Making Framework for Stigmatized Disclosures on Identified Social Network Sites , 2018, CHI.

[22]  Zhen Wang,et al.  Enhanced Instant Message Security and Privacy Protection Scheme for Mobile Social Network Systems , 2018, IEEE Access.

[23]  Yang Zhang,et al.  A New Access Control Scheme for Facebook-Style Social Networks , 2013, 2014 Ninth International Conference on Availability, Reliability and Security.

[24]  Li Li,et al.  Privacy Protection of Social Networks Based on Classified Attribute Encryption , 2019, Secur. Commun. Networks.

[25]  Spiridon Bakiras,et al.  HITC: Data Privacy in Online Social Networks with Fine-Grained Access Control , 2019, SACMAT.

[26]  Thouraya Bouabana-Tebibel,et al.  Towards a distributed ABE based approach to protect privacy on online social networks , 2019, 2019 IEEE Wireless Communications and Networking Conference (WCNC).

[27]  Xueqin Zhang,et al.  The Location Privacy Preserving of Social Network Based on RCCAM Access Control , 2018, IETE Technical Review.

[28]  Balachander Krishnamurthy,et al.  Characterizing privacy in online social networks , 2008, WOSN '08.

[29]  L. Jean Camp,et al.  Security and privacy in online social networking: Risk perceptions and precautionary behaviour , 2018, Comput. Hum. Behav..

[30]  Shuai Liu,et al.  Fractal Intelligent Privacy Protection in Online Social Network Using Attribute-Based Encryption Schemes , 2018, IEEE Transactions on Computational Social Systems.

[31]  Yan Zhu,et al.  Verifiable random functions with Boolean function constraints , 2017, Science China Information Sciences.

[32]  Yuehui Chen,et al.  Privacy Preservation Based on Key Attribute and Structure Generalization of Social Network for Medical Data Publication , 2019, ICIC.

[33]  Shiuh-Pyng Shieh,et al.  A Batch-Authenticated and Key Agreement Framework for P2P-Based Online Social Networks , 2012, IEEE Transactions on Vehicular Technology.

[34]  Lein Harn,et al.  Full-healing group-key distribution in online social networks , 2016, Int. J. Secur. Networks.