ABnews: A Fast Private Social Messaging System Using Untrusted Storage and Attribute-Based Encryption

Centralized social networking services (SNSs) or online social networks (OSNs) inherently have privacy concerns. Ciphertext-policy attribute-based encryption (CP-ABE) is an effective and promising tool for protecting privacy in centralized and distributed systems. However, a large effort is required to develop new practical social applications using CP-ABE. Furthermore, such applications often have performance problems because of the substantial computation time needed for ABE. This paper describes the design and implementation of the ABnews system, a Usenet-like social messaging system using ABE and untrusted storage. ABnews is fast because it eliminates the heavy computation of ABE from the interactive access to messages. ABnews inherits application programs from Usenet, and allows Usenet's rich newsreaders to be utilized without any modification. Furthermore, ABnews provides overlay social applications, including a private blogging service, a presence service, and one-to-one direct messaging, on top of bulletin board systems. The ABnews system has been implemented using the cpabe toolkit and Google Drive, which holds encrypted messages. Experimental results show that the overhead of CP-ABE is negligible when implementing such a messaging system on a current cloud storage service.

[1]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[2]  Jan Ljungberg,et al.  Open source movements as a model for organising , 2000, ECIS.

[3]  Dennis Shasha,et al.  Secure Untrusted Data Repository (SUNDR) , 2004, OSDI.

[4]  Yasushi Shinjo,et al.  Sweets: A Decentralized Social Networking Service Application Using Data Synchronization on Mobile Devices , 2016, CollaborateCom.

[5]  Krzysztof Rzadca,et al.  Decentralized Online Social Networks , 2010, Handbook of Social Network Technologies.

[6]  Pierre St. Juste,et al.  SocialVPN: Enabling wide-area collaboration with integrated social and overlay networks , 2010, Comput. Networks.

[7]  Mauro Conti,et al.  Virtual private social networks and a facebook implementation , 2013, TWEB.

[8]  Michael Dürr,et al.  Vegas -- A Secure and Privacy-Preserving Peer-to-Peer Online Social Network , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[9]  Clive D. W. Feather Network News Transfer Protocol (NNTP) , 2006, RFC.

[10]  Honggang Zhang,et al.  The growth of Diaspora - A decentralized online social network in the wild , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[11]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[12]  Nikita Borisov,et al.  Cachet: a decentralized architecture for privacy preserving social networking with caching , 2012, CoNEXT '12.

[13]  Frank Wang,et al.  Sieve: Cryptographically Enforced Access Control for User Data in Untrusted Clouds , 2016, NSDI.

[14]  Sonja Buchegger,et al.  PeerSoN: P2P social networking: early experiences and insights , 2009, SNS '09.

[15]  Robert Tappan Morris,et al.  UsenetDHT: A Low-Overhead Design for Usenet , 2008, NSDI.

[16]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[17]  Jinyang Li,et al.  F2F: Reliable Storage in Open Networks , 2006, IPTPS.

[18]  J. Venkata Subramanian,et al.  Improving Security and Efficiency in Attribute-Based Data Sharing , 2012 .

[19]  Junbeom Hur,et al.  Improving Security and Efficiency in Attribute-Based Data Sharing , 2013, IEEE Transactions on Knowledge and Data Engineering.

[20]  Alessandro Barenghi,et al.  Snake: An End-to-End Encrypted Online Social Network , 2014, 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS).

[21]  Torben Weis,et al.  SoNet -- Privacy and Replication in Federated Online Social Networks , 2013, 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops.

[22]  Torben Weis,et al.  Privacy Preservation in Decentralized Online Social Networks , 2014, IEEE Internet Computing.

[23]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[24]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[25]  M. Tahar Kechadi,et al.  BitTorrent Sync: Network Investigation Methodology , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[26]  Yiliang Han,et al.  The Revocable Attribute Based Encryption Scheme for Social Networks , 2015, SocialSec.

[27]  Ariel J. Feldman,et al.  SPORC: Group Collaboration using Untrusted Cloud Resources , 2010, OSDI.

[28]  Miguel Correia,et al.  DepSky: Dependable and Secure Storage in a Cloud-of-Clouds , 2013, TOS.

[29]  Ramón Cáceres,et al.  Vis-à-Vis: Privacy-preserving online social networking via Virtual Individual Servers , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[30]  Pierre St. Juste,et al.  TinCan: User-Defined P2P Virtual Network Overlays for Ad-hoc Collaboration , 2014, EAI Endorsed Trans. Collab. Comput..

[31]  Akira Sato,et al.  Friend News System: A Modern Implementation of Usenet over Social VPNs , 2014, 2014 IEEE Fourth International Conference on Big Data and Cloud Computing.

[32]  Andra Giurgiu,et al.  No Place to Hide – Edward Snowden, the NSA and the Surveillance State , 2015 .

[33]  Zhenfeng Zhang,et al.  Ciphertext policy attribute-based encryption from lattices , 2012, ASIACCS '12.

[34]  Nickolai Zeldovich,et al.  Separating Web Applications from User Data Storage with BSTORE , 2010, WebApps.

[35]  Peter Saint-Andre,et al.  Extensible Messaging and Presence Protocol (XMPP): Core , 2004, RFC.

[36]  Akira Sato,et al.  Magic mantle using social VPNs against centralized social networking services , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[37]  Russ Allbery,et al.  Netnews Architecture and Protocols , 2009, RFC.

[38]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[39]  Frank Stajano,et al.  Privacy-enabling social networking over untrusted networks , 2009, WOSN '09.

[40]  Liang Zhang,et al.  Building confederated web-based services with Priv.io , 2013, COSN '13.

[41]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[42]  Xuejiao Liu,et al.  A Secure and Efficient Data Sharing Framework with Delegated Capabilities in Hybrid Cloud , 2015, 2015 International Symposium on Security and Privacy in Social Networks and Big Data (SocialSec).

[43]  Srinath T. V. Setty,et al.  Depot: Cloud Storage with Minimal Trust , 2010, TOCS.

[44]  R.T.Subhalakshmi,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing using Attribute-Based Encryption , 2016 .

[45]  Jian Liang,et al.  Impact of the social networking applications for health information management for patients and physicians. , 2012, Studies in health technology and informatics.

[46]  Ralf Steinmetz,et al.  LifeSocial.KOM: A secure and P2P-based solution for online social networks , 2011, 2011 IEEE Consumer Communications and Networking Conference (CCNC).

[47]  Pierre St. Juste,et al.  Integrating Overlay and Social Networks for Seamless P2P Networking , 2008, 2008 IEEE 17th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.