Towards a distributed ABE based approach to protect privacy on online social networks

In this paper, we present a new framework for protecting privacy on online social networks based on two main concepts: cloud computing and Attribute-Based Encryption system (ABE). The cloud computing is used to store outsourcing data by a third party. However, the issues of entrusting these third-party losing control over data arise. Thus, one does not know where data are stored. In the proposed framework we propose to use a distributed multi-authority ABE scheme, which provides flexible access to private data, and only users with the right keys can have access to it. The performance evaluation is conducted by simulations with different parameters including the number of attributes, encryption time and decryption time. The obtained results and security analysis show that our solution outperforms the classical solutions in terms of security and robustness.

[1]  A. Felt Privacy Protection for Social Networking APIs , 2008 .

[2]  Cliff Lampe,et al.  The Benefits of Facebook "Friends: " Social Capital and College Students' Use of Online Social Network Sites , 2007, J. Comput. Mediat. Commun..

[3]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[4]  Qi Xie,et al.  FaceCloak: An Architecture for User Privacy on Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[5]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.

[6]  Vladimir A. Oleshchuk,et al.  A Distributed Multi-Authority Attribute Based Encryption Scheme for Secure Sharing of Personal Health Records , 2017, SACMAT.

[7]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[8]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[9]  Cong Wang,et al.  Attribute based data sharing with attribute revocation , 2010, ASIACCS '10.

[10]  Jun Hu,et al.  Security Issues in Online Social Networks , 2011, IEEE Internet Computing.

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  Sherman S. M. Chow,et al.  Improving privacy and security in multi-authority attribute-based encryption , 2009, CCS.

[13]  Kate Raynes-Goldie,et al.  Privacy in the Age of Facebook: Discourse, Architecture, Consequences , 2012 .

[14]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.