TrustSplit: usable confidentiality for social network messaging

It is well known that online social networking sites (OSNs) such as Facebook pose risks to their users' privacy. OSNs store vast amounts of users' private data and activities and therefore subject the user to the risk of undesired disclosure. The regular non tech-savvy Facebook user either has little awareness of his privacy needs or is not willing or capable to invest much extra effort into securing his online activities. In this paper, we present a non-disruptive and easy to-use service that helps to protect users' most private information, namely their private messages and chats against the OSN provider itself and external adversaries. Our novel Confidentiality as a Service paradigm was designed with usability and non-obtrusiveness in mind and requires little to no additional knowledge on the part of the users. The simplicity of the service is achieved through a novel trust splitting approach integrated into the Confidentiality as a Service paradigm. To show the feasibility of our approach we present a fully-working prototype for Facebook and an initial usability study. All of the participating subjects completed the study successfully without any problems or errors and only required three minutes on average for the entire installation and setup procedure.

[1]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[2]  Anna Cinzia Squicciarini,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Collective Privacy Management in Social Networks , 2022 .

[3]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[4]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[5]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[6]  Zeynep Tufekci Can You See Me Now? Audience and Disclosure Regulation in Online Social Network Sites , 2008 .

[7]  D. Boyd Facebook's Privacy Trainwreck , 2008 .

[8]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[9]  Sonja Buchegger,et al.  PeerSoN: P2P social networking: early experiences and insights , 2009, SNS '09.

[10]  Huan Liu,et al.  Exploiting vulnerability to secure user privacy on a social networking site , 2011, KDD.

[11]  Frank Stajano,et al.  Privacy-enabling social networking over untrusted networks , 2009, WOSN '09.

[12]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[13]  Bill Burke RESTful Java with JAX-RS , 2009 .

[14]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[15]  Simson L. Garfinkel,et al.  Email-Based Identification and Authentication: An Alternative to PKI? , 2003, IEEE Secur. Priv..

[16]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[19]  Lorrie Faith Cranor,et al.  Timing is everything?: the effects of timing and placement of online privacy indicators , 2009, CHI.

[20]  D. Boyd Taken Out of Context: American Teen Sociality in Networked Publics , 2010 .

[21]  Kori Inkpen Quinn,et al.  Gathering evidence: use of visual security cues in web browsers , 2005, Graphics Interface.

[22]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[23]  Markulf Kohlweiss,et al.  Scramble! Your Social Network Data , 2011, PETS.

[24]  Helger Lipmaa,et al.  Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption , 2000 .