Blockchain-based access control management for Decentralized Online Social Networks

Abstract Online Social Networks (OSNs) represent today a big communication channel where users spend a lot of time to share personal data. Unfortunately, the big popularity of OSNs can be compared with their big privacy issues. Indeed, several recent scandals have demonstrated their vulnerability. Decentralized Online Social Networks (DOSNs) have been proposed as an alternative solution to the current centralized OSNs. DOSNs do not have a service provider that acts as central authority and users have more control over their information. Several DOSNs have been proposed during the last years. However, the decentralization of the social services requires efficient distributed solutions for protecting the privacy of users. During the last years the blockchain technology has been applied to Social Networks in order to overcome the privacy issues and to offer a real solution to the privacy issues in a decentralized system. However, in these platforms the blockchain is usually used as a storage, and content is public. In this paper, we propose a manageable and auditable access control framework for DOSNs using blockchain technology for the definition of privacy policies. The resource owner uses the public key of the subject to define auditable access control policies using Access Control List (ACL), while the private key associated with the subject’s Ethereum account is used to decrypt the private data once access permission is validated on the blockchain. We provide an evaluation of our approach by exploiting the Rinkeby Ethereum testnet to deploy the smart contracts. Experimental results clearly show that our proposed ACL-based access control outperforms the Attribute-based access control (ABAC) in terms of gas cost. Indeed, a simple ABAC evaluation function requires 280,000 gas, instead our scheme requires 61,648 gas to evaluate ACL rules.

[1]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[2]  Laura Ricci,et al.  Managing social contents in Decentralized Online Social Networks: A survey , 2018, Online Soc. Networks Media.

[3]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.

[4]  Hector Garcia-Molina,et al.  Taxonomy of trust: Categorizing P2P reputation systems , 2006, Comput. Networks.

[5]  Ronghua Xu,et al.  Constructing Trustworthy and Safe Communities on a Blockchain-Enabled Social Credits System , 2018, MobiQuitous.

[6]  Uwe Zdun,et al.  Design Patterns for Smart Contracts in the Ethereum Ecosystem , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[7]  Laura Ricci,et al.  Trusted Dynamic Storage for Dunbar-Based P2P Online Social Networks , 2014, OTM Conferences.

[8]  Mohsin Ur Rahman,et al.  Context-Aware and Dynamic Role-Based Access Control Using Blockchain , 2020, AINA.

[9]  Sonja Buchegger,et al.  A case for P2P infrastructure for social networks - opportunities & challenges , 2009, 2009 Sixth International Conference on Wireless On-Demand Network Systems and Services.

[10]  Julita Vassileva,et al.  A Review on Trust and Reputation for Web Service Selection , 2007, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07).

[11]  Barbara Guidi,et al.  When Blockchain meets Online Social Networks , 2020, Pervasive Mob. Comput..

[12]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[13]  Andreas G. Veneris,et al.  Astraea: A Decentralized Blockchain Oracle , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[14]  J. Wenny Rahayu,et al.  A Policy Model and Framework for Context-Aware Access Control to Information Resources , 2017, ArXiv.

[15]  Laura Ricci,et al.  Blockchain Based Access Control , 2017, DAIS.

[16]  Laura Ricci,et al.  DiDuSoNet: A P2P architecture for distributed Dunbar-based social networks , 2016, Peer-to-Peer Netw. Appl..

[17]  Mohsin Ur Rahman,et al.  Protecting Personal Data using Smart Contracts , 2019, IDCS.

[18]  Roberto Di Pietro,et al.  A Logical Key Hierarchy Based Approach to Preserve Content Privacy in Decentralized Online Social Networks , 2020, IEEE Transactions on Dependable and Secure Computing.

[19]  Sonja Buchegger,et al.  Access control in decentralized online social networks: Applying a policy-hiding cryptographic scheme and evaluating its performance , 2014, 2014 IEEE International Conference on Pervasive Computing and Communication Workshops (PERCOM WORKSHOPS).

[20]  Barbara Carminati,et al.  Rule-Based Access Control for Social Networks , 2006, OTM Workshops.

[21]  Ben Y. Zhao,et al.  Preserving privacy in location-based mobile social applications , 2010, HotMobile '10.

[22]  Laura Ricci,et al.  A Privacy-Aware Framework for Decentralized Online Social Networks , 2015, DEXA.

[23]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[24]  Sonja Buchegger,et al.  XACML-Based Access Control for Decentralized Online Social Networks , 2014, 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing.

[25]  Krzysztof Rzadca,et al.  Decentralized Online Social Networks , 2010, Handbook of Social Network Technologies.

[26]  Blockchain Disruption and Smart Contracts , 2019 .

[27]  Emiliano De Cristofaro,et al.  Challenges in the Decentralised Web: The Mastodon Case , 2019, Internet Measurement Conference.

[28]  Tom Mens,et al.  The Ecology of Software Ecosystems , 2015, Computer.

[29]  Le Jiang,et al.  BCOSN: A Blockchain-Based Decentralized Online Social Network , 2019, IEEE Transactions on Computational Social Systems.

[30]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.