DEFF: a new architecture for private online social networks

In recent years, online social networks (OSNs) have had explosive growth in numbers and popularity. In an OSN, users communicate with each other and share information about themselves. However, limiting the flow of private information across OSNs is very important especially because most OSNs provide insufficient privacy settings to control information leakage. In this paper, we propose a mediated architecture for OSNs that protects users' information from both the OSN provider and unauthorized OSN users. Our proposed approach delegates most of the computation tasks to a semi-trusted proxy server. We exploit a simplified broadcast encryption method in order to design a dynamic, efficient, flexible, and fine-grained (DEFF) control system. In the proposed DEFF system, users are allowed to cryptographically categorize their friends into different relations and to share data with arbitrary groups of them. The results of our analysis indicate that the DEFF system fully protects users' privacy and is very efficient in terms of communication and computation complexities. Copyright © 2012 John Wiley & Sons, Ltd.

[1]  Bok-Min Goi,et al.  Java Implementation for Pairing-Based Cryptosystems , 2010, ICCSA.

[2]  Prateek Mittal,et al.  EASiER: encryption-based access control in social networks with efficient revocation , 2011, ASIACCS '11.

[3]  Celine Latulipe,et al.  Visible Flows: Contextual Integrity and the Design of Privacy Mechanisms on Social Network Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[4]  Gene Tsudik,et al.  Enhancing Data Privacy in the Cloud , 2011, IFIPTM.

[5]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[6]  Brent Waters,et al.  Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts) , 2009, EUROCRYPT.

[7]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[8]  Nikita Borisov,et al.  FlyByNight: mitigating the privacy risks of social networking , 2008, WPES '08.

[9]  Gail-Joon Ahn,et al.  A collaborative framework for privacy protection in online social networks , 2010, 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2010).

[10]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[11]  Alec Wolman,et al.  Lockr: social access control for web 2.0 , 2008, WOSN '08.

[12]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[13]  Qi Xie,et al.  FaceCloak: An Architecture for User Privacy on Social Networking Sites , 2009, 2009 International Conference on Computational Science and Engineering.

[14]  Yuguang Fang,et al.  A Privacy-Preserving Scheme for Online Social Networks with Efficient Revocation , 2010, 2010 Proceedings IEEE INFOCOM.

[15]  Ian F. Blake,et al.  Advances in Elliptic Curve Cryptography: Preface , 2005 .

[16]  Ali Miri,et al.  Adaptively Secure Broadcast Encryption with Short Ciphertexts , 2010, Int. J. Netw. Secur..

[17]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.