Distributed Social Platforms for Confidentiality and Resilience

Social networking sites have deeply changed the perception of the web in the last years. Although the current approach to build social networking systems is to create huge centralized systems owned by a single company, such strategy has many drawbacks, e.g., lack of privacy, lack of anonymity, risks of censorship and operating costs. These issues contrast with some of the main requirements of information systems, including: (i) confidentiality, i.e., the interactions between a user and the system must remain private unless explicitly public; (ii) integrity; (iii) accountability; (iv) availability; (v) identity and anonymity. Moreover, social networking platforms are vulnerable to many kind of attacks: (i) masquerading, which occurs when a user disguises his identity and pretends to be another user; (ii) unauthorized access; (iii) denial of service; (iv) repudiation, which occurs when a user participates in an activity and later claims he did not; (v) eavesdropping; (vi) alteration of data; (vii) copy and replay attacks; and, in general, (viii) attacks making use of social engineering techniques. In order to overcome both the intrinsic defects of centralized systems and the general vulnerabilities of social networking platforms, many different approaches have been proposed, both as federated (i.e., consisting of multiple entities cooperating to provide the service, but usually distinct from users) or peer-to-peer systems (with users directly cooperating to provide the service); in this work we reviewed the most interesting ones. Eventually, we present our own approach to create a solid distributed social networking platform consisting in a novel peer-to-peer system that leverages existing, widespread and stable technologies such as distributed hash tables and BitTorrent. The topics we are mainly concerned with are: (i) anonymity and resilience to censorship; (ii) authenticatable contents; (iii) semantic interoperability using activity streams and weak semantic data formats for contacts and profiles; and (iv) data availability.

[1]  Edgar R. Weippl,et al.  Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam , 2011, IEEE Internet Computing.

[2]  Jonathan Grudin,et al.  When social networks cross boundaries: a case study of workplace use of facebook and linkedin , 2009, GROUP.

[3]  Dorine Andrews,et al.  Audience-specific online community design , 2002, CACM.

[4]  Chris Lesniewski-Laas,et al.  A Sybil-proof one-hop DHT , 2008, SocialNets '08.

[5]  Refik Molva,et al.  Safebook: A privacy-preserving online social network leveraging on real-life trust , 2009, IEEE Communications Magazine.

[6]  Yuguang Fang,et al.  Privacy and security for online social networks: challenges and opportunities , 2010, IEEE Network.

[7]  Calton Pu,et al.  Modeling Unintended Personal-Information Leakage from Multiple Online Social Networks , 2011, IEEE Internet Computing.

[8]  Sonja Buchegger,et al.  Implementing a P2P Social Network - Early Experiences and Insights from PeerSoN , 2009 .

[9]  Brian W. Fitzpatrick,et al.  The Case Against Data Lock-in , 2010, ACM Queue.

[10]  Burkhard Englert,et al.  Megaphone: Fault Tolerant, Scalable, and Trustworthy P2P Microblogging , 2010, 2010 Fifth International Conference on Internet and Web Applications and Services.

[11]  Ian Clarke,et al.  Protecting Free Expression Online with Freenet , 2002, IEEE Internet Comput..

[12]  Vasek Chvátal,et al.  A Greedy Heuristic for the Set-Covering Problem , 1979, Math. Oper. Res..

[13]  Alice Cheng,et al.  Sybilproof reputation mechanisms , 2005, P2PECON '05.

[14]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[17]  Samer Faraj,et al.  Why Should I Share? Examining Social Capital and Knowledge Contribution in Electronic Networks of Practice , 2005, MIS Q..

[18]  Na Li,et al.  Preserving Relation Privacy in Online Social Network Data , 2011, IEEE Internet Computing.

[19]  Thomas E. Anderson,et al.  Profiling a million user dht , 2007, IMC '07.

[20]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[21]  Agostino Poggi,et al.  Multi-Agent Systems and Social Networks , 2012 .

[22]  Mehdi Mani,et al.  SCOPE: A prototype for spontaneous P2P social networking , 2010, 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[23]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[24]  Jure Leskovec,et al.  Statistical properties of community structure in large social and information networks , 2008, WWW.

[25]  Olivier Festor,et al.  Efficient DHT attack mitigation through peers' ID distribution , 2010, 2010 IEEE International Symposium on Parallel & Distributed Processing, Workshops and Phd Forum (IPDPSW).

[26]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[27]  Andrew S. Tanenbaum,et al.  Distributed systems: Principles and Paradigms , 2001 .

[28]  Ninghui Li,et al.  Local names in SPKI/SDSI , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[29]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[30]  Joan Feigenbaum,et al.  Delegation logic: A logic-based approach to distributed authorization , 2003, TSEC.

[31]  Jin Zhao,et al.  Cuckoo: towards decentralized, socio-aware online microblogging services and data measurements , 2010, HotPlanet '10.

[32]  Rukshan Athauda,et al.  A distributed community approach for protecting resources in Digital Ecosystem , 2011, 2011 International Conference on Advanced Computer Science and Information Systems.

[33]  B. Cohen,et al.  Incentives Build Robustness in Bit-Torrent , 2003 .

[34]  D. Stroud Social networking: An age-neutral commodity — Social networking becomes a mature web application , 2008 .

[35]  Peter Druschel,et al.  FeedTree: Sharing Web Micronews with Peer-to-Peer Event Notification , 2005, IPTPS.

[36]  Agostino Poggi,et al.  Enhancing Social Networks with Agent and Semantic Web Technologies , 2012, Collaboration and the Semantic Web.

[37]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[38]  Leyla Bilge,et al.  All your contacts are belong to us: automated identity theft attacks on social networks , 2009, WWW '09.

[39]  Philippe Oechslin,et al.  Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[40]  Alessandro Acquisti,et al.  Predicting Social Security numbers from public data , 2009, Proceedings of the National Academy of Sciences.

[41]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[42]  Krzysztof Rzadca,et al.  Replica Placement in P2P Storage: Complexity and Game Theoretic Analyses , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[43]  Yang Chen,et al.  Twittering by cuckoo: decentralized and socio-aware online microblogging services , 2010, SIGCOMM 2010.

[44]  Steven B. Andrews,et al.  Structural Holes: The Social Structure of Competition , 1995, The SAGE Encyclopedia of Research Design.

[45]  Paul England,et al.  The Darknet and the Future of Content Distribution , 2003 .

[46]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[47]  Fang Wang,et al.  Structure of peer-to-peer social networks. , 2006, Physical review. E, Statistical, nonlinear, and soft matter physics.

[48]  Joan Feigenbaum,et al.  A practically implementable and tractable delegation logic , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[49]  Danah Boyd,et al.  Social Network Sites: Definition, History, and Scholarship , 2007, J. Comput. Mediat. Commun..

[50]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[51]  Ninghui Li,et al.  Towards practical automated trust negotiation , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[52]  Taoufik En-Najjary,et al.  A global view of kad , 2007, IMC '07.

[53]  Ariel Rabkin,et al.  Personal knowledge questions for fallback authentication: security questions in the era of Facebook , 2008, SOUPS '08.

[54]  Michael Kaminsky,et al.  SybilGuard: defending against sybil attacks via social networks , 2006, SIGCOMM.

[55]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[56]  Miguel Castro,et al.  Scribe: a large-scale and decentralized application-level multicast infrastructure , 2002, IEEE J. Sel. Areas Commun..

[57]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[58]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[59]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[60]  Agostino Poggi,et al.  Agent-based Social Networks for Enterprise Collaboration , 2011, WETICE.

[61]  Ralf Steinmetz,et al.  LifeSocial.KOM: A P2P-Based Platform for Secure Online Social Networks , 2010, 2010 IEEE Tenth International Conference on Peer-to-Peer Computing (P2P).

[62]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[63]  Frank Stajano,et al.  Eight friends are enough: social graph approximation via public listings , 2009, SNS '09.

[64]  Krishna P. Gummadi,et al.  An analysis of social network-based Sybil defenses , 2010, SIGCOMM 2010.

[65]  Sonja Buchegger,et al.  A case for P2P infrastructure for social networks - opportunities & challenges , 2009, 2009 Sixth International Conference on Wireless On-Demand Network Systems and Services.

[66]  Michele Tomaiuolo,et al.  Software Agents for Distributed Social Networking , 2012, WOA.

[67]  Vinod Vaikuntanathan,et al.  Fuzzy Identity Based Encryption from Lattices , 2011, IACR Cryptol. ePrint Arch..

[68]  Guillaume Pierre,et al.  A survey of DHT security techniques , 2011, CSUR.