Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Social Networks and Privacy
KTH, School of Computer Science and Communication (CSC), Theoretical Computer Science, TCS.
2015 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Centralized online social networks pose a threat to their users’ privacy as social network providers have unlimited access to users’ data. Decentralized social networks address this problem by getting rid of the provider and giving control to the users themselves, meaning that only the end-users themselves should be able to control access of other parties to their data. While there have been several proposals and advances in the development of privacy- preserving decentralized social networks, the goal of secure, efficient, and available social network in a decentralized setting has not been fully achieved.

This thesis contributes to the research in the field of security for social networks with focus on decentralized social networks. It studies encryption-based access control and man- agement of cryptographic keys/credentials (required for this access control) via user accounts with password-based login in decentralized social networks.

First, this thesis explores the requirements of encryption for decentralized social networks and proposes a list of criteria for evaluation that is then used to assess existing encryption- based access control systems. We find that all of them provide confidentiality guarantees (of the content itself), while privacy (of information about the content or access policies) is either not addressed at all or it is addressed at the expense of system’s performance and flexibility.

We highlight the potential of two classes of privacy preserving schemes in the decen- tralized online social network (DOSN) context: broadcast encryption schemes with hidden access structures and predicate encryption (PE) schemes, and propose to use them. Both of these classes contain schemes that exhibit desirable properties and better fulfill the criteria.

Second, the thesis analyses predicate encryption and adapts it to the DOSN context as it is too expensive to use out of the box. We propose a univariate polynomial construction for access policies in PE that drastically increases performance of the scheme but leaks some part of the access policy to users with access rights. We utilize Bloom filters as a means of decreasing decryption time and indicate objects that can be decrypted by a particular user. The thesis demonstrates that adapted scheme shows good performance and thus user experience by making a newsfeed assembly experiment.

Third, the thesis presents a solution to the problem of management of cryptographic keys for authentication and communication between users in decentralized online social networks. We propose a password-based login procedure for the peer-to-peer (P2P) setting that allows a user who passes authentication to recover a set of cryptographic keys required for the application. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as remembered logins, password change, and recovery of the forgotten password. The combination of these protocols allows emulating password logins in centralized systems. The results of performance evaluation indicate that time required for logging in operation is within acceptable bounds. 

Abstract [sv]

Centraliserade sociala online nätverk utgör ett hot mot användarnas integritet. Detta eftersom leverantörer av sociala nätverkstjänster har obegränsad tillgång till användarnas information. Decentraliserade sociala nätverk löser integritetsproblemet genom att eliminera leverantörer och ge användarna kontroll över deras data. Innebörden av detta är att användarna själva får bestämma vem som får tillgång till deras data. Även om det finns flera förslag och vissa framsteg i utvecklingen avseende integritetsbevarande decentraliserade sociala nätverk, har målet om säkra, effektiva, och tillgängliga sociala nätverk i en decentraliserad miljö inte uppnåtts fullt ut.

Denna avhandling bidrar till forskning inom säkerhet avseende sociala nätverk med fokus på decentraliserade sociala nätverk. Avhandlingen inriktas på krypteringsbaserad åtkomstkontroll och hantering av kryptografiska nycklar (som krävs för denna åtkomstkontroll) med hjälp av användarkonton med lösenordsbaserad inloggning i decentraliserade sociala nätverk.

Först undersöker denna avhandling krav på kryptering för decentraliserade sociala nätverk och föreslår utvärderingskriterier. Dessa utvärderingskriterier används sedan för bedömning av befintliga krypteringsbaserade system för åtkomstkontroll. Vår utredning visar att samtliga garanterar sekretess av själva innehållet. Integritet av information om innehållet eller åtkomstprinciper är dock inte skyddat alls, alternativt skyddade på bekostnad av systemets prestanda och flexibilitet.

Vi lyfter fram potentialen i två klasser av integritetsbevarande system i DOSN sammanhang: broadcast-krypteringssystem med dolda tillgångsstrukturer och predikat krypteringssystem; vi föreslår användning av dessa system. Båda dessa klasser innehåller system som uppvisar önskvärda egenskaper och uppfyller kriterier på ett bättre sätt.

För det andra analyserar avhandlingen predikat kryptering och anpassar denna till DOSN sammanhang, eftersom det är för dyrt att använda som det är. Vi föreslår en ”univariate polynomial construction” för åtkomstprinciper i predikat kryptering som drastiskt ökar systemets prestanda, men läcker någon del av åtkomstprincipen till användare med åtkomsträttigheter. Vi använder Bloom-filter för att minska dekrypteringstiden och indikera objekt som kan dekrypteras av en viss användare. Genom att göra ett experiment med nyhetsflödessammansättning visas att det anpassade systemet ger goda resultat och därmed användarupplevelse.

För det tredje presenterar avhandlingen en lösning på problemet avseende hanteringen av kryptografiska nycklar för autentisering och kommunikation mellan användare i decentraliserade sociala online nätverk. Vi föreslår en lösenordsbaserad inloggningsprocedur för peer-to-peer (P2P) miljön, som gör att användaren som passerar autentisering får återvinna en uppsättning kryptografiska nycklar som krävs för applikationen. Förutom lösenordsinloggning presenterar vi också stödprotokoll för att ge relaterat funktionalitet, såsom inloggning med lagrade lösenord, lösenordsbyte, och återställning av bortglömda lösenord. Kombinationen av dessa protokoll tillåter simulera lösenordsinloggning i centraliserade system. Prestandautvärderingen visar att tiden som krävs för inloggning är inom acceptabla gränser.

Place, publisher, year, edition, pages
Stockholm: KTH Royal Institute of Technology, 2015. , 28 p.
Series
TRITA-CSC-A, ISSN 1653-5723 ; 2015:07
Keyword [en]
social networks, privacy, decentralized, encryption-based access control
National Category
Computer Science
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kth:diva-166818ISBN: 978-91-7595-571-1 (print)OAI: oai:DiVA.org:kth-166818DiVA: diva2:812449
Presentation
2015-06-09, E2, Lindstedsvägen 3, KTH, Stockholm, 14:00 (English)
Opponent
Supervisors
Funder
Swedish Foundation for Strategic Research , SSF FFL09-0086Swedish Research Council, VR 2009-3793
Note

QC 20150602

Available from: 2015-06-02 Created: 2015-05-18 Last updated: 2015-06-02Bibliographically approved
List of papers
1. Encryption for Peer-to-Peer Social Networks
Open this publication in new window or tab >>Encryption for Peer-to-Peer Social Networks
2012 (English)In: Security and Privacy in Social Networks / [ed] Altshuler, Y.; Elovici, Y.; Cremers, A.B.; Aharony, N.; Pentland, A., New York: Springer, 2012, 47-65 p.Chapter in book (Refereed)
Abstract [en]

To address privacy concerns over online social networking services, several decentralized alternatives have been proposed. These peer-to-peer (P2P) online social networks do not rely on centralized storage of user data. Rather, data can be stored not only on a profile owner’s computer but almost anywhere (friends’ computers, random peers from the social network, third-party external storage, etc.). Because external storage is often untrusted or only semi-trusted, encryption plays a fundamental role in the security of P2P social networks.

Such a system needs to be efficient for use on a large scale, provide functionality for changing access rights suitable for social networks, and, most importantly, it should preserve the network’s privacy properties. That is, other than user data confidentiality, it has to protect against information leakage regarding users’ access rights and behaviors. In this paper we explore the encryption requirements for P2P social networks and propose a list of evaluation criteria that we use to compare existing approaches. We have found that none of the current P2P architectures for social networks achieve secure, efficient, 24/7 access control enforcement and data storage. They rely on trust, require constantly running servers for each user, use expensive encryption, or fail to protect the privacy of access information. In a search for solutions that better fulfill our criteria, we found that some broadcast encryption (BE) and predicate encryption (PE) schemes exhibit several desirable properties.

Place, publisher, year, edition, pages
New York: Springer, 2012
Keyword
P2P social network, Encryption-based access control
National Category
Computer Science
Identifiers
urn:nbn:se:kth:diva-108170 (URN)10.1007/978-1-4614-4139-7 (DOI)978-1-4614-4139-7 (ISBN)
Funder
Swedish Foundation for Strategic Research , SSF FFL09-0086Swedish Research Council, VR 2009-3793
Note

QC 20150602

Available from: 2013-01-09 Created: 2012-12-19 Last updated: 2015-06-02Bibliographically approved
2. Access Control in Decentralized Online Social Networks: Applying a Policy-Hiding Cryptographic Scheme and Evaluating Its Performance
Open this publication in new window or tab >>Access Control in Decentralized Online Social Networks: Applying a Policy-Hiding Cryptographic Scheme and Evaluating Its Performance
2014 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Privacy concerns in online social networking services have prompted a number of proposals for decentralized online social networks (DOSN) that remove the central provider and aim at giving the users control over their data and who can access it. This is usually done by cryptographic means. Existing DOSNs use cryptographic primitives that hide the data but reveal the access policies. At the same time, there are privacy-preserving variants of these cryptographic primitives that do not reveal access policies. They are, however, not suitable for usage in the DOSN context because of performance or storage constraints. A DOSN needs to achieve both privacy and performance to be useful. We analyze predicate encryption (PE) and adapt it to the DOSN context. We propose a univariate polynomial construction for access policies in PE that drastically increases performance of the scheme but leaks some part of the access policy to users with access rights. We utilize Bloom filters as a means of decreasing decryption time and indicate objects that can be decrypted by a particular user. We evaluate the performance of the adapted scheme in the concrete scenario of a news feed. Our PE scheme is best suited for encrypting for groups or small sets of separate identities.

Series
2014 IEEE INTERNATIONAL CONFERENCE ON PERVASIVE COMPUTING AND COMMUNICATIONS WORKSHOPS (PERCOM WORKSHOPS)
National Category
Telecommunications
Identifiers
urn:nbn:se:kth:diva-153288 (URN)10.1109/PerComW.2014.6815278 (DOI)000341402900122 ()2-s2.0-84901304283 (Scopus ID)978-1-4799-2736-4 (ISBN)
Conference
12th IEEE International Conference on Pervasive Computing and Communication (PERCOM), MAR 24-28, 2014, Budapest, HUNGARY
Note

QC 20141006

Available from: 2014-10-06 Created: 2014-10-03 Last updated: 2015-06-02Bibliographically approved
3. Passwords in Peer-to-Peer
Open this publication in new window or tab >>Passwords in Peer-to-Peer
Show others...
2012 (English)In: Peer-to-Peer Computing (P2P), 2012 IEEE 12th International Conference on, IEEE , 2012, 167-178 p.Conference paper, Published paper (Refereed)
Abstract [en]

One of the differences between typical peer-to-peer (P2P) and client-server systems is the existence of user accounts. While many P2P applications, like public file sharing, are anonymous, more complex services such as decentralized online social networks require user authentication. In these, the common approach to P2P authentication builds on the possession of cryptographic keys. A drawback with that approach is usability when users access the system from multiple devices, an increasingly common scenario. In this work, we present a scheme to support logins based on users knowing a username-password pair. We use passwords, as they are the most common authentication mechanism in services on the Internet today, ensuring strong user familiarity. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as resetting a forgotten password via e-mail or security questions. Together, these allow P2P systems to emulate centralized password logins. The results of our performance evaluation indicate that incurred delays are well within acceptable bounds.

Place, publisher, year, edition, pages
IEEE, 2012
Series
IEEE International Conference on Peer-to-Peer Computing, ISSN 2161-3567
Keyword
Authentication mechanisms, Client-server systems, Complex services, Cryptographic key, File Sharing, Multiple devices, Online social networks, P2P applications, P2P system, Peer to peer, Performance evaluation, User authentication, Users access
National Category
Computer Science Telecommunications
Identifiers
urn:nbn:se:kth:diva-107785 (URN)10.1109/P2P.2012.6335797 (DOI)000312674500024 ()2-s2.0-84870369349 (Scopus ID)978-146732862-3 (ISBN)
Conference
IEEE 12th International Conference on Peer-to-Peer Computing, P2P 2012; Tarragona;3 September 2012 through 5 September 2012
Funder
Swedish Foundation for Strategic Research , SSF FFL09-0086Swedish Research Council, VR 2009-3793ICT - The Next Generation
Note

QC 20130111

Available from: 2012-12-17 Created: 2012-12-17 Last updated: 2017-05-05Bibliographically approved

Open Access in DiVA

Thesis(293 kB)614 downloads
File information
File name FULLTEXT02.pdfFile size 293 kBChecksum SHA-512
2cc74822a44424c8d370992f626f6cafef989fb78606fd5c0d5f048e30567ea4c70c3ceebc05df56cf231c4a5c941eaf303ee1bbb797d85e5e8789a49d8954f7
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Bodriagov, Oleksandr
By organisation
Theoretical Computer Science, TCS
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 614 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 493 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf