ABSTRACT
Online social networks (OSNs) are immensely popular, with some claiming over 200 million users. Users share private content, such as personal information or photographs, using OSN applications. Users must trust the OSN service to protect personal information even as the OSN provider benefits from examining and sharing that information. We present Persona, an OSN where users dictate who may access their information. Persona hides user data with attribute-based encryption (ABE), allowing users to apply fine-grained policies over who may view their data. Persona provides an effective means of creating applications in which users, not the OSN, define policy over access to private data. We demonstrate new cryptographic mechanisms that enhance the general applicability of ABE. We show how Persona provides the functionality of existing online social networks with additional privacy benefits. We describe an implementation of Persona that replicates Facebook applications and show that Persona provides acceptable performance when browsing privacy-enhanced web pages, even on mobile devices.
- A. Acquisti and R. Gross. Imagined communities: Awareness, information sharing, and privacy on the facebook. In PET, 2006. Google ScholarDigital Library
- Advanced crypto software collection. http://acsc.csl.sri.com/cpabe/.Google Scholar
- S. Ahern, et al. Over-exposed?: privacy patterns and considerations in online and mobile photo sharing. In Human Factors in Computing Systems, 2007. Google ScholarDigital Library
- Apple iPhone SDK. http://developer.apple.com/iphone/.Google Scholar
- J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Security and Privacy, 2007. Google ScholarDigital Library
- P. A. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the web. Journal of Computer Security, 2002. Google ScholarDigital Library
- M. Chase. Multi-authority attribute based encryption. In TCC, 2007. Google ScholarDigital Library
- D. Clark. The design philosophy of the darpa internet protocols. In SIGCOMM, 1988. Google ScholarDigital Library
- Facebook statement of rights and responsibilities. http://www.facebook.com/press/info.php?statistics#/terms.php?ref=pf.Google Scholar
- Facebook statistics. http://www.facebook.com/press/info.php?statistics.Google Scholar
- D. F. Ferraiolo and D. R. Kuhn. Role-based access controls. In National Computer Security Conference, 1992.Google Scholar
- M. Gjoka, M. Sirivianos, A. Markopoulou, and X. Yang. Poking facebook: Characterization of OSN applications. In WOSN, 2008. Google ScholarDigital Library
- R. Gross and A. Acquisti. Information revelation and privacy in online social networks (the facebook case). In WPES, 2005. Google ScholarDigital Library
- S. Guha, K. Tang, and P. Francis. NOYB: Privacy in online social networks. In WOSN, 2008. Google ScholarDigital Library
- K. P. Gummadi, S. Saroiu, and S. D. Gribble. King: Estimating latency between arbitrary internet end hosts. In IMC, 2002. Google ScholarDigital Library
- J. He, W. W. Chu, and Z. V. Liu. Inferring privacy information from social networks. In ISI, 2006. Google ScholarDigital Library
- J. Kleinberg. Challenges in social network data: Processes, privacy and paradoxes. In KDD, 2007. Invited talk. Google ScholarDigital Library
- A. Korolova, R. Motwani, S. U. Nabar, and Y. Xu. Link privacy in social networks. In Information and Knowledge Mining (CIKM), 2008. Google ScholarDigital Library
- B. Krishnamurthy. A measure of online social networks. In COMSNETS, 2009. Google ScholarDigital Library
- B. Krishnamurthy and C. E. Wills. Characterizing privacy in online social networks. In WOSN, 2008. Google ScholarDigital Library
- I.-F. Lam, K.-T. Chen, and L.-J. Chen. Involuntary information leakage in social network services. In IWSEC, 2008. Google ScholarDigital Library
- Y. Lee. Measured TCP performance in CDMA 1x EV-DO network. In PAM, 2006.Google Scholar
- H. Lin, Z. Cao, X. Liang, and J. Shao. Secure threshold multi authority attribute based encryption without a central authority. In INDOCRYPT, 2008. Google ScholarDigital Library
- Linkedin. http://www.linkedin.com/.Google Scholar
- Loopt. http://www.loopt.com.Google Scholar
- M. M. Lucas and N. Borisov. flybynight: Mitigating the privacy risks of social networking. In WPES, 2008. Google ScholarDigital Library
- B. Lynn. On the implementation of pairing-based cryptosystems. Ph.D. thesis, Stanford, 2008.Google Scholar
- A. Mislove, et al. Measurement and analysis of online social networks. In IMC, 2007. Google ScholarDigital Library
- A. Mislove, et al. Growth of the flickr social network. In WOSN, 2008. Google ScholarDigital Library
- D. Naor, M. Naor, and J. B. Lotspiech. Revocation and tracing schemes for stateless receivers. In CRYPTO, 2001. Google ScholarDigital Library
- M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In ACM CCS, 2006. Google ScholarDigital Library
- A. Sahai and B. Waters. Fuzzy identity-based encryption. In Eurocrypt, 2005. Google ScholarDigital Library
- U. Shankar, et al. Detecting format-string vulnerabilities with type qualifiers. In USENIX Security, 2001. Google ScholarDigital Library
- A. Tootoonchian, et al. Lockr: Social access control for web 2.0. In WOSN, 2008. Google ScholarDigital Library
- P. Traynor, K. Butler, W. Enck, and P. McDaniel. Realizing massive-scale conditional access systems through attribute-based cryptosystems. In NDSS, 2008.Google Scholar
- Where I've been. http://apps.facebook.com/whereivebeen/.Google Scholar
- C. K. Wong, M. Gouda, and S. S. Lam. Secure group communications using key graphs. SIGCOMM CCR, 28(4):68--79, 1998. Google ScholarDigital Library
- W. Xu, X. Zhou, and L. Li. Inferring privacy information via social relations. In ICDEW, 2008.Google Scholar
- H. Yin, et al. Capturing system-wide information flow for malware detection and analysis. In CCS, 2007. Google ScholarDigital Library
- T. Yu, M. Winslett, and K. E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. Transactions on Information and System Security, 2003. Google ScholarDigital Library
Index Terms
Persona: an online social network with user-defined privacy
Recommendations
Persona: an online social network with user-defined privacy
SIGCOMM '09Online social networks (OSNs) are immensely popular, with some claiming over 200 million users. Users share private content, such as personal information or photographs, using OSN applications. Users must trust the OSN service to protect personal ...
Privacy antecedents for SNS self-disclosure
Social networking sites privacy issues and self-disclosure are examined.A research model of privacy issues and self-disclosure is built.Structural equations modeling is used to assess the model fit.Path analysis is done to analyze hypothesis whereas 11 ...
Building social capital with Facebook: Type of network, availability of other media, and social self-efficacy matter#
Highlights- Type of friends affects building social capital via Facebook and traditional media.
AbstractFindings about Facebook's effect on relationships are mixed, possibly due to lack of models that acknowledge differences across users, types of their friends, and use of competing media. To address this, we proposed and tested how ...
Comments