skip to main content
10.1145/1592568.1592585acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article
Free Access

Persona: an online social network with user-defined privacy

Published:16 August 2009Publication History

ABSTRACT

Online social networks (OSNs) are immensely popular, with some claiming over 200 million users. Users share private content, such as personal information or photographs, using OSN applications. Users must trust the OSN service to protect personal information even as the OSN provider benefits from examining and sharing that information. We present Persona, an OSN where users dictate who may access their information. Persona hides user data with attribute-based encryption (ABE), allowing users to apply fine-grained policies over who may view their data. Persona provides an effective means of creating applications in which users, not the OSN, define policy over access to private data. We demonstrate new cryptographic mechanisms that enhance the general applicability of ABE. We show how Persona provides the functionality of existing online social networks with additional privacy benefits. We describe an implementation of Persona that replicates Facebook applications and show that Persona provides acceptable performance when browsing privacy-enhanced web pages, even on mobile devices.

References

  1. A. Acquisti and R. Gross. Imagined communities: Awareness, information sharing, and privacy on the facebook. In PET, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Advanced crypto software collection. http://acsc.csl.sri.com/cpabe/.Google ScholarGoogle Scholar
  3. S. Ahern, et al. Over-exposed?: privacy patterns and considerations in online and mobile photo sharing. In Human Factors in Computing Systems, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Apple iPhone SDK. http://developer.apple.com/iphone/.Google ScholarGoogle Scholar
  5. J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Security and Privacy, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. P. A. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the web. Journal of Computer Security, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Chase. Multi-authority attribute based encryption. In TCC, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Clark. The design philosophy of the darpa internet protocols. In SIGCOMM, 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Facebook statement of rights and responsibilities. http://www.facebook.com/press/info.php?statistics#/terms.php?ref=pf.Google ScholarGoogle Scholar
  10. Facebook statistics. http://www.facebook.com/press/info.php?statistics.Google ScholarGoogle Scholar
  11. D. F. Ferraiolo and D. R. Kuhn. Role-based access controls. In National Computer Security Conference, 1992.Google ScholarGoogle Scholar
  12. M. Gjoka, M. Sirivianos, A. Markopoulou, and X. Yang. Poking facebook: Characterization of OSN applications. In WOSN, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. R. Gross and A. Acquisti. Information revelation and privacy in online social networks (the facebook case). In WPES, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Guha, K. Tang, and P. Francis. NOYB: Privacy in online social networks. In WOSN, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. K. P. Gummadi, S. Saroiu, and S. D. Gribble. King: Estimating latency between arbitrary internet end hosts. In IMC, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. J. He, W. W. Chu, and Z. V. Liu. Inferring privacy information from social networks. In ISI, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. J. Kleinberg. Challenges in social network data: Processes, privacy and paradoxes. In KDD, 2007. Invited talk. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. A. Korolova, R. Motwani, S. U. Nabar, and Y. Xu. Link privacy in social networks. In Information and Knowledge Mining (CIKM), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. B. Krishnamurthy. A measure of online social networks. In COMSNETS, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. B. Krishnamurthy and C. E. Wills. Characterizing privacy in online social networks. In WOSN, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. I.-F. Lam, K.-T. Chen, and L.-J. Chen. Involuntary information leakage in social network services. In IWSEC, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Y. Lee. Measured TCP performance in CDMA 1x EV-DO network. In PAM, 2006.Google ScholarGoogle Scholar
  23. H. Lin, Z. Cao, X. Liang, and J. Shao. Secure threshold multi authority attribute based encryption without a central authority. In INDOCRYPT, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Linkedin. http://www.linkedin.com/.Google ScholarGoogle Scholar
  25. Loopt. http://www.loopt.com.Google ScholarGoogle Scholar
  26. M. M. Lucas and N. Borisov. flybynight: Mitigating the privacy risks of social networking. In WPES, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. B. Lynn. On the implementation of pairing-based cryptosystems. Ph.D. thesis, Stanford, 2008.Google ScholarGoogle Scholar
  28. A. Mislove, et al. Measurement and analysis of online social networks. In IMC, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. A. Mislove, et al. Growth of the flickr social network. In WOSN, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. D. Naor, M. Naor, and J. B. Lotspiech. Revocation and tracing schemes for stateless receivers. In CRYPTO, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In ACM CCS, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. A. Sahai and B. Waters. Fuzzy identity-based encryption. In Eurocrypt, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. U. Shankar, et al. Detecting format-string vulnerabilities with type qualifiers. In USENIX Security, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. A. Tootoonchian, et al. Lockr: Social access control for web 2.0. In WOSN, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. P. Traynor, K. Butler, W. Enck, and P. McDaniel. Realizing massive-scale conditional access systems through attribute-based cryptosystems. In NDSS, 2008.Google ScholarGoogle Scholar
  36. Where I've been. http://apps.facebook.com/whereivebeen/.Google ScholarGoogle Scholar
  37. C. K. Wong, M. Gouda, and S. S. Lam. Secure group communications using key graphs. SIGCOMM CCR, 28(4):68--79, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. W. Xu, X. Zhou, and L. Li. Inferring privacy information via social relations. In ICDEW, 2008.Google ScholarGoogle Scholar
  39. H. Yin, et al. Capturing system-wide information flow for malware detection and analysis. In CCS, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. T. Yu, M. Winslett, and K. E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. Transactions on Information and System Security, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Persona: an online social network with user-defined privacy

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in
            • Published in

              cover image ACM Conferences
              SIGCOMM '09: Proceedings of the ACM SIGCOMM 2009 conference on Data communication
              August 2009
              340 pages
              ISBN:9781605585949
              DOI:10.1145/1592568
              • cover image ACM SIGCOMM Computer Communication Review
                ACM SIGCOMM Computer Communication Review  Volume 39, Issue 4
                SIGCOMM '09
                October 2009
                325 pages
                ISSN:0146-4833
                DOI:10.1145/1594977
                Issue’s Table of Contents

              Copyright © 2009 ACM

              Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 16 August 2009

              Permissions

              Request permissions about this article.

              Request Permissions

              Check for updates

              Qualifiers

              • research-article

              Acceptance Rates

              Overall Acceptance Rate554of3,547submissions,16%

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader