skip to main content
10.1145/2309996.2310022acmconferencesArticle/Chapter ViewAbstractPublication PageshtConference Proceedingsconference-collections
research-article

TrustSplit: usable confidentiality for social network messaging

Published: 25 June 2012 Publication History

Abstract

It is well known that online social networking sites (OSNs) such as Facebook pose risks to their users' privacy. OSNs store vast amounts of users' private data and activities and therefore subject the user to the risk of undesired disclosure. The regular non tech-savvy Facebook user either has little awareness of his privacy needs or is not willing or capable to invest much extra effort into securing his online activities.
In this paper, we present a non-disruptive and easy to-use service that helps to protect users' most private information, namely their private messages and chats against the OSN provider itself and external adversaries. Our novel Confidentiality as a Service paradigm was designed with usability and non-obtrusiveness in mind and requires little to no additional knowledge on the part of the users. The simplicity of the service is achieved through a novel trust splitting approach integrated into the Confidentiality as a Service paradigm. To show the feasibility of our approach we present a fully-working prototype for Facebook and an initial usability study. All of the participating subjects completed the study successfully without any problems or errors and only required three minutes on average for the entire installation and setup procedure.

References

[1]
A. Acquisti and R. Gross. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In Proceedings of the 11th International Conference on Privacy Enhancing Technologies, pages 36--58. Springer, 2006.
[2]
J. Anderson, C. Diaz, J. Bonneau, and F. Stajano. Privacy-enabling Social Networking over Untrusted Networks. In Proceedings of the 2nd ACM Workshop on Online Social Networks, pages 1--6, 2009.
[3]
R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: An Online Social Network With User-defined Privacy. In Proceedings of the ACM SIGCOMM 2009 Conference on Data Communication, pages 135--146, 2009.
[4]
F. Beato, M. Kohlweiss, and K. Wouters. Scramble! Your Social Network Data. In Proceedings of the 11th International Conference on Privacy Enhancing Technologies, pages 211--225. Springer, 2011.
[5]
D. Boyd. Facebook's Privacy Trainwreck: Exposure, Invasion, and Social Convergence. Convergence: The International Journal of Research into New Media Technologies, 14(1):13--20, 2008.
[6]
D. Boyd. Taken Out of Context: American Teen Sociality in Networked Publics. PhD thesis, University of California-Berkeley, School of Information, 2008.
[7]
S. Buchegger, D. Schiöberg, L.-H. Vu, and A. Datta. PeerSoN: P2P Social Networking: Early Experiences and Insights. In Proceedings of the Second ACM EuroSys Workshop on Social Network Systems, pages 46--52, 2009.
[8]
B. Burke. RESTful Java with Jax-RS. O'Reilly Media, Inc., 1st edition, 2009.
[9]
L. Cutillo, R. Molva, and T. Strufe. Safebook: A Privacy-preserving Online Social Network Leveraging on Real-life Trust. Communications Magazine, IEEE, 47(12):94--101, dec. 2009.
[10]
S. Egelman, J. Tsai, L. F. Cranor, and A. Acquisti. Timing is Everything?: The Effects of Timing and Placement of Online Privacy Indicators. In Proceedings of the 27th ACM CHI'09, pages 319--328. ACM, 2009.
[11]
A. Ermak. encipher.it. http://encipher.it, 2011.
[12]
L. Fang and K. LeFevre. Privacy Wizards for Social Networking Sites. In Proceedings of WWW'10, pages 351--360, 2010.
[13]
S. Garfinkel. Email-based Identification and Authentication: An Alternative to PKI? IEEE Security and Privacy, 1(6):20--26, Nov. 2003.
[14]
R. Gross and A. Acquisti. Information Revelation and Privacy in Online Social Networks. In Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, pages 71--80, 2005.
[15]
S. Guha, K. Tang, and P. Francis. NOYB: Privacy in Online Social Networks. In Proceedings of the First Workshop on Online Social Networks, pages 49--54. ACM, 2008.
[16]
P. Gundecha, G. Barbier, and H. Liu. Exploiting Vulnerability to Secure User Privacy on a Social Networking Site. In Proceedings of the 17th ACM SIGKDD Conference, pages 511--519, 2011.
[17]
Hush Communications Canada Inc. Hushmail - A Secure Web-based Free Email Service. http://www.hushmail.com/, last access: 14.10.11, 1999.
[18]
M. M. Lucas and N. Borisov. FlyByNight: Mitigating the Privacy Risks of Social Networking. In Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, pages 1--8, 2008.
[19]
A. J. Menezes, S. A. Vanstone, and P. C. V. Oorschot. Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton, FL, USA, 1st edition, 1996.
[20]
National Institute of Standards and Technology (NIST). Advanced Encryption Standard (AES) (FIPS PUB 197), October 2001.
[21]
Reputation.com Inc. uProtect.it. http://uprotect.it, 2011.
[22]
P. Rogaway and D. Wagner. Comments to NIST concerning AES Modes of Operations: CTR-Mode Encryption. National Institute of Standards and Technologies, 2000.
[23]
C. Shannon. Communication Theory of Secrecy Systems. Bell System Technical Journal, 28:656--715, October 1949.
[24]
R. Singel. Encrypted E-Mail Company Hushmail Spills to Feds. http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/, last access: 14.10.11, Nov 2007.
[25]
A. C. Squicciarini, M. Shehab, and F. Paci. Collective Privacy Management in Social Networks. In Proceedings of WWW'09, pages 521--530, 2009.
[26]
The Diaspora Project. http://diasporafoundation.org/ - last access: 27.10.11, 2011.
[27]
Z. Tufekci. Can You See Me Now? Audience and Disclosure Regulation in Online Social Network Sites. Bulletin of Science, Technology & Society, 28(1):20--36, 2008.
[28]
T. Whalen and K. M. Inkpen. Gathering Evidence: Use of Visual Security Cues in Web Browsers. In Proceedings of Graphics Interface 2005, pages 137--144. Canadian Human-Computer Communications Society, 2005.
[29]
M. Wu, R. C. Miller, and S. L. Garfinkel. Do Security Toolbars Actually Prevent Phishing Attacks? In Proceedings of the 24th ACM CHI '06, pages 601--610. ACM, 2006.

Cited By

View all
  • (2015)Peace vs. PrivacyProceedings of the 2015 New Security Paradigms Workshop10.1145/2841113.2841123(124-136)Online publication date: 8-Sep-2015
  • (2015)A Secure Architecture for Data Storage in the Cloud Environments2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing10.1109/IMIS.2015.45(289-291)Online publication date: Jul-2015
  • (2014)Mimesis aegisProceedings of the 23rd USENIX conference on Security Symposium10.5555/2671225.2671228(33-48)Online publication date: 20-Aug-2014
  • Show More Cited By

Index Terms

  1. TrustSplit: usable confidentiality for social network messaging

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      HT '12: Proceedings of the 23rd ACM conference on Hypertext and social media
      June 2012
      340 pages
      ISBN:9781450313353
      DOI:10.1145/2309996
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 25 June 2012

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. confidentiality
      2. privacy
      3. social networks
      4. symmetric encryption
      5. usability

      Qualifiers

      • Research-article

      Conference

      HT '12
      Sponsor:
      HT '12: 23rd ACM Conference on Hypertext and Social Media
      June 25 - 28, 2012
      Wisconsin, Milwaukee, USA

      Acceptance Rates

      HT '12 Paper Acceptance Rate 33 of 120 submissions, 28%;
      Overall Acceptance Rate 378 of 1,158 submissions, 33%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)16
      • Downloads (Last 6 weeks)1
      Reflects downloads up to 19 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2015)Peace vs. PrivacyProceedings of the 2015 New Security Paradigms Workshop10.1145/2841113.2841123(124-136)Online publication date: 8-Sep-2015
      • (2015)A Secure Architecture for Data Storage in the Cloud Environments2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing10.1109/IMIS.2015.45(289-291)Online publication date: Jul-2015
      • (2014)Mimesis aegisProceedings of the 23rd USENIX conference on Security Symposium10.5555/2671225.2671228(33-48)Online publication date: 20-Aug-2014
      • (2014)An additional protection layer for confidential OSNs posts2014 IEEE International Conference on Communications (ICC)10.1109/ICC.2014.6883904(3746-3752)Online publication date: Jun-2014
      • (2012)Helping Johnny 2.0 to encrypt his Facebook conversationsProceedings of the Eighth Symposium on Usable Privacy and Security10.1145/2335356.2335371(1-17)Online publication date: 11-Jul-2012

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media