Safebook : A distributed privacy preserving online social network

Cutillo, Leucio Antonio; Molva, Refik; Önen, Melek

Online Social Network (OSN) applications and services such as picture sharing, wall posting, and the like, nowadays have a strong impact on the way users interact with each other. Catering for a broad range of users of all ages, and a vast difference in social, educational, and national background, these applications and services allow even users with limited technical skills to share a wide range of personal information with a theoretically unlimited number of partners. This advantage comes at the cost of increased security and privacy exposures for users for two main reasons: first of all, users tend to disclose private personal information with little guard, and secondly, existing OSN applications severely suffer from vulnerabilities in their privacy protection or the lack thereof. The exploitation of these vulnerabilities [1] can lead a malicious user to launch many different types of attacks such as Id theft, profile cloning or secondary data collection [2]. Furthermore, even assuming a perfect protection from such malicious users, legitimate users are still exposed to a major orthogonal privacy threat, since in all existing OSN applications, the service provider has access to all the data including some private information stored and managed by the application itself and can misuse such information easily. Since the access to users' private data is the underpinning of a promising business model, current OSN services are not likely to address this problem in the near future. Researchers recently proposed to design the OSN application based on a peer-to-peer architecture in order to avoid centralized control over users' data. While in one hand a peer-to-peer model seems to be a good candidate to build a privacy preserving solution that avoids centralized control, on the other hand it lacks any a priori trust relationships among parties.

Digital Security
Eurecom Ref:
© 2011 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.