1 of 23

Privacy and Security in Online Social Networks

2 of 23

Categories

  • Leakage of user information
  • Attacks on Online Social Networks

3 of 23

Leakage of Information

  • When user information goes out to malicious people in OSNs (Online Social Networks)
  • Types
    • Leakage to other users
    • Leakage to social applications
    • Leakage to the OSNs

4 of 23

Leakage to other users

  • Interact with other users
  • Divulge information unwittingly to strangers
    • Or human spams
    • Bots

5 of 23

Leakage to other users: Solution???

  • Fine grained privacy settings
  • These are 5 close friends. They get to see all my selfies
  • Everyone else sees a limit set of info

6 of 23

Leakage to social applications

  • Interact with third party apps on OSN
  • Games, horoscope apps etc.
  • They can access all your information!

7 of 23

Leakage to social applications: Solution?

  • Privacy by proxy, anonymize data

Where does Rahat live?

Hmm…Rahat lives in GR,

Let’s change it to a unique city ID,

3157

Rahat lives in a city of ID 3157

They will try to pair everyone with city ID 3157.

They don’t need to know Grand Rapids!

8 of 23

Leakage to social applications

  • You are uploading everything on the OSN server
  • They can see everything!
  • Access to your pictures, friend lists, messages etc.

9 of 23

Leakage to social applications: Solution

  • 60% of users trust their friends completely with their private and personal information
  • only 18% of users trust Facebook to the same degree
  • Solution is Information Hiding

10 of 23

Leakage to social applications: Solution

  • Encrypt all the user data
  • OSNs can only work on the encrypted data
  • Telegram
  • Examples:
    • flyByNight
    • FaceCloak
  • Real Data is only stored on user devices

11 of 23

Story so far

  • Leakage of information
    • To other users
    • To third party apps
    • To OSNs themselves
  • Solution
    • Fine grained privacy
    • Anonymized data
    • Encrypted data, real data stored on user devices

12 of 23

Categories

  • Leakage of user information
  • Attacks on Online Social Networks

13 of 23

Attacks on OSNs

  • Sybil attacks
  • Attacks from compromised accounts
  • Social spam and malwares

14 of 23

Sybil Attacks

  • Users assuming multiple identities
  • Manipulate voting polls
  • Popularity of some media likes count

15 of 23

Sybil Attacks detection

  • Normal users
  • Sybil users
  • Detect clusters
  • Attack edges
    • Edge between normal and sybil clusters

16 of 23

Sybil Attacks detection

  • Normal users
  • Sybil users
  • Detect clusters
  • Attack edges
    • Edge between normal and sybil clusters
  • Attack edges have high betweenness!
  • Detect clusters and detect attack edges based on betweenness

17 of 23

Attacks from compromised accounts

  • The actual user was fair
  • But the account was hacked
  • Social networks that was already established
    • Asking for money now
    • People trust the person

18 of 23

Attacks from compromised accounts

  • Behavior anomaly detection
  • a compromised account will show noticeable behavioral differences compared to the behavior of the legitimate owner of the account, and
  • an attacker will spread the same malicious content (e.g., tweet or messages) from a subset of account it has compromised

19 of 23

Attacks from compromised accounts

  • Behavior anomaly detection
  • a compromised account will show noticeable behavioral differences compared to the behavior of the legitimate owner of the account, and
  • an attacker will spread the same malicious content (e.g., tweet or messages) from a subset of account it has compromised
  • Based on similarity of malicious activity and behavior anomaly detection

20 of 23

Social Spam and Malware

  • Contents like messages, ads or profiles that we do not want to receive

21 of 23

Social Spam and Malware

  • Honeypot is a trap
  • Create a fake profile
  • Let everyone come in and send friend requests
  • Researchers monitor their activity
  • Identify spamming behaviors

22 of 23

Social Spam and Malware

  • Honeypot is a trap
  • Create a fake profile
  • Let everyone come in and send friend requests
  • Researchers monitor their activity
  • Identify spamming behaviors
  • Then create a machine learning algorithm that can detect spammers later based on what it has seen in the honeypot so far
  • Works when spammers evolve

23 of 23

Reference

  • https://cse.usf.edu/dsg/data/publications/papers/privacy_survey_imrul.pdf
  • A. Acquisti , R. Gross , Imagined communities: awareness, information sharing, and privacy on the Facebook, in: Privacy Enhancing Technologies, Springer, 2006, pp. 36–58 .