Table Of ContentSecurity and privacy in online social networks
Leucio Antonio Cutillo
To cite this version:
Leucio Antonio Cutillo. Security and privacy in online social networks. Other [cs.OH]. Télécom
ParisTech, 2012. English. NNT: 2012ENST0020. pastel-00932360
HAL Id: pastel-00932360
https://pastel.archives-ouvertes.fr/pastel-00932360
Submitted on 16 Jan 2014
HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est
archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents
entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non,
lished or not. The documents may come from émanant des établissements d’enseignement et de
teaching and research institutions in France or recherche français ou étrangers, des laboratoires
abroad, or from public or private research centers. publics ou privés.
2012-ENST-020
EDITE-ED130
Doctorat ParisTech
T H È SE
pour obtenir le grade de docteur délivré par
TELECOM ParisTech
Spécialité « Informatique et Réseaux »
présentée et soutenue publiquement par
Leucio Antonio CUTILLO
le 5 Avril 2012
Protection des Données Privées
dans les Réseaux Sociaux
Directeur de thèse : Professeur Refik MOLVA
Jury
M. Claude CASTELLUCCIA, DirecteurdeRecherche,INRIA,SaintIsmier Rapporteur
M. Jon CROWCROFT, Professeur,UniversityofCambridge,Cambridge Rapporteur
M. Antonio LIOY, Professeur,PolitecnicodiTorino,Torino Examinateur
M. David HALES, Docteur,TheOpenUniversity,MiltonKeynes Examinateur
TELECOM ParisTech
écoledel’InstitutTélécom-membredeParisTech
3
Uno solo Ł il mio desiderio, quello di vedervi felici nel tempo e nell’eternit(cid:224).
sac. Giovanni Bosco
4
Abstract
Social network applications allow people to establish links and exchange information based
on various interests such as professional activities, hobbies, et similia. Several commercial
social networking platforms that came to light recently suddenly became extremely popu-
lar at the international arena. Apart from obvious advantages in terms of fast community
building, rapid exchange of information at the professional and private level, social network
platforms raise several issues concerning the privacy and security of their users. The goal
of this thesis is to identify privacy and security problems raised by the social networks and
to come up with the design of radically new architectures for the social network platform.
As current social network platforms are based on centralized architectures that inherently
threatuserprivacydue topotential monitoringand interception ofprivateuser information,
the goal is to design social network platforms based on a distributed architecture in order
to assure user privacy. New mechanisms are investigated in order to solve some classical
security and trust management problems akin to distributed systems by taking advantage
of the information stored in the social network platforms. Such problems range from trust
establishment in self-organizing systems to key management without infrastructure to co-
operation enforcement in peer-to-peer systems.
Thisthesissuggestsanewapproachtotacklethesesecurityandprivacyproblemswitha
special emphasis on the privacy of users with respect to the application provider in addition
todefenseagainstintrudersormalicioususers. Inordertoensureusers’privacyinthefaceof
potential privacy violations by the provider, the suggested approach adopts a decentralized
architecture relying on cooperation among a number of independent parties that are also
the users of the online social network application. The second strong point of the suggested
approachistocapitalizeonthetrustrelationshipsthatarepartofsocialnetworksinreallife
in order to cope with the problem of building trusted and privacy-preserving mechanisms
as part of the online application. The combination of these design principles is Safebook,
i
ii Abstract
a decentralized and privacy-preserving online social network application. Based on the
two design principles, decentralization and exploiting real-life trust, various mechanisms for
privacy and security are integrated into Safebook in order to provide data storage and data
management functions that preserve users’privacy, data integrity, and availability.
Apart from the design of Safebook, a signi(cid:28)cant part of the thesis is devoted to its
analysisandevaluationusingvariousmethodssuchasexperimentingwithrealsocialnetwork
platforms.
Finally, thisthesispresents animplementation of Safebook thatis written in python and
can be executed on multiple operating systems such as Windows, Linux and MacOs. The
Safebook implementation is a multithread event-driven application composed by di(cid:27)erent
managersinchargeofbuildingandkeepingthesocialnetworkandP2Poverlays, performing
cryptography operations and providing the main social network facilities such as friendship
lookup, wall posting and picture sharing through a user interface implemented under the
form of a webpage.
Acknowledgments
This dissertation is the result of three years and a half of research supported by ideas,
experiments, prototypes a lot of students, colleagues and friends contributed to.
My intellectual debt to prof. Re(cid:28)k Molva, prof. Thorsten Strufe, Dr. Melek Onen and
Dr. Matteo dell’Amico is enormous. With their patient help, I’ve started taking my (cid:28)rst
steps into the amazing world of research.
Many thanks to prof. Pietro Michiardi, Dr. Oliver Blass, Carmelo Velardo, Alessandro
Duminuco, Marco Paleari, Antonio Barbuzzi, Giuseppe Reina and Mario Pastorelli for their
strong in(cid:29)uence on my thinking during lots of problem identi(cid:28)cation and solving steps.
A special acknowledgement goes to seventeen among the best students I have ever met:
DennisRoch,YaoLiu,JensTrinh,EtiennePeron,JeanBaptisteBarrau,LucaBoasso,Paolo
Viotti, Mustafa Zengin, Marco Garieri, Wenting Li, Girolamo Piccinni, Andrea Milazzo,
Esko Mattila, Waqas Liaqat Ali, Rajat Rajendra Hubli, Yu Liu, and Yuling Shi. Their help
intranslatingthetheoryofthisworktothepracticeofarealsoftwareprototypewascrucial.
Finally, my last and biggest acknowledgment goes to my father Angelo and my girlfriend
Veronica, they always supported me in every di(cid:30)cult moment.
This thesis is dedicated to them.
iii
iv Acknowledgments
Contents
Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
List of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxii
1 Introduction 1
1.1 Research objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Main contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Thesis organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
I Security and Privacy Issues in OSN 9
2 Online Social Networks 11
2.1 Social Network Providers and Their Customers . . . . . . . . . . . . . . . . . 13
2.2 Functional Overview of Online Social Networks . . . . . . . . . . . . . . . . . 14
2.2.1 Networking functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.2 Data functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.3 Access control functions. . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2.3 Data contained in Online Social Networks . . . . . . . . . . . . . . . . . . . . 17
2.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
v
Description:security and trust management problems akin to distributed systems by taking advantage a decentralized and privacy-preserving online social network application. We observe three metrics, namely clustering coefficient,.
