http://iet.metastore.ingenta.com
1887

Implementing a privacy-enhanced attribute-based credential system for online social networks with co-ownership management

Implementing a privacy-enhanced attribute-based credential system for online social networks with co-ownership management

For access to this article, please select a purchase option:

Buy article PDF
$19.95
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Online social network (OSN) users are exhibiting an increased privacy-protective behaviour especially since multimedia sharing has emerged as a popular activity over most OSN sites. Popular OSN applications could reveal much of the users’ personal information or let it easily derived, hence favouring different types of misbehaviour. In this article the authors deal with these privacy concerns by applying fine-grained access control and co-ownership management over the shared data. This proposal defines access policy as any linear boolean formula that is collectively determined by all users being exposed in that data collection namely the co-owners. All co-owners are empowered to take part in the process of data sharing by expressing (secretly) their privacy preferences and, as a result, jointly agreeing on the access policy. Access policies are built upon the concept of secret sharing systems. A number of predicates such as gender, affiliation or postal code can define a particular privacy setting. User attributes are then used as predicate values. In addition, by the deployment of privacy-enhanced attribute-based credential technologies, users satisfying the access policy will gain access without disclosing their real identities. The authors have implemented this system as a Facebook application demonstrating its viability, and procuring reasonable performance costs.

References

    1. 1)
      • 1. Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: ‘Analyzing facebook privacy settings: user expectations vs. reality’. Proc. 2011 ACM SIGCOMM Conf. on Internet Measurement Conf., 2011, pp. 6170.
    2. 2)
      • 2. Ibrahim, M.H.: ‘Efficient dealer-less threshold sharing of standard RSA’, Int. J. Netw. Secur., 2009, 8, (2), pp. 139150.
    3. 3)
      • 3. Persiano, G., Visconti, I.: ‘An efficient and usable multi-show non-transferable anonymous credential system’. Financial Cryptography, 2004, vol. 3110, pp. 196211.
    4. 4)
      • 4. Research, M.: U-prove anonymous credential system based on brands’ work, http://research.microsoft.com/en-us/projects/u-prove/.
    5. 5)
    6. 6)
      • 6. Squicciarini, A., Xu, H., Zhang, X.: ‘Cope: enabling collaborative privacy management in online social networks’, J. Am. Soc. Inf. Sci. Technol., 2011, 62, (3), pp. 521534.
    7. 7)
      • 7. Hu, H., Ahn, G.: ‘Multiparty authorization framework for data sharing in online social networks’. Proc. 25th Annual IFIP WG 11.3 Conf. on Data and Applications Security and Privacy, DBSec'11, 2011, pp. 2943.
    8. 8)
    9. 9)
      • 9. Carminati, B., Ferrari, E.: ‘Collaborative access control in on-line social networks’. Seventh Int. Conf. on IEEECollaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2011, pp. 231240.
    10. 10)
      • 10. Thomas, K., Grier, C., Nicol, D.: ‘Unfriendly: multi-party privacy risks in social networks’. Proc. 10th Int. Conf. on Privacy Enhancing Technologies, PETS'10, 2010, pp. 236252.
    11. 11)
    12. 12)
    13. 13)
      • 13. Sayaf, R., Clarke, D.: ‘Access control models for online social networks’, Soc. Netw. Eng. Secur. Web Data Serv., 2012, IGI Global, pp. 3265.
    14. 14)
      • 14. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: ‘Persona: an online social network with user-defined privacy’. in: ACM SIGCOMM Computer Communication Review, Vol. 39, ACM, 2009, pp. 135146.
    15. 15)
      • 15. Braghin, S., Iovino, V., Persiano, G., Trombetta, A.: ‘Secure and policy-private resource sharing in an online social network’. Proc. IEEE Int. Conf. on Social Computing, SocialCom/PASSAT, IEEE, 2011, pp. 872875.
    16. 16)
      • 16. Campan, A., Truta, T.M.: ‘Data and structural k-anonymity in social networks’, in Bonchi, F., Ferrari, E., Jiang, W., Malin, B. (Eds.): ‘Privacy, security, and trust in KDD’ (Springer-Verlag, 2009), pp. 3354.
    17. 17)
      • 17. Bertier, M., Frey, D., Guerraoui, R., Kermarrec, A., Leroy, V.: ‘The gossple anonymous social network’. Proc. ACM/IFIP/USENIX 11th Int. Conf. on Middleware, 2010, pp. 191211.
    18. 18)
      • 18. M., P., W., M., B., N.: ‘Pisces: Anonymous communication using social networks’, CoRR.
    19. 19)
      • 19. Shang, N., Nabeel, M., Paci, F., Bertino, E.: ‘A privacy-preserving approach to policy-based content dissemination’. Proc. IEEE 26th Int. Conf. on Data Engineering (ICDE), 2010, pp. 944955.
    20. 20)
      • 20. Vu, L.-H., Aberer, K., Buchegger, S., Datta, A.: ‘Enabling secure secret sharing in distributed online social networks’. Computer Security Applications Conf., 2009, pp. 419428.
    21. 21)
    22. 22)
      • 22. Jahid, S., Nilizadeh, S., Mittal, P., Borisov, N., Kapadia, A.: ‘Decent: a decentralized architecture for enforcing privacy in online social networks’. IEEEInt. Conf. on Pervasive Computing and Communications Workshops, 2012, pp. 326332.
    23. 23)
      • 23. Braghin, S., Iovino, V., Persiano, G., Trombetta, A.: ‘Secure and policy-private resource sharing in an online social network’. In the Third Int. Conf. on Social Computing, IEEE, 2011, pp. 872875.
    24. 24)
    25. 25)
      • 25. L.-H., Vu, Aberer, K., Buchegger, S., Datta, A.: ‘Enabling secure secret sharing in distributed online social networks’. Proc. Annual Computer Security Applications Conf., 2009, pp. 419428.
    26. 26)
      • 26. Brands, S.A.: ‘Rethinking public key infrastructures and digital certificates; building in pivacy’ (in: MIT Press, 2000).
    27. 27)
      • 27. Camenisch, J., Van Herreweghen, E.: ‘Design and implementation of the idemix anonymous credential system’. Proc. Ninth ACM Conf. on Computer and Communications Security, CCS ‘02, 2002, pp. 2130.
    28. 28)
    29. 29)
      • 29. Palomar, E., Alcaide, A., Molina, E., Zhang, Y.: ‘Coalitional games for the management of anonymous access in online social networks’. Proc. 11th Annual Int. Conf. on Privacy, Security and Trust, PST, IEEE, 2013, pp. 110.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2014.0466
Loading

Related content

content/journals/10.1049/iet-ifs.2014.0466
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address