Online social network (OSN) users are exhibiting an increased privacy-protective behaviour especially since multimedia sharing has emerged as a popular activity over most OSN sites. Popular OSN applications could reveal much of the users’ personal information or let it easily derived, hence favouring different types of misbehaviour. In this article the authors deal with these privacy concerns by applying fine-grained access control and co-ownership management over the shared data. This proposal defines access policy as any linear boolean formula that is collectively determined by all users being exposed in that data collection namely the co-owners. All co-owners are empowered to take part in the process of data sharing by expressing (secretly) their privacy preferences and, as a result, jointly agreeing on the access policy. Access policies are built upon the concept of secret sharing systems. A number of predicates such as gender, affiliation or postal code can define a particular privacy setting. User attributes are then used as predicate values. In addition, by the deployment of privacy-enhanced attribute-based credential technologies, users satisfying the access policy will gain access without disclosing their real identities. The authors have implemented this system as a Facebook application demonstrating its viability, and procuring reasonable performance costs.

References

1. 1)
  - 22. Jahid, S., Nilizadeh, S., Mittal, P., Borisov, N., Kapadia, A.: ‘Decent: a decentralized architecture for enforcing privacy in online social networks’. IEEE Int. Conf. on Pervasive Computing and Communications Workshops, 2012, pp. 326–332.
2. 2)
  - 5. Petronio, S.: ‘Communication privacy management theory: what do we know about family privacy regulation?’, J. Family Theory Rev., 2, (3), pp. 175–196 (doi: 10.1111/j.1756-2589.2010.00052.x).
3. 3)
  - 18. M., P., W., M., B., N.: ‘Pisces: Anonymous communication using social networks’, CoRR.
4. 4)
  - 15. Braghin, S., Iovino, V., Persiano, G., Trombetta, A.: ‘Secure and policy-private resource sharing in an online social network’. Proc. IEEE Int. Conf. on Social Computing, SocialCom/PASSAT, IEEE, 2011, pp. 872–875.
5. 5)
  - 1. Liu, Y., Gummadi, K.P., Krishnamurthy, B., Mislove, A.: ‘Analyzing facebook privacy settings: user expectations vs. reality’. Proc. 2011 ACM SIGCOMM Conf. on Internet Measurement Conf., 2011, pp. 61–70.
6. 6)
  - 25. L.-H., Vu, Aberer, K., Buchegger, S., Datta, A.: ‘Enabling secure secret sharing in distributed online social networks’. Proc. Annual Computer Security Applications Conf., 2009, pp. 419–428.
7. 7)
  - 20. Vu, L.-H., Aberer, K., Buchegger, S., Datta, A.: ‘Enabling secure secret sharing in distributed online social networks’. Computer Security Applications Conf., 2009, pp. 419–428.
8. 8)
  - 3. Persiano, G., Visconti, I.: ‘An efficient and usable multi-show non-transferable anonymous credential system’. Financial Cryptography, 2004, vol. 3110, pp. 196–211.
9. 9)
  - 17. Bertier, M., Frey, D., Guerraoui, R., Kermarrec, A., Leroy, V.: ‘The gossple anonymous social network’. Proc. ACM/IFIP/USENIX 11th Int. Conf. on Middleware, 2010, pp. 191–211.
10. 10)
  - 28. Alcaide, A., Palomar, E., Montero-Castillo, J., Ribagorda, A.: ‘Anonymous authentication for privacy-preserving iot target-driven applications’, Comput. Secur., 2013, 37, pp. 111–123 (doi: 10.1016/j.cose.2013.05.007).
11. 11)
  - 7. Hu, H., Ahn, G.: ‘Multiparty authorization framework for data sharing in online social networks’. Proc. 25th Annual IFIP WG 11.3 Conf. on Data and Applications Security and Privacy, DBSec'11, 2011, pp. 29–43.
12. 12)
  - 12. Domingo-Ferrer, J., Viejo, A., Sebe, F., Gonzalez-Nicolas, U.: ‘Privacy homomorphisms for social networks with private relationships’, Comput. Netw., 2008, 52, (15), pp. 3007–3016 (doi: 10.1016/j.comnet.2008.06.017).
13. 13)
  - 27. Camenisch, J., Van Herreweghen, E.: ‘Design and implementation of the idemix anonymous credential system’. Proc. Ninth ACM Conf. on Computer and Communications Security, CCS ‘02, 2002, pp. 21–30.
14. 14)
  - 13. Sayaf, R., Clarke, D.: ‘Access control models for online social networks’, Soc. Netw. Eng. Secur. Web Data Serv., 2012, IGI Global, pp. 32–65.
15. 15)
  - 10. Thomas, K., Grier, C., Nicol, D.: ‘Unfriendly: multi-party privacy risks in social networks’. Proc. 10th Int. Conf. on Privacy Enhancing Technologies, PETS'10, 2010, pp. 236–252.
16. 16)
  - 24. Park, J., Sandhu, R., Cheng, Y.: ‘A user-activity-centric framework for access control in online social networks’, IEEE Internet Comput.,2011, 15, (5), pp. 62–65 (doi: 10.1109/MIC.2011.30).
17. 17)
  - 4. Research, M.: U-prove anonymous credential system based on brands’ work, http://research.microsoft.com/en-us/projects/u-prove/.
18. 18)
  - 9. Carminati, B., Ferrari, E.: ‘Collaborative access control in on-line social networks’. Seventh Int. Conf. on IEEECollaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2011, pp. 231–240.
19. 19)
  - 26. Brands, S.A.: ‘Rethinking public key infrastructures and digital certificates; building in pivacy’ (in: MIT Press, 2000).
20. 20)
  - 2. Ibrahim, M.H.: ‘Efficient dealer-less threshold sharing of standard RSA’, Int. J. Netw. Secur., 2009, 8, (2), pp. 139–150.
21. 21)
  - 19. Shang, N., Nabeel, M., Paci, F., Bertino, E.: ‘A privacy-preserving approach to policy-based content dissemination’. Proc. IEEE 26th Int. Conf. on Data Engineering (ICDE), 2010, pp. 944–955.
22. 22)
  - 22. Jahid, S., Nilizadeh, S., Mittal, P., Borisov, N., Kapadia, A.: ‘Decent: a decentralized architecture for enforcing privacy in online social networks’. IEEEInt. Conf. on Pervasive Computing and Communications Workshops, 2012, pp. 326–332.
23. 23)
  - 11. González-Manzano, L., González-Tablas, A.I., de Fuentes, J.M., Ribagorda, A.: ‘Cooped: co-owned personal data management’, Comput. Secur., 2014, 47, pp. 41–65 (doi: 10.1016/j.cose.2014.06.003).
24. 24)
  - 21. Squicciarini, A.C., Shehab, M., Wede, J.: ‘Privacy policies for shared content in social network sites’, VLDB J., 2010, 19, (6), pp. 777–796 (doi: 10.1007/s00778-010-0193-7).
25. 25)
  - 14. Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: ‘Persona: an online social network with user-defined privacy’. in: ACM SIGCOMM Computer Communication Review, Vol. 39, ACM, 2009, pp. 135–146.
26. 26)
  - 16. Campan, A., Truta, T.M.: ‘Data and structural k-anonymity in social networks’, in Bonchi, F., Ferrari, E., Jiang, W., Malin, B. (Eds.): ‘Privacy, security, and trust in KDD’ (Springer-Verlag, 2009), pp. 33–54.
27. 27)
  - 8. Hu, H., Ahn, G.-J., Jorgensen, J.: ‘Multiparty access control for online social networks: model and mechanisms’, IEEE Trans. Knowl. Data Eng.,2013, 25, (7), pp. 1614–1627 (doi: 10.1109/TKDE.2012.97).
28. 28)
  - 6. Squicciarini, A., Xu, H., Zhang, X.: ‘Cope: enabling collaborative privacy management in online social networks’, J. Am. Soc. Inf. Sci. Technol., 2011, 62, (3), pp. 521–534.
29. 29)
  - 23. Braghin, S., Iovino, V., Persiano, G., Trombetta, A.: ‘Secure and policy-private resource sharing in an online social network’. In the Third Int. Conf. on Social Computing, IEEE, 2011, pp. 872–875.
30. 30)
  - 29. Palomar, E., Alcaide, A., Molina, E., Zhang, Y.: ‘Coalitional games for the management of anonymous access in online social networks’. Proc. 11th Annual Int. Conf. on Privacy, Security and Trust, PST, IEEE, 2013, pp. 1–10.

Implementing a privacy-enhanced attribute-based credential system for online social networks with co-ownership management

References

Related content