Upload
lambert-phillips
View
215
Download
1
Tags:
Embed Size (px)
Citation preview
Enhancing Security and Privacy in Online
Social Networks
Sonia [email protected]
University of Illinois at Urbana-Champaign
PhD Forum
Online Social Network (OSN)
Motivating Examples
Our Goal …
A Private and Secure Online Social NetworkA Private and Secure Online Social Network
Shift the access enforcement point from the provider to the users
Shift the access enforcement point from the provider to the users
4
Decentralization
ProviderProvider Trusted Party
Myself
Hybrid
Untrusted Party
• Availability• Access control by others• Confidentiality/Integrity• Malicious activities
WallWallStatusStatus
CommentComment
VideoVideo
LinkLink
Complicated OSN Data
and Access Control
Complicated OSN Data
and Access Control
• Access Control– Attribute-based encryption with efficient
revocation
• Architecture Design– Distributed hash table– Object oriented data– Efficient algorithm for newsfeed
Our Contribution
7
EASiER – ASIACCS 2011, DECENT – SESOC 2012, CACHET – CoNEXT 2012
Example
GHC Rocks!
Friend|Alice|Friend
Reference
Alice’s Status
Bob’s Comment
Read
Write/Delete
Append
Application?
Our Goal
• Health Information Exchange– Patient-centric health data through a secure
distributed storage service
10
Challenges
• Confidentiality, Integrity, Availability• Private Audit• Anonymous search• Break the glass policy
11
Private Audit
• Properties– Authentication– Access Control– Auditing– Anonymity
• Concept– Revocable
Anonymity
StorageStorage
Data
Data
Access
Access
A0danc*#-3948sk3m4lksfmÂp
A0danc*#-3948sk3m4lksfmÂp
Logging Information
12
Doctor
Nurse
Anonymous Search
• Properties– Anonymity– Efficiency– Correctness
• Concept– Public Key Encryption
Keyword-based search– Private Information
Retrieval
StorageStorage
Alice, Lab
13
Break the Glass Policy
• Properties– Emergency access on
data– Auditing
Alice’s Data
Alice’s Data
14
Research Summary
• Techniques to enhance security and privacy of a social network
• Challenges and application of such techniques in healthcare domain
Sonia Jahidhttp://[email protected]
15