Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
IntroductionBackground
ApproachImplementation
ConclusionQ/A
U-Control: User-controlled Privacy Management inSocial Networks
Dongwan Shin, PhD
New Mexico Tech
May 5, 2009
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
1 Introduction
2 BackgroundUser centricityCredential systemsOpenSocial
3 ApproachADT-based credentialsOpenSocial ExtensionsArchitecture
4 Implementation
5 ConclusionSummaryFuture work
6 Q/A
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Introduction
Online social networksOne of the fastest growing websites that provide tools that allow theinteraction of users with some kind of relation
map real social relationsinterest basedprofessional based
Users have profiles with information and share that information amongtheir relations or any member of a SNS
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Introduction
Online social networksOne of the fastest growing websites that provide tools that allow theinteraction of users with some kind of relation
map real social relationsinterest basedprofessional based
Users have profiles with information and share that information amongtheir relations or any member of a SNS
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Problem statements
The fundamental building block for the proper operation of SNS ispersonal information
personalizationaffinity sharingaccelerated networkingnovel services
SNS can create a central repository of personal information
Consequently, marketers, school officials, government agencies, andonline predators can collect data about users through online SN sites
We strongly believe that one of the most challenging problems in SNsites is related to this issue, privacy, and it must be addressedimmediately
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Problem statements
The fundamental building block for the proper operation of SNS ispersonal information
personalizationaffinity sharingaccelerated networkingnovel services
SNS can create a central repository of personal information
Consequently, marketers, school officials, government agencies, andonline predators can collect data about users through online SN sites
We strongly believe that one of the most challenging problems in SNsites is related to this issue, privacy, and it must be addressedimmediately
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Problem statements
The fundamental building block for the proper operation of SNS ispersonal information
personalizationaffinity sharingaccelerated networkingnovel services
SNS can create a central repository of personal information
Consequently, marketers, school officials, government agencies, andonline predators can collect data about users through online SN sites
We strongly believe that one of the most challenging problems in SNsites is related to this issue, privacy, and it must be addressedimmediately
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
UControl
Three fundamental services required to support and manage userprivacy in SNS
identity attribute managementselective attribute sharingprivacy preference management
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Selective attribute sharing
When we show a credential, we might want to show only a part of thecredential
Example
show drivers license to prove agewe dont want to disclose our DL numberwe dont want to disclose our State or Country of Origin
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Interoperable attribute sharing
3rd Party applications in SNSGoogle iGoogle: Allows users to build custom pages using a widevariety of small applications gadgetsFacebook launched a framework that allows third party individuals orcompanies to develop small applications that may use user information
Using credentials, A user could provide social data from sources otherthan the container to a social application?Currently, online-based sharing approaches are used
Facebook connectMyspace data availabilityOne way, and traced by the provider
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Interoperable attribute sharing
3rd Party applications in SNSGoogle iGoogle: Allows users to build custom pages using a widevariety of small applications gadgetsFacebook launched a framework that allows third party individuals orcompanies to develop small applications that may use user information
Using credentials, A user could provide social data from sources otherthan the container to a social application?Currently, online-based sharing approaches are used
Facebook connectMyspace data availabilityOne way, and traced by the provider
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
User centricityCredential systemsOpenSocial
Identity management and user-centricity
Digital identity
Server centric
User centric
FederationThree main actors
Identity Provider (Issuing party)Service Provider (Relying party)User
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
User centricityCredential systemsOpenSocial
Identity management and user-centricity
Digital identity
Server centric
User centric
FederationThree main actors
Identity Provider (Issuing party)Service Provider (Relying party)User
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
User centricityCredential systemsOpenSocial
Credential systems
A credential system
is a system in which a user can obtain credentials (i.e., signedstatements) from one organization and demonstrate possession of themto other organizations
Several credential systems proposed
Chaums approach to e-cashBrands approachCamenischs approach
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
User centricityCredential systemsOpenSocial
OpenSocial
OpenSocial is an initiative to enable SN sites to provide applicationfunctionality (started by Google)
Many SN sites, One APIAllow a new SN site to have readily available applications to integrate
Originally announced: November 2007Opensocial 0.8 released on May 28th 2008
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
User centricityCredential systemsOpenSocial
OpenSocial
OpenSocial APIJavascript, XMLThree main areas of the API
People and RelationshipsActivitiesPersistence
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
ADT-based credentialsOpenSocial ExtensionsArchitecture
Authenticated dictionary
Mainly studied and used in the context of certificate revocation
Verification time is fast
Applied to a credential system
attributes replace certificates in dictionaryuser sends attributes and proof materialsverifier checks for dictionary authenticity and verifies that theattributes are indeed part of the dictionary
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
ADT-based credentialsOpenSocial ExtensionsArchitecture
ADT-based credentials
Credentials can be used many times
Any subset of attributes contained in the credential can be shared andproved to be a part of the credential
Credential can be used even if attribute providers are offline
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
ADT-based credentialsOpenSocial ExtensionsArchitecture
Skip lists
Is a data structure that allows the effective search and update ofelements within a set
Supports following operations on a set of elements
find()insert()delete()
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
ADT-based credentialsOpenSocial ExtensionsArchitecture
Proof
Two possible proof methodsElement search path function values
user searches the attributeretrieves searching pathretrieves f values for the nodes in the pathuser sends f values and verifier calculates the first node value
Rebuild Dictionary and search elements
user sends full dictionary and attributes to be shownverifier computes function f for every nodeverifier asserts authenticity by verifying signature on last f valueattributes are hashed and value searched on Authenticated Dictionary
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
ADT-based credentialsOpenSocial ExtensionsArchitecture
Revocation
Use central entity that maintains revocation list
Issuer can submit updates with revoked credentials to the CA
Verifier asks CA if a credential is valid or keeps copy of CRL
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
ADT-based credentialsOpenSocial ExtensionsArchitecture
OpenSocial extensions
Extend OpenSocial to allow external data sources
Change API specification: date request object
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
ADT-based credentialsOpenSocial ExtensionsArchitecture
OpenSocial extensions
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
ADT-based credentialsOpenSocial ExtensionsArchitecture
System Architecture
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Current implementation
ADT-based credential system
prototype with credential issuance, management, and verificationfeatures
OpenSocial extension
implementing with Shindig and Socialsite
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Prototype: U-Control Agent
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
SummaryFuture work
Summary
Described the motivation and approach to enabling interoperable andselective data sharing in SNS
discussed ADT-based credentialdiscussed an extension of OpenSocial APIs
Developed a proof-of-concept implementation
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks
IntroductionBackground
ApproachImplementation
ConclusionQ/A
SummaryFuture work
Future Work
Finish 2nd phase of implementation
Privacy attribute management in U-Control
ontology-based privacy attribute rating
Conduct user study
Secure Computing Laboratory at New Mexico Tech User-controlled Privacy Management in Social Networks