Advertisement

Blockchain-Based Social Network Infrastructure

  • Charu VirmaniEmail author
  • Tanu Choudhary
Chapter
  • 33 Downloads
Part of the Asset Analytics book series (ASAN)

Abstract

More than ever, users’ security and confidential data is at the risk of exploitation due to the ever-burgeoning cybercrimes and newer vulnerabilities exposed or discovered every alternate day. With increased connectivity via social networks, there is also an increased risk to data confidentiality and user privacy, never known before. The networks store a huge amount of private user data mostly related to interactions online. This sensitive information is usually meant for a very few people to see and kept protected from the outside world or unauthorized access via various security techniques. This study investigates the online conduct of users and perceived benefits of using online social networks. This study features security issues and potential attacks on different parts of the user’s security, tends to provide a stable decentralized solution to control, manage and authenticate user’s personal data and thus ensures privacy eliminating the need of third party.

Keywords

Social networks Smart contract Consensus Blockchain 

37.1 Introduction

In the growing era of technology, social networks have taken the world by a storm today due to their wide acceptability owing to their key features that facilitate connectivity defying tangible boundaries. From an online marketer specializing in social media to a business owner utilizing social networking sites to reach consumers, the platform has undergone dramatic shifts over the past decade mainly due to growing Internet use and easy access [5, 17, 19]. Facebook, Instagram, Twitter, etc., have taken over traditional communication methods and opened a new way of social connectivity allowing the technology to reach the remotest corners in the world. Networking sites like LinkedIn present employment opportunities to users, taking the connectivity to new heights. Though endowed with unique and revolutionary features, the networking technology comes inherent with a few challenges that are of major growing concern because of frequent occurrences of data and privacy compromises, increased proneness to cyber-attacks and recurrent exploitation of vulnerabilities in these sites. Technological communities worldwide are struggling to find solutions to the ever-burgeoning problem by devising newer security techniques.

This paper is divided into five sections, the current section introduces the social network, and Sect. 37.2 presents the challenges of social network concerning security. Section 37.3 proposes a novel approach to secure the social network via Blockchain. Section 37.4 presents the features of the proposed system, and Sect. 37.5 finally concludes.

37.1.1 Social Network

A social network [5] is an application that provides a platform for people with similar interests, hobbies, cultures to come together and share information or even form communities based on common shared interests. People across social networking [5] platforms may be engaged in a personal endeavor or business-related. Facebook, Twitter and Instagram are the most popular social networking sites of today’s generation that offer a big marketing opportunity alongside personal uses. Most popular enterprise social network platforms include Socialcast and Yammer. In recent years, social networking sites have become synonymous to connectivity due to their increased use worldwide and have set a global trend of virtual connections. Any social networking site requires users to create profiles by adding their personal information on the site and creating connections with users already known to the person or completely unknown, establishing the connection on grounds of common interests and hobbies. The usage of social media [23] has increased manifold over the recent years. According to the latest research in the popularity of social media users globally,
  • The number of Internet users globally in 2018 is 4.021 billion, up 7% year-on-year

  • The number of social media users globally in 2018 is 3.196 billion, up 13% year-on-year

  • The number of mobile phone users in 2018 is 5.135 billion, up 4% year-on-year

Easy access to the Internet and mobile phones (smart-phones) is inevitably the two most important reasons for the far-reaching range of social networking sites globally, today.

The exchange of information is vital across any social network, but this is what renders it the most vulnerable too.

37.2 Challenges in Social Network Countering Security

The revolutionary and unprecedented communication and connectivity platform comes endowed with a bunch of serious shortcomings that render it susceptible to attacks in the world of growing cyber activity and expertise [5]. Figure 37.1 talks about the various challenges inherent in any social network as illustrated below.
Fig. 37.1

Challenges in social networks

  • Control over data

Social network users have no control over their data. Once a user has an account on a social network their personal and confidential information is for the world to see rendering the user powerless in controlling data about themselves. Complete control is in the hands of social network owners who decide upon what is to be viewed by users and what is not. And with such control, the social network platform owners can profit from their users even without the users’ consent.
  • Privacy

Users’ personal information is at risk at all times, as it is evident from the recent breaches in data security of big technological giants like Facebook and Twitter [4]. With increasing cyber-threats and hacking expertise, it is highly probable, according to various statistics for user security to be compromised at the hands of unauthorized third-party members who may exploit it to their own advantages.
  • Single Point of Failure

Due to their centralized nature, traditional social networks are highly susceptible to cyber-attacks that often lead to financial losses. Cyber-criminals usually have one point of attack, which once breached can get them access to a host of users’ information. For instance, the LinkedIn network got hacked, and the hacker got access to an estimated 6.5 million encrypted passwords which he posted on a Russian hacker forum. This shows how insecure user information is across social networking sites even after devising security methods such as encryption techniques.

In the recent years, the cyber-security attacks [23] on social network sites are a common scenario, with data from big technological giants getting compromised, even after employing latest and technologically advanced techniques to counter the challenges. Although, the social network has become an integral part of people, community and business, however, it is plagued with many issues.

Table 37.1 shows some of the latest and biggest security breaches in the social networking world.
Table 37.1

Recent attacks

Attacks/hacks

Tactic employed

Impact

LinkedIn hack

Data breach, account takeover

117 million credentials exposed

Enigma’s stack and Web site hack

Fraud and scams, impersonation, account takeover

Half a million ether coins stolen

Vevo hack via targeted LinkedIn phishing attack

Malware, targeted phishing

Publicly released 3.12 tb sensitive internal data

Ap’s social account hack

Account takeover

$136 billion lost in stock market value

Though the online social networking sites are protected against various attacks and malicious acts, there are issues that have to be analyzed more deeply; although progress has been made to address these issues, they remain an ever-burgeoning threat to the sites. The upcoming section presents an analysis of threats on online social network (OSN) and how far have we come in addressing them. Some steps have been taken to strengthen this feature. Though there have been studies on the dichotomy between the said concerns regarding privacy and the lack of behavior backing up the talks, it has been observed that users get concerned about their privacy online and hence reduce the amount of information they disclose [10, 22]. The in-depth investigation laid down the distinctions between four categories of OSN-specific privacy breaches that engulf the issues of visibility of information of the user’s profile, segregation of identities and aggregation. The first step is to address the problem of an overview of various privacy threats that are specific to OSNs; which include digital dossier aggregation by third parties, online stalking, bullying, reputation soiling, just to name a few. To address the data privacy issue, the decentralized online social networks (DOSNs) have been proposed recently. In DOSNs, to protect the data privacy, the centralized servers are bypassed, and the data published by a user is stored and shared only among the contacts of the user. Though the threat to privacy keeps on growing with time, this aspect has received very limited attention from experts.

Impersonation threats have been a big menace for OSN’s that have not been found a way out of, yet. Till now, there is no OSN that ensures a single profile that is linked to a single person. Cloned accounts [10], fake profiles [13] and profile porting emerge out of these apparent unsolved issues of impersonation. These have paved the way for [10, 7] attacks, which aim to create fake accounts [6] and delineate the reputation of OSN’s.

The user’s data is stored in centralized servers maintained and deployed by OSN. This data can be utilized and analyzed further to know about the users’ private information, like entertainment or literary interest and intimate relationships, and in the worst possible scenario, sell this data to a third party. Since the inception of OSN, threats explore the vulnerabilities of OSN affecting the lives of not only active OSN users, but at times, the non-users are badly impacted. These threats have been studied in the past but continue to be an ongoing issue even today. The structure and nature of OSN have rendered these types of attacks virulent. Taking advantage of a user’s personal information on OSN, these can exploit the affected user’s stolen details to publish messages on his/her behalf or even change the personal information posted online.

The diverse nature of OSN platforms allows a variety of attacks on the privacy of the users, the integrity of the user profiles and the availability of the user-provided information across OSN. This section highlights main attack types against OSN platforms and discusses their impact on the aimed security objectives. Table 37.2 illustrates different types of attacks and shows their relevance for the mentioned security objectives of privacy, integrity and availability as 1, 2 and 3, respectively.
Table 37.2

Attacks against online social network

Types of attacks

Relevance

Description

Impact

Internet fraud

1

A malicious act involving the use of the Internet for acquiring sensitive information by employing tricks such as lottery and small business scams [12]

Reputation loss, data disclosure, denial of service

De-anonymization attacks

1

These attacks generally deploy tracing cookies or use network structure and users’ membership to unveil the true identity of the user [24]

Loss of important information, proprietorship and reputation, relationship disclosure, profiling

Face recognition

1

It is possible to match “online to online” image datasets by using publicly accessible user profile pictures on online social networking sites [12]

Reputation loss, data disclosure

Fake profiles

2

Attackers create a fake profile of the legitimate user to harm the reputation of the user [10]

Outvote the legitimate users, loss of reputation, blackmailing, pornography, cyber-harassment

Identity theft

1, 2, 3

A foe mounting the ID theft attack should be able to persuade anyone about the possession of a specific OSN profile. Taking control over the target profile is one such example [3]

Reputation loss, data disclosure, denial of service

Social engineering

1, 2

It is an art of falsifying user’s credentials with the ways the user would not feel embittered or fascinating them to perform an action that provides user’s personal information to the attacker [13, 23]

Reputation loss, sensitive information leakage, cyber-bullying, cyber-stalking, extortion/blackmailing, account loss, cyber-harassment

Privacy leakage from third-party applications

1

OSN includes third-party applications that can access personal data of users and store it to a third-party server. Thus, forwarding the access control to third-party server which is not protected well and can always be leaked raising a major concern [1, 13]

Sensitive information leakage, location leakage

Identity clone attacks

1, 2

This technique is usually deployed by an attacker to duplicate user’s presence online either on the same network or across other networks into making the users’ contact believe it to be the user and forging a trusting relationship with this profile [22]

Reputation loss, sensitive information leakage, cyber-bullying, cyber-stalking, extortion/blackmailing, account loss, cyber-harassment

Socialbots

1, 2, 3

It is a group of social media bots, software-controlled account managed by a master to impressionist human users that collaborate to demeanor malicious behavior

Reputation loss, data disclosure, denial of service

Location leakage

1

Smartphone today comes equipped with location tracking technologies that can prove to be a hazard at times when a user shares private and sensitive information about himself or his/her contacts whereabouts [16]

Reputation loss, data disclosure, blackmail, cyber-harassment, safety loss

Socware

1, 2, 3

Involves fake messages and damaging posts from various contacts connected across OSN that attract users by making luring award offers who install socware related malicious applications [8]

Reputation loss, data disclosure, denial of service

Over the years, security operators have worked toward addressing the above-mentioned threats by presenting a host of solutions. In this section, we will deal with possible solutions that may assist in protecting OSN’s from threats to integrity, privacy and availability of user data online. The above-listed attacks and concerns in privacy and security of the user motivated for blockchain-based social network infrastructure (BBSNI) to provide control of user’s information to the respective user only.

37.3 Blockchain-Based Social Network Infrastructure

Blockchain-based social network infrastructure is the long-awaited cure to issues affecting the current breed of social networks. BBSNI is a peer-to-peer decentralized ecosystem for the social network to store, control or maintain the continuously growing privacy needs of the user on the social network. Recent studies have observed blockchain as a potential solution to the concerns of social network [16, 20, 21]. BBSNI lays on the foundation of blockchain. Blockchain provides a decentralized mechanism for saving, transferring, tracing, monitoring, controlling and authenticating information [2, 11, 14, 18]. It eliminates the need of one central server which is controlled by one entity, and the information is shared across a multitude of nodes controlled by thousands of users without a third-party managing them [4, 11, 15]. On the same principle, BBSNI is a decentralized system for identifying and verifying users. It is a disruptive technology that can provide controls of users own information to them [9]. No platform is authorized to access the information without the user’s permission. User can decide sharing access rights of their information with advertisers and third parties. The following objectives were identified in the light of developing BBSNI as a solution to the challenges of the social network:
  • To develop a novel system that provides control, storage and high availability of user’s information.

  • To develop a mechanism that can authenticate the user and provides identity management system.

BBSNI collaborates to maintain a shared distributed user’s identity ensuring consistency among the users available on the social network overwhelming the services of network providers on an open platform. The system has been developed on the belief of the accelerated settlement of the user’s information, fewer discrepancies and availability of the user’s data. Moreover, the said proposed system across social networks will provide a platform to the network providers to assist the necessities of the user in ensuring privacy. The major architectural components of BBSNI are depicted in Fig. 37.2.
Fig. 37.2

Components of BBSNI

  1. 1.

    Consortium Block

     
Each individual in BBSNI maintains block that consists of the user’s personal information maintained at two levels. Level 1 maintains the demographic information about the user like name, photos, interests, to mention a few, and level 2 maintains links like friends, groups, posts, etc. Each block also maintains the access policy to provide the access rights of the reading/writing policy for the user’s information.

Level 1 information is strictly controlled and authenticated by the user and has read policy only, whereas level 2 information can be read-only or write depending upon the user’s interest of sharing the information with another user’s on the network or network provider. The read-only policy allows users on the network to read the information, however, write grants the access to add, modify or share the information provided by the user. In this way, the consortium block ensures that the user organizes the data with other available users or network providers on his/her private preferences. It verifies and authenticates that not all information is open and available to all on the network including the network provider. To authenticate and verify the information posted by the user, the consortium block makes use of block number, the previous hash and the current hash.

Timestamp stores the time when the information is posted on the user’s wall as the part of block itself and nonce help in the consensus algorithm that initiates with zero and increases as the block created. BBSNI owes its name to the way it stores the posted information in consortium blocks that are associated together to form a chain. BBSNI grows as the number of information grows.

Each consortium block is associated with the previous block as each block includes the hash of the prior block in the BBSNI and thus forms a chain. In this way, each subsequent block strengthens the verification of the previous block and hence the entire BBSNI. The hash is a digital fingerprint or unique identification that is allotted to every single block on the network.

Consortium block records and confirms the time and sequence of the posted information, which are then logged into the BBSNI governed by rules agreed on by the participating users. Every time, a user posts information, it maintains the record as depicted in Fig. 37.3.
Fig. 37.3

Consortium block

  1. 2.

    Consensus

     
Information validity and uniqueness are the major principles of BBSNI ensuring privacy in the social network. It is an inevitable to the users on the network that user’s posted information is valid by examining whether the related contract code runs successfully and contains all necessary signatures; and that any information to which thus posted information refers are also valid.

The users can also reach the confidence that the information in question is a unique user of all its posts. It ensures that if there is any other communication exists, on which we have already reached consensus, which consumes any posts. Independently implementing the same contract code and validation logic can validate the information, and hence, users can agree on the posted information. However, a predetermined observer that mostly may be independent is required to prove the uniqueness of the consensus. The data is shared with only the authorized users. Any user in the BBSNI can observe the data which is shared to them. The status of the consensus is set to “on” if the user is given access to read/write the data else “off”. Thus, the users of the shared information can validate the communication via consensus.

  1. 3.

    Information Flow Protocol

     
Smart contracts are constructed as a simple and reusable pure function that can accept or reject information of the user. The posted information is taken as an input state to the function producing valid or invalid state as output through the smart contract. The output is valid if the posted information is valid. It enables users to coordinate actions without the need of third party. Contracts neither interact with anything nor they get stored on any medium. It will always release the same results on the existence of the same information. It is implemented on non-assembly-based programming, keeping the environment immutable and synchronized. Figure 37.4 depicts the flow of information.
Fig. 37.4

Information flow of BBSNI

37.4 Features of BBSNI

The following features are what make BBSNI technology so groundbreaking.

Figure 37.5 illustrates the various features of BBSNI.
Fig. 37.5

Features of BBSNI

  • Transparency

BBSNI’s distributed nature eliminates the dictation of platforms by a single entity. Also, due to the involvement of various servers and developers in tracking and auditing, it renders a very low probability for data tampering.
  • Control over data

By eliminating third-party intermediaries, users on decentralized social networks will be able to own and control their sensitive data. BBSNI technology ensures non-replication of data and also provides for its tracing. Also, if data is deleted by a user, it is deleted on the whole system, thus preventing any unauthorized third-party intermediaries to access the data and use it to their advantage.
  • Relevant content

Once the user can control his/her account on the social media networks, they can decide for themselves on the content they wish to see and that can prevent advertisements on the user’s network.

37.5 Conclusion

To the ever-burgeoning attacks on social network security, BBSNI could prove to be an everlasting and feasible solution, rendering the user empowered with the data that one share on social media and also eliminating the role of third-party intermediaries and establishing a safe and secure communication channel with no dictatorship of a single entity.

References

  1. 1.
    Algarni A, Yue X, Chan T (2014) Social Engineering in social networking sites: the art of impersonation. In: IEEE International Conference on Services Computing (SCC), pp 797–804Google Scholar
  2. 2.
    Allen D (2017) Discovering and developing the blockchain cryptoeconomy. Available at SSRN 2815255 2017, Aug 2017Google Scholar
  3. 3.
    Al-Qurishi M, Hossain MS, Alrubaian M, Rahman SM, Alamri A (2018) Leveraging analysis of user behavior to identify malicious activities in large-scale social networks. IEEE Trans Ind Inf 14(2):799–813Google Scholar
  4. 4.
    Arnold A (2018) How social media can benefit from blockchain technology. Available at https://www.forbes.com/sites/andrewarnold/2018/05/29/how-social-media-can-benefit-from-blockchain-technology/
  5. 5.
    Boyd DM, Ellison NB (2007) Social network sites: definition, history, and scholarship. J Comput Med Commun 13(1):210–230CrossRefGoogle Scholar
  6. 6.
    Fire M, Katz G, Elovici Y (2012) Strangers intrusion detection -detecting spammers and fake profiles in social networks based on topology anomalies. Hum J. 1(1):26–39Google Scholar
  7. 7.
    Hedayati A (2012) An analysis of identity theft: motives, related frauds, techniques and prevention. J Law Confl Resol 4(1):1–12Google Scholar
  8. 8.
    Huang TK, Rahman MS, Madhyastha HV, Faloutsos M (2013) An analysis of socware cascades in online social networks. In: Proceedings of 22nd international conference on World Wide Web, pp 619–630Google Scholar
  9. 9.
    Jacobovitz O (2016) Blockchain for identity management. The Lynne and William Frankel Center for Computer Science Department of Computer Science. Ben-Gurion University, Beer Sheva Google Scholar 1, p 9Google Scholar
  10. 10.
    Levine B, Shields C, Margolin N (2006) A survey of solutions to the sybil attack. University of Massachusetts, AmherstGoogle Scholar
  11. 11.
    Li Z, Kang J, Yu R, Ye D, Deng Q, Zhang Y (2018) Consortium blockchain for secure energy trading in industrial internet of things. IEEE Trans Ind Inf 14(8):3690–3700Google Scholar
  12. 12.
    Peled O, Fire M, Rokach L, Elovici Y (2013) Entity matching in online social networks. In: Proceedings of international conference on social computing, pp 339–344Google Scholar
  13. 13.
    Perlroth N (2013) Fake twitter followers become multimillion-dollar business. The New York Times, New York, Apr 2013. Available: http://bits.blogs.nytimes.com/2013/04/05/faketwitter-followers-becomes-multimillion-dollar-business/
  14. 14.
    Peterson J, Krug J (2015) Augur: a decentralized, open-source platform for prediction markets. arXiv preprint arXiv:1501.01042
  15. 15.
    Pour FSA, Tatar U, Gheorghe A (2018) Agent-based model of sand supply governance employing blockchain technology. In: Proceedings of the annual simulation symposium. Society for Computer Simulation International, p 14Google Scholar
  16. 16.
    Risius M, Spohrer K (2017) A blockchain research framework. Bus Inf Syst Eng 59(6):385–409CrossRefGoogle Scholar
  17. 17.
    Ryan T, Allen KA, Gray DL, McInerney DM (2017) How social are social media? A review of online social behaviour and connectedness. J Relats Res 8.  https://doi.org/10.1017/jrr.2017.13
  18. 18.
    Samaniego M, Deters R (2016) Blockchain as a service for IoT. In: IEEE international conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp 433–436Google Scholar
  19. 19.
    Shah C (2017) Social media and social networking. In: Social information seeking. Springer, Cham, pp 29–42Google Scholar
  20. 20.
    Sharma A (2018) 5 trends shows how blockchain is changing social media. Online available: https://hackernoon.com/5-trends-shows-how-blockchain-is-changing-social-media-ba50c975c041
  21. 21.
    Shafak W, Siedler N (2017) Blockchain technology for social impact: opportunities and challenges ahead. In: J Cyber Policy 2(3):338–354Google Scholar
  22. 22.
    Shan Z, Cao H, Lv J, Yan C, Liu A (2013) Enhancing and identifying cloning attacks in online social networks. In: Proceedings of the 7th international conference on ubiquitous information management and communication, p 59Google Scholar
  23. 23.
    Spencer W (2017) The top 10 worst social media cyber-attacks. InfoSecurity Magazine. Available at https://www.infosecurity-magazine.com/blogs/top-10-worst-social-media-cyber/
  24. 24.
    Wondracek G, Holz T, Kirda E, Kruegel C (2010) A practical attack to de-anonymize social network users. In: Proceedings of IEEE Symposium. SP, 2010, pp 223–238Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringManav Rachna International Institute of Research and StudiesFaridabadIndia

Personalised recommendations