Abstract
To address privacy concerns over online social networking services, several decentralized alternatives have been proposed. These peer-to-peer (P2P) online social networks do not rely on centralized storage of user data. Rather, data can be stored not only on a profile owner’s computer but almost anywhere (friends’ computers, random peers from the social network, third-party external storage, etc.). Because external storage is often untrusted or only semi-trusted, encryption plays a fundamental role in the security of P2P social networks.
Such a system needs to be efficient for use on a large scale, provide functionality for changing access rights suitable for social networks, and, most importantly, it should preserve the network’s privacy properties. That is, other than user data confidentiality, it has to protect against information leakage regarding users’ access rights and behaviors. In this paper we explore the encryption requirements for P2P social networks and propose a list of evaluation criteria that we use to compare existing approaches. We have found that none of the current P2P architectures for social networks achieve secure, efficient, 24/7 access control enforcement and data storage. They rely on trust, require constantly running servers for each user, use expensive encryption, or fail to protect the privacy of access information. In a search for solutions that better fulfill our criteria, we found that some broadcast encryption (BE) and predicate encryption (PE) schemes exhibit several desirable properties.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Afify Y (2008) Access control in a peer-to-peer social network. Master’s thesis, EPFL, Lausanne, Switzerland
Altshuler Y, Aharony N, Pentland A, Elovici Y, Cebrian M (2011) Stealing reality: when criminals become data scientists (or vice versa). Intell Syst IEEE 26(6):22–30
Baden R, Bender A, Spring N, Bhattacharjee B, Starin D (2009) Persona: an online social network with user-defined privacy. SIGCOMM Comput Commun Rev 39:135–146. http://doi.acm.org/10.1145/1594977.1592585
Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 I.E. symposium on security and privacy, SP ’07, Berkeley. IEEE Computer Society, Los Alamitos, pp 321–334. http://dx.doi.org/10.1109/SP.2007.11
Buchegger S, Schiöberg D, Vu LH, Datta A (2009) Peerson: P2p social networking: early experiences and insights. In: Proceedings of the second ACM EuroSys workshop on social network systems, SNS ’09, Nuremberg, pp 46–52. http://doi.acm.org/10.1145/1578002.1578010
Cutillo L, Molva R, Strufe T (2009) Safebook: a privacy-preserving online social network leveraging on real-life trust. Commun Mag IEEE 47(12):94–101
Cutillo L, Molva R, Strufe T (2010) On the security and feasibility of safebook: a distributed privacy-preserving online social network. In: Privacy and identity management for life. IFIP advances in information and communication technology, vol 320. Springer, Boston, pp 86–101
Delerablee C (2007) Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Advances in cryptology ASIACRYPT 2007. Lecture notes in computer science, vol 4833. Springer, Berlin/Heidelberg, pp 200–215
Delerablee C, Paillier P, Pointcheval D (2007) Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Pairing-based cryptography pairing 2007. Lecture notes in computer science, vol 4575. Springer, Berlin/Heidelberg, pp 39–59
Egele M, Kruegel C, Kirda E, Vigna G (2011) Pios: detecting privacy leaks in ios applications. In: Proceedings of the ISOC network and distributed systems security (NDSS) symposium, San Diego
Enck W, Gilbert P, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2010) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX symposium on operating systems design and implementation (OSDI), Vancouver
Fiat A, Naor M (1994) Broadcast encryption. In: Advances in cryptology CRYPTO 93. Lecture notes in computer science, vol 773. Springer, Berlin/Heidelberg, pp 480–491
Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, CCS ’06. ACM, New York, pp 89–98
Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2010) Diaspora. A little more about the project. http://blog.joindiaspora.com/2010/04/21/a-little-more-about-the-project.html. Accessed Nov 2011
Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2010) Diaspora security architecture proposal. https://github.com/diaspora/diaspora/wiki/Security-Architecture-Proposal. Accessed Nov 2011
Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2010) Encryption. https://github.com/diaspora/diaspora/wiki/Encryption. Accessed Nov 2011
Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2011) Diaspora roadmap. https://github.com/diaspora/diaspora/wiki/Roadmap. Accessed Nov 2011
Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2011) Diaspora’s federation protocol. https://github.com/diaspora/diaspora/wiki/Diaspora\%27s-federation-protocol
Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society, WPES ’05. ACM, New York, pp 71–80
Gupta V, Gupta S, Chang S, Stebila D (2002) Performance analysis of elliptic curve cryptography for ssl. In: Proceedings of the 1st ACM workshop on wireless security, WiSE ’02. ACM, New York, pp 87–94
Ibraimi L, Tang Q, Hartel P, Jonker W (2009) Efficient and provable secure ciphertext-policy attribute-based encryption schemes. In: Proceedings of the 5th international conference on information security practice and experience, ISPEC ’09. Springer, Berlin, pp 1–12
Jiang H, Xu Q, Shang J (2010) An efficient dynamic identity-based broadcast encryption scheme. In: Data, privacy and E-commerce (ISDPE), 2010 second international symposium on, Buffalo, pp 27–32
Katz J, Sahai A, Waters B (2008) Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on advances in cryptology, EUROCRYPT’08, Istanbul. Springer, Berlin/Heidelberg, pp 146–162
Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Advances in cryptology EUROCRYPT 2010. Lecture notes in computer science, vol 6110. Springer, Berlin/Heidelberg, pp 62–91
Nechvatal J, Barker E, Bassham L, Burr W, Dworkin M, Foti J, Roback E (2000) Report on the development of the advanced encryption standard (aes). Technical report MSU-CSE-99-39, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology. http://csrc.nist.gov/archive/aes/round2/r2report.pdf
Okamoto T, Takashima K (2009) Hierarchical predicate encryption for inner-products. In: Advances in cryptology ASIACRYPT 2009. Lecture notes in computer science, vol 5912. Springer, Berlin/Heidelberg, pp 214–231
Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM conference on computer and communications security, CCS ’07. ACM, New York, pp 195–203. http://doi.acm.org/10.1145/1315245.1315270
Shen E, Shi E, Waters B (2009) Predicate privacy in encryption systems. In: Proceedings of the 6th theory of cryptography conference on theory of cryptography, TCC ’09. Springer, Berlin/Heidelberg, pp 457–473
Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public key cryptography PKC 2011. Lecture notes in computer science, vol 6571. Springer, Berlin/Heidelberg, pp 53–70
Zhang W, Xu Q, He P (2010) Identity-based broadcast encryption with recipient privacy. In: 3rd IEEE international conference on Computer science and information technology (ICCSIT 2010), vol 8, Chengdu, pp 483–487
Acknowledgements
This research was funded by grant SSF FFL09-0086 from the Swedish Foundation for Strategic Research and by grant VR 2009-3793 from the Swedish Research Council.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer Science+Business Media New York
About this chapter
Cite this chapter
Bodriagov, O., Buchegger, S. (2013). Encryption for Peer-to-Peer Social Networks. In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds) Security and Privacy in Social Networks. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-4139-7_4
Download citation
DOI: https://doi.org/10.1007/978-1-4614-4139-7_4
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-4138-0
Online ISBN: 978-1-4614-4139-7
eBook Packages: Computer ScienceComputer Science (R0)