Skip to main content
SpringerLink
Log in

Encryption for Peer-to-Peer Social Networks

  • Chapter
  • First Online:
Security and Privacy in Social Networks

Abstract

To address privacy concerns over online social networking services, several decentralized alternatives have been proposed. These peer-to-peer (P2P) online social networks do not rely on centralized storage of user data. Rather, data can be stored not only on a profile owner’s computer but almost anywhere (friends’ computers, random peers from the social network, third-party external storage, etc.). Because external storage is often untrusted or only semi-trusted, encryption plays a fundamental role in the security of P2P social networks.

Such a system needs to be efficient for use on a large scale, provide functionality for changing access rights suitable for social networks, and, most importantly, it should preserve the network’s privacy properties. That is, other than user data confidentiality, it has to protect against information leakage regarding users’ access rights and behaviors. In this paper we explore the encryption requirements for P2P social networks and propose a list of evaluation criteria that we use to compare existing approaches. We have found that none of the current P2P architectures for social networks achieve secure, efficient, 24/7 access control enforcement and data storage. They rely on trust, require constantly running servers for each user, use expensive encryption, or fail to protect the privacy of access information. In a search for solutions that better fulfill our criteria, we found that some broadcast encryption (BE) and predicate encryption (PE) schemes exhibit several desirable properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Afify Y (2008) Access control in a peer-to-peer social network. Master’s thesis, EPFL, Lausanne, Switzerland

    Google Scholar 

  2. Altshuler Y, Aharony N, Pentland A, Elovici Y, Cebrian M (2011) Stealing reality: when criminals become data scientists (or vice versa). Intell Syst IEEE 26(6):22–30

    Article  Google Scholar 

  3. Baden R, Bender A, Spring N, Bhattacharjee B, Starin D (2009) Persona: an online social network with user-defined privacy. SIGCOMM Comput Commun Rev 39:135–146. http://doi.acm.org/10.1145/1594977.1592585

  4. Bethencourt J, Sahai A, Waters B (2007) Ciphertext-policy attribute-based encryption. In: Proceedings of the 2007 I.E. symposium on security and privacy, SP ’07, Berkeley. IEEE Computer Society, Los Alamitos, pp 321–334. http://dx.doi.org/10.1109/SP.2007.11

  5. Buchegger S, Schiöberg D, Vu LH, Datta A (2009) Peerson: P2p social networking: early experiences and insights. In: Proceedings of the second ACM EuroSys workshop on social network systems, SNS ’09, Nuremberg, pp 46–52. http://doi.acm.org/10.1145/1578002.1578010

  6. Cutillo L, Molva R, Strufe T (2009) Safebook: a privacy-preserving online social network leveraging on real-life trust. Commun Mag IEEE 47(12):94–101

    Article  Google Scholar 

  7. Cutillo L, Molva R, Strufe T (2010) On the security and feasibility of safebook: a distributed privacy-preserving online social network. In: Privacy and identity management for life. IFIP advances in information and communication technology, vol 320. Springer, Boston, pp 86–101

    Google Scholar 

  8. Delerablee C (2007) Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Advances in cryptology ASIACRYPT 2007. Lecture notes in computer science, vol 4833. Springer, Berlin/Heidelberg, pp 200–215

    Google Scholar 

  9. Delerablee C, Paillier P, Pointcheval D (2007) Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Pairing-based cryptography pairing 2007. Lecture notes in computer science, vol 4575. Springer, Berlin/Heidelberg, pp 39–59

    Google Scholar 

  10. Egele M, Kruegel C, Kirda E, Vigna G (2011) Pios: detecting privacy leaks in ios applications. In: Proceedings of the ISOC network and distributed systems security (NDSS) symposium, San Diego

    Google Scholar 

  11. Enck W, Gilbert P, Chun BG, Cox LP, Jung J, McDaniel P, Sheth AN (2010) Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX symposium on operating systems design and implementation (OSDI), Vancouver

    Google Scholar 

  12. Fiat A, Naor M (1994) Broadcast encryption. In: Advances in cryptology CRYPTO 93. Lecture notes in computer science, vol 773. Springer, Berlin/Heidelberg, pp 480–491

    Google Scholar 

  13. Goyal V, Pandey O, Sahai A, Waters B (2006) Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM conference on computer and communications security, CCS ’06. ACM, New York, pp 89–98

    Google Scholar 

  14. Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2010) Diaspora. A little more about the project. http://blog.joindiaspora.com/2010/04/21/a-little-more-about-the-project.html. Accessed Nov 2011

  15. Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2010) Diaspora security architecture proposal. https://github.com/diaspora/diaspora/wiki/Security-Architecture-Proposal. Accessed Nov 2011

  16. Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2010) Encryption. https://github.com/diaspora/diaspora/wiki/Encryption. Accessed Nov 2011

  17. Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2011) Diaspora roadmap. https://github.com/diaspora/diaspora/wiki/Roadmap. Accessed Nov 2011

  18. Grippi D, Sofaer R, Salzberg M, Zhitomirsky I (2011) Diaspora’s federation protocol. https://github.com/diaspora/diaspora/wiki/Diaspora\%27s-federation-protocol

  19. Gross R, Acquisti A (2005) Information revelation and privacy in online social networks. In: Proceedings of the 2005 ACM workshop on privacy in the electronic society, WPES ’05. ACM, New York, pp 71–80

    Google Scholar 

  20. Gupta V, Gupta S, Chang S, Stebila D (2002) Performance analysis of elliptic curve cryptography for ssl. In: Proceedings of the 1st ACM workshop on wireless security, WiSE ’02. ACM, New York, pp 87–94

    Google Scholar 

  21. Ibraimi L, Tang Q, Hartel P, Jonker W (2009) Efficient and provable secure ciphertext-policy attribute-based encryption schemes. In: Proceedings of the 5th international conference on information security practice and experience, ISPEC ’09. Springer, Berlin, pp 1–12

    Google Scholar 

  22. Jiang H, Xu Q, Shang J (2010) An efficient dynamic identity-based broadcast encryption scheme. In: Data, privacy and E-commerce (ISDPE), 2010 second international symposium on, Buffalo, pp 27–32

    Google Scholar 

  23. Katz J, Sahai A, Waters B (2008) Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on advances in cryptology, EUROCRYPT’08, Istanbul. Springer, Berlin/Heidelberg, pp 146–162

    Google Scholar 

  24. Lewko A, Okamoto T, Sahai A, Takashima K, Waters B (2010) Fully secure functional encryption: attribute-based encryption and (hierarchical) inner product encryption. In: Advances in cryptology EUROCRYPT 2010. Lecture notes in computer science, vol 6110. Springer, Berlin/Heidelberg, pp 62–91

    Google Scholar 

  25. Nechvatal J, Barker E, Bassham L, Burr W, Dworkin M, Foti J, Roback E (2000) Report on the development of the advanced encryption standard (aes). Technical report MSU-CSE-99-39, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology. http://csrc.nist.gov/archive/aes/round2/r2report.pdf

  26. Okamoto T, Takashima K (2009) Hierarchical predicate encryption for inner-products. In: Advances in cryptology ASIACRYPT 2009. Lecture notes in computer science, vol 5912. Springer, Berlin/Heidelberg, pp 214–231

    Google Scholar 

  27. Ostrovsky R, Sahai A, Waters B (2007) Attribute-based encryption with non-monotonic access structures. In: Proceedings of the 14th ACM conference on computer and communications security, CCS ’07. ACM, New York, pp 195–203. http://doi.acm.org/10.1145/1315245.1315270

  28. Shen E, Shi E, Waters B (2009) Predicate privacy in encryption systems. In: Proceedings of the 6th theory of cryptography conference on theory of cryptography, TCC ’09. Springer, Berlin/Heidelberg, pp 457–473

    Google Scholar 

  29. Waters B (2011) Ciphertext-policy attribute-based encryption: an expressive, efficient, and provably secure realization. In: Public key cryptography PKC 2011. Lecture notes in computer science, vol 6571. Springer, Berlin/Heidelberg, pp 53–70

    Google Scholar 

  30. Zhang W, Xu Q, He P (2010) Identity-based broadcast encryption with recipient privacy. In: 3rd IEEE international conference on Computer science and information technology (ICCSIT 2010), vol 8, Chengdu, pp 483–487

    Google Scholar 

Download references

Acknowledgements

This research was funded by grant SSF FFL09-0086 from the Swedish Foundation for Strategic Research and by grant VR 2009-3793 from the Swedish Research Council.

Author information

Authors and Affiliations

  1. KTH – The Royal Institute of Technology, Valhallaägen 79, 100 44, Stockholm, Sweden

    Oleksandr Bodriagov & Sonja Buchegger

Authors
  1. Oleksandr Bodriagov
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sonja Buchegger
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Oleksandr Bodriagov .

Editor information

Editors and Affiliations

  1. , Human Dynamic Group, MIT Media Lab, 77 Mass. Ave, Cambridge, 02139, Massachusetts, USA

    Yaniv Altshuler

  2. , Information Systems Engineering, Ben-Gurion University, n/a, Beer-Sheva, n/a, Israel

    Yuval Elovici

  3. Inst. f. Informatik III, Univ. Bonn, Römerstr. 164, Bonn, 53117, Germany

    Armin B. Cremers

  4. , Human Dynamics Group, MIT Media Lab, 77 Mass. Ave, Cambridge, 02139, Massachusetts, USA

    Nadav Aharony

  5. , Human Dynamics Group, MIT Media Lab, 77 Mass. Ave, Cambridge, 02139, Massachusetts, USA

    Alex Pentland

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media New York

About this chapter

Cite this chapter

Bodriagov, O., Buchegger, S. (2013). Encryption for Peer-to-Peer Social Networks. In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds) Security and Privacy in Social Networks. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-4139-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-4139-7_4

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-4138-0

  • Online ISBN: 978-1-4614-4139-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation