Abstract
Online social networks are rapidly changing our lives. Their growing pervasiveness and the trust that we develop in online identities provide us with a new platform for security applications. Additionally, the integration of various sensors and mobile devices on social networks has shortened the separation between one’s physical and virtual (i.e. web) presences. We envisage that social networks will serve as the portal between the physical world and the digital world. However, challenges arise when using social networks in security applications; for example, how can one prove to a friend (or Friend) that your Facebook page belongs to you and not a man in the middle? Once you have proved this, how can you use it to create a secure channel between any device belonging to you and one belonging to your friend? We show how human interactive security protocols (HISPs) can greatly assist in both these areas and in general create a decentralised and user-oriented model of security. And we demonstrate that by using this security model we can quickly and efficiently bootstrap security for sharing information within a large group.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Body-monitoring sensors, http://store.runkeeper.com/
CEO to shareholders: 50 billion connections 2020, http://www.ericsson.com/thecompany/press/releases/2010/04/1403231
How Fast the News Spreads Through Social Media, http://blog.sysomos.com/2011/05/02/how-fast-the-news-spreads-through-social-media/
Beach, A., et al.: Whozthat? evolving an ecosystem for context-aware mobile social networks. IEEE Network 22(4), 50–55 (2008)
Anderson, J., Diaz, C., Bonneau, J., Stajano, F.: Privacy-enabling social networking over untrusted networks. In: Proc. WOSN 2009 (2009)
Buchegger, S., Datta, A.: A Case for P2P Infrastructure for Social Networks - Opportunities & Challenges. In: Proc. WONS 2009 (2009)
Chen, C.-H.O., et al.: GAnGS: gather, authenticate ’n group securely. In: The 14th ACM International Conference on Mobile Computing and Networking (2008)
Chard, K., Caton, S., Rana, O., Bubendorfer, K.: Social cloud: Cloud computing in social networks. In: Proc. IEEE CLOUD 2010 (2010)
Chen, B., Nguyen, L., Roscoe, A.W.: Reverse authentication in financial transactions and identity management. To appear in Wireless Networks, Mobile Networks and Applications (2012)
Douceur, J.: The Sybil Attack. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 251–260. Springer, Heidelberg (2002)
Miluzzo, E., et al.: Sensing meets mobile social networks: the design, implementation and evaluation of the cenceme application. In: Proc. ACM SenSys 2008 (2008)
Golbeck, J., Hendler, J.: Accuracy of metrics for inferring trust and reputation. In: 14th Int’l Conf. on Knowledge Engineering and Knowledge Management (2004)
Kwak, H., Lee, C., Park, H., Moon, S.: What is Twitter, a social network or a news media? In: Proc. the 19th Int’l Conf. on World Wide Web (2010)
Laur, S., Nyberg, K.: Efficient Mutual Data Authentication Using Manually Authenticated Strings. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 90–107. Springer, Heidelberg (2006)
Lindell, A.: Comparison-Based Key Exchange and the Security of the Numeric Comparison Mode in Bluetooth v2.1. In: RSA Conference (2009)
Nguyen, L. (ed.): Part 6: Mechanisms using manual data transfer
Nguyen, L., Roscoe, A.: Efficient group authentication protocol based on human interaction. In: Proc. FCS-ARSPA 2006, pp. 9–31 (2006)
Nguyen, L., Roscoe, A.: Authenticating ad hoc networks by comparison of short digests. Information and Computation 206, 250–271 (2008)
Nguyen, L., Roscoe, A.: Separating two roles of hashing in one-way message authentication. In: FCS-ARSPA-WITS (2008)
Nguyen, L., Roscoe, A.: Authentication protocols based on low-bandwidth unspoofable channels: a comparative survey. Computer Security 19(1), 139–201 (2011)
Roscoe, A., Smyth, T., Nguyen, L.: Model checking cryptographic protocols subject to combinatorial attack, http://www.cs.ox.ac.uk/files/4157/guess.pdf
Roscoe, A.W.: Human-centred computer security (2006) (unpublished draft)
Vaudenay, S.: Secure Communications over Insecure Channels Based on Short Authenticated Strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005)
Lin, Y.-H., et al.: SPATE: Small-Group PKI-Less Authenticated Trust Establishment. IEEE Transactions on Mobile Computing 9(12), 1666–1681 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, B., Roscoe, A.W. (2012). Social Networks for Importing and Exporting Security. In: Calinescu, R., Garlan, D. (eds) Large-Scale Complex IT Systems. Development, Operation and Management. Monterey Workshop 2012. Lecture Notes in Computer Science, vol 7539. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34059-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-34059-8_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34058-1
Online ISBN: 978-3-642-34059-8
eBook Packages: Computer ScienceComputer Science (R0)