identifying close friends on the internet
play

Identifying Close Friends on the Internet Randy Baden Bobby - PowerPoint PPT Presentation

Jan 31, 2023 •888 likes •1.14k views

Identifying Close Friends on the Internet Randy Baden Bobby Bhattacharjee Neil Spring from HotNets09 Problem Security and privacy are only as good as the user's ability to identify with whom they wish to communicate Consequences of

  1. Identifying Close Friends on the Internet Randy Baden Bobby Bhattacharjee Neil Spring from HotNets09

  2. Problem ● Security and privacy are only as good as the user's ability to identify with whom they wish to communicate ● Consequences of compromised friend edges: spam, phishing, viruses, privacy leaks, identity theft ● Correctly identifying online social network (OSN) users is difficult ● Impersonation is easy [Bilge, et al., WWW '09] ● Scale and context is unlike well-studied settings

  3. Impersonation ● Copy public information from a different social network to create an impostor account ● Clone public information on the same social network ● Most users will not notice that there are two identical accounts, even if they have already added the friend ● Optionally, first infiltrate the user's social circle to invade privacy, then also clone private information

  4. Solution ● Public key infrastructure (PKI) ● Usually: a centralized, trusted certificate authority publishes public keys for the actors in the system ● No central authority can verify the identity of every user of an OSN ● Decentralized identity verification ● Users responsible for verifying the identities of their neighbors in the social graph ● Advantage: OSN users have social knowledge

  5. Exclusive Shared Knowledge ● Ask a question that only the friend can answer ● Some real examples ● Which celebrity do I always get confused with Sean Penn? ● How much did we spend on drinks last night? (nearest dollar, no $)

  6. Exclusive Shared Knowledge ● Ask a question that only the friend can answer ● Some real examples ● Which celebrity do I always get confused with Sean Penn? – Liam Neeson ● How much did we spend on drinks last night? (nearest dollar, no $)

  7. Exclusive Shared Knowledge ● Ask a question that only the friend can answer ● Some real examples ● Which celebrity do I always get confused with Sean Penn? – Liam Neeson ● How much did we spend on drinks last night? (nearest dollar, no $) – 104

  8. Challenges ● Designing a protocol to resist known attacks ● Evaluate security of shared knowledge

  9. Asker Impersonation Iron Man Thor Loki When didst we first assemble? 1963 1963 Consequence: verification is one-way; Iron Man incorrectly believes that Loki is Thor the asker identifies the askee

  10. Askee Impersonation Thor Loki Iron Man What was Henry Pym's wife's name? Uhh... Janet? Janet Consequences: answer space should be large; Impostor guesses the correct answer protocol should not reveal information

  11. Protocol ● Desired Properties ● One-way verification: at end, asker learns/confirms the askee's public key ● Zero-knowledge proof of possession of shared knowledge ● Interactive: immune to offline dictionary attacks ● Existing protocol: SPEKE [Jablon, Sigcomm96] ● Establishes a secure channel based on a shared passphrase ● Can be applied over an OSN as a browser extension

  12. Can Users Ask Good Questions? A user study and a Facebook game

  13. Rules ● Users are rewarded for forming “bonds” ● Users are punished for having their bonds broken ● Users are rewarded for breaking bonds ● Crowdsourced security penetration testing Asker Askee Impostor Bond Made +1 per bond +1 per bond - Bond Broken -2 per bond -1 per bond +1 per impostor

  14. Data Collection ● April – June 2009 ● 171 registered participants ● 70 did not ask, answer, or try to break bonds ● 92 asked or answered at least once ● 9 only tried to break bonds ● Results consider only the 101 active participants

  15. Friend Graph

  16. Bond Graph

  17. Ability To Ask

  18. Break Attempts Friend Stranger All Unsuccessful 50% 44% 94% Successful 5% 1% 6% All 55% 45% 100%

  19. Web of Trust

  20. Web of Trust

  21. Conclusion ● Users can ● Use exclusive shared knowledge to identify one- hop neighbors in a social network ● Sign and publish identifications to identify multi-hop neighbors and confirm verifications – 80% of broken bonds in the experiment also had a good path ● Enables a social PKI, useful for secure systems ● Bond Breaker is just part of the big picture

  22. Identifying Close Friends on the Internet Randy Baden Bobby Bhattacharjee Neil Spring from HotNets09

  23. Persona ● Distributed and decentralized OSN ● Users choose where to store their data ● Users store data encrypted with ABE – Key distribution mechanisms to use ABE, public key crypto, and symmetric key crypto in ways that support OSN communication patterns – Built on assumption that there's a social PKI ● Users need not trust third parties with data ● Can still provide content-agnostic applications, which includes most core OSN applications

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Goals Orientation to Demonstration & Introduction to new FRIENDS Application of the cost

Goals Orientation to Demonstration & Introduction to new FRIENDS Application of the cost

Put a man on the moon (and know how much it cost) Identifying the costs and benefits of respite care An Introduction to the FRIENDS Cost Analysis Toolkit Presented by: Casandra Firman & MaryJo Alimena Caruso T/TA Coordinators FRIENDS

540 views • 22 slides
Identifying & Reaching Your Ideal Prospect From your friends @ Heres a question for

Identifying & Reaching Your Ideal Prospect From your friends @ Heres a question for

Identifying & Reaching Your Ideal Prospect From your friends @ Heres a question for ya Whos your ideal prospect? Often, we hear answers like The C-Suite Marketing professionals Anyone who needs financial

598 views • 16 slides
Tea with the Friends Tea wi with the F Friends Who are the Friends? We are a Voluntary

Tea with the Friends Tea wi with the F Friends Who are the Friends? We are a Voluntary

Tea with the Friends Tea wi with the F Friends Who are the Friends? We are a Voluntary Group who support extra curricular activities here at St Martins We are of Dads, Mums, Teachers, Grandparents & x-Student/x-Parents You

356 views • 11 slides
Founders Weve been close friends since 5 years and working together on a startup since 1.5

Founders Weve been close friends since 5 years and working together on a startup since 1.5

Founders Weve been close friends since 5 years and working together on a startup since 1.5 years. (Registered as Delineate Innovations Pvt. Ltd.) Sagar Pathare Saurabh Indoria Software Engineer CEO & CTO Computer Engineer, Computer

443 views • 7 slides
My internship abroad Luc Smulders Europe! Relatively close Easy to come back Friends

My internship abroad Luc Smulders Europe! Relatively close Easy to come back Friends

My internship abroad Luc Smulders Europe! Relatively close Easy to come back Friends and family can visit Easier with visa etcetera Europe is beautiful! Scandinavia or Germany/Austria? Germany or Austria! Learn German

268 views • 26 slides
Friends Close and Enemies Closer UNDERSTANDING AND ASSESSING THE COMPETITION Definition:

Friends Close and Enemies Closer UNDERSTANDING AND ASSESSING THE COMPETITION Definition:

Friends Close and Enemies Closer UNDERSTANDING AND ASSESSING THE COMPETITION Definition: Competition What alternatives does the customer have to solve the problem How to think about it? Similar Products Vs. Solving the same problem

340 views • 10 slides
Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna

Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna

Identifying core skills required for the digital economy: Internet of Things Prof. Dr. Anna Frster Sustainable Communication Networks University of Bremen Germany ITU-CBS, Santo Domingo, June 19 th 2018 Core Questions What is the Internet

135 views • 12 slides
Identifying Personal Information in Internet Traffic Yabing Liu Han Hee Song Ignacio

Identifying Personal Information in Internet Traffic Yabing Liu Han Hee Song Ignacio

Identifying Personal Information in Internet Traffic Yabing Liu Han Hee Song Ignacio Bermudez Alan Mislove Mario Baldi Alok Tongaonkar Northeastern University Cisco Systems Symantec Corporation November 2, 2015,

639 views • 36 slides
Identifying Impacts of Protocol and Internet Development on the Bitcoin Network Ryunosuke

Identifying Impacts of Protocol and Internet Development on the Bitcoin Network Ryunosuke

Tokyo Institute of Technology Identifying Impacts of Protocol and Internet Development on the Bitcoin Network Ryunosuke Nagayama, Ryohei Banno, Kazuyuki Shudo Tokyo Tech Blockchain A distributed ledger on P2P network A node generates a

439 views • 19 slides
Companion Planting: Plants Need Friends, Too! What is Companion Planting? Planting two or

Companion Planting: Plants Need Friends, Too! What is Companion Planting? Planting two or

Companion Planting: Plants Need Friends, Too! What is Companion Planting? Planting two or more plant species in close proximity to culturally benefit each other by attracting or deterring pests, keeping the soil healthy, and improving

858 views • 22 slides
Friends & Strangers Claim: there is a set of 3 mutual friends or 3 mutual strangers Albert

Friends & Strangers Claim: there is a set of 3 mutual friends or 3 mutual strangers Albert

Mathematics for Computer Science Friends & Strangers MIT 6.042J/18.062J Six people. Every two are Proof by Cases: either friends or strangers. Friends & Strangers Claim: there is a set of 3 mutual friends or 3 mutual strangers

214 views • 4 slides
Ten Years of Destabilizing the Prison Industrial Complex Family and Friends of Louisianas

Ten Years of Destabilizing the Prison Industrial Complex Family and Friends of Louisianas

Ten Years of Destabilizing the Prison Industrial Complex Family and Friends of Louisianas Incarcerated Youth led the effort to close Tallulah, an abusive youth prison. Community Unity Coalition, which included Critical Resistance,

255 views • 14 slides
Friends of Scouting It is Very Important that all Units participate in the Friends Of Scouting

Friends of Scouting It is Very Important that all Units participate in the Friends Of Scouting

Friends of Scouting It is Very Important that all Units participate in the Friends Of Scouting Campaign Leaders, please help us get your parents invested with a pledge from every family! Book your Unit F.O.S. presentation Date Contact: Bill

280 views • 14 slides
20 16 Friends Of Scouting LaFayette District's 20 16 Goal is $95,0 0 0 .0 0 Current Pledges 8 8

20 16 Friends Of Scouting LaFayette District's 20 16 Goal is $95,0 0 0 .0 0 Current Pledges 8 8

20 16 Friends Of Scouting LaFayette District's 20 16 Goal is $95,0 0 0 .0 0 Current Pledges 8 8 %= $8 4,0 0 0 .0 0 We are very Close! However, for The District to reach our goal we need the Help of Every Unit (waiting on TWO More !) Please,

465 views • 23 slides
FRIENDS OF CHILDREN WITH CANCER - TANZANIA FRIENDS OF CHILDREN IN HOSPITALS F RIENDS OF C HILDREN

FRIENDS OF CHILDREN WITH CANCER - TANZANIA FRIENDS OF CHILDREN IN HOSPITALS F RIENDS OF C HILDREN

FRIENDS OF CHILDREN WITH CANCER - TANZANIA FRIENDS OF CHILDREN IN HOSPITALS F RIENDS OF C HILDREN WITH C ANCER - O VERVIEW It is a Network of friends supporting the needs of the families affected by NCDs in Tanzania Key Objective ! To raise

497 views • 21 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
Annual Meeting 2006 FIG Commission 7 Slovenia, 13-5-2006 OVERVIEW OF TODAY Introduction

Annual Meeting 2006 FIG Commission 7 Slovenia, 13-5-2006 OVERVIEW OF TODAY Introduction

Annual Meeting 2006 FIG Commission 7 Slovenia, 13-5-2006 OVERVIEW OF TODAY Introduction Innovations Way Forward F... Bhoomi e-Conveyancing System? l Not a Paperless System l Electronic execution of Mutation l Online investigation

729 views • 20 slides
Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in

Public Key Cryptography in Practice Eli Biham - May 3, 2005 c 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent slow speed of the public key

442 views • 14 slides
Spatial Encryption Adam Barth Dan Boneh Mike Hamburg March 17, 2008 Adam Barth, Dan Boneh,

Spatial Encryption Adam Barth Dan Boneh Mike Hamburg March 17, 2008 Adam Barth, Dan Boneh,

Spatial Encryption Adam Barth Dan Boneh Mike Hamburg March 17, 2008 Adam Barth, Dan Boneh, Mike Hamburg Spatial Encryption Traditional Public-Key Infrastructure CA Alice Bob Adam Barth, Dan Boneh, Mike Hamburg Spatial Encryption

371 views • 24 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

932 views • 55 slides
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation Kaufman et

T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation Kaufman et

T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation Kaufman et al: Ch 10.2 Key management 11.6; 9.7-9; - Distribution of symmetric keys Stallings: Ch 7.4; 7.3; - Management of public keys 10.1 1 The Use of

529 views • 9 slides
Fixedmobile convergence IntroducSon Historical overview Dirk Breuer Deutsche Telekom

Fixedmobile convergence IntroducSon Historical overview Dirk Breuer Deutsche Telekom

Fixedmobile convergence IntroducSon Historical overview Dirk Breuer Deutsche Telekom Laboratories, Germany Tibor Cinkler Budapest University of Technology and Economics, Hungary Stphane Gosselin Orange R&D, France Annie Gravey

318 views • 5 slides
Taiwan SIP/ENUM trial status TWNIC 2005/ 2/ 23 Content ! SIP/ Enum trial project ! SIP/ ENUM

Taiwan SIP/ENUM trial status TWNIC 2005/ 2/ 23 Content ! SIP/ Enum trial project ! SIP/ ENUM

Taiwan SIP/ENUM trial status TWNIC 2005/ 2/ 23 Content ! SIP/ Enum trial project ! SIP/ ENUM trial deployment status ! Registration system and equipments 2 Project Managem ent Project Leader :Dr. S.S. Tseng President, TWNIC Project

309 views • 18 slides
SOFTWARE ENGINEERING FOR CONNECTION SERVICES Pamela Zave AT&T LaboratoriesResearch

SOFTWARE ENGINEERING FOR CONNECTION SERVICES Pamela Zave AT&T LaboratoriesResearch

SOFTWARE ENGINEERING FOR CONNECTION SERVICES Pamela Zave AT&T LaboratoriesResearch Florham Park, New Jersey, USA PART ONE: CONNECTION SERVICES AND THEIR SOFTWARE PROBLEMS THE CONTEXT OF A CONNECTION SERVICE network domain with a

193 views • 17 slides

More recommend