social networks and security
play

Social Networks and Security Checkpoint Sep 7, 2009 Joseph - PowerPoint PPT Presentation

Oct 23, 2023 •281 likes •1.53k views

Social Networks and Security Checkpoint Sep 7, 2009 Joseph Bonneau, Computer Laboratory Hack #1: Photo URL Forging Photo Exploits: PHP parameter fiddling (Ng, 2008) Hack #1: Photo URL Forging Photo Exploits: Content Delivery Network URL

  1. Data of Interest Profile Data  − Loads of PII (contact info, address, DOB) − Tastes, preferences Graph Data  − Friendship connections − Common group membership − Communication patterns Activity Data  − Time, frequency of log-in, typical behavior

  2. Interested Parties Data Aggregation  − Marketers, Insurers, Credit Ratings Agencies, Intelligence, etc. − SNS operator implicitly included − Often, graph information is more important than profiles Targeted Data Leaks  − Employers, Universities, Fraudsters, Local Police, Friends, etc. − Usually care about profile data and photos

  3. Major Privacy Problems Data is shared in ways that most users don't expect  “Contextual integrity” not maintained  Three main drivers:  − Poor implementation − Misaligned incentives & economic pressure − Indirect information leakage

  4. Poor Implementation

  5. Poor Implementation Orkut Photo Tagging

  6. Poor Implementation Facebook Connect

  7. Poor Implementation Applications given full access to profile data of installed users − Even less revenue available for application developers... −

  8. Poor Implementation Better architectures proposed  − Privacy by proxy − Privacy by sandboxing

  9. Economic Pressure Most SNSs still lose money  − Advertising business model yet to prove its viability Grow first, monetize later  − “Growth is primary, revenue is secondary” - Mark Zuckerberg Privacy is often an impediment to new features 

  10. Economic Pressure Major survey of 45 social networks' privacy practices  Key Conclusions:  − “Market for privacy” fundamentally broken − Huge network effects, lock-in, lemons market − Sites with better privacy less likely to mention it!

  11. Promotional Techniques

  12. Promotional Techniques

  13. Terms of Service Terms of Service, hi5: Most Terms of Service reserve broad rights to user data

  14. Information leaked by the Social Graph...

  15. “Traditional” Social Network Analysis • Performed by sociologists, anthropologists, etc. since the 70's • Use data carefully collected through interviews & observation • Typically < 100 nodes • Complete knowledge • Links have consistent meaning • All of these assumptions fail badly for online social network data

  16. Traditional Graph Theory • Nice Proofs • Tons of definitions • Ignored topics: • Large graphs • Sampling • Uncertainty

  17. Models Of Complex Networks From Math & Physics Many nice models • Erdos-Renyi • Watts-Strogatz • Barabasi-Albert Social Networks properties: • Power-law • Small-world • High clustering coefficient

  18. Real social graphs are complicated!

  19. When In Doubt, Compute! We do know many graph algorithms: • Find important nodes • Identify communities • Train classifiers • Identify anomalous connections Major Privacy Implications!

  20. Privacy Questions • What can we infer purely from link structure?

  21. Privacy Questions • What can we infer purely from link structure? A surprising amount! • Popularity • Centrality • Introvert vs. Extrovert • Leadership potential • Communities

  22. Privacy Questions • If we know nothing about a node but it's neighbours, what can we infer?

  23. Privacy Questions • If we know nothing about a node but its neighbours, what can we infer? A lot! • Gender • Political Beliefs • Location • Breed?

  24. Privacy Questions • Can we anonymise graphs?

  25. Privacy Questions • Can we anonymise graphs? Not easily... • Seminal result by Backstrom et al.: Active attack needs just 7 nodes • Can do even better given user's complete neighborhood • Also results for correlating users across networks • Developing line of research...

  26. De-anonymisation (active) E I H B C F A D G A Social Graph with Private Links

  27. De-anonymisation (active) E I 1 H B 2 C F 3 4 A D G 5 Attacker adds k nodes with random edges

  28. De-anonymisation (active) E I 1 H B 2 C F 3 4 A D G 5 Attacker links to targeted nodes

  29. De-anonymisation (active) Graph is anonymised and edges are released

  30. De-anonymisation (active) 1 2 3 4 5 Attacker searches for unique k-subgroup

  31. De-anonymisation (active) 1 H 2 3 4 G 5 Link between targeted nodes is confirmed

  32. De-anonymisation (passive) • Similar to above, except k normal users collude and share their links • Only compromise random targets

  33. De-anonymisation results • 7 nodes need to be created in active attack • De-anonymize 70 chosen nodes! • 7 nodes in passive coalition compromise ~ 10 random nodes

  34. Cross-graph De-anonymisation • Goal: identify users in a private graph by mapping to public graph • “Shouldn't” work: graph isomorphism is NP-complete • Works quite well in practice on real graphs!

  35. Cross-graph De-anonymisation Public Graph Private Graph

  36. Cross-graph De-anonymisation Public Graph Public Graph Private Graph B B' A A' C C' Step 1: Identify Seed Nodes

  37. Cross-graph De-anonymisation Public Graph Public Graph Private Graph B B' A A' D D' C C' Step 2: Assign mappings based on mapped neighbors

  38. Cross-graph De-anonymisation Public Graph Public Graph Private Graph B B' A A' D D' C C' E E' Step 3: Iterate

  39. Cross-graph De-anonymisation • Demonstrated on Twitter and Flickr • Only 24% of Twitter users on Flickr, 5% of Twitter users on Flickr • 31 % of common users identified (~9,000) given just 30 seeds! • Real-world attacks can be much more powerful • Auxiliary knowledge • Mapping of attributes, language use, etc.

  40. Privacy Questions • What can we infer if we “compromise” a fraction of nodes?

  41. Privacy Questions • What can we infer if we “compromise” a fraction of nodes? A lot... • Common theme: small groups of nodes can see the rest • Danezis et al. • Nagaraja • Korolova et al. • Bonneau et al.

  42. Privacy Questions • What if we get a subset of neighbours for all nodes?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12,

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12,

Security and Social Context or Why Facebook is Worth Fixing Security and Human Behavior Jun 12, 2009 Joseph Bonneau, Computer Laboratory Today I) Culture gap on social networks is hurting security II) The future of the internet is social

762 views • 17 slides
Unique Security Challenges for Online Social Networks ICT-Forward 2009 May 4, 2009 Joseph

Unique Security Challenges for Online Social Networks ICT-Forward 2009 May 4, 2009 Joseph

Unique Security Challenges for Online Social Networks ICT-Forward 2009 May 4, 2009 Joseph Bonneau, Computer Laboratory Pessimistic View of Social Networks Just LAMP websites where you list your friends... The Surprising Depth of Facebook

667 views • 63 slides
SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security

SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security

SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security Be There For Me? How Do We Earn Credits? Who Can Get Benefits? When Should I Retire? How Do I Apply? What About Medicare? What is Social

578 views • 44 slides
Social security data and indicators y Social security Social security covers all measures

Social security data and indicators y Social security Social security covers all measures

Social security data and indicators y Social security Social security covers all measures providing benefits, whether in p g f , cash or in kind, to secure protection, inter alia, from (a) lack of work-related income (or insufficient

608 views • 19 slides
Security and Privacy in Vehicular Social Networks Hongyu Jin, Mohammad Khodaei, and Panos

Security and Privacy in Vehicular Social Networks Hongyu Jin, Mohammad Khodaei, and Panos

KTH ROYAL INSTITUTE OF TECHNOLOGY Security and Privacy in Vehicular Social Networks Hongyu Jin, Mohammad Khodaei, and Panos Papadimitratos Networked Systems Security Group (NSS) www.eecs.kth.se/nss Security and Privacy for Vehicular

385 views • 16 slides
Querying Geo-social Data by Bridging Spatial Networks and Social Networks Yerach Ben Yaron

Querying Geo-social Data by Bridging Spatial Networks and Social Networks Yerach Ben Yaron

Querying Geo-social Data by Bridging Spatial Networks and Social Networks Yerach Ben Yaron Doytsher Galon Kanza 1 Motivation Social networks provide valuable information on social relationships among people (users) Associating

1.25k views • 46 slides
Introduction Social and Economic Networks MohammadAmin Fazli Social and Economic Networks 1

Introduction Social and Economic Networks MohammadAmin Fazli Social and Economic Networks 1

Introduction Social and Economic Networks MohammadAmin Fazli Social and Economic Networks 1 Why Study Networks Social networks permeate our social and economic lives They play a central role in the transmission of information, .

562 views • 35 slides
International social security standards and challenges to social security Lessons for a

International social security standards and challenges to social security Lessons for a

15 th PPF MEMBERS CONFERENCE Arusha 19-21 October 2005 International social security standards and challenges to social security Lessons for a Tanzanian reform debate Krzysztof Hagemejer Policy coordinator Social Security Department,

499 views • 47 slides
Social Security: An Overview For the National Academy of Social Insurance Demystifying Social

Social Security: An Overview For the National Academy of Social Insurance Demystifying Social

Social Security: An Overview For the National Academy of Social Insurance Demystifying Social Security: Academy for Interns July 22, 2010 Joni Lavery, Social Science Research Analyst Social Security Administration Office of Retirement Policy,

511 views • 16 slides
portable social networks with microformats social networks pownce.com ma.gnolia.com

portable social networks with microformats social networks pownce.com ma.gnolia.com

creating portable social networks with microformats social networks pownce.com ma.gnolia.com edenbee.com upcoming.yahoo.com last.fm twitter.com flickr.com Social network fatigue? More important than that: freedom of movement; reducing

404 views • 25 slides
Learning to de-anonymize social networks A machine learning approach to social graph

Learning to de-anonymize social networks A machine learning approach to social graph

Learning to de-anonymize social networks A machine learning approach to social graph de-anonymization Kumar Sharad October 28, 2016 Royal Holloway, University of London ACM Workshop on Artificial Intelligence and Security, Vienna, Austria

1.01k views • 69 slides
Graphs and social networks Social networks Active area of research motivated in part by

Graphs and social networks Social networks Active area of research motivated in part by

csci 210: Data Structures Graphs and social networks Social networks Active area of research motivated in part by growing public fascination withe the complex connectedness of modern society Social networks have grown in

590 views • 11 slides
SOCIAL NETWORKS OF ELDERLY PEOPLE Hayden Manseau 1 1. THE PROBLEM 2 THE IMPACT OF SOCIAL

SOCIAL NETWORKS OF ELDERLY PEOPLE Hayden Manseau 1 1. THE PROBLEM 2 THE IMPACT OF SOCIAL

SOCIAL NETWORKS OF ELDERLY PEOPLE Hayden Manseau 1 1. THE PROBLEM 2 THE IMPACT OF SOCIAL NETWORKS IN ELDERLY POPULATION Social Network Elderly Social Networks Reduced Social Networks Is defined as a subjective Could be family members,

129 views • 11 slides
A New Future for Social Security Consultation on Social Security in Scotland Background Why is

A New Future for Social Security Consultation on Social Security in Scotland Background Why is

A New Future for Social Security Consultation on Social Security in Scotland Background Why is the Scottish Government Consulting? The Scotland Act 2016 makes provision for the transfer of responsibility for a number of social security

318 views • 17 slides
Why Should You Care About Social Security Benefits? Approximately 63M people receive social

Why Should You Care About Social Security Benefits? Approximately 63M people receive social

Why Should You Care About Social Security Benefits? Approximately 63M people receive social security benefits every month Social Security accounts for 33% of average retirees income and 43% of unmarried persons rely on Social Security for

688 views • 29 slides
Social security for all: Labour Office Towards a social security floor Michael Cichon Social

Social security for all: Labour Office Towards a social security floor Michael Cichon Social

International Social security for all: Labour Office Towards a social security floor Michael Cichon Social Security Department International Labour Office Geneva, 28 November 2007 The ILO Global Campaign to extend Social Security to all

670 views • 20 slides
Content Pricing in Peer-to-Peer Networks Jaeok Park and Mihaela van der Schaar Electrical

Content Pricing in Peer-to-Peer Networks Jaeok Park and Mihaela van der Schaar Electrical

Content Pricing in Peer-to-Peer Networks Jaeok Park and Mihaela van der Schaar Electrical Engineering Department, UCLA 2010 Workshop on the Economics of Networks, Systems, and Computation (NetEcon 10) October 3, 2010 Park and van der Schaar

653 views • 37 slides
Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of Computer Science Universitat Autnoma de Barcelona NordSec 2004 G. Navarro et al. (UAB) CADAT NordSec 2004 1 / 15 Outline Introduction 1

488 views • 38 slides
Security and digital rights management Kati Tuomainen khtuomai@cc.hut.fi Agenda

Security and digital rights management Kati Tuomainen khtuomai@cc.hut.fi Agenda

Security and digital rights management Kati Tuomainen khtuomai@cc.hut.fi Agenda Introduction Content based media security What is DRM? How do DRM systems work? DRM models Mobile DRM Concluding remarks Introduction

1.39k views • 13 slides
3-509

3-509

3-509 liuzhen@sjtu.edu.cn 1 Introduction to Bitcoin SSL and IPSec 2 2. Transaction in Bitcoin A Transaction 2. Transaction in Bitcoin A

727 views • 25 slides
The Energy Innovation Platform Overview Personalised Customer Centric Digital Engagement

The Energy Innovation Platform Overview Personalised Customer Centric Digital Engagement

The Energy Innovation Platform Overview Personalised Customer Centric Digital Engagement Platforms Over 250,000 customers currently using Platform Tier 1, Tier 2 and new entrant energy retailer market in Australia Varying

98 views • 7 slides
Memory of Master and Techniques of Tunis Realised by : Nesrine KHOUZAMI Introduction

Memory of Master and Techniques of Tunis Realised by : Nesrine KHOUZAMI Introduction

Higher School of Sciences Memory of Master and Techniques of Tunis Realised by : Nesrine KHOUZAMI Introduction Problematic Existing approaches BonjourGrid Proposed approach Implementations Experimentations Conclusion and perspectives 2

784 views • 50 slides
Flow Rate Fairness: Dismantling a Religion Bob Briscoe presented by Brighten Godfrey 1 Fairness

Flow Rate Fairness: Dismantling a Religion Bob Briscoe presented by Brighten Godfrey 1 Fairness

Flow Rate Fairness: Dismantling a Religion Bob Briscoe presented by Brighten Godfrey 1 Fairness in networks Flow rate equality! 911 Easily circumvented Doesnt even optimize for any metric of interest hotornot.com Fig. 1:

484 views • 17 slides
Blind Merged Mining Paul Sztorc Research Director, Tierion May 15th, 2019 1 About Me 2012

Blind Merged Mining Paul Sztorc Research Director, Tierion May 15th, 2019 1 About Me 2012

Drivechain and Blind Merged Mining Paul Sztorc Research Director, Tierion May 15th, 2019 1 About Me 2012 -- Bitcoiner 2014 -- Truthcoin.info Blog 2015-Present Scaling Bitcoin 1,2,3,4; TabConf and BoB Currently: Research

894 views • 40 slides

More recommend