research-article

Free access

Persona: an online social network with user-defined privacy

Authors:

Bobby Bhattacharjee,

Daniel StarinAuthors Info & Claims

SIGCOMM '09: Proceedings of the ACM SIGCOMM 2009 conference on Data communication

Pages 135 - 146

https://doi.org/10.1145/1592568.1592585

Published: 16 August 2009 Publication History

Abstract

Online social networks (OSNs) are immensely popular, with some claiming over 200 million users. Users share private content, such as personal information or photographs, using OSN applications. Users must trust the OSN service to protect personal information even as the OSN provider benefits from examining and sharing that information. We present Persona, an OSN where users dictate who may access their information. Persona hides user data with attribute-based encryption (ABE), allowing users to apply fine-grained policies over who may view their data. Persona provides an effective means of creating applications in which users, not the OSN, define policy over access to private data. We demonstrate new cryptographic mechanisms that enhance the general applicability of ABE. We show how Persona provides the functionality of existing online social networks with additional privacy benefits. We describe an implementation of Persona that replicates Facebook applications and show that Persona provides acceptable performance when browsing privacy-enhanced web pages, even on mobile devices.

References

[1]

A. Acquisti and R. Gross. Imagined communities: Awareness, information sharing, and privacy on the facebook. In PET, 2006.

Digital Library

[2]

Advanced crypto software collection. http://acsc.csl.sri.com/cpabe/.

[3]

S. Ahern, et al. Over-exposed?: privacy patterns and considerations in online and mobile photo sharing. In Human Factors in Computing Systems, 2007.

Digital Library

[4]

Apple iPhone SDK. http://developer.apple.com/iphone/.

[5]

J. Bethencourt, A. Sahai, and B. Waters. Ciphertext-policy attribute-based encryption. In Security and Privacy, 2007.

Digital Library

[6]

P. A. Bonatti and P. Samarati. A uniform framework for regulating service access and information release on the web. Journal of Computer Security, 2002.

Digital Library

[7]

M. Chase. Multi-authority attribute based encryption. In TCC, 2007.

Digital Library

[8]

D. Clark. The design philosophy of the darpa internet protocols. In SIGCOMM, 1988.

Digital Library

[9]

Facebook statement of rights and responsibilities. http://www.facebook.com/press/info.php?statistics#/terms.php?ref=pf.

[10]

Facebook statistics. http://www.facebook.com/press/info.php?statistics.

[11]

D. F. Ferraiolo and D. R. Kuhn. Role-based access controls. In National Computer Security Conference, 1992.

[12]

M. Gjoka, M. Sirivianos, A. Markopoulou, and X. Yang. Poking facebook: Characterization of OSN applications. In WOSN, 2008.

Digital Library

[13]

R. Gross and A. Acquisti. Information revelation and privacy in online social networks (the facebook case). In WPES, 2005.

Digital Library

[14]

S. Guha, K. Tang, and P. Francis. NOYB: Privacy in online social networks. In WOSN, 2008.

Digital Library

[15]

K. P. Gummadi, S. Saroiu, and S. D. Gribble. King: Estimating latency between arbitrary internet end hosts. In IMC, 2002.

Digital Library

[16]

J. He, W. W. Chu, and Z. V. Liu. Inferring privacy information from social networks. In ISI, 2006.

Digital Library

[17]

J. Kleinberg. Challenges in social network data: Processes, privacy and paradoxes. In KDD, 2007. Invited talk.

Digital Library

[18]

A. Korolova, R. Motwani, S. U. Nabar, and Y. Xu. Link privacy in social networks. In Information and Knowledge Mining (CIKM), 2008.

Digital Library

[19]

B. Krishnamurthy. A measure of online social networks. In COMSNETS, 2009.

Digital Library

[20]

B. Krishnamurthy and C. E. Wills. Characterizing privacy in online social networks. In WOSN, 2008.

Digital Library

[21]

I.-F. Lam, K.-T. Chen, and L.-J. Chen. Involuntary information leakage in social network services. In IWSEC, 2008.

Digital Library

[22]

Y. Lee. Measured TCP performance in CDMA 1x EV-DO network. In PAM, 2006.

[23]

H. Lin, Z. Cao, X. Liang, and J. Shao. Secure threshold multi authority attribute based encryption without a central authority. In INDOCRYPT, 2008.

Digital Library

[24]

Linkedin. http://www.linkedin.com/.

[25]

Loopt. http://www.loopt.com.

[26]

M. M. Lucas and N. Borisov. flybynight: Mitigating the privacy risks of social networking. In WPES, 2008.

Digital Library

[27]

B. Lynn. On the implementation of pairing-based cryptosystems. Ph.D. thesis, Stanford, 2008.

[28]

A. Mislove, et al. Measurement and analysis of online social networks. In IMC, 2007.

Digital Library

[29]

A. Mislove, et al. Growth of the flickr social network. In WOSN, 2008.

Digital Library

[30]

D. Naor, M. Naor, and J. B. Lotspiech. Revocation and tracing schemes for stateless receivers. In CRYPTO, 2001.

Digital Library

[31]

M. Pirretti, P. Traynor, P. McDaniel, and B. Waters. Secure attribute-based systems. In ACM CCS, 2006.

Digital Library

[32]

A. Sahai and B. Waters. Fuzzy identity-based encryption. In Eurocrypt, 2005.

Digital Library

[33]

U. Shankar, et al. Detecting format-string vulnerabilities with type qualifiers. In USENIX Security, 2001.

Digital Library

[34]

A. Tootoonchian, et al. Lockr: Social access control for web 2.0. In WOSN, 2008.

Digital Library

[35]

P. Traynor, K. Butler, W. Enck, and P. McDaniel. Realizing massive-scale conditional access systems through attribute-based cryptosystems. In NDSS, 2008.

[36]

Where I've been. http://apps.facebook.com/whereivebeen/.

[37]

C. K. Wong, M. Gouda, and S. S. Lam. Secure group communications using key graphs. SIGCOMM CCR, 28(4):68--79, 1998.

Digital Library

[38]

W. Xu, X. Zhou, and L. Li. Inferring privacy information via social relations. In ICDEW, 2008.

[39]

H. Yin, et al. Capturing system-wide information flow for malware detection and analysis. In CCS, 2007.

Digital Library

[40]

T. Yu, M. Winslett, and K. E. Seamons. Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. Transactions on Information and System Security, 2003.

Digital Library

Cited By

Taheri Boshrooyeh SKüpçü AÖzkasap Ö(2025)Integrita: A BFT distributed storage systemFuture Generation Computer Systems10.1016/j.future.2024.107629166(107629)Online publication date: May-2025
https://doi.org/10.1016/j.future.2024.107629
Ali SHaq MKhan H(2024)Blockchain for AcademicsAchieving Secure and Transparent Supply Chains With Blockchain Technology10.4018/979-8-3693-0482-2.ch012(200-224)Online publication date: 18-Jan-2024
https://doi.org/10.4018/979-8-3693-0482-2.ch012
Belel ADutta RMukhopadhyay S(2024)Key-homomorphic and revocable ciphertext-policy attribute based key encapsulation mechanism for multimedia applicationsMultimedia Tools and Applications10.1007/s11042-024-18626-w83:33(78827-78859)Online publication date: 29-Feb-2024
https://doi.org/10.1007/s11042-024-18626-w
Show More Cited By

Index Terms

Persona: an online social network with user-defined privacy

Recommendations

Persona: an online social network with user-defined privacy
SIGCOMM '09

Online social networks (OSNs) are immensely popular, with some claiming over 200 million users. Users share private content, such as personal information or photographs, using OSN applications. Users must trust the OSN service to protect personal ...
Privacy antecedents for SNS self-disclosure

Social networking sites privacy issues and self-disclosure are examined.A research model of privacy issues and self-disclosure is built.Structural equations modeling is used to assess the model fit.Path analysis is done to analyze hypothesis whereas 11 ...
Building social capital with Facebook: Type of network, availability of other media, and social self-efficacy matter^#
Highlights
- Type of friends affects building social capital via Facebook and traditional media.
Abstract
Findings about Facebook's effect on relationships are mixed, possibly due to lack of models that acknowledge differences across users, types of their friends, and use of competing media. To address this, we proposed and tested how ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCOMM '09: Proceedings of the ACM SIGCOMM 2009 conference on Data communication

August 2009

340 pages

ISBN:9781605585949

DOI:10.1145/1592568

General Chairs:
Pablo Rodriguez
Telefonica Research, Spain
,
Ernst Biersack
Eurecom, France
,
Program Chairs:
Konstantina Papagiannaki
Intel Labs Pittsburgh, USA
,
Luigi Rizzo
Università di Pisa, Italy

ACM SIGCOMM Computer Communication Review Volume 39, Issue 4
SIGCOMM '09
October 2009
325 pages
ISSN:0146-4833
DOI:10.1145/1594977
Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 August 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGCOMM '09

Sponsor:

SIGCOMM '09: ACM SIGCOMM 2009 Conference

August 16 - 21, 2009

Barcelona, Spain

Acceptance Rates

Overall Acceptance Rate 462 of 3,389 submissions, 14%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

431
Total Citations
View Citations
6,265
Total Downloads

Downloads (Last 12 months)486
Downloads (Last 6 weeks)51

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Taheri Boshrooyeh SKüpçü AÖzkasap Ö(2025)Integrita: A BFT distributed storage systemFuture Generation Computer Systems10.1016/j.future.2024.107629166(107629)Online publication date: May-2025
https://doi.org/10.1016/j.future.2024.107629
Ali SHaq MKhan H(2024)Blockchain for AcademicsAchieving Secure and Transparent Supply Chains With Blockchain Technology10.4018/979-8-3693-0482-2.ch012(200-224)Online publication date: 18-Jan-2024
https://doi.org/10.4018/979-8-3693-0482-2.ch012
Belel ADutta RMukhopadhyay S(2024)Key-homomorphic and revocable ciphertext-policy attribute based key encapsulation mechanism for multimedia applicationsMultimedia Tools and Applications10.1007/s11042-024-18626-w83:33(78827-78859)Online publication date: 29-Feb-2024
https://doi.org/10.1007/s11042-024-18626-w
Zhang JRen SDong EMeng ZYang YXu MYang SZhang MYue Y(2023)Reducing Mobile Web Latency Through Adaptively Selecting Transport ProtocolIEEE/ACM Transactions on Networking10.1109/TNET.2023.323590731:5(2162-2177)Online publication date: Oct-2023
https://doi.org/10.1109/TNET.2023.3235907
Riepel DWee HYin HStavrou ACremers CShi E(2022)FABEOProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560699(2491-2504)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560699
Cheng RWu NVarvello MChen SHan BBarakat CPelsser CBenson TChoffnes D(2022)Are we ready for metaverse?Proceedings of the 22nd ACM Internet Measurement Conference10.1145/3517745.3561417(504-518)Online publication date: 25-Oct-2022
https://dl.acm.org/doi/10.1145/3517745.3561417
Ernala SSeybolt JYoo DBirnbaum MKane JDe Choudhury M(2022)The Reintegration Journey Following a Psychiatric Hospitalization: Examining the Role of Social TechnologiesProceedings of the ACM on Human-Computer Interaction10.1145/35129696:CSCW1(1-31)Online publication date: 7-Apr-2022
https://dl.acm.org/doi/10.1145/3512969
Logas JSchlesinger ALi ZDas S(2022)Image DePO: Towards Gradual Decentralization of Online Social Networks using Decentralized Privacy OverlaysProceedings of the ACM on Human-Computer Interaction10.1145/35129076:CSCW1(1-28)Online publication date: 7-Apr-2022
https://dl.acm.org/doi/10.1145/3512907
Cheng RWu NChen SHan B(2022)Reality Check of Metaverse: A First Look at Commercial Social Virtual Reality Platforms2022 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW)10.1109/VRW55335.2022.00040(141-148)Online publication date: Mar-2022
https://doi.org/10.1109/VRW55335.2022.00040
Li MZhu LZhang ZLal CConti MAlazab M(2022)User-Defined Privacy-Preserving Traffic Monitoring Against n-by-1 Jamming AttackIEEE/ACM Transactions on Networking10.1109/TNET.2022.315765430:5(2060-2073)Online publication date: Oct-2022
https://doi.org/10.1109/TNET.2022.3157654
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents