research-article

HITC: Data Privacy in Online Social Networks with Fine-Grained Access Control

Authors:

Ahmed Khalil Abdulla,

Spiridon BakirasAuthors Info & Claims

SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

Pages 123 - 134

https://doi.org/10.1145/3322431.3325104

Published: 28 May 2019 Publication History

Abstract

Online Social Networks (OSNs), such as Facebook and Twitter, are popular platforms that enable users to interact and socialize through their networked devices. The social nature of such applications encourages users to share a great amount of personal data with other users and the OSN service providers, including pictures, personal views, location check-ins, etc. Nevertheless, recent data leaks on major online platforms demonstrate the ineffectiveness of the access control mechanisms that are implemented by the service providers, and has led to an increased demand for provably secure privacy controls. To this end, we introduce Hide In The Crowd (HITC), a flexible system that leverages encryption-based access control, where users can assign arbitrary decryption privileges to every data object that is posted on the OSN platforms. The decryption privileges can be assigned on the finest granularity level, for example, to a hand-picked group of users. HITC is designed as a browser extension and can be integrated to any existing OSN platform without the need for a third-party server. We describe our prototype implementation of HITC over Twitter and evaluate its performance and scalability.

References

[1]

2014. Camouflage. http://camouflage.unfiction.com/.

[2]

2014. JpegX Software. http://www.freewarefiles.com/Jpegx_program_19392.html.

[3]

2014. zsteg. https://github.com/zed-0xff/zsteg.

[4]

2017. Facebook Stats. https://newsroom.fb.com/company-info/

[5]

Ahmed Khalil Abdulla. 2019. HITC source code. https://github.com/AKhalil90/HITC-Hide-In-The-Crowd/.

[6]

Alessandro Acquisti and Ralph Gross. 2006. Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In Proc. Workshop on Privacy Enhancing Technologies (PET). 36--58.

Digital Library

[7]

Paul Alvarez. 2004. Using Extended File Information (EXIF) File Headers in Digital Evidence Analysis. IJDE, Vol. 2, 3 (2004).

[8]

Salman Aslam. 2019. Twitter by the Numbers: Stats, Demographics and Fun Facts. https://www.omnicoreagency.com/twitter-statistics/.

[9]

Randolph Baden, Adam Bender, Neil Spring, Bobby Bhattacharjee, and Daniel Starin. 2009. Persona: an online social network with user-defined privacy. In Proc. ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM). 135--146.

Digital Library

[10]

John Bethencourt, Amit Sahai, and Brent Waters. 2007. Ciphertext-Policy Attribute-Based Encryption. In Proc. IEEE Symposium on Security and Privacy (S&P). 321--334.

Digital Library

[11]

Benedikt Boehm. 2014. StegExpose - A Tool for Detecting LSB Steganography. CoRR, Vol. abs/1410.6656 (2014). http://arxiv.org/abs/1410.6656

[12]

David Chaum. 1982. Blind Signatures for Untraceable Payments. In Proc. CRYPTO. 199--203.

[13]

Leucio Antonio Cutillo, Refik Molva, and Thorsten Strufe. 2009. Safebook: a privacy-preserving online social network leveraging on real-life trust. IEEE Communications Magazine, Vol. 47, 12 (2009), 94--101.

Digital Library

[14]

Emiliano De Cristofaro, Claudio Soriente, Gene Tsudik, and Andrew Williams. 2012. Hummingbird: Privacy at the Time of Twitter. In Proc. IEEE Symposium on Security and Privacy (S&P). 285--299.

Digital Library

[15]

Ralph Gross and Alessandro Acquisti. 2005. Information revelation and privacy in online social networks. In Proc. ACM Workshop on Privacy in the Electronic Society (WPES). 71--80.

Digital Library

[16]

Joshua Gruenspecht. 2011. "Reasonable" grand jury subpoenas: asking for information in the age of big data. Harvard Journal of Law & Technology, Vol. 24, 2 (2011).

[17]

Saikat Guha, Kevin Tang, and Paul Francis. 2008. NOYB: privacy in online social networks. In Proc. ACM Workshop on Online Social Networks (WOSN). 49--54.

Digital Library

[18]

Sonia Jahid, Prateek Mittal, and Nikita Borisov. 2011. EASiER: encryption-based access control in social networks with efficient revocation. In Proc. ACM Symposium on Information, Computer and Communications Security (ASIACCS). 411--415.

Digital Library

[19]

Long Jin, Yang Chen, Tianyi Wang, Pan Hui, and Athanasios V. Vasilakos. 2013. Understanding user behavior in online social networks: a survey. IEEE Communications Magazine, Vol. 51, 9 (2013).

[20]

Balachander Krishnamurthy and Craig E. Wills. 2008. Characterizing privacy in online social networks. In Proc. ACM Workshop on Online Social Networks (WOSN). 37--42.

Digital Library

[21]

Balachander Krishnamurthy and Craig E. Wills. 2009. On the leakage of personally identifiable information via online social networks. In Proc. ACM Workshop on Online Social Networks (WOSN). 7--12.

Digital Library

[22]

Matthew M. Lucas and Nikita Borisov. 2009. flyByNight: mitigating the privacy risks of social networking. In Proc. Symposium on Usable Privacy and Security (SOUPS) .

Digital Library

[23]

Jianxia Ning, Indrajeet Singh, Harsha V. Madhyastha, Srikanth V. Krishnamurthy, Guohong Cao, and Prasant Mohapatra. 2014. Secret message sharing using online social media. In Proc. IEEE Conference on Communications and Network Security (CNS). 319--327.

[24]

Tran Viet Xuan Phuong, Guomin Yang, and Willy Susilo. 2014. Efficient Hidden Vector Encryption with Constant-Size Ciphertext. In Proc. European Symposium on Research in Computer Security (ESORICS). 472--487.

[25]

Sean C. Rhea, Brighten Godfrey, Brad Karp, John Kubiatowicz, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, and Harlan Yu. 2005. OpenDHT: a public DHT service and its uses. In Proc. ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM). 73--84.

Digital Library

[26]

Mitsunari Shigeo. 2018. a portable and fast pairing-based cryptography library. https://github.com/herumi/mcl .

[27]

Kaushal Solanki, Anindya Sarkar, and B. S. Manjunath. 2007. YASS: Yet Another Steganographic Scheme That Resists Blind Steganalysis. In Proc. International Workshop on Information Hiding (IH). 16--31.

Digital Library

[28]

Jinyuan Sun, Xiaoyan Zhu, and Yuguang Fang. 2010. A Privacy-Preserving Scheme for Online Social Networks with Efficient Revocation. In Proc. IEEE International Conference on Computer Communications (INFOCOM). 2516--2524.

Digital Library

[29]

Rye Terrell. 2012. An easy-to-use encryption system utilizing RSA and AES for javascript. https://github.com/wwwtyro/cryptico.

[30]

New York Times. 2018. Zuckerberg, Facing Facebook's Worst Crisis Yet, Pledges Better Privacy. https://www.nytimes.com/2018/03/21/technology/facebook-zuckerberg-data-privacy.html .

[31]

Amin Tootoonchian, Stefan Saroiu, Yashar Ganjali, and Alec Wolman. 2009. Lockr: better privacy for social networks. In Proc. ACM Conference on Emerging Networking Experiments and Technology (CoNEXT). 169--180.

Digital Library

[32]

Evan Vosberg. 2018. JavaScript library of crypto standards. https://github.com/brix/crypto-js.

Cited By

Song MLee MKim SEom HSon Y(2024)EnC-IoT: An Efficient Encryption and Access Control Framework based on IPFS for Decentralized IoT2024 IEEE 24th International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid59990.2024.00055(425-434)Online publication date: 6-May-2024
https://doi.org/10.1109/CCGrid59990.2024.00055
Mohammad Safi SMovaghar AGhorbani M(2022)Privacy protection scheme for mobile social networkJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2022.05.01134:7(4062-4074)Online publication date: Jul-2022
https://doi.org/10.1016/j.jksuci.2022.05.011
Drien OAmarilli AAmsterdamer Y(2021)Managing Consent for Data Access in Shared Databases2021 IEEE 37th International Conference on Data Engineering (ICDE)10.1109/ICDE51399.2021.00182(1949-1954)Online publication date: Apr-2021
https://doi.org/10.1109/ICDE51399.2021.00182
Show More Cited By

Index Terms

HITC: Data Privacy in Online Social Networks with Fine-Grained Access Control
1. Security and privacy

Recommendations

PESCA: a peer‐to‐peer social network architecture with privacy‐enabled social communication and data availability

The major challenge in current online social networks (OSNs) is privacy violation by OSN providers or unauthorised users. OSN providers collect unprecedented amounts of personal information for targeted advertising. Moreover, users are not able to share ...
SocACL: An ASP-Based Access Control Language for Online Social Networks
CMS 2013: 14th IFIP TC 6/TC 11 International Conference on Communications and Multimedia Security - Volume 8099

Online Social Networks OSNs, such as Facebook, encourage their users to disclose significant amounts of personal information to facilitate connecting and sharing content with other users. This has resulted in some OSNs holding vast amounts of ...
Primates: a privacy management system for social networks
CIKM '12: Proceedings of the 21st ACM international conference on Information and knowledge management

While online social networks (OSN) present unprecedented opportunities for sharing information and multimedia content among users, they raise major privacy issues as users could often access personal or confidential data of other users. Most social ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '19: Proceedings of the 24th ACM Symposium on Access Control Models and Technologies

May 2019

243 pages

ISBN:9781450367530

DOI:10.1145/3322431

General Chair:
Florian Kerschbaum
University of Waterloo, Canada
,
Program Chairs:
Atefeh Mashatan
Ryerson University, Canada
,
Jianwei Niu
University of Texas at San Antonio, USA
,
Adam J. Lee
University of Pittsburgh, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 May 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '19

Sponsor:

SIGSAC

SACMAT '19: The 24th ACM Symposium on Access Control Models and Technologies

June 3 - 6, 2019

Toronto ON, Canada

Acceptance Rates

SACMAT '19 Paper Acceptance Rate 12 of 52 submissions, 23%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
222
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Song MLee MKim SEom HSon Y(2024)EnC-IoT: An Efficient Encryption and Access Control Framework based on IPFS for Decentralized IoT2024 IEEE 24th International Symposium on Cluster, Cloud and Internet Computing (CCGrid)10.1109/CCGrid59990.2024.00055(425-434)Online publication date: 6-May-2024
https://doi.org/10.1109/CCGrid59990.2024.00055
Mohammad Safi SMovaghar AGhorbani M(2022)Privacy protection scheme for mobile social networkJournal of King Saud University - Computer and Information Sciences10.1016/j.jksuci.2022.05.01134:7(4062-4074)Online publication date: Jul-2022
https://doi.org/10.1016/j.jksuci.2022.05.011
Drien OAmarilli AAmsterdamer Y(2021)Managing Consent for Data Access in Shared Databases2021 IEEE 37th International Conference on Data Engineering (ICDE)10.1109/ICDE51399.2021.00182(1949-1954)Online publication date: Apr-2021
https://doi.org/10.1109/ICDE51399.2021.00182
Xue MSun SWu ZHe CWang JLiu W(2021)SocialGuard: An adversarial example based privacy-preserving technique for social imagesJournal of Information Security and Applications10.1016/j.jisa.2021.10299363(102993)Online publication date: Dec-2021
https://doi.org/10.1016/j.jisa.2021.102993
Muhammad TAhmad A(2021)A joint sharing approach for online privacy preservationWorld Wide Web10.1007/s11280-021-00876-5Online publication date: 24-Apr-2021
https://doi.org/10.1007/s11280-021-00876-5
Safi SMovaghar ASafikhani Mahmoodzadeh K(2021)A Framework for Protecting Privacy on Mobile Social NetworksMobile Networks and Applications10.1007/s11036-021-01761-1Online publication date: 29-May-2021
https://doi.org/10.1007/s11036-021-01761-1
Guo GZhu YYu RChu WMa D(2020)A Privacy-Preserving Framework With Self-Governance and Permission Delegation in Online Social NetworksIEEE Access10.1109/ACCESS.2020.30160418(157116-157129)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3016041

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents