Title :
Social Puzzles: Context-Based Access Control in Online Social Networks
Author :
Jadliwala, Murtuza ; Maiti, Ananda ; Namboodiri, Vinod
Author_Institution :
Wichita State Univ., Wichita, KS, USA
Abstract :
The increasing popularity of online social networks (OSNs) is spawning new security and privacy concerns. Currently, a majority of OSNs offer very naive access control mechanisms that are primarily based on static access control lists (ACL) or policies. But as the number of social connections grow, static ACL based approaches become ineffective and unappealing to OSN users. There is an increased need in social-networking and data-sharing applications to control access to data based on the associated context (e.g., event, location, and users involved), rather than solely on data ownership and social connections. Surveillance is another critical concern for OSN users, as the service provider may further scrutinize data posted or shared by users for personal gains (e.g., targeted advertisements), for use by corporate partners or to comply with legal orders. In this paper, we introduce a novel paradigm of context-based access control in OSNs, where users are able to access the shared data only if they have knowledge of the context associated with it. We propose two constructions for context-based access control in OSNs: the first is based on a novel application of Shamir´s secret sharing scheme, whereas the second makes use of an attribute-based encryption scheme. For both constructions, we analyze their security properties, implement proof-of-concept applications for Facebook and empirically evaluate their functionality and performance. Our empirical measurements show that the proposed constructions execute efficiently on standard computing hardware, as well as, on portable mobile devices.
Keywords :
authorisation; cryptography; data privacy; social networking (online); surveillance; Facebook; OSN; Shamir secret sharing scheme; attribute-based encryption scheme; context-based access control; data ownership; data-sharing applications; naive access control mechanisms; online social networks; privacy concerns; security properties; service provider; social connections; social puzzles; social-networking applications; static ACL; static access control lists; surveillance; Access control; Context; DH-HEMTs; Encryption; Facebook; Access Control; Online Social Networks; Privacy; Surveillance Resistance;
Conference_Titel :
Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on
Conference_Location :
Atlanta, GA
DOI :
10.1109/DSN.2014.38