Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by: Sanketh Beerabbi University of Central Florida.

Published byJayson Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented by: Sanketh Beerabbi University of Central Florida."— Presentation transcript:

1 Presented by: Sanketh Beerabbi University of Central Florida

2  Introduction  Problem  Prior Solutions  Concept  Overview  Implementation  Results  Analysis  Conclusion

3  Online social networks enable people to remain connected and share information.  Types:  Personal networks - Facebook, Google+  Status update networks - Twitter  Location networks - Foursquare  Content-sharing networks - Youtube, Flickr  Shared-interest networks - LinkedIn

4  Social networks store information remotely, rather than on a user’s personal computer.  Millions of users are compelled to trust service providers with their personal data.  Centralized nature of these services leads to a greater number of privacy issues.

5  Increasing incidences of data leaks and identity thefts by malicious attackers.  Complex and non uniform privacy controls.  Providers introduce new features and repeatedly change default privacy settings.  Providers release information to governments without proper warrants.

6

7

8  Data Corruption:  Tampering with users data  Equivocation:  Malicious service presents di ff erent clients with divergent views of the system.  Used to disguise censorship by allowing user to see content but hiding from followers.

9  Client vulnerable to:  Attacks on servers  Privacy policies  Data corruption  Censorship

10  Encryption:  Data integrity still not ensured on remote servers.  Decentralization: Store data locally (sacrifice availability, reliability & convenience) Store data with 3 rd party providers (may not be trust worthy too)

11  Provider’s servers only see encrypted data and clients collaborate to detect equivocation.  Access control  Cryptographic Keys

12 Clients collaborate to verify that provider: Enforces access control on writes Doesn’t corrupt individual updates Doesn’t equivocate.

13  Broadly applicable – support popular features.  Data integrity – use cryptography  Security - Detect malicious actions  E ffi cient – Scalable enough

14  All clients see strongly consistent updates to common data (likes wall posts or tweets)  Implemented using network file systems, key value stores and group collaboration systems.  Works when number of users are small and all updates occur in a linear manner.

15  Only most recent updates are verified. Previous history of operations ignored  Single message exchanged instead of two, ensuring crashed client doesn’t stall system.  Objects(user content) are shared across many servers and indexed using directory service or hashing.

16  To prevent equivocation, Frientegrity clients digitally sign messages with users’ private keys.  To prevent provider from equivocating previous objects, clients share individual views of histories.  For e ffi ciency, Frientegrity only enforces fork* consistency on a per-object basis.

17  User’s profile is comprised of multiple objects such as photos and comments.  Frientegrity uses ACL to allow only certain friends to access objects.  ACLs store users’ pseudonyms and every operation is labeled with the pseudonym of its creator.

18 Server 1 Server 2 Bob’s profile Server n Bob Read Alice’s wall Verify & decrypt Alice’s wall Alice’s photo album Alice’s ACL Comment thread Alice’s profile Optionally entangled Checked for equivocation 3.Proof of ACL enforcement 4.Decryption keys 3.Proof of ACL enforcement 4.Decryption keys 1.Latest updates 2.Proof of no equivocation 1.Latest updates 2.Proof of no equivocation

19  Simulate basic Facebook features  Server having set of user profiles and clients that access them. Implemented using Java.  Each profile has user objects, ACL and history.  Uses 2048-bit RSA signatures.  Reduced cryptographic use for higher throughput

20 Object read & write latency Frientegrity Hash Chain Method

21

22

23  Frientegrity is a practical solution which is quite reliable, efficient and scalable.  In addition to adequately protecting user privacy and data integrity, also tackles equivocation which many solutions do not.  Provides some form of decentralization while still allowing convenience and redundancy.

24  Encryption and message exchange may lead to large overhead and greater system requirements.  For scalability, since only most recent updates are scrutinized, equivocation may still be possible.  Malicious providers can still know users social relationships based upon public key hashes.

25  Does not provide complete decentralization as envisaged while other solutions offer it.  Still uses untrusted third party infrastructure.  Implementation tones down some of the cryptographic measures.

26  Frientegrity provides the much needed framework for privacy and integrity in social networking applications.  Achieves main goal of detecting provider equivocation.  Can be further improved upon to achieve complete decentralization of user data.

27

Download ppt "Presented by: Sanketh Beerabbi University of Central Florida."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.

Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Social Networking with Frientegrity Ariel J. Feldman Usenix Security.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.

SPORC: Group Collaboration using Untrusted Cloud Resources Ariel J. Feldman, William P. Zeller, Michael J. Freedman, Edward W. Felten Published in OSDI’2010.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Core Web Service Security Patterns

Core Web Service Security Patterns
SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,

SPORC Group Collaboration using Untrusted Cloud Resources 1SPORC: Group Collaboration using Untrusted Cloud Resources — OSDI 10/5/10 Ariel J. Feldman,

Similar presentations

Ads by Google