Security at the Digital Cocktail Party Sławomir Górniak, ENISA.

Slides:

Advertisements

Similar presentations

Instant Messages: I am bored. Social Networks: Facebook, Myspace.

Advertisements

Developed by Technology Services 1:1 Laptop Initiative

Don’t be bullied, or be a bully.

Professional Networking Michael Wirthlin Brigham Young University, CHREC Provo, Utah, USA.

Privacy: Facebook, Twitter

Social Networking Websites BENATUIL, Eduardo KIM, Na Hyun WELMOND, Benjamin.

Creating Identity in a Digital Age: The Facebook Addiction Elizabeth Koenig.

Comparison between Orkut and facebook

Social Media Networking Sites Charlotte Jenkins Designing the Social Web

Social Networking facebook, bebo, MySpace and others.

The key aim for the week is: To ensure children are able to recognise and challenge bullying behaviour wherever it happens - whether face to face or in.

Cross-linking Folksonomies Harith Alani. Multiple SNS Accounts del.icio.us.

What do I need to know?.   Instant Messages  Social Networking.

HICSS Socialware - Cathy Dwyer1 Social networking site for the general public Cathy Dwyer Pace University

Security Issues in Social Networking Based on: Security issues in the future of social networking ENISA Position Paper for W3C workshop on the future of.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Blogging in America How blogs are shaping businesses and mass media in the US.

Social Networking – The Ways and Means Rosey Broderick May 2011.

Your Professional Network Powered by NCURA By: Stephanie Moore NCURA Community Curator.

Job Search Suggestions. Career Interest Self Assessment What do I want to do? What are my current options? Is it time for me to pursue a dream? Is this.

Online Communities. 01 Types, purpose and functionality of websites that support information exchange within online communities.

Copyright ©: SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Social networks and communities Suitable for: Improver.

Chapter 3 Introduction to Computing Chapter 3 Structures in Computing William Johnson Julia Benson-Slaughter

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

“Social Networking Services: Tribute to Fashion or Vital Necessity?” Tchirkina Victoria.

Why Use Social Media for Rotary? Peter Borner The Rotary Club of Towcester.

What is Social Networking ? What is Social Networking ?

By: Brandee Burke.  This is an interactive slideshow that is going to teach you all about how to be safe while using the internet and also other kinds.

Staying Safe Online Keep your Information Secure.

PRIVACY BOOTCAMP YpJU.

Using LinkedIn to Build Business Presented by: Mandy Boyle SEO Manager.

Electronic Safety Keeping yourself safe on the internet and cell phone Intended for Grades 4-5.

Controlling Your Social Networking Privacy Settings Stay safe online!

 Facebook  Twitter  MySpace  Windows LiveSpace.

Using Flickr as a inter-school arts network. 1. Create a Flickr account You can easily create a Flickr account using your Yahoo, Google or Facebook account.

Make It Easy For e-Buyers to Contact You Toll-free phone numbers Call centers Text messaging Instant chat 1.

Safe Use of Social Media Cadets – Air Force’s Future.

E-Safety E-safety relates to the education of using new technology responsibly and safely focusing on raising awareness of the core messages of safe content,

Tim Reid Malvern Parish C.E Primary School Internet Safety.

Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Technology can help us: Communicate with others Gather information Share ideas Be entertained Technology has improved our quality of life!

Using Social Media for Fundraising and Communication with Supporters Lindsay Boyle – Communications & Research Coordinator Claire Chapman – Information.

My Digital Footprint Gracyn K. WHAT’S A DIGITAL FOOTPRINT? You may not know what a digital footprint is, but you probably already have one yourself. A.

INTERNET SAFETY Thornell Road Library Let’s Discuss: Information Privacy Social Networking CyberbullyingNetiquette.

Online Safety and Privacy Understanding online privacy and how your information is shared.

What is facebook? Social Media Website – Interact with other members inside or outside of your organization – Make and develop friendships – Get to know.

Electronic Safety Keeping yourself safe on the internet and cell phone Intended for Grades 4-5.

Dangers of Online Media and Social Networking By: Micah Cochrane Maurice Gamble Shenne Howell Elvyn Morales.

PRIVACY BOOTCAMP Jack Vale - Social Media Experiement.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

“How do I keep my child safe online?” Miss Johnstone Computing Co-ordinator “Parents / Carers are the one important factor in the home environment to keep.

Building a Social Media Presence Participants will look at the BCPS social media outlets (Twitter, Facebook, Flickr, Vimeo, Instagram, blogs) and relevant.

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

E-Safety By Ian Hopper. Session Aims Apoyo Training & Consultancy -Develop a shared understanding of E-safety -Understand good practice in this area -Understand.

DIGITAL CITIZENSHIP TRAINING BEING A SAFE AND SUCCESSFUL USER OF ICT.

Aristotle, a great thinker, once said: “We are what we repeatedly do.”

PROFESSIONALISM AND SOCIAL MEDIA Created by: Bedig Galladian.

1. Read the following presentation and watch the videos for your grade level. 2. Write your name on your index card and answer the “Bob” questions at the.

Amy Randolph-Chernis. Blogging Facebook LinkedIn Twitter YouTube Social Networking!

Professional Social Networking Career Advising Career Advising Southern Connecticut State University Southern Connecticut State University.

E- SAFETY INFORMATION EVENING 13 July T EACHING E - SAFETY T HINK UK NOW A recommended website for children to look.

Digital Citizenship Project Submitted by: Etta Pope Instructor: Laurie Fowler.

Internet Safety Grade 6.

Creating your online identity

Topic 5: Online Communities Press F5 to view!

Job Search: Networking

Internet Privacy and You

Digital Citizenship EIT, Author Gay Robertson, 2017.

Online Safety; Privacy and Sharing

Online Safety; Privacy and Sharing

Presentation transcript:

Security at the Digital Cocktail Party Sławomir Górniak, ENISA

What I’m going to talk about Social Networking and its benefits Social Networking is an Identity Management System (noy always a good one) Key vulnerabilities Attacking the vulnerabilities at the root Portable data – social networking sites as Identity Providers

Social Networking – Digital Cocktail Party Define my profile (define myself online- interests, skills etc…)‏ Define relations to other profiles (including some access control)‏ Interact with my “Friends” via IM, wall posts, blogs.

More privacy than a blog – restrict your data within your network. SN is an IDM tool Discovery of like-minded individuals and business partners “Social Capital” has been shown to reduce crime Social Networking Plus Points

Social Networks business benefits –Increase interactivity –Exploit the value of relationships –Publicise and test results in trusted circles –Develop circles of competence

Identity Management System Storage of personal data Tools for managing how data is viewed Access control to personal data based on credentials. Tools for finding out who has accessed personal data.

Identity Management System Storage of personal data Tools for managing personal data and how it’s viewed Access control to personal data based on credentials. Tools for finding out who has accessed personal data.

Social Networking is an Identity Management System. LOTS of Juicy Personal data: Recognise these from somewhere? (a)Racial or ethnic origin (b)Political opinions (c) Religious beliefs (e) Physical or mental health or condition (f) Sex life (EU Directive 95/46 – definition of sensitive personal data)‏

Identity Management System Storage of Personal Data Tools for managing personal data and how it’s viewed Access control to personal data based on credentials. Tools for finding out who has accessed personal data.

Tools for organising my personal data

Identity Management System Storage of Personal Data Tools for managing personal data and how it’s viewed Access control to personal data based on credentials. Tools for finding out who has accessed personal data.

Tools for managing access based on credentials

Identity Management System Storage of Personal Data Tools for managing personal data and how it’s viewed Access control to personal data based on credentials. Tools for finding out who has accessed personal data.

Social Networking is an Identity Management System. But not always a very good one

Inappropriate (and often irreversible) Disclosure (Face obscured by me)‏

10 Minutes’ Surfing of Myspace - Example

Inappropriate Disclosure

Digital Cocktail Party

It’s OK because only my network can see my profile data

Access Control Based on Credentials?

Low friending thresholds (poor authentication)‏

Only my friends can see my data? Most users don’t realise the size of their audience. Only Everyone in the London Network? Only Everyone who pays for a LinkedIn Pro account? Only Everyone in your address book? Only Social Network employees? Only anyone who’s willing to pay for behavioural advertising? Only Plastic green frogs?

It’s OK because I don’t use my real name?

Data mining tools MyFaceID application will automatically process your photos, find all faces, help you tag them and let you search for similar people.

Which fortunately don’t work very well

It’s OK because I can delete my embarassing revelations?

“Social Networking is like the Hotel California. You can check out, but you can never leave” Nipon Das to the New York Times Lock-in – the Hotel California effect.

Caches Internet archives “Disactivation” of the account Delete comments from other people’s walls? Why not?

It’s OK because I use the privacy settings?

The usual suspects SN Spam XSS, widgets and other bad programming threats Extortion and bullying Profile squating/theft Aggregators – one password unlocks all..do more damage! –SN gives away the relationships for free –SN is highly viral

Why? The root cause The value of the network (e.g. 15 billion US$ and counting) is: –Its personal data –Its ability to profile people for advertising –Its ability to spread information virally We need to break the lock-in effect.

Speed of spread => Economic and Social Success Privacy Economic success is inversely proportional to strength of privacy settings

Attacking the root cause Break data monopolies to improve privacy and security: –Standardised portable networks (checking out of the Hotel California and going to another one) –Portable, standardised access-control and security (with a secure briefcase). –Privacy and anonymity tools for social networks, better authentication and encryption.

Nice idea but where's the business model?

Stop press – some developments The big players embrace data portability and portable authentication! Social Networking takes another step in the direction of IAM!

Google Friend Connect Sign-in with an existing Google, Yahoo, AIM, or OpenID account Invite and show activity to existing friends from social networks such as Facebook, Google Talk, hi5, orkut, Plaxo Browse member profiles across social networks Based on Open IAM compatible standards

Social Networking takes another step in the direction of IAM?

Take home messages Social Networking applications are an Identity Management System Recommendations: create clear corporate policies on social network usage inside AND out of the office. E.g. -Clearly define which corporate data is not permitted on social networks. -Recommend privacy settings to be used on networks -Conduct awareness-raising campaigns (educating people is vital!)

Thank you! More information: ( )‏