Social Networking Services and User Data Protection Big Data and Privacy Social Networking Services and User Data Protection Shuangbao (Paul) Wang Progessor Program Director for Cybersecurity University of Maryland, University College Center For security studies
Question: How many Fortune 500 Companies had data breaches last year? Answer: 500
Solutions to Privacy? Industry -- Yes Academia -- May be not Government – Yes, but putting backdoors Trying to find solutions. Why? – Defend? -- Prevent?
Social Services Big Data Twitter Company Statistics Data (7/11/14) Total number of active registered Twitter users 645,750,000 Number of new Twitter users signing up everyday 135,000 Number of unique Twitter site visitors every month 190 million Average number of tweets per day 58 million Number of Twitter search engine queries every day 2.1 billion 40 TB/year == 8500 DVD
Individual Account Public Account weChat has more users than Twitter. Why? Public Account
Developers Company Team Individual 88.9% 10% 1.1% Education is among the 1.1%
Industries .net companies software developers .net services others 23.64% 43.31% 31.79% 1.46% They are all working on getting data from it. IRB privacy: no or minimum consent. People are not informed how the data are being used.
Education English learning, music, children, math, etc. All free. Comparing with twitter, Wechat has no limitation for # of chars. Making it better for learning.
Data Breaches Card System 2005 $40M TJX 2007 $90M Heartland 2009 $130M Sony 2011 $100M Target 2013 $70M Home Depot 2014 $56M Unlike others, I’m not only list of the numbers. I’m working on finding solutions.
How much time is need to steal 300k data record? It took ten years to reduce the time to identify a data breach from a week to days. GMU 1 Jan. 2005 32,000 A week to identify GMU 2 July 16, 2014 4,400 faculty College Park 1 Tue. Jan. 18, 2014 309,079 Hackers made a copy of DB data College Park 2 One month later 36 hours identify It is a very hard problem. How much time is need to steal 300k data record? < 1ms
Solutions? Algorithms - Traditional Algorithms – future Cisco Google map Dijkstra, core: 10 lines? 10k lines? 10 million? Algorithms – future N Dimensions/Domains
HSPM Algorithm – Threat Analysis INPUT: Some 200 parameters, DB scheme, encryption Vulnerability Assessment Report Hardware configurations Policies in place and Implementation Each assign a weight OUTPUT Threat factor – tf:[0 – 1.00] Recommendations and Guide Security = Hardware + Software + Policy + Management - Wang, 2006
HSPM - Experiments Traveler Enterprise 20 million business 1st round Before: tf = 0.71, blue hat: steal all data After: tf = 0.38, blue hat: steal no data 2nd round tf reduces to 0.18 Merged by a big company
Free vs. not Free Question: Suppose you have a full-time job. If there is an email service charging $40 a year but does not collect your data. Question: Are you willing to switch to this email service or would you rather stay in the current free email services by scarifying your privacy? 91% -- Yes After HSPM & training 79% -- Yes
Log in with strong password over SSL Two-factor authentication: login + SMS Is it secure? -- Yes: 98%
Protect Privacy? Our Privacy is on the hands of others What we can do to defend our privacy ourselves? Policies Technologies How to “hide” yourself in this cyber insecurity world?