Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues in Social Networking Based on: Security issues in the future of social networking ENISA Position Paper for W3C workshop on the future of.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Issues in Social Networking Based on: Security issues in the future of social networking ENISA Position Paper for W3C workshop on the future of."— Presentation transcript:

1 Security Issues in Social Networking Based on: Security issues in the future of social networking ENISA Position Paper for W3C workshop on the future of social networking By- Giles Hogben, ENISA Privacy and social network sites : Follow the money ! By- Martin Pekarek, Ronald Leenes, TILT, Netherlands Information Revelation and Privacy in Online Social Networks (The face book case). By- Ralph Gross, Alessandro Accquisti, CMU, PA. Presenter : Moinul Zaber, Ph.D Student, Dept.of CS, Kent State University

2 WHAT TODAY’S TALK IS ABOUT Social Networking (SN) and its benefits SN is an Identity Management System But very much prone to vulnerabilities Discussion will be on : Some key security issues Reasons behind these vulnerabilities Attacking the vulnerabilities at the root

3 SOCIAL NETWORKING – WHAT’S THAT ALL ABOUT ! One can define his/her profile ( interests, skills, etc..) ‏ Define relations to other profiles (sometimes some access control may exist) ‏ Interact with “Friends” via IM, wall posts, blogs.

4 SOCIAL NETWORKING IS A GREAT WAY TO SOCIALIZE AND TO STAY CONNECTED SN has More privacy than a blog – one can restrict his/her data within ones network. SN is an IDM tool Helps to discover like-minded individuals and business partners. Biggest repository of personal images on the internet is Facebook ( 30 billion images, 14 million new images are uploaded every day.) Largest number of personal profiles is held in SNSs.

5 SOCIAL NETWORKS BUSINESS BENEFITS Increase interactivity Exploit the value of relationships Publicise and test results in trusted circles

6 IDENTITY MANAGEMENT SYSTEM Storage of personal data Tools for managing how data is viewed Access control to personal data based on credentials. Tools for finding out who has accessed personal data.

7 SOCIAL NETWORKING IS AN IDENTITY MANAGEMENT SYSTEM. Sensitive Personal data can be there: Recognise these ? (a) Racial or ethnic origin (b) Political opinions (c) Religious beliefs (e) Physical or mental health or condition (f) Sex life

8 TOOLS FOR ORGANISING THE PERSONAL DATA

9

10 TOOLS FOR MANAGING ACCESS BASED ON CREDENTIALS

11

12 SOCIAL NETWORKING IS AN IDENTITY MANAGEMENT SYSTEM. But FULL of Vulnerabilities

13 INAPPROPRIATE (AND OFTEN IRREVERSIBLE) DISCLOSURE

14 10 MINUTES’ SURFING OF MYSPACE - EXAMPLE

15 INAPPROPRIATE DISCLOSURE

16 We might think it’s OK because only our own network can see our profile data

17 ACCESS CONTROL BASED ON CREDENTIALS?

18 LOW FRIENDING THRESHOLDS (POOR AUTHENTICATION) ‏

19

20 WHO CAN SEE MY DATA? Do we know the size of our audience. Only Everyone in the Kent Network? Only Everyone who pays for a LinkedIn Pro account? Only Everyone in your email address book? Only Social Network employees? Only anyone who’s willing to pay for behavioural advertising? Only Plastic green frogs?

21 Am I safe as I don’t use my real name?

22 DATA MINING TOOLS MyFaceID application will automatically process your photos, find all faces, help you tag them and let you search for similar people.

23 WHICH FORTUNATELY DON’T WORK VERY WELL

24 Then... I can delete my embarrassing revelations, Can’t I?

25 “Social Networking is like the Hotel California. You can check out, but you can never leave” Nipon Das to the New York Times Lock-in – the Hotel California effect.

26 Caches Internet archives “Deactivation” of the account Delete comments from other people’s walls?

27 Isn’t my privacy settings enough?

28

29 THE THREATS SN-based Spear phishing and corporate espionage Profile-squatting/theft Huge amounts of time wasted on corporate bills. Global Security Systems estimates that SN costs UK Corporations 8 billion Euro every year in lost productivity (infosec 2008) ‏

30 SN Spam XSS, widgets and other bad programming threats. Extortion and bullying SN Aggregators – one password unlocks all

31 WHY THEY DO MORE DAMAGE ? The usual-suspects (Cross-site scripting, SPAM, Social Engineering etc…) do more damage because: SN gives away the relationships for free SN is highly viral

32 WHY? The value of the network (e.g. 15 billion US$ and counting) is: Its personal data Its ability to profile people for advertising Its ability to spread information virally

33 Economic success is inversely proportional to strength of privacy settings. Speed of spread => Economic and Social Success Privacy

34 SO WHAT COULD BE THE ALTERNATIVES Portable networks (checking out of the Hotel California and going to another one) ‏ Portable access-control and security. Privacy and anonymity tools for social networks. Including more sophisticated authentication and encryption.

35

36 WHAT ELSE ? Clear corporate policies on social network usage inside AND out of the office. E.g. - Hours where SN usage is allowed enforced by firewall. - Clearly define which corporate data is not permitted on social networks. - Recommend privacy settings to be used on networks - Conduct awareness-raising campaigns

37 WHAT ELSE ? Social Networking as a trust infrastructure: we can use the network to Authenticate people Provide testimonials and recommendations Provide a saleable trust architecture Educating people on the risks is vital.

38 SUMMARY OF TYPES OF HARM 1. Information based Harm: others could abuse the mobile phone number you listed in your profile. 2. Information inequality: information about purchases and preferences can be used for marketing purposes without SNS user being aware. 3. Information injustice: risqué photographic report of a party! 4. Restriction of moral autonomy: SNS information effectively restricts people from presenting different “faces” in different contexts.

39 ATTACKER MODEL 1. Other Users: can harvest more or less personal information from the profile page of SSN members. 2. Third Parties: They have only minimal access and can only access publicly available data legitimately. 3. Platform Providers: The owners and operators of SNS itself.

40 MOTIVATIONS 1.Social : building social capital 2. Monetary: information trade. Few Facts: a. News Corporation’s $580 million cash takeover of Myspace b. Microsoft’s $240 million payment for 1.6 percent stake in Facebook, theoretically valuing the SNS provider at a staggering $15 billion. c. Individuals disclose more information than they intend to (Norberg,Horne et al 2007), d. Any techniques limiting social aspects of SNSs is doomed to fail : users are simply not interested in them. (Grimmelmann 2009).

41 RECOMMENDATIONS: 1. Restraining the monetary incentive to harvest information use 2. A transfer of SNS use to non commercial platforms. 3. Open source ! ( such as Elgg ) ‏ Problem : SNS users have devoted time and energy to build their current profile on their favorite SNSs, and it will take them once again much effort to build a comparable profile on the new network.

42 DISCUSSION 1 Is it realistic to dream of portable social networks where the user owns and controls his own data? Are there insurmountable security problems with this idea? What policies should be applied to mitigate threats from inside SN's? How to educate users to protect them from exposing themselves to threats on SN's?

43 DISCUSSION 2 What are the threats from 3rd party applications on SN's and how can we address them? What advice should we give to businesses about employee SN usage? Can we imagine social networks where the social network provider does not see the data?

44 REFERENCES Giles.hogben [at thingy] enisa.europa.eu http://www.enisa.europa.eu/doc/pdf/deliverables/eni sa_pp_social_networks.pdfhttp://www.enisa.europa.eu/doc/pdf/deliverables/eni sa_pp_social_networks.pdf, 2008 Security at the digital cocktail party social networking meets IAM, Giles Hogben European Network and Information Security Agency, 2008. Privacy and Social Network Sites: Follow the Money!, Martin Pekarek, Ronald Leenes, TILT, Netherlands, Position Paper W3C workshop, Jan,2009. Information Revelation and Privacy in Online Social Networks (The face book case). By- Ralph Gross, Alessandro Accquisti, CMU, PA.

Download ppt "Security Issues in Social Networking Based on: Security issues in the future of social networking ENISA Position Paper for W3C workshop on the future of."

Similar presentations

Its more than a game, its your life…. What do you do online?

Its more than a game, its your life…. What do you do online?
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Tiffany Phillips CIS 1055-004 What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.

Tiffany Phillips CIS What is a Social Networking Website? Social networking websites function like an online community of internet users. Depending.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Public Relation.  While NAWS has no specific position on Facebook. NA as a whole has a clearly defined outline for the use of Internet technologies.

Public Relation.  While NAWS has no specific position on Facebook. NA as a whole has a clearly defined outline for the use of Internet technologies.
Protecting children online  How can you protect your child online?  Are you aware of the dangers?  Do you know what you can put in place to protect.

Protecting children online  How can you protect your child online?  Are you aware of the dangers?  Do you know what you can put in place to protect.
Privacy: Facebook, Twitter

Privacy: Facebook, Twitter
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Security at the Digital Cocktail Party Sławomir Górniak, ENISA.

Security at the Digital Cocktail Party Sławomir Górniak, ENISA.
Cyber bullying and internet safety Parents meeting: staying safe online.

Cyber bullying and internet safety Parents meeting: staying safe online.
Social media threats. Warning! May contain mild peril.

Social media threats. Warning! May contain mild peril.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Social Media Intro to Business & Marketing. The most three most trusted forms of advertising are: Recommendations from people I know - 90% Consumer opinions.

Social Media Intro to Business & Marketing. The most three most trusted forms of advertising are: Recommendations from people I know - 90% Consumer opinions.
SEXUALISED MEDIA AND SOCIAL MEDIA AMONGST TEENS Teens Online – What is really going on Teens Online – What is really going on Discuss Current Online.

SEXUALISED MEDIA AND SOCIAL MEDIA AMONGST TEENS Teens Online – What is really going on Teens Online – What is really going on Discuss Current Online.
Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.

Privacy in Social Networks CSCE 201. Reading Dwyer, Hiltz, Passerini, Trust and privacy concern within social networking sites: A comparison of Facebook.
Social Networking facebook, bebo, MySpace and others.

Social Networking facebook, bebo, MySpace and others.
PewInternet.org The new landscape for civics and politics (especially in mobile) Voting Information Technology Summit - GeekNetNYC December 1, 2011 Lee.

PewInternet.org The new landscape for civics and politics (especially in mobile) Voting Information Technology Summit - GeekNetNYC December 1, 2011 Lee.
Ajay Joshi. Function  Simple opening screen with large icons for each ‘grouping’ (Efficient)  Opens through a web browser (Efficient)  First time you.

Ajay Joshi. Function  Simple opening screen with large icons for each ‘grouping’ (Efficient)  Opens through a web browser (Efficient)  First time you.
Social Media Staying one step ahead of your children!!

Social Media Staying one step ahead of your children!!

Similar presentations

Ads by Google