Let Only the Right One IN: Privacy Management Scheme for Social Network

Authors:
Nagaraja Kaushik Gampa;Rohit Ashok Khot;Kannan Srinathan
Affiliations:
International Institute of Information Technology, Center for Security,Theory and Algorithmic Research (CSTAR), Hyderabad;International Institute of Information Technology, Center for Security,Theory and Algorithmic Research (CSTAR), Hyderabad;International Institute of Information Technology, Center for Security,Theory and Algorithmic Research (CSTAR), Hyderabad
Venue:
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Year:
2009

Citing 9
Cited 0

On the Design of Challenge Question Systems

IEEE Security and Privacy
Information revelation and privacy in online social networks

Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Access control by testing for shared knowledge

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Love and authentication

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Photo-based authentication using social networks

Proceedings of the first workshop on Online social networks
SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks

SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Personal knowledge questions for fallback authentication: security questions in the era of Facebook

Proceedings of the 4th symposium on Usable privacy and security
FlyByNight: mitigating the privacy risks of social networking

Proceedings of the 7th ACM workshop on Privacy in the electronic society
All your contacts are belong to us: automated identity theft attacks on social networks

Proceedings of the 18th international conference on World wide web

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current social networking sites protect user data by making it available only to a restricted set of people, often friends. However, the concept of `friend' is illusory in social networks. Adding a person to the friends list without verifying his/her identity can lead to many serious consequences like identity theft, privacy loss, etc. We propose a novel verification paradigm to ensure that a person (Bob) who sends a friend request (to Alice) is actually her friend, and not someone who is faking his identity. Our solution is based on what Bob might know and verify about Alice. We work on the premise that a friend knows a person's preferences better than a stranger. To verify our premise, we conducted a two stage user study. Results of the user study are encouraging. We believe our solution makes a significant contribution, namely, the way it leverages the benefits of preference based authentication and challenge response schemes.