Information revelation and privacy in online social networks
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
JavaScript instrumentation for browser security
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
NOYB: privacy in online social networks
Proceedings of the first workshop on Online social networks
flyByNight: mitigating the privacy risks of social networking
Proceedings of the 5th Symposium on Usable Privacy and Security
Persona: an online social network with user-defined privacy
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
FaceCloak: An Architecture for User Privacy on Social Networking Sites
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Identity-based broadcast encryption with constant size ciphertexts and private keys
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
The case for JavaScript transactions: position paper
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
EASiER: encryption-based access control in social networks with efficient revocation
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Privad: practical privacy in online advertising
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Imagined communities: awareness, information sharing, and privacy on the facebook
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Hi-index | 0.00 |
These days, social networking sites are more popular than ever, with some sites having dozens or even hundreds of millions of users. At the same time, users on these sites are sharing an unprecedented amount of personal information, generating serious privacy concerns. Personal and sensitive content shared by users on social network sites is barely protected from access by unauthorized users and the Social Networking Provider (SNP) itself always has access to all content. To solve this problem, some existing solutions solicit an external third-party server to provide online privacy protection of content shared by users on social networking sites; other solutions incur a key distribution overhead among the users who are sharing content. These solutions usually have a noticeable impact on the user experience, or are susceptible to single-point-of-failure problems by requiring an external server. In this paper, we propose a new solution which can achieve the following two desirable features through a novel application of a constant-size-ciphertext broadcast encryption scheme: (1) content posted by a user can only be read by authorized users and nobody else, not even the SNP itself; (2) no key distribution or any external server is necessary during normal operations. Apart from a key extraction server which is contacted only once by each user during an initial registration, the system is self-contained within the web browser (using a plugin) of each user. The system can be used directly with existing social networking sites. We also implemented a prototype for Facebook and perform a thorough evaluation which shows that the scheme is feasible, scalable and practical.