Security of Online Social Networks

Ähnliche Dokumente
Creating OpenSocial Gadgets. Bastian Hofmann

H.1 FORMI: An RMI Extension for Adaptive Applications H.1 FORMI: An RMI Extension for Adaptive Applications

The Future Internet in Germany and Europe

Karlsruhe Institute of Technology Die Kooperation von Forschungszentrum Karlsruhe GmbH und Universität Karlsruhe (TH)

Windows 10 Datenschutzkonfiguration - Anlage zu: Datenschutzfreundlicher Einsatz von Windows 10 -

Exercise (Part XI) Anastasia Mochalova, Lehrstuhl für ABWL und Wirtschaftsinformatik, Kath. Universität Eichstätt-Ingolstadt 1

Ressourcenmanagement in Netzwerken SS06 Vorl. 12,

p^db=`oj===pìééçêíáåñçêã~íáçå=

LiLi. physik multimedial. Links to e-learning content for physics, a database of distributed sources

BVM-Tutorial 2010: BlueBerry A modular, cross-platform, C++ application framework

NEWSLETTER. FileDirector Version 2.5 Novelties. Filing system designer. Filing system in WinClient

Addressing the Location in Spontaneous Networks

CA_MESSAGES_ORS_HDTV_IRD_GUIDELINE

CA_MESSAGES_ORS_HDTV_IRD_GUIDELINE

Cloud Computing in der öffentlichen Verwaltung

Wie man heute die Liebe fürs Leben findet


CA_MESSAGES_ORS_HDTV_IRD_GUIDELINE

Routing in WSN Exercise

Tube Analyzer LogViewer 2.3

physik multimedial and its elearning Platform: concepts and implementation

Cameraserver mini. commissioning. Ihre Vision ist unsere Aufgabe

H Mcast Future Internet made in Hamburg?

Mash-Up Personal Learning Environments. Dr. Hendrik Drachsler

Effiziente Client-basierte Handover-Verfahren zur Steigerung der Verfügbarkeit von Cloud-Diensten

Vasco Tonack Network and Communication, ZEDAT. Cisco UC Licensing. Und die Nachteile von Extension Mobility

Mock Exam Behavioral Finance

Username and password privileges. Rechteverwaltung. Controlling User Access. Arten von Rechten Vergabe und Entzug von Rechten DBS1 2004

Infrastructure as a Service (IaaS) Solutions for Online Game Service Provision

Level 2 German, 2013

JPlus Platform Independent Learning with Environmental Information in School

Unit 1. Motivation and Basics of Classical Logic. Fuzzy Logic I 6

Magic Figures. We note that in the example magic square the numbers 1 9 are used. All three rows (columns) have equal sum, called the magic number.

German translation: technology

ELBA2 ILIAS TOOLS AS SINGLE APPLICATIONS

General info on using shopping carts with Ogone

Level 2 German, 2016

GridMate The Grid Matlab Extension

SARA 1. Project Meeting

Network-Aligned content delivery through collaborative optimization

p^db=`oj===pìééçêíáåñçêã~íáçå=

prorm Budget Planning promx GmbH Nordring Nuremberg

TSM 5.2 Experiences Lothar Wollschläger Zentralinstitut für Angewandte Mathematik Forschungszentrum Jülich

Level 1 German, 2012

AS Path-Prepending in the Internet And Its Impact on Routing Decisions

Bayerisches Landesamt für Statistik und Datenverarbeitung Rechenzentrum Süd. z/os Requirements 95. z/os Guide in Lahnstein 13.

Open Source. Legal Dos, Don ts and Maybes. openlaws Open Source Workshop 26 June 2015, Federal Chancellery Vienna

VGM. VGM information. HAMBURG SÜD VGM WEB PORTAL USER GUIDE June 2016

SuisseID Digital passport and signature

Ein Stern in dunkler Nacht Die schoensten Weihnachtsgeschichten. Click here if your download doesn"t start automatically

Risiko Datensicherheit End-to-End-Verschlüsselung von Anwendungsdaten. Peter Kirchner Microsoft Deutschland GmbH

Big Data Analytics. Fifth Munich Data Protection Day, March 23, Dr. Stefan Krätschmer, Data Privacy Officer, Europe, IBM

Exercise (Part II) Anastasia Mochalova, Lehrstuhl für ABWL und Wirtschaftsinformatik, Kath. Universität Eichstätt-Ingolstadt 1

Oracle Integration Cloud Service

VGM. VGM information. HAMBURG SÜD VGM WEB PORTAL - USER GUIDE June 2016

Stand der Recherche nach publizierten Identity Management Standards - ISO/IEC, DIN, BSI, CEN/ISSS und OASIS

Monty Möckel. Andreas Reisinger ÜBER UNS. Senior Technology Consultant IT Services Cloud & Datacenter

Level 1 German, 2016

Webbasierte Exploration von großen 3D-Stadtmodellen mit dem 3DCityDB Webclient

Conformance Classes. Alter Standard Conformance Classes. Conformance Classes. Conformance Classes. Conformance Classes

JONATHAN JONA WISLER WHD.global

TomTom WEBFLEET Tachograph

Product Lifecycle Manager

Word-CRM-Upload-Button. User manual

Duell auf offener Straße: Wenn sich Hunde an der Leine aggressiv verhalten (Cadmos Hundebuch) (German Edition)

novalink-webinar Dezember 2015 News rund um BlackBerry

SUISSEID DIGITAL PASSPORT AND SIGNATURE

TMF projects on IT infrastructure for clinical research

Praktikum Entwicklung Mediensysteme (für Master)

ORACLE CLOUD VERLEIHT ADF ANWENDUNGEN FLÜGEL. Andreas Koop CEO & Consultant Oracle Technologies

INDUSTRIAL DATA SPACE DATA ECONOMY AND ANALYTICS CONCEPTS AND IMPLEMENTATION

Level 2 German, 2015

Android APP NVR Viewer

IDS Lizenzierung für IDS und HDR. Primärserver IDS Lizenz HDR Lizenz

Corporate Digital Learning, How to Get It Right. Learning Café

FAHRZEUGENTWICKLUNG IM AUTOMOBILBAU FROM HANSER FACHBUCHVERLAG DOWNLOAD EBOOK : FAHRZEUGENTWICKLUNG IM AUTOMOBILBAU FROM HANSER FACHBUCHVERLAG PDF

Algorithms for graph visualization

Security Planning Basics

Markus BöhmB Account Technology Architect Microsoft Schweiz GmbH

Exercise (Part V) Anastasia Mochalova, Lehrstuhl für ABWL und Wirtschaftsinformatik, Kath. Universität Eichstätt-Ingolstadt 1

1. General information Login Home Current applications... 3

Java Tools JDK. IDEs. Downloads. Eclipse. IntelliJ. NetBeans. Java SE 8 Java SE 8 Documentation

Modul 6 Virtuelle Private Netze (VPNs) und Tunneling

Group and Session Management for Collaborative Applications

Teil 4_3: CPSA. Prof. Dr. Jörg Schwenk Lehrstuhl für Netz- und Datensicherheit

Security of IoT. Generalversammlung 21. März 2017

Anbindung ekey an VASERControl

COMPUGROUP / UNI BONN / B-IT. Technischer Beschlagnahmeschutz. elektronische Patientenakten Priv.-Doz. Dr. Adrian Spalka.

Max und Moritz: Eine Bubengeschichte in Sieben Streichen (German Edition)

Customer-specific software for autonomous driving and driver assistance (ADAS)

Lehrstuhl für Allgemeine BWL Strategisches und Internationales Management Prof. Dr. Mike Geppert Carl-Zeiß-Str Jena

Sicherheit / Sicherung - unterschiedliche Begriffsbestimmung, gemeinsame Fachaspekte

Research on IF-MAP. Ingo Bente , University of Frankfurt

ISO Reference Model

Level 1 German, 2013

Ermittlung des Maschinenstundensatzes (Unterweisung Industriekaufmann / -kauffrau) (German Edition)

Warum nehme ich nicht ab?: Die 100 größten Irrtümer über Essen, Schlanksein und Diäten - Der Bestseller jetzt neu!

How to access licensed products from providers who are already operating productively in. General Information Shibboleth login...

Transkript:

Security of Online Social Networks Distributed Networks Lehrstuhl IT-Sicherheitsmanagment Universität Siegen June 28, 2012 Lehrstuhl IT-Sicherheitsmanagment 1/38

Overview Lesson 10 Distributed Networks Peer-2-Peer Networks P2P for OSN Life Social Lehrstuhl IT-Sicherheitsmanagment 2/38

28th June: Happy τ-day τ 2 τ 4 τ τ 8 τ 16 τ 32 0, τ 3τ 4 Go and read The Tau Manifesto at http://tauday.com/ Lehrstuhl IT-Sicherheitsmanagment 3/38

Distributed Networks [Using excerpts from lecture by Dr. Kalman Graffi, Universität Paderborn] Lehrstuhl IT-Sicherheitsmanagment 4/38

Distributed Networks Standard Transport: Opportunistic Transport: Lehrstuhl IT-Sicherheitsmanagment 5/38

Motivation Privacy Decentralized Control Censorship Efficiency Shared Resources Programs Data Devices Lehrstuhl IT-Sicherheitsmanagment 6/38

Decentralised Social Networks Centralized Idea: host your own OSN Social networks: BuddyPress, CrabGrass Federation of (private) webservers Idea: link (private) webservers via standard protocols (FOAF, XMPP, PSYC) Social networks: Diaspora, Hello World Network, Fethr (Twitter), Diki Centralized index, storage on clients Idea: server manages index of users, storage of users is used Social networks: Daisychain, COBS, Gossple P2P applications with social aspects Idea: add to traditional p2p applications social aspects Lehrstuhl IT-Sicherheitsmanagment 7/38

Classification of Decentralised OSN Type of storage / service provision Infrastructure-based Dedicated Web-Servers Deployed in the cloud Peer-to-Peer-based Hybrid Granularity of service provision Replicating whole service Distributed storage of attributes Level of integration Stand alone system Extension of existing systems Resource sharing incentives None Social cooperation Payed premium services Lehrstuhl IT-Sicherheitsmanagment 8/38

Peer-2-Peer Networks Lehrstuhl IT-Sicherheitsmanagment 9/38

Overview P2P Idea: everybody contributes to the network bandwith, memory, computer Lehrstuhl IT-Sicherheitsmanagment 10/38

Overlay Communicaton Overlay Connections IP Network (Underlay) Lehrstuhl IT-Sicherheitsmanagment 11/38

Design Concepts for P2P Overlays ID Space Mapping Managment of Identifier Space Graph Embedding Routing Strategy Maintenance Strategy Lehrstuhl IT-Sicherheitsmanagment 12/38

Importance of Identifier Space Identifier space needed for addressing resources and peers Often: ID(obj.) = hash(obj. content) Identifier space should be large to support large systems Identifier space independent from physical location of peer mobility of peers Clustering of resources due to closeness metric of identifier space Message routing uses identifier space Lehrstuhl IT-Sicherheitsmanagment 13/38

Choice of Identifier Space Identifier space MUST posses metric d: d : I I R Which MUST satisfy: x, y I : d(x, y) 0 x I : d(x, x) = 0 x, y I : d(x, y) = 0 x = y And SHOULD satisfy: x, y I : d(x, y) = d(y, x) x, y, z I : d(x, z) d(x, y) + d(y, z) Lehrstuhl IT-Sicherheitsmanagment 14/38

Mapping to Identifier Space Hashing Lehrstuhl IT-Sicherheitsmanagment 15/38

Managment of Identifier Space What happens if a node leaves? Lehrstuhl IT-Sicherheitsmanagment 16/38

Responsibility Function Who stores which objects? Lehrstuhl IT-Sicherheitsmanagment 17/38

Graph Embedding Desired Properties Lehrstuhl IT-Sicherheitsmanagment 18/38

Routing Strategy e.g Greedy Routing Fingers Lehrstuhl IT-Sicherheitsmanagment 19/38

Structured and Unstructured P2P Networks Unstructured: objects have no special identifier location of obj. not known a priori each peer is responsible for submitted obj. Structured: peers and objects have IDs objects are stored on peers according to ID: responsiblef or(objid) = P eerid distributed indexing points to object location Lehrstuhl IT-Sicherheitsmanagment 20/38

P2P Network: Freenet Focus: Unobservability Sender/Receiver Anonymity You cannot have freedom of speech without the op remain anonymous. Anti-Censorship the government cannot control its population s ability to share information [https://freenetproject.org] Lehrstuhl IT-Sicherheitsmanagment 21/38

Freenet: Basics I Peers connected to social contacts Documents identified by key K K = hash(doccontent) or K = hash(docname) XOR fpr(signingp K) Routing Peer ID from ID Space Route to most desirable neighbour Peer ID initiated randomly Peer IDs switched by simulated annealing Storing two storages: short term buffer identity based storage [Clarke et al., 2010] Lehrstuhl IT-Sicherheitsmanagment 22/38

Decentralised Social Networks Open Source BuddyPress, CrabGrass, Cobs, DaisyChain, Diki, Elgg, FETHR, GNUNet, Gossple, Jappix, Lorea, Mycella, Movim, PeerScape, Pinax, StatusNet, Diaspora Commercial Approaches wuala, LifeSocial Academia Friend-of-a-Friend, FriendStore, HelloWorld, LifeSocial, LotusNet (Likir), PeerSon, Safebook, SocialCircle, Tribler, Vis-a-Vis Lehrstuhl IT-Sicherheitsmanagment 23/38

P2P for OSN P2P as Data Storage Anything is a document Lehrstuhl IT-Sicherheitsmanagment 24/38

Lehrstuhl IT-Sicherheitsmanagment 25/38

LifeSocial A Secure P2P-based OSN Platform History Developed since 2007 > 40 students worked on it Aiming at applicable results in p2p research http://lifesocial.org Lehrstuhl IT-Sicherheitsmanagment 26/38

LifeSocial A Secure P2P-based OSN Platform Goal Facebook-like user experience Basis functionality extendible through plugins Data-centric (profiles) and user-to-user (chat,video) interaction BUT: security guarantees Operator view Completely p2p-based BUT: with quality of service control and guarantees Research New application leads to new requirements New requirements to new results Lehrstuhl IT-Sicherheitsmanagment 27/38

Main Ideas in LifeSocial General p2p platform Combining a wide set of useful modules Storage, messaging, security, caching, app-hosting, multicast, pub/sub... Distributed data structures, monitoring, automated self-control Social network on top of platform Build through plugins (apps), using platform and each other Extendable, configurable GUI supports app growth Lehrstuhl IT-Sicherheitsmanagment 28/38

Main Ideas in LifeSocial Security goals Access controlled secure storage Secure (encrypted, authenticated, integer) communication No trust assumptions anybody may be bad Functional goals For the users: Facebook-like thinking of providers: quality monitoring and control plane Lehrstuhl IT-Sicherheitsmanagment 29/38

User View: Functionality GUI- Framework like Eclipse Plugin-based: Profile Login Friends Groups Mails Photos Chat Calendar... Lehrstuhl IT-Sicherheitsmanagment 30/38

User View Lehrstuhl IT-Sicherheitsmanagment 31/38

User View Lehrstuhl IT-Sicherheitsmanagment 32/38

Distributed Storage Lehrstuhl IT-Sicherheitsmanagment 33/38

Security Approach Root of Trust Username and passphrase private key Allows to deduce private/public key at any PC Main security approach: NodeID = UserID = public key Allows encryption, signature checks once NodeID is known Lehrstuhl IT-Sicherheitsmanagment 34/38

Security Approach Secure communication Confidential, integer, authenticated Sending messages Message is signed with Public Key (=PubKey) of sender Message is encrypted with PubKey of addressed peer Receiving messages Decrypt message using Private Key (=PrivKey) auth., confidentiality Receiver checks signature of sender integrity For ease of use: User-User specific symmetric shared key might be exchanged securely before e.g. using Diffie-Hellman Lehrstuhl IT-Sicherheitsmanagment 35/38

Secure Storage Approach/Example User wants to share D unsec only with his family 1. Create new sym. key K sym 2. Encrypt D enc = {D unsec } Ksym 3. Pick privileged users pub keys U i 4. Append encrypted {K sym } Ui to D enc 5. Sign D enc 6. CryptedItem D sec := D enc, {K sym } Ui, signature 7. Store CryptedItem in DHT Lehrstuhl IT-Sicherheitsmanagment 36/38

Research Challenges Deletion mechanism erase unwanted data? Approach: tombstone object delete non own content? Community based voting? Routing challenges Colluding/malicious nodes? Storage and replication attacks Attackers may be responsible for crucial data in DHT Attacks on: read/write/delete Accounting in DHT premium services clicking ads/using apps secure distributed approach? Support for heterogeneity Most solutions assume homogeneity Lehrstuhl IT-Sicherheitsmanagment 37/38

Literatur I Clarke, I., Sandberg, O., Toseland, M., and Verendel, V. (2010). Private communication through a network of trusted connections: The dark freenet. Lehrstuhl IT-Sicherheitsmanagment 38/38

2024 © DocPlayer.org Datenschutzbestimmungen | Nutzungsbedingungen | Feedback