Show simple item record

Privacy engineering for social networks

dc.contributorStajano, Frank
dc.creatorAnderson, Jonathan
dc.date.accessioned2018-11-24T13:11:46Z
dc.date.available2013-02-08T10:09:54Z
dc.date.available2018-11-24T13:11:46Z
dc.date.issued2013-01-08
dc.identifierhttp://www.dspace.cam.ac.uk/handle/1810/244239
dc.identifierhttps://www.repository.cam.ac.uk/handle/1810/244239
dc.identifier.urihttp://repository.aust.edu.ng/xmlui/handle/123456789/3024
dc.description.abstractIn this dissertation, I enumerate several privacy problems in online social networks (OSNs) and describe a system called Footlights that addresses them. Footlights is a platform for distributed social applications that allows users to control the sharing of private information. It is designed to compete with the performance of today's centralised OSNs, but it does not trust centralised infrastructure to enforce security properties. Based on several socio-technical scenarios, I extract concrete technical problems to be solved and show how the existing research literature does not solve them. Addressing these problems fully would fundamentally change users' interactions with OSNs, providing real control over online sharing. I also demonstrate that today's OSNs do not provide this control: both user data and the social graph are vulnerable to practical privacy attacks. Footlights' storage substrate provides private, scalable, sharable storage using untrusted servers. Under realistic assumptions, the direct cost of operating this storage system is less than one US dollar per user-year. It is the foundation for a practical shared filesystem, a perfectly unobservable communications channel and a distributed application platform. The Footlights application platform allows third-party developers to write social applications without direct access to users' private data. Applications run in a confined environment with a private-by-default security model: applications can only access user information with explicit user consent. I demonstrate that practical applications can be written on this platform. The security of Footlights user data is based on public-key cryptography, but users are able to log in to the system without carrying a private key on a hardware token. Instead, users authenticate to a set of authentication agents using a weak secret such as a user-chosen password or randomly-assigned 4-digit number. The protocol is designed to be secure even in the face of malicious authentication agents.
dc.languageen
dc.publisherUniversity of Cambridge
dc.publisherFaculty of Computer Science and Technology
dc.publisherComputer Laboratory
dc.rightshttp://creativecommons.org/licenses/by-nc-nd/2.0/uk/
dc.rightsAttribution-NonCommercial-NoDerivs 2.0 UK: England & Wales
dc.subjectPrivacy
dc.subjectSocial networks
dc.subjectSocial applications
dc.subjectApplication confinement
dc.subjectCDN
dc.subjectConvergent encryption
dc.subjectDistributed authentication
dc.titlePrivacy engineering for social networks
dc.typeThesis


Files in this item

FilesSizeFormatView
anderson-phd.pdf3.488Mbapplication/pdfView/Open

This item appears in the following Collection(s)

Show simple item record