EURECOM – 2229 Route des Crêtes – BP 193 F-06904 Sophia Antipolis cedex
www.eurecom.fr
Requirements
: A DECENTRALIZED ON-LINE SOCIAL NETWORK
LEVERAGING ON REAL LIFE TRUST
Threats Current status of OSNs OSN as “Big Brother”
• Decentralization - P2P architecture
• Leveraging existing Trust
- Social trust ⇒ trusted link - Friend = neighbor
- Trust strength = link weight
Goals
• Cooperation enforcement - Friends cooperate
• Privacy
- Simple anonymous routing - Based on trusted links
- Group Encryption
2
1 3
3
x b
c
a f
e h
g i
d
L. Antonio Cutillo, Refik Molva, Melek Önen, Thorsten Strufe
Contacts
Hops
Online Probability
90% one valid path probability
y x
y
c
d
e
b’s outer shell:
h(b), @g h(b), @h h(b), @i
k a
g b
1: lookup 2: profile retrieval
Entry point for x
h e c
f
i
x’s Matryoshka x’s profile lookup
Non transitive trust
Security
P2P
SN
Anonymous networks F2F
Crypto patches
or settings
for current OSNs
New Applications
Decentralization Trusted links Cooperation enforcement
Privacy
P2P Social trust Group encryption Super DNS for
Communications New Applicationss
trusted service API
PROTOTYPE
{cutillo, molva, onen, strufe}@eurecom.fr
1. Security and privacy issues in OSNs
2. Design Principles & Contribution
3. Architecture & Feasibility
4. Open Questions & Future Work
Design
Trusted Id System
Internet b
Peer to peer overlay
b a
Social network overlay
• ID Theft
• Cloning
• Porting
• Harvesting
• Profiling
• Censorship
Privacy protection against
• Intruders
• Crawlers
• Third parties
• Ease of data leakage
• Ease of impersonation
• Limited privacy support
• Lack of flexibility in privacy
New privacy preserving OSN
architecture are needed with decentralization as a
requirement for privacy
does not prevent Application Server from reading/exploiting your data
Matryoshka