research-article

For some eyes only: protecting online information sharing

Authors:
Filipe Beato

ESAT/ COSIC, Leuven, Belgium

ESAT/ COSIC, Leuven, Belgium
View Profile

,
Iulia Ion

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Srdjan Čapkun

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Bart Preneel

ESAT/ COSIC, Leuven, Belgium

ESAT/ COSIC, Leuven, Belgium
View Profile

,
Marc Langheinrich

University of Lugano, Lugano, Switzerland

University of Lugano, Lugano, Switzerland
View Profile

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacyFebruary 2013Pages 1–12https://doi.org/10.1145/2435349.2435351

Published:18 February 2013Publication History

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Pages 1–12

ABSTRACT

End-users have become accustomed to the ease with which online systems allow them to exchange messages, pictures, and other files with colleagues, friends, and family. This con- venience, however, sometimes comes at the expense of hav- ing their data be viewed by a number of unauthorized par- ties, such as hackers, advertisement companies, other users, or governmental agencies. A number of systems have been proposed to protect data shared online; yet these solutions typically just shift trust to another third party server, are platform specific (e.g., work for Facebook only), or fail to hide that confidential communication is taking place. In this paper, we present a novel system that enables users to exchange data over any web-based sharing platform, while both keeping the communicated data confidential and hiding from a casual observer that an exchange of confidential data is taking place. We provide a proof-of-concept implementa- tion of our system in the form of a publicly available Fire- fox plugin, and demonstrate the viability of our approach through a performance evaluation.

References

MTurk. https://www.mturk.com/.Google Scholar
Strict origin policy. http://kb.mozillazine.org/ Security.fileuri.strict_origin_policy. Accessed on August 31, 2012.Google Scholar
Tor. http://www.torproject.org.Google Scholar
2peer. http://2peer.com. Accessed on Sept. 3, 2012.Google Scholar
L. Adkinson-Orellana, D. A. Rodriguez-Silva, F. J. Gonzalez-Castano, and D. Gonzalez-Martinez. Sharing secure documents in the cloud--a secure layer for Google Docs. In Proc. of CLOSER 2011.Google Scholar
R. Agrawal, A. Evfimievski, and R. Srikant. Information sharing across private databases. In Proc. of ACM SIGMOD, pages 86--97, June 2003. Google ScholarDigital Library
C. M. Au Yeung, I. Liccardi, K. Lu, O. Seneviratne, and T. Berners-Lee. Decentralization: The future of online social networking. In Proc. W3C Workshop on the Future of Social Networking, January 2009.Google Scholar
R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online social network with user-defined privacy. SIGCOMM Computing Communication Review, 39(4):135--146, 2009. Google ScholarDigital Library
A. Barth, D. Boneh, and B. Waters. Privacy in encrypted content distribution using private broadcast encryption. In Proc. of Financial Cryptography and Data Security, pages 52--64, Feb. 2006. Google ScholarDigital Library
F. Beato, M. Kohlweiss, and K. Wouters. Enforcing access control in social networks. In Proc. of HotPets 2009, pages 10--21, August 2009.Google Scholar
F. Beato, M. Kohlweiss, and K. Wouters. Scramble! your social network data. In Proc. of Privacy Enhancing Technologies, Waterloo, Canada, July 2011. Google ScholarDigital Library
F. Benevenuto, G. Magno, T. Rodrigues, and V. Almeida. Detecting spammers on Twitter. In Proc. of the 7th Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, Redmond, 2010.Google Scholar
T. Besenyei, A. M. Foldes, G. G. Gulyas, and S. Imre. StegoWeb: Towards the ideal private web content publishing tool. In Proc. of SECURWARE 2011, pages 109--114, August 2011.Google Scholar
P. Bichsel, S. Muller, F.-S. Preiss, D. Sommer, and M. Verdicchio. Security and trust through electronic social network-based interactions. Computational Science and Engineering, IEEE International Conference on, 4:1002--1007, 2009. Google ScholarDigital Library
D. Blei and J. Lafferty. A correlated topic model of science. Annals of Applied Statistics, 1:17--35, 2007.Google ScholarCross Ref
D. M. Blei. Probabilistic topic models. Communications of the ACM, 55:77-84, 2012. Google ScholarDigital Library
D. Boyd and A. Marwick. Social steganography: Privacy in networked publics. In International Communication Association, Boston, MA, May 2011.Google Scholar
J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. OpenPGP Message Format. RFC 4880 (Proposed Standard), November 2007.Google Scholar
J. Chang and D. Blei. Hierarchical relational models for document networks. Annals of Applied Statistics, 4(1):124--150, 2010.Google ScholarCross Ref
E. Constantinides, M. del Carmen Alarcon del Amo, and C. L. Romero. Profiles of social networking sites users in the netherlands. In Proc. of HTSF 2010.Google ScholarCross Ref
M. Conti, A. Hasani, and B. Crispo. Virtual private social networks. In Proc. of ACM CODASPY 2011. Google ScholarDigital Library
E. D. Cristofaro, C. Soriente, G. Tsudik, and A. Williams. Hummingbird: Privacy at the time of twitter. In IEEE Security and Privacy, 2012. Google ScholarDigital Library
L. A. Cutillo, R. Molva, and T. Strufe. Safebook: A privacy-preserving online social network leveraging on real-life trust. IEEE Communications Magazine, 47(12):94--101, 2009. Google ScholarDigital Library
G. D'Angelo, F. Vitali, and S. Zacchiroli. Content cloaking: Preserving privacy with Google Docs and other Web applications. In Proc. of SAC 2010, pages 826--830. Google ScholarDigital Library
Diaspora. https://joindiaspora.com/. Accessed on Sept. 3, 2012.Google Scholar
How many users are in the Diaspora network? Data as of Sept. 6, 2012. https://diasp.eu/stats.html. Accessed on Sept. 6, 2012.Google Scholar
DocCloak. http://www.gwebs.com/doccloak.html. Accessed on Sept. 3, 2012.Google Scholar
J. Dwyer. Four nerds and a cry to arms against Facebook. May 11, 2010. http://www.nytimes.com/2010/05/12/nyregion/12about.html. Accessed on Sept. 3, 2012.Google Scholar
Facebook and your privacy: Who sees the data you share on the biggest social network? Consumer Reports magazine, June 2012. http://www.consumerreports.org/cro/magazine/ 2012/06/facebook-your-privacy/index.htm. Accessed on Sept. 6, 2012.Google Scholar
Facebook Newsroom--Key Facts. http://newsroom.fb.com/content/default.aspx?NewsAreaId=22. Accessed on Sept. 3, 2012.Google Scholar
FireGPG. http://getfiregpg.org. Accessed on Sept. 3, 2012.Google Scholar
C. Gaffga. DCT-watermark: Robust watermarks for color JPEG in java. https://code.google.com/p/dct-watermark/. Accessed on Sept 3., 2012.Google Scholar
O. Goldreich, S. Goldwasser, and S. Micali. How to construct random functions. Journal of the ACM, 33(4):792--807, August 1986. Google ScholarDigital Library
A new approach to China. Google Official Blog, http://googleblog.blogspot.com/2010/01/new-approach-to-china.html, January 13, 2010.Google Scholar
P. Gutmann. Plug-and-play PKI: a PKI your mother can use. In Proc. of USENIX Security 2003, pages 4--4. Google ScholarDigital Library
S. Jahid, S. Nilizadeh, P. Mittal, N. Borisov, and A. Kapadia. DECENT: a decentralized architecture for enforcing privacy in online social networks. In Proc. of SESOC 2012, 2012.Google ScholarCross Ref
A. Kapadia. A case (study) for usability in secure email communication. Security Privacy, IEEE, 5(2):80--84, 2007. Google ScholarDigital Library
S. Katzenbeisser and F. A. Petitcolas, editors. Information Hiding Techniques for Steganography and Digital Watermarking. Artech House, Inc., Norwood, MA, USA, 2000. Google ScholarDigital Library
L. Kissner and D. Song. Privacy-preserving set operations. In Proc. of CRYPTO 2005, pages 241--257. Google ScholarDigital Library
H. Krawczyk. SIGMA: The 'SIGn-and-MAc' approach to authenticated Diffie-Hellman and its use in the IKE-protocols. In Proc. of CRYPTO 2003.Google ScholarCross Ref
B. Libert, K. G. Paterson, and E. A. Quaglia. Anonymous Broadcast Encryption: Adaptive Security and Efficient Constructions in the Standard Model. In Proc. of PKC 2012. Google ScholarDigital Library
M. M. Lucas and N. Borisov. FlyByNight: mitigating the privacy risks of social networking. In Proc. of ACM WPES, October 2008. Google ScholarDigital Library
W. Luo, Q. Xie, and U. Hengartner. FaceCloak: An architecture for user privacy on social networking sites. In Proc. of ICCSE 2009, pages 26--33, August 2009. Google ScholarDigital Library
MailCloak. http://www.gwebs.com/mailcloak.html. Accessed on Sept. 3, 2012.Google Scholar
MALLET. http://mallet.cs.umass.edu/. Accessed on August 31, 2012.Google Scholar
A. McCallum, X. Wang, and A. Corrada-Emmanuel. Topic and role discovery in social networks with experiments on enron and academic email. Journal of Artificial Intelligence Research, 30:249-272, 2007. Google ScholarDigital Library
Y. Oren and A. Wool. Perfect privacy for webmail with secret sharing. http://www.eng.tau.ac.il/~yos/spemail/OrenWool-SPEmail.pdf. Accessed on Sept. 6, 2012, Feb. 2009.Google Scholar
C. Pring. 100 more social media statistics for 2012. Web Blog "the social skinny". Feb. 13, 2012. http://thesocialskinny.com/100-more-social-media-statistics-for-2012/. Accessed on Sept. 6, 2012.Google Scholar
C. Riederer, V. Erramilli, A. Chaintreau, B. Krishnamurthy, and P. Rodriguez. For sale : your data: by : you. In Proc. of ACM HotNets-X 2011, pages 13:1--13:6. Google ScholarDigital Library
SecreTwit. http://code.google.com/p/secretwit/. Accessed on Sept. 6, 2012.Google Scholar
A. Tootoonchian, K. K. Gollu, S. Saroiu, Y. Ganjali, and A. Wolman. Lockr: social access control for Web 2.0. In Proc. of WOSN 2008, August 2008. Google ScholarDigital Library
Touring Hub. http://testing.turinghub.com/. Accessed on August 31, 2012.Google Scholar
Twitter turns six. Twitter Blog. March 21, 2012. http://blog.twitter.com/2012/03/twitter-turns-six.html. Accessed on Sept. 6, 2012.Google Scholar
J. E. Vascellaro. Google discloses privacy glitch. WJS Blogs, March 8, 2009. http://blogs.wsj.com/digits/2009/03/08/1214/. Accessed on Sept. 6, 2012.Google Scholar
C. Wang, N. Cao, J. Li, K. Ren, and W. Lou. Secure ranked keyword search over encrypted cloud data. In Proc. of ICDCS 2010, June 2010. Google ScholarDigital Library
Y. Wang and G. Mori. A discriminative latent model of image region and object tag correspondence. In Proc. of NIPS 2010.Google Scholar
D. Whiting, R. Housley, and N. Ferguson. Counter with CBC-MAC (CCM). RFC 3610, Sept. 2003. Google ScholarDigital Library
A. Whitten and J. D. Tygar. Why Johnny can't encrypt: a usability evaluation of PGP 5.0. In Proc. of USENIX Security 1999, pages 169--184. Google ScholarDigital Library
XPath. http://www.w3schools.com/xpath/. Accessed on Sept. 6, 2012.Google Scholar
C. M. Zhang and V. Paxson. Detecting and analyzing automated activity on Twitter. In Proc. of PAM 2011. Google ScholarDigital Library

Index Terms

For some eyes only: protecting online information sharing

Recommendations

BronzeGate: real-time transactional data obfuscation for GoldenGate
EDBT '10: Proceedings of the 13th International Conference on Extending Database Technology

Data privacy laws have appeared recently, such as the HIPAA laws for protecting medical records, and the PCI guidelines for protecting Credit Card information. Data privacy can be defined as maintaining the privacy of Personal Identifiable Information (...
Read More
A More Private & Secure E-Mail System using Image Steganography (EPS) and Data Mining
AICTC '16: Proceedings of the International Conference on Advances in Information Communication Technology & Computing

Data mining is a practice of automatically exploring and analysis of large quantities of data in order to discover valid, potentially useful and understandable patterns in data [1]. The data provided may contain private and user sensitive data leads to ...
Read More
User-aided reader revocation in PKI-based RFID systems
ESORICS 2010

Recent emergence of RFID tags capable of performing public key operations motivates new RFID applications, including electronic travel documents, identification cards and payment instruments. In this context, public key certificates form the cornerstone ...
Read More

Reviews

Reviewer: Guangwu Xu

This paper addresses an interesting data security and privacy issue on online sharing platforms. The authors propose a carefully designed system with strong user-side encryption. A notable feature of this system is that the ciphertext that is transmitted is invisible to unauthorized parties. Their idea is inspired by techniques from social steganography. The system needs an online sharing platform, as well as a storage service and a hash map directory. Using the paper's example, assume that Alice and Bob want to exchange protected messages on a sharing platform. Once they have exchanged cryptographic keys, Alice encrypts the intended message and stores the ciphertext c in the storage service. What Alice posts on the sharing platform is actually dummy data d that looks like a genuine file. Bob computes a keyed hash value of d and uses it as an index to fetch the (encrypted) address of c in the storage service from the hash map directory. With this address, Bob can get c and recover Alice's message by decryption. The paper provides a key management and security analysis, and addresses issues of semantics and mining attacks. A proof-of-concept implementation of the system is publicly available as a Firefox plug-in. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy
February 2013
400 pages
ISBN:9781450318907
DOI:10.1145/2435349
General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Lujo Bauer
Carnegie Mellon University, USA
,
Publications Chair:
Jaehong Park
University of Texas at San Antonio, USA
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 February 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
online sharing
privacy
security
steganography
usability
Qualifiers
- research-article
Conference

Acceptance Rates
CODASPY '13 Paper Acceptance Rate24of107submissions,22%Overall Acceptance Rate149of789submissions,19%
More
Upcoming Conference
CODASPY '24

Sponsor:

sigsac

Fourteenth ACM Conference on Data and Application Security and Privacy

June 19 - 21, 2024

Porto , Portugal
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 16
  Total Citations
  View Citations
- 662
  Total Downloads
- Downloads (Last 12 months)14
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

For some eyes only: protecting online information sharing

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

ABSTRACT

References

Cited By

Index Terms

Recommendations

BronzeGate: real-time transactional data obfuscation for GoldenGate

A More Private & Secure E-Mail System using Image Steganography (EPS) and Data Mining

User-aided reader revocation in PKI-based RFID systems

Reviews

Access critical reviews of Computing literature here