Skip to main content
SpringerLink
Log in

Social Authentication: Harder Than It Looks

  • Conference paper
Financial Cryptography and Data Security (FC 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7397))

Included in the following conference series:

Abstract

A number of web service firms have started to authenticate users via their social knowledge, such as whether they can identify friends from photos. We investigate attacks on such schemes. First, attackers often know a lot about their targets; most people seek to keep sensitive information private from others in their social circle. Against close enemies, social authentication is much less effective. We formally quantify the potential risk of these threats. Second, when photos are used, there is a growing vulnerability to face-recognition algorithms, which are improving all the time. Network analysis can identify hard challenge questions, or tell a social network operator which users could safely use social authentication; but it could make a big difference if photos weren’t shared with friends of friends by default. This poses a dilemma for operators: will they tighten their privacy default settings, or will the improvement in security cost too much revenue?

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Acquisti, A., Gross, R., Stutzman, F.: Faces of facebook: Privacy in the age of augmented reality (2011), http://www.heinz.cmu.edu/~acquisti/face-recognition-study-FAQ/

  2. Acquisti, A., Gross, R.: Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 36–58. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Ahern, S., Eckles, D., Good, N.S., King, S., Naaman, M., Nair, R.: Over-exposed?: privacy patterns and considerations in online and mobile photo sharing. In: CHI 2007: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 357–366. ACM, New York (2007)

    Chapter  Google Scholar 

  4. Becker, B.C., Ortiz, E.G.: Evaluation of face recognition techniques for application to facebook. In: IEEE International Conference on Automatic Face and Gesture Recognition, pp. 1–6 (2008)

    Google Scholar 

  5. Blondel, V.D., Guillaume, J.L., Lambiotte, R., Lefebvre, E.: Unfolding communities in large complex networks: Combining defensive and offensive label propagation for core extraction. Physical Review E 83(3), 036103 (2011)

    Article  Google Scholar 

  6. Bonneau, J., Anderson, J., Anderson, R., Stajano, F.: Eight friends are enough: social graph approximation via public listings. In: Proceedings of the Second ACM EuroSys Workshop on Social Network Systems, SNS 2009, pp. 13–18. ACM, New York (2009)

    Chapter  Google Scholar 

  7. Bonneau, J., Just, M., Matthews, G.: What’s in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 98–113. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Daugman, J.: The importance of being random: statistical principles of iris recognition. Pattern Recognition 36(2), 279–291 (2003)

    Article  Google Scholar 

  9. Golle, P.: Machine learning attacks against the Asirra CAPTCHA. In: CCS 2008: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 535–542. ACM, New York (2008)

    Chapter  Google Scholar 

  10. Just, M.: On the design of challenge question systems. IEEE Security and Privacy 2, 32–39 (2004)

    Google Scholar 

  11. Kim, H., Bonneau, J.: Privacy-enhanced public view for social graphs. In: SWSM 2009: Proceeding of the 2nd ACM Workshop on Social Web Search and Mining, pp. 41–48. ACM, New York (2009)

    Chapter  Google Scholar 

  12. Kluever, K.A., Zanibbi, R.: Balancing usability and security in a video CAPTCHA. In: SOUPS 2009: Proceedings of the 5th Symposium on Usable Privacy and Security, pp. 1–11. ACM, New York (2009)

    Chapter  Google Scholar 

  13. Krishnamurthy, B., Wills, C.E.: Characterizing privacy in online social networks. In: WOSP 2008: Proceedings of the First Workshop on Online Social Networks, pp. 37–42. ACM, New York (2008)

    Chapter  Google Scholar 

  14. Lipford, H.R., Besmer, A., Watson, J.: Understanding privacy settings in facebook with an audience view. In: Proceedings of the 1st Conference on Usability, Psychology, and Security, pp. 2:1–2:8. USENIX, Berkeley (2008)

    Google Scholar 

  15. Rice, A.: A Continued Commitment to Security (January 2011), http://blog.facebook.com/blog.php?post=486790652130

  16. Wasserman, S., Faust, K.: Social Network Analysis: Methods and Applications. Cambridge University Press (1994)

    Google Scholar 

  17. Willinger, W., Rejaie, R., Torkjazi, M., Valafar, M., Maggioni, M.: Research on online social networks: time to face the real challenges. SIGMETRICS Performance Evaluation Review 37, 49–54 (2010)

    Article  Google Scholar 

  18. Yardi, S., Feamster, N., Bruckman, A.: Photo-based authentication using social networks. In: WOSP 2008: Proceedings of the First Workshop on Online Social Networks, pp. 55–60. ACM, New York (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Laboratory, University of Cambridge, UK

    Hyoungshick Kim, John Tang & Ross Anderson

Authors
  1. Hyoungshick Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ross Anderson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Columbia University, 1214 Amsterdam Avenue, 10027-7003, New York, NY, USA

    Angelos D. Keromytis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, H., Tang, J., Anderson, R. (2012). Social Authentication: Harder Than It Looks. In: Keromytis, A.D. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7397. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-32946-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-32946-3_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-32945-6

  • Online ISBN: 978-3-642-32946-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation