Analysis of key management protocols for social networks

  • S. Venkatesan
  • Vladimir A. Oleshchuk
  • C. Chellappan
  • Sourabh Prakash
Original Article

Abstract

Key management protocols play a major role in achieving data privacy in social networks because of the frequent addition and removal of users. Considering this, a remote storage service-key management protocol (RSS-KMP) is proposed in this paper and analysed the performance with respect to client addition and removal. RSS-KMP uses two keys, group key and content encryption/decryption key. Content decryption key will be encrypted using the group key and kept in social network service provider’s storage. Group key will be distributed to the clients or stored in the social network service provider storage securely. Each client gets or receives the group key to get the data decryption key further to decrypt data. To achieve re-key distribution efficiency, clients are grouped according to their nature of relationship and relationship trust levels. This paper also categorizes the social network items into sensitive and non-sensitive to give an idea to clients about items privacy requirement. Finally, paper analysed existing key management protocols and the proposed RSS-KMP with respect to storage, message and encryption to show the proposed protocol efficiency.

Keywords

Social networking services Data security Privacy Key management 

References

  1. Berg D, Leenes R (2010) Audience segregation in social network sites. In: Proceedings of IEEE international conference on social computing/IEEE international conference on privacy. Security. Risk and Trust, pp 1111–1116Google Scholar
  2. Canetti R, Garay JA, Itkis G, Micciancio D, Naor M, Pinkas B (1999) Multicast security: a taxonomy and some efficient constructions. In: Proceedings of eighteenth annual joint conference of the IEEE computer and communications societies (INFOCOM’99). vol 2. pp 708–716Google Scholar
  3. Challal Y, Seba H (2006) Group key management protocols: a novel taxonomy. Int J Inf Technol 2(2):105–118Google Scholar
  4. Challal Y, Bettahar H, Bouabdallah A (2004) SAKM: a scalable and adaptive key management approach for multicast communications. In: Proceedings of ACM SIGCOMM Computer Communications Review. vol 34(2), pp 55–70Google Scholar
  5. Ciriani V, De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P (2009) Fragmentation design for efficient query execution over sensitive distributed databases. In: Proceedings of 29th IEEE international conference on distributed computing systems, pp 32–39Google Scholar
  6. Ciriani V, De Capitani di Vimercati S, Foresti S, Jajodia S, Paraboschi S, Samarati P (2010) Combining fragmentation and encryption to protect privacy in data storage. ACM Trans Inf Syst Secur 13(3):1–30CrossRefGoogle Scholar
  7. Data Protection Act (1998) http://www.ico.gov.uk/for_organisations/data_protection/the_guide/key_definitions.aspx. Last accessed on 1st Nov 2014]
  8. Di Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P (2010) Fragments and loose associations: respecting privacy in data publishing. Proc VLDB Endow 3(1–2):1370–1381CrossRefGoogle Scholar
  9. Eskeland S, Oleshchuk V (2010) Secure group communication using fractional public keys. In: Proceedings of the international conference on availability, reliability, and security (ARES ‘10), pp 254–257Google Scholar
  10. Fiat A, Naor M (1993) Broadcast encryption. In: Proceedings of the 13th annual international cryptology conference on Advances in cryptology (CRYPTO ‘93), pp 480–491Google Scholar
  11. Gentry C, Waters B (2009) Adaptive security in broadcast encryption systems (with short ciphertexts). In: Proceedings of the 28th annual international conference on advances in cryptology: the theory and applications of cryptographic techniques In (EUROCRYPT’09). pp 171–188Google Scholar
  12. Goffman E (1959) The presentation of self in everyday life Doubleday. Doubleday Anchor Books. Doubleday and Company. Inc. Garden City, pp 1–12Google Scholar
  13. Günther F, Manulis M, Strufe T (2011) Key management in Distributed Online Social Networks. In: Proceedings of 2011 IEEE international symposium on world of wireless, mobile and multimedia networks (WoWMoM), pp 1–7Google Scholar
  14. Harney and Muckenhirn C (1997) Group key management protocol (GKMP) specification. RFC 2093Google Scholar
  15. Harney and Muckenhirn C (1997) Group key management protocol (GKMP) architecture. RFC 2094Google Scholar
  16. Mittra S (1997) Iolus: a framework for scalable secure multicasting. In: Proceedings of the ACM SIGCOMM ‘97 conference on applications, technologies, architectures, and protocols for computer communication. vol. 27(issue 4), pp 277–288Google Scholar
  17. Itani W, Kayssi A, Chehab A (2009) Privacy as a service: privacy—aware data storage and processing in cloud computing architectures. In: Proceedings of 2009 eighth IEEE international conference on dependable autonomic and secure computing, pp 711–716Google Scholar
  18. Jung Y, Nam Y, Kim J, Jeon W, Lee H, Won D (2014) Key management scheme using dynamic identity-based broadcast encryption for social network services. Adv Comput Sci Appl Lect Notes Electr Eng 279:435–443Google Scholar
  19. Kanagasingham P (2008) Data loss prevention. SANS Institute Infosec Reading Room. pp 1–38Google Scholar
  20. Kim Y, Perrig A, Tsudik G (2000) Simple and fault-tolerant key agreement for dynamic collaborative groups. In: Proceedings of the 7th ACM conference on Computer and communications security (ACM CCS 2000), pp. 235–244Google Scholar
  21. Liu K, Terzi E (2009) A framework for computing the privacy scores of users in online social networks. ACM Trans Knowl Discov Data 5(1):6:1–6:30 (Article 6)Google Scholar
  22. McAfee (2013) Identify sensitive data and prevent data leaks, TITUS Document Classification v3.3 and McAfee Data Loss Prevention 9. McAfee Compatible Solution. http://www.mcafee.com/us/resources/solution-briefs/sb-titus.pdf. Last accessed on 16 Jan 2013
  23. Shamir A (1979) How to share a secret. Commun ACM (Mag) 22(11):612–613MathSciNetCrossRefMATHGoogle Scholar
  24. Sherman AT, McGrew DA (2003) Key establishment in large dynamic groups using one-way function trees. IEEE Trans Softw Eng 29(5):444–458CrossRefGoogle Scholar
  25. Sun J, Zhu X, Fang Y (2010) A privacy-preserving scheme for online social networks with efficient revocation. Proc IEEE INFOCOM 1–9Google Scholar
  26. Yüksel S, Yüksel ME, Zaim AH (2010) An approach for protecting privacy on social networks. In: Proceedings of 2010 fifth international conference on systems and networks communications, pp 154–159Google Scholar

Copyright information

© Springer-Verlag Wien 2015

Authors and Affiliations

  • S. Venkatesan
    • 1
  • Vladimir A. Oleshchuk
    • 2
  • C. Chellappan
    • 3
  • Sourabh Prakash
    • 1
  1. 1.Network Security and Cryptography Lab, Department of Information TechnologyIndian Institute of Information TechnologyAllahabadIndia
  2. 2.Department of Information and Communication Technology, Faculty of Engineering and ScienceUniversity of AgderKristiansandNorway
  3. 3.Department of Computer Science and EngineeringGKM College of Engineering & Technology, Anna UniversityChennaiIndia

Personalised recommendations