Event Invitations in Privacy-Preserving DOSNs

Formalization and Protocol Design
  • Guillermo Rodríguez-Cano
  • Benjamin Greschbach
  • Sonja Buchegger
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 457)


Online Social Networks (OSNs) have an infamous history of privacy and security issues. One approach to avoid the massive collection of sensitive data of all users at a central point is a decentralized architecture.

An event invitation feature – allowing a user to create an event and invite other users who then can confirm their attendance – is part of the standard functionality of OSNs. We formalize security and privacy properties of such a feature like allowing different types of information related to the event (e.g., how many people are invited/attending, who is invited/attending) to be shared with different groups of users (e.g., only invited/attending users).

Implementing this feature in a Privacy-Preserving Decentralized Online Decentralized Online is non-trivial because there is no fully trusted broker to guarantee fairness to all parties involved. We propose a secure decentralized protocol for implementing this feature, using tools such as storage location indirection, ciphertext inferences and a disclose-secret-if-committed mechanism, derived from standard cryptographic primitives.

The results can be applied in the context of Privacy-Preserving DOSNs, but might also be useful in other domains that need mechanisms for cooperation and coordination, e.g., Collaborative Working Environment and the corresponding collaborative-specific tools, i.e., groupware, or Computer-Supported Collaborative Learning.


Event invitation Privacy Decentralized Online Social Networks 



This research has been funded by the Swedish Foundation for Strategic Research grant SSF FFL09-0086 and the Swedish Research Council grant VR 2009-3793.


  1. 1.
    Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. In: Rodriguez, P., Biersack, E.W., Papagiannaki, K., Rizzo, L. (eds.) SIGCOMM, pp. 135–146. ACM (2009)Google Scholar
  2. 2.
    Buszko, D., Lee, W.H.D., Helal, A.: Decentralized ad-hoc groupware API and framework for mobile collaboration. In: GROUP, pp. 5–14. ACM (2001)Google Scholar
  3. 3.
    Cutillo, L.A., Molva, R., Strufe, T.: Safebook: a privacy-preserving online social network leveraging on real-life trust. IEEE Commun. 47(12), 94–101 (2009)CrossRefGoogle Scholar
  4. 4.
    El-Saddik, A., Rahman, A.S.M.M., Abdala, S., Solomon, B.: PECOLE: P2P multimedia collaborative environment. Multimed. Tools Appl. 39(3), 353–377 (2008)CrossRefGoogle Scholar
  5. 5.
    Famulari, A., Hecker, A.: Mantle: a novel DOSN leveraging free storage and local software. In: Guyot, V. (ed.) ICAIT 2012. LNCS, vol. 7593, pp. 213–224. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  6. 6.
    Freitas, M.: twister - a P2P microblogging platform. CoRR abs/1312.7152 (2013)Google Scholar
  7. 7.
    Gilbert, H., Handschuh, H.: Security analysis of SHA-256 and sisters. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 175–193. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  8. 8.
    Greschbach, B., Kreitz, G., Buchegger, S.: The devil is in the metadata - new privacy challenges in decentralised online social networks. In: PerCom Workshops, pp. 333–339. IEEE (2012)Google Scholar
  9. 9.
    Greschbach, B., Kreitz, G., Buchegger, S.: User search with knowledge thresholds in decentralized online social networks. In: Hansen, M., Hoepman, J.-H., Leenes, R., Whitehouse, D. (eds.) Privacy and Identity 2014. IFIP AICT, vol. 421, pp. 188–202. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  10. 10.
    Johnson-Lenz, P., Johnson-Lenz, T.: Groupware: coining and defining it. SIGGROUP Bull. 19(2), 34 (1998)CrossRefGoogle Scholar
  11. 11.
    Kim, M.K., Kim, H.C.: Awareness and privacy in groupware systems. In: CSCWD, pp. 984–988. IEEE (2006)Google Scholar
  12. 12.
    Li, W.D., Ong, S.K., Fuh, J.Y.H., Wong, Y.S., Lu, Y.Q., Nee, A.Y.C.: Feature-based design in a distributed and collaborative environment. Comput. Aided Des. 36(9), 775–797 (2004)CrossRefGoogle Scholar
  13. 13.
    Lunden, I.: Facebook turns off facial recognition in the EU, gets the all-clear on several points from Ireland’s data protection commissioner on its review, September 2012.
  14. 14.
    Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2009).
  15. 15.
    Reinhard, W., Schweitzer, J., Völksen, G., Weber, M.: CSCW tools: concepts and architectures. IEEE Comput. 27(5), 28–36 (1994)CrossRefGoogle Scholar
  16. 16.
    Rodden, T., Blair, G.S.: CSCW and distributed systems: the problem of control. In: Bannon, L.J., Robinson, M., Schmidt, K. (eds.) ECSCW. Kluwer (1991)Google Scholar
  17. 17.
    Rowstron, A., Druschel, P.: Pastry: scalable, decentralized object location, and routing for large-scale peer-to-peer systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–350. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  18. 18.
    Shih, G.: Facebook admits year-long data breach exposed 6 million users, June 2013.
  19. 19.
    Smith, C.: Reinventing social media: Deep learning, predictive marketing, and image recognition will change everything, March 2014.
  20. 20.
    Trevor, J., Koch, T., Woetzel, G.: Metaweb: bringing synchronous groupware to the world wide web. In: ECSCW, pp. 65–80 (1997)Google Scholar
  21. 21.
    Zhang, G., Jin, Q.: Scalable information sharing utilizing decentralized p2p networking integrated with centralized personal and group media tools. In: AINA (2), pp. 707–711. IEEE Computer Society (2006)Google Scholar
  22. 22.
    Zurko, M.E.: IBM Lotus Notes/Domino: Embedding Security in Collaborative Applications, Chap. 30. O’Reilly Media, Inc., Sebastopol (2005) Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2015

Authors and Affiliations

  • Guillermo Rodríguez-Cano
    • 1
  • Benjamin Greschbach
    • 1
  • Sonja Buchegger
    • 1
  1. 1.School of Computer Science and CommunicationKTH Royal Institute of TechnologyStockholmSweden

Personalised recommendations