Let Only the Right One IN: Privacy Management Scheme for Social Network
Current social networking sites protect user data by making it available only to a restricted set of people, often friends. However, the concept of ‘friend’ is illusory in social networks. Adding a person to the friends list without verifying his/her identity can lead to many serious consequences like identity theft, privacy loss, etc. We propose a novel verification paradigm to ensure that a person (Bob) who sends a friend request (to Alice) is actually her friend, and not someone who is faking his identity. Our solution is based on what Bob might know and verify about Alice. We work on the premise that a friend knows a person’s preferences better than a stranger. To verify our premise, we conducted a two stage user study. Results of the user study are encouraging. We believe our solution makes a significant contribution, namely, the way it leverages the benefits of preference based authentication and challenge response schemes.
KeywordsPrivacy over social networks preference based authentication friend verification challenge response schemes
Unable to display preview. Download preview PDF.
- 3.Boyd, D.: Why Youth (Heart) Social Network Sites: The Role of Networked Publics in Teenage Social Life, pp. 119–142. MIT Press, Cambridge (2007)Google Scholar
- 4.Grimmelmann, J.: Facebook and the social dynamics of privacy (August 2008)Google Scholar
- 5.Gross, R., Acquisti, A.: Information revelation and privacy in online social networks (the Facebook case). In: Proceedings of the 2005 ACM workshop on Privacy in the electronic society, pp. 71–80 (2005)Google Scholar
- 7.John, O.P., Srivastava, S.: The big five trait taxonomy: History, measurement, and theoretical perspectives, pp. 102–138. Guilford Press, New York (1999)Google Scholar
- 14.Yu, H., Gibbons, P.B., Kaminsky, M., Xiao, F.: Sybillimit: A near-optimal social network defense against sybil attacks. In: SP 2008: Proceedings of the 2008 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 3–17. IEEE Computer Society, Los Alamitos (2008)Google Scholar