Privacy Analysis of a Hidden Friendship Protocol

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8247)

Abstract

Friendship relations are a defining property of online social networks. On the one hand, and beyond their cultural interpretation, they sustain access control mechanisms and are privacy-enhancing by limiting the proliferation of personal information. On the other hand, the publicity of friendship links is privacy-invasive. We outline a distributed authentication protocol based on hidden friendship links that has been suggested in earlier work. We then investigate its formalisation and, using model-checking, we carry out a mechanised analysis of the protocol that enables the revision and rectification of the earlier version. We thus demonstrate more generally how model-checking and epistemic logic can be used for the detection of privacy and security vulnerabilities in authentication protocols for social networks.

References

  1. [ABB+05]
    Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). http://www.avispa-project.org/publications.html
  2. [Aug95]
    Lowe, G.: An attack on the needham-schroeder public-key authentication protocol. Inf. Process. Lett. 56, 131–133 (1995)CrossRefMATHGoogle Scholar
  3. [BAN90]
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)CrossRefGoogle Scholar
  4. [BM10]
    Brickley, D., Miller, L.: FOAF Vocabulary Specification 0.97. Namespace document, January 2010Google Scholar
  5. [BP09]
    Bonneau, J., Preibusch, S.: The privacy jungle: on the market for data protection in social networks. In: The Ninth Workshop on the Economics of Information Security (WEIS 09), March 2009Google Scholar
  6. [BS11]
    Blanchet, B., Smyth, B.: ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial (2011)Google Scholar
  7. [CD07]
    Cohen, M., Dam, M.: A complete axiomatization of knowledge and cryptography. In: Proceedings of the 22nd IEEE Symposium on Logic in Computer Science (LICS 2007), 10–12 July 2007, Wroclaw, Poland, pp. 77–88. IEEE Computer Society (2007)Google Scholar
  8. [Dam11]
    Dam, M.: A little knowledge goes a bit further. invited talk. In: Annual Meeting of Priority Program RS3 – Reliably Secure Software Systems (2011)Google Scholar
  9. [Fac09]
    Facebook. Updates on your new privacy tools (2009)Google Scholar
  10. [Fed11]
    Federated Social Web Europe. Federated social architectures and protocols, privacy on the federated social web (2011)Google Scholar
  11. [FOA10]
    FOAF project. The Friend of a Friend (FOAF) project (2010)Google Scholar
  12. [KMPS12]
    Kammüller, F., Mapp, G., Patel, S., Sani, A.S.: Engineering security pro tocols with modelchecking – radius-sha256 and secured simple protocol. In: International Conference on Internet Monitoring and Protection, ICIMP’12 (2012)Google Scholar
  13. [KP13]
    Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: Workshop on Research in Insider Threats WRIT’13 - IEEE CS Security and Privacy Workshops, SPW (2013)Google Scholar
  14. [LQR09]
    Lomuscio, A., Qu, H., Raimondi, F.: MCMAS: a model checker for the verification of multi-agent systems. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 682–688. Springer, Heidelberg (2009)Google Scholar
  15. [MyS08]
    MySpace. Profile 2.0 launch - check it out :) (2008)Google Scholar
  16. [PB09]
    Preibusch, S., Beresford, A.R.: Establishing distributed hidden friendship relations. In: Seventeenth International Workshop on Security Protocols (2009)Google Scholar
  17. [Sta06]
    Stanford Encyclopedia of Philosophy. Epistemic logic (2006)Google Scholar
  18. [ZG09]
    Zheleva, E., Getoor, L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th International Conference on World Wide Web (WWW ’09), pp. 531–540. ACM, New York (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  1. 1.Middlesex UniversityLondonUK
  2. 2.Microsoft ResearchCambridgeUK

Personalised recommendations