Cryptographic Treatment of Private User Profiles

  • Felix Günther
  • Mark Manulis
  • Thorsten Strufe
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7126)


The publication of private data in user profiles in a both secure and private way is a rising problem and of special interest in, e.g., online social networks that become more and more popular. Current approaches, especially for decentralized networks, often do not address this issue or impose large storage overhead. In this paper, we present a cryptographic approach to Private Profile Management that is seen as a building block for applications in which users maintain their own profiles, publish and retrieve data, and authorize other users to access different portions of data in their profiles. In this course, we provide: (i) formalization of confidentiality and unlinkability as two main security and privacy goals for the data which is kept in profiles and users who are authorized to retrieve this data, and (ii) specification, analysis, and comparison of two private profile management schemes based on different encryption techniques.


Online Social Network Private User Symmetric Encryption Storage Overhead Privacy Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. In: ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 135–146 (2009)Google Scholar
  2. 2.
    Barth, A., Boneh, D., Waters, B.: Privacy in Encrypted Content Distribution using Private Broadcast Encryption. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 52–64. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Bethencourt, J., Sahai, A., Waters, B.: Ciphertext-policy attribute-based encryption. In: IEEE Symposium on Security and Privacy (S&P 2007), pp. 321–334 (2007)Google Scholar
  4. 4.
    Buchegger, S., Schiöberg, D., Vu, L.-H., Datta, A.: PeerSoN: P2P social networking: early experiences and insights. In: ACM EuroSys Workshop on Social Network Systems (SNS 2009), pp. 46–52 (2009)Google Scholar
  5. 5.
    Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, R.: OpenPGP Message Format. RFC 4880, Informational (2007)Google Scholar
  6. 6.
    Canetti, R., Garay, J.A., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: A taxonomy and some efficient constructions. In: INFOCOM 1999, pp. 708–716 (1999)Google Scholar
  7. 7.
    Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in web-based social networks. ACM Transactions on Information and System Security 13(1) (2009)Google Scholar
  8. 8.
    Cutillo, L.A., Molva, R., Strufe, T.: Safebook: A privacy-preserving online social network leveraging on real-life trust. IEEE Communications Magazine 47(12) (2009); Consumer Communications and Networking SeriesGoogle Scholar
  9. 9.
    Gentry, C., Waters, B.: Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts). In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 171–188. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Gjoka, M., Kurant, M., Butts, C.T., Markopoulou, A.: Walking in Facebook: A Case Study of Unbiased Sampling of OSNs. In: INFOCOM 2010, pp. 2498–2506 (2010)Google Scholar
  11. 11.
    Golder, S.A., Wilkinson, D.M., Huberman, B.A.: Rhythms of social interaction: Messaging within a massive online network. In: Communities and Technologies 2007, pp. 41–66 (2007)Google Scholar
  12. 12.
    Graffi, K., Mukherjee, P., Menges, B., Hartung, D., Kovacevic, A., Steinmetz, R.: Practical security in p2p-based social networks. In: Annual IEEE Conference on Local Computer Networks (LCN 2009), pp. 269–272 (2009)Google Scholar
  13. 13.
    Graffi, K., Podrajanski, S., Mukherjee, P., Kovacevic, A., Steinmetz, R.: A distributed platform for multimedia communities. In: IEEE International Symposium on Multimedia (ISM 2008), pp. 208–213 (2008)Google Scholar
  14. 14.
    Gross, R., Acquisti, A.: Information revelation and privacy in online social networks. In: ACM Workshop on Privacy in the Electronic Society (WPES 2005), pp. 71–80 (2005)Google Scholar
  15. 15.
    Günther, F., Manulis, M., Strufe, T.: Cryptographic Treatment of Private User Profiles. Cryptology ePrint Archive, Report 2011/064 (2011),
  16. 16.
    Jahid, S., Mittal, P., Borisov, N.: EASiER: Encryption-based access control in social networks with efficient revocation. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS 2011), pp. 411–415 (2011)Google Scholar
  17. 17.
    Lucas, M.M., Borisov, N.: flyByNight: mitigating the privacy risks of social networking. In: Symposium on Usable Privacy and Security, SOUPS 2009 (2009)Google Scholar
  18. 18.
    Mislove, A., Marcon, M., Gummadi, P.K., Druschel, P., Bhattacharjee, B.: Measurement and analysis of online social networks. In: ACM SIGCOMM Conference on Internet Measurement 2007, pp. 29–42 (2007)Google Scholar
  19. 19.
    PrimeLife. Scramble! (September 2010),
  20. 20.
    Sherman, A.T., McGrew, D.A.: Key Establishment in Large Dynamic Groups Using One-Way Function Trees. IEEE Transactions on Software Engineering 29(5), 444–458 (2003)CrossRefGoogle Scholar
  21. 21.
    Tootoonchian, A., Saroiu, S., Ganjali, Y., Wolman, A.: Lockr: better privacy for social networks. In: ACM International Conference on Emerging Networking Experiments and Technologies (CoNEXT 2009), pp. 169–180 (2009)Google Scholar
  22. 22.
    Wallner, D., Harder, E., Agee, R.: Key Management for Multicast: Issues and Architectures. RFC 2627, Informational (1999)Google Scholar
  23. 23.
    Wong, C.K., Gouda, M.G., Lam, S.S.: Secure group communications using key graphs. In: ACM SIGCOMM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications 1998, pp. 68–79 (1998)Google Scholar
  24. 24.
    Zheleva, E., Getoor, L.: To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: International Conference on World Wide Web (WWW 2009), pp. 531–540 (2009)Google Scholar
  25. 25.
    Zhu, Y., Hu, Z., Wang, H., Hu, H., Ahn, G.-J.: A Collaborative Framework for Privacy Protection in Online Social Networks. In: International Conference on Collaborative Computing (CollaborateCom 2010) (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Felix Günther
    • 1
  • Mark Manulis
    • 1
  • Thorsten Strufe
    • 1
  1. 1.TU Darmstadt & CASEDGermany

Personalised recommendations