Advertisement

Street-Level Trust Semantics for Attribute Authentication

  • Tiffany Hyun-Jin Kim
  • Virgil Gligor
  • Adrian Perrig
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7622)

Abstract

The problem of determining whether a receiver may safely accept attributes (e.g., identity, credentials, location) of unknown senders in various online social protocols is a special instance of a more general problem of establishing trust in interactive protocols. We introduce the notion of interactive trust protocols to illustrate the usefulness of social collateral in reducing the inherent trust asymmetry in large classes of online user interactions. We define a social collateral model that allows receivers to accept attributes from unknown senders based on explicit recommendations received from social relations. We use social collateral as a measure of both social relations and “tie strength” among individuals to provide different degrees of accountability when accepting attribute information from unknown senders. Our model is robust in the face of several specific attacks, such as impersonation and tie-strength-amplification attacks. Preliminary experiments with visualization of measured tie strength among users of a social network indicate that the model is usable by ordinary protocol participants.

Keywords

Online Social Network Trusted Third Party Mutual Friend Online Identity Trust Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
    Bilge, L., Strufe, T., Balzarotti, D., Kirda, E.: All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks. In: Proceedings of WWW (2009)Google Scholar
  3. 3.
    Economist. Duly notarised (September 2011), http://www.economist.com/blogs/babbage/2011/09/internet-security
  4. 4.
    Edwards, J., Ogilvie, S.: Contract Enforcement, Institutions and Social Capital: the Maghribi Traders Reappraised. CSEIFO Working Paper (March 2008)Google Scholar
  5. 5.
    Friedkin, N.E.: A Test of Structural Features of Granovetter’s Strength of Weak Ties Theory. Social Networks (1980)Google Scholar
  6. 6.
    Gilbert, E., Karahalios, K.: Predicting Tie Strength With Social Media. In: Proceedings of the 27th ACM SIGCHI Conference on Human Factors in Computing Systems, CHI (2009)Google Scholar
  7. 7.
    Gilbert, E., Karahalios, K., Sandvig, C.: The Network in the Garden: An Empirical Analysis of Social Media in Rural Life. In: Proceedings of the 26th ACM SIGCHI Conference on Human Factors in Computing Systems, CHI (2008)Google Scholar
  8. 8.
    Gligor, V., Perrig, A., Zhao, J.: Brief Encounters with a Randomkey Graph. In: Proceedings of the 17th Security Protocols Workshop (April 2009)Google Scholar
  9. 9.
    Gligor, V.: Towards a Theory of Trust in Networks of Humans and Computers (Transcript of Discussion). In: Christianson, B., Crispo, B., Malcolm, J., Stajano, F. (eds.) Security Protocols 2011. LNCS, vol. 7114, pp. 243–257. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  10. 10.
    Goldberg, J.: Making reputation work: re-examining law, labor and enforcement among Geniza businessmen. Before and Beyond Europe: Economic Change in Historical Perspective (Yale University) (February 2011)Google Scholar
  11. 11.
    Granovetter, M.S.: The Strength of Weak Ties. The American Journal of Socialogy (1973)Google Scholar
  12. 12.
    Grief, A.: Contract Enforceability and Economic Institutions in Early Trade: the Maghribi Traders Coalition. American Economic Review (June 1993)Google Scholar
  13. 13.
    Hamiel, N., Moyer, S.: Satan Is On My Friends List: Attacking Social Networks. In: Black Hat Conference (2008)Google Scholar
  14. 14.
    Hu, Q., Xu, Z., Dinev, T., Ling, H.: Does Deterrence Work in Reducing Information Security Policy Abuse by Employees? Communications of the ACM (2011)Google Scholar
  15. 15.
    Karlan, D., Mobius, M., Rosenblat, T., Szeidl, A.: Trust and Social Collateral. The Quarterly Journal of Economics (August 2009)Google Scholar
  16. 16.
    Kent, S.T., Millett, L.I. (eds.): Who Goes There? Authentication Through the Lens of Privacy. National Academies Press (2003)Google Scholar
  17. 17.
    Kim, T.H.-J., Bauer, L., Newsome, J., Perrig, A., Walker, J.: Challenges in access right assignment for secure home networks. In: Proceedings of the 5th USENIX Workshop on Hot Topics in Security, HotSec 2010 (2010)Google Scholar
  18. 18.
    Kim, T.H.-J., Yamada, A., Gligor, V., Hong, J.I., Perrig, A.: RelationGrams: Tie-Strength Visualization for User-Controlled Online Identity Authentication. Technical Report CMU-CyLab-11-014, Carnegie Mellon University (2011)Google Scholar
  19. 19.
    Krackhardt, D.: The Strength of Strong Ties: The Importance of Philos in Organizations. In: Nohria, N., Eccles, R. (eds.) Networks and Organizations: Structure, Form, and Action (1992)Google Scholar
  20. 20.
    Lin, N., Dayton, P.W., Greenwald, P.: Analyizing the Instrumental Use of Relations in the Context of Social Structure. Sociological Methods ResearchGoogle Scholar
  21. 21.
    Moore, A.P., Cappelli, D.M., Caron, T.C., Shaw, E., Spooner, D., Trzeciak, R.F.: A Preliminary Model of Insider Theft of Intellectual Property. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (2011)Google Scholar
  22. 22.
    Moore, A.P., Cappelli, D.M., Trzeciak, R.F.: The ”Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures. Technical Report CMU/SEI-2008-TR-009, Carnegie Mellon University (2008)Google Scholar
  23. 23.
    Ryan, T.: Getting in Bed with Robin Sage. In: Black Hat Conference (2010)Google Scholar
  24. 24.
    Shi, X., Adamic, L.A., Strauss, M.J.: Networks of Strong Ties. Physica A: Statistical Mechanics and its ApplicationsGoogle Scholar
  25. 25.
    Shneiderman, B.: Designing Trust into Online Experiences. Communications of the ACM (2000)Google Scholar
  26. 26.
    Stajano, F., Wilson, P.: Understanding Scam Victims: Seven Principles for Systems Security. Communications of the ACM (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Tiffany Hyun-Jin Kim
    • 1
  • Virgil Gligor
    • 1
  • Adrian Perrig
    • 1
  1. 1.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations