Authors: Roman Schlegel; Duncan S. Wong
Addresses: Department of Computer Science, City University of Hong Kong, Tat Chee Avenue, Kowloon Tong, Kowloon, Hong Kong ' Department of Computer Science, City University of Hong Kong, Tat Chee Avenue, Kowloon Tong, Kowloon, Hong Kong
Abstract: Nowadays, users are sharing an unprecedented amount of personal information on social networking websites, generating serious privacy concerns. This information is barely protected from access by unauthorised users and the social networking provider (SNP) itself always has access to all content. Some existing solutions for this problem require an external third-party server or incur a key distribution overhead, thus having either a noticeable impact on the user experience, or containing a single-point-of-failure. We propose a new solution, which through a novel application of a broadcast encryption scheme achieves the following: 1) content posted by a user can only be read by authorised users and nobody else, not even the SNP; 2) no external server is necessary during normal operations. The system can be used directly with existing social networking sites. We implemented a prototype for Facebook and perform a thorough evaluation, showing that the scheme is feasible, scalable and practical.
Keywords: privacy preservation; applied cryptography; private friends; social networking sites; SNS; overly curious SNPs; social network providers; personal information; information sharing; privacy protection; network security; broadcast encryption; user authorisation; Facebook.
International Journal of Computational Science and Engineering, 2015 Vol.10 No.3, pp.281 - 292
Available online: 05 Apr 2015 *Full-text access for editors Access for subscribers Purchase this article Comment on this article