Arjan Jeckmans

Privacy in Online Social Networks

Online social networks (OSNs) have become part of daily life for millions of users. Users building explicit networks that represent their social relationships and often share a wealth of personal information to their own benefit. The potential privacy risks of such behavior are often underestimated or ignored. The problem is exacerbated by lacking experience and awareness in users, as well as poorly designed tools for privacy management on the part of the OSN. Furthermore, the centralized nature of OSNs makes users dependent and puts the service provider in a position of power. Because service providers are not by definition trusted or trustworthy, their practices need to be taken into account when considering privacy risks. This chapter aims to provide insight into privacy in OSNs. First, a classification of different types of OSNs based on their nature and purpose is made. Next, different types of data contained in OSNs are distinguished. The associated privacy risks in relation to both users and service providers are identified, and finally, relevant research areas for privacy-protecting techniques are discussed. Clear mappings are made to reflect typical relations that exist between OSN type, data type, particular privacy risks, and privacy-preserving solutions.

Privacy in Recommender Systems

In many online applications, the range of content that is offered to users is so wide that a need for automated recommender systems arises. Such systems can provide a personalized selection of relevant items to users. In practice, this can help people find entertaining movies, boost sales through targeted advertisements, or help social network users meet new friends. To generate accurate personalized recommendations, recommender systems rely on detailed personal data on the preferences of users. Examples are ratings, consumption histories, and personal profiles. Recommender systems are useful, however the privacy risks associated to gathering and processing personal data are often underestimated or ignored. Many users are not sufficiently aware if and how much of their data is collected, if such data is sold to third parties, or how securely it is stored and for how long. This chapter aims to provide insight into privacy in recommender systems. First, we discuss different types of existing recommender systems. Second, we give an overview of the data that is used in recommender systems. Third, we examine the associated risks to data privacy. Fourth, relevant research areas for privacy-protection techniques and their applicability to recommender systems are discussed. Finally, we conclude with a discussion on applying and combining different privacy-protection techniques in real-world settings, making clear mappings to reflect typical relations between recommender system types, information types, particular privacy risks, and privacy-protection techniques.

Efficient privacy-enhanced familiarity-based recommender system

Recommender systems can help users to find interesting content, often based on similarity with other users. However, studies have shown that in some cases familiarity gives comparable results to similarity. Using familiarity has the added bonus of increasing privacy between users and utilizing a smaller dataset. In this paper, we propose an efficient privacy-enhanced recommender system that is based on familiarity. It is built on top of any given social network (without changing its behaviour) that already has information about the social relations between users. Using secure multi-party computation techniques and somewhat homomorphic encryption the privacy of the users can be ensured, assuming honest-but-curious participants. Two different solutions are given, one where all users are online, and another where most users are offline. Initial results on a prototype and a dataset of 50 familiar users and 1000 items show a recommendation time of four minutes for the solution with online users and of five minutes for the solution with offline users.

Privacy-preserving profile matching using the social graph

We present a privacy-preserving protocol for users to test a match with potential new friends in an environment where all users cryptographically encrypt their private information. The following scenario is considered. Suppose that user Alice thinks that Bob might be a good new friend. So, Alice and the Online Social Network (representing Bob) engage in a two-party matching protocol. In this protocol no work from Bob is required, Bob can be offline. The matching protocol is designed to give Alice an indication if Bob is similar to her based on their profiles. We show that the process does so without revealing the private information of Alice and Bob to one another and to the Online Social Network.

Efficient Client Puzzle Schemes to Mitigate DoS Attacks

A (computational) client puzzle scheme enables a client to prove to a server that a certain amount of computing resources (CPU cycles and/or Memory lookups) has been dedicated to solve a puzzle. In a number of different scenarios, researchers have applied client puzzle schemes to mitigate DoS attacks. In this paper, we introduce two batch verification modes for the RSW client puzzle scheme in order to improve the verification efficiency for the server, and investigate three methods for handling incorrect solutions in batch verifications.

Towards a security model for computational puzzle schemes

In the literature, computational puzzle schemes have been considered as a useful tool for a number of applications, such as constructing timed cryptography, fighting junk emails, and protecting critical infrastructure from denial-of-service attacks. However, there is a lack of a general security model for studying these schemes. In this paper, we propose such a security model and formally define two properties, namely the determinable difficulty property and the parallel computation resistance property. Furthermore, we prove that a variant of the RSW scheme, proposed by Rivest, Shamir, and Wagner, achieves both properties.