Leila Bahri

DIVa: Decentralized Identity Validation for Social Networks

Online Social Networks exploit a lightweight process to identify their users so as to facilitate their fast adoption. However, such convenience comes at the price of making legitimate users subject to different threats created by fake accounts. Therefore, there is a crucial need to empower users with tools helping them in assigning a level of trust to whomever they interact with. To cope with this issue, in this paper we introduce a novel model, DIVa, that leverages on mining techniques to find correlations among user profile attributes. These correlations are discovered not from user population as a whole, but from individual communities, where the correlations are more pronounced. DIVa exploits a decentralized learning approach and ensures privacy preservation as each node in the OSN independently processes its local data and is required to know only its direct neighbors. Extensive experiments using real-world OSN datasets show that DIVa is able to extract fine-grained community-aware correlations among profile attributes with average improvements up to 50% than the global approach.

COIP—Continuous, Operable, Impartial, and Privacy-Aware Identity Validity Estimation for OSN Profiles

Identity validation of Online Social Networks’ (OSNs’) peers is a critical concern to the insurance of safe and secure online socializing environments. Starting from the vision of empowering users to determine the validity of OSN identities, we suggest a framework to estimate the trustworthiness of online social profiles based only on the information they contain. Our framework is based on learning identity correlations between profile attributes in an OSN community and on collecting ratings from OSN community members to evaluate the trustworthiness of target profiles. Our system guarantees utility, user anonymity, impartiality in rating, and operability within the dynamics and continuous evolution of OSNs. In this article, we detail the system design, and we prove its correctness against these claimed quality properties. Moreover, we test its effectiveness, feasibility, and efficiency through experimentation on real-world datasets from Facebook and Google+, in addition to using the Adults UCI dataset.

Decentralized privacy preserving services for Online Social Networks

Abstract Current popular and widely adopted Online Social Networks (OSNs) all follow a logically centered architecture, by which one single entity owns unprecedented collections of personal data in terms of amount, variety, geographical span, and richness in detail. This is clearly constituting one of the major threats to users privacy and to their right to be-left-alone. Decentralization has then been considered as the panacea to privacy issues, especially in the realms of OSNs. However, with a more thoughtful consideration of the issue, it could be argued that decentralization, if not designed and implemented carefully and properly, can have more serious implications on users privacy rather than bringing radical solutions. Moreover, research on Decentralized Online Social Networks (DOSNs) has shown that there are more challenges to their realization that need proper attention and more innovative technical solutions. In this paper, we discuss the issues related to privacy preservation between centralization and decentralization, and we provide a review of available research work on decentralized privacy preserving services for social networks.

Enhanced Audit Strategies for Collaborative and Accountable Data Sharing in Social Networks

Data sharing and access control management is one of the issues still hindering the development of decentralized online social networks (DOSNs), which are now gaining more research attention with the recent developments in P2P computing, such as the secure public ledger–based protocols (Blockchains) for monetary systems. In a previous work, we proposed an initial audit–based model for access control in DOSNs. In this article, we focus on enhancing the audit strategies and the privacy issues emerging from records kept for audit purposes. We propose enhanced audit and collaboration strategies, for which experimental results, on a real online social network graph with simulated sharing behavior, show an improvement in the detection rate of bad behavior of more than 50% compared to the basic model. We also provide an analysis of the related privacy issues and discuss possible privacy-preserving alternatives.

LAMP - Label-Based Access-Control for More Privacy in Online Social Networks

Access control in Online Social Networks (OSNs) is generally approached with a relationship-based model. This limits the options in expressing privacy preferences to only the types of relationships users establish in the OSN. Moreover, current proposals do not address the privacy of dependent information types, such as comments or likes, at their atomic levels of ownership. Rather, the privacy of these data elements is holistically dependent on the aggregate object they belong to. To overcome this, we propose LAMP, a model that deploys fine grained label-based access control for information sharing in OSNs. Users in LAMP assign customized labels to their friends and to all types of their information; whereas access requests are evaluated by security properties carefully designed to establish orders between requestor’s and information’s labels. We prove the correctness of the suggested model, and we perform performance experiments based on different access scenarios simulated on a real OSN graph. We also performed a preliminary usability study that compared LAMP to Facebook privacy settings.

What Happens to My Online Social Estate When I Am Gone? An Integrated Approach to Posthumous Online Data Management

Technology and the digital world have been making an important part of peoples lives nowadays. As death is unquestionably a crucial and fundamental part of life, technology and the digital world ought to play an equally important role in end of life issues as well. For instance, the adoption of online social networks (OSNs) has been amplifying to cover large numbers of the worlds population playing big roles in shaping their daily life, in documenting their life experiences, and in sharing their moments with their friends in the network. While current systems focus on the provision of usable and attractive features of their OSN services, considerations of the faith of the online accounts, identities, and data created and shared in their realms when the owner is mo more available to manage them have not been equally taken. In this paper, we raise and discuss issues related to the design and to the provision of integrated services for a posthumous data management that would respect the wills of users all while being concealed to their survivors. We survey the existing practices, we discuss their limitations, and we suggest an integrated approach to posthumous data management based on posthumous data planning assisted by data categorization and automated tools.

Knowledge-based approaches for identity management in online social networks

When we meet a new person, we start by introducing ourselves. We share our names, and other information about our jobs, cities, family status, and so on. This is how socializing and social interactions can start: we first need to identify each other. Identification is a cornerstone in establishing social contacts. We identify ourselves and others by a set of civil (e.g., name, nationality, ID number, gender) and social (e.g., music taste, hobbies, religion) characteristics. This seamlessly carried out identification process in face‐to‐face interactions is challenged in the virtual realms of socializing, such as in online social network (OSN) platforms. New identities (i.e., online profiles) could be created without being subject to any level of verification, making it easy to create fake information and forge fake identities. This has led to a massive proliferation of accounts that represent fake identities (i.e., not mapping to physically existing entities), and that poison the online socializing environment with fake information and malicious behavior (e.g., child abuse, information stealing). Within this milieu, users in OSNs are left unarmed against the challenging task of identifying the real person behind the screen. OSN providers and research bodies have dedicated considerable effort to the study of the behavior and features of fake OSN identities, trying to find ways to detect them. Some other research initiatives have explored possible techniques to enable identity validation in OSNs. Both kinds of approach rely on extracting knowledge from the OSN, and exploiting it to achieve identification management in their realms. We provide a review of the most prominent works in the literature. We define the problem, provide a taxonomy of related attacks, and discuss the available solutions and approaches for knowledge‐based identity management in OSNs.

When Trust Saves Energy: A Reference Framework for Proof of Trust (PoT) Blockchains

Blockchains are attracting the attention of many technical, financial, and industrial parties, as a promising infrastructure for achieving secure peer-to-peer (P2P) transactional systems. At the heart of blockchains is proof-of-work (PoW), a trustless leader election mechanism based on demonstration of computational power. PoW provides blockchain security in trusless P2P environments, but comes at the expense of wasting huge amounts of energy. In this research work, we question this energy expenditure of PoW under blockchain use cases where some form of trust exists between the peers. We propose a Proof-of-Trust (PoT) blockchain where peer trust is valuated in the network based on a trust graph that emerges in a decentralized fashion and that is encoded in and managed by the blockchain itself. This trust is then used as a waiver for the difficulty of PoW; that is, the more trust you prove in the network, the less work you do.

Privacy in Web Service Transactions: A Tale of More than a Decade of Work

The web service computing paradigm has introduced great benefits to the growth of e-markets, both under the customer to business and the business to business models. The value capabilities allowed by the conception of web services, such as interoperability, efficiency, just-in-time integration, etc., have made them the most common way of doing business online. With the maturation of the web services underlying functional properties and facilitating standards, and with the proliferation of the amounts of data they use and they generate, researchers and practitioners have been dedicating considerable efforts to the related emerging privacy concerns. The literature contains number of research works on these privacy concerns, each addressing them from a different focal point. We have explored the available literature on web services privacy during transactions, to present, in this paper, a thorough survey of the most relevant published proposals. We identified 20 works that address privacy related problems in web services consumption. We categorize them based on the approach they take and we compare them based on a proposed evaluation framework, derived from the adopted techniques and addressed requirements.

Identity Related Threats, Vulnerabilities and Risk Mitigation in Online Social Networks: A Tutorial

This tutorial provides a thorough review of the main research directions in the field of identity management and identity related security threats in Online Social Networks (OSNs). The continuous increase in the numbers and sophistication levels of fake accounts constitutes a big threat to the privacy and to the security of honest OSN users. Uninformed OSN users could be easily fooled into accepting friendship links with fake accounts, giving them by that access to personal information they intend to exclusively share with their real friends. Moreover, these fake accounts subvert the security of the system by spreading malware, connecting with honest users for nefarious goals such as sexual harassment or child abuse, and make the social computing environment mostly untrustworthy. The tutorial introduces the main available research results available in this area, and presents our work on collaborative identity validation techniques to estimate OSN profiles trustworthiness.