Michael Beye

Privacy in Online Social Networks

Online social networks (OSNs) have become part of daily life for millions of users. Users building explicit networks that represent their social relationships and often share a wealth of personal information to their own benefit. The potential privacy risks of such behavior are often underestimated or ignored. The problem is exacerbated by lacking experience and awareness in users, as well as poorly designed tools for privacy management on the part of the OSN. Furthermore, the centralized nature of OSNs makes users dependent and puts the service provider in a position of power. Because service providers are not by definition trusted or trustworthy, their practices need to be taken into account when considering privacy risks. This chapter aims to provide insight into privacy in OSNs. First, a classification of different types of OSNs based on their nature and purpose is made. Next, different types of data contained in OSNs are distinguished. The associated privacy risks in relation to both users and service providers are identified, and finally, relevant research areas for privacy-protecting techniques are discussed. Clear mappings are made to reflect typical relations that exist between OSN type, data type, particular privacy risks, and privacy-preserving solutions.

Privacy in Recommender Systems

In many online applications, the range of content that is offered to users is so wide that a need for automated recommender systems arises. Such systems can provide a personalized selection of relevant items to users. In practice, this can help people find entertaining movies, boost sales through targeted advertisements, or help social network users meet new friends. To generate accurate personalized recommendations, recommender systems rely on detailed personal data on the preferences of users. Examples are ratings, consumption histories, and personal profiles. Recommender systems are useful, however the privacy risks associated to gathering and processing personal data are often underestimated or ignored. Many users are not sufficiently aware if and how much of their data is collected, if such data is sold to third parties, or how securely it is stored and for how long. This chapter aims to provide insight into privacy in recommender systems. First, we discuss different types of existing recommender systems. Second, we give an overview of the data that is used in recommender systems. Third, we examine the associated risks to data privacy. Fourth, relevant research areas for privacy-protection techniques and their applicability to recommender systems are discussed. Finally, we conclude with a discussion on applying and combining different privacy-protection techniques in real-world settings, making clear mappings to reflect typical relations between recommender system types, information types, particular privacy risks, and privacy-protection techniques.

Efficiently computing private recommendations

Online recommender systems enable personalized service to users. The underlying collaborative filtering techniques operate on privacy sensitive user data, which could be misused by the service provider. To protect user privacy, we propose to encrypt the data and generate recommendations by processing them under encryption. Thus, the service provider observes neither user preferences nor recommendations. The proposed method uses homomorphic encryption and secure multi-party computation (MPC) techniques, which introduce a significant overhead in computational complexity. We minimize the introduced overhead by packing data and using cryptographic protocols particularly developed for this purpose. The proposed cryptographic protocol is implemented to test its correctness and performance.

Privacy-preserving content-based recommender system

By offering personalized content to users, recommender systems have become a vital tool in e-commerce and online media applications. Content-based algorithms recommend items or products to users, that are most similar to those previously purchased or consumed. Unfortunately, collecting and storing ratings, on which content-based methods rely, also poses a serious privacy risk for the customers: ratings may be very personal or revealing, and thus highly privacy sensitive. Service providers could process the collected rating data for other purposes, sell them to third parties or fail to provide adequate physical security. In this paper, we propose technological mechanisms to protect the privacy of individuals in a recommender system. Our proposal is founded on homomorphic encryption, which is used to obscure the private rating information of the customers from the service provider. While the users privacy is respected by the service provider, by generating recommendations using encrypted customer ratings, the service providers commercially valuable item-item similarities are protected against curious entities, in turn. Our proposal explores simple and efficient cryptographic techniques to generate private recommendations using a server-client model, which neither relies on (trusted) third parties, nor requires interaction with peer users. The main strength of our contribution lies in providing a highly efficient solution without resorting to unrealistic assumptions.

Improved anonymity for key-trees

Randomized hash-lock protocols for Radio Frequency IDentification (RFID) tags offer forward untraceability, but incur heavy search on the server. Key trees have been proposed as a way to reduce search times, but because partial keys in such trees are shared, key compromise affects several tags. Buttyan et al. have defined measures for the resulting loss of anonymity in the system, and approximated their measures by means of simulations. We will further improve upon their trees, and provide a proof of optimality. Finally, an efficient recursive algorithm is presented to compute the anonymity measures.

Anonymity for Key-Trees with Adaptive Adversaries

Hash-lock authentication protocols for Radio Frequency IDentification (RFID) tags incur heavy search on the server. Key-trees have been proposed as a way to reduce search times, but because partial keys in such trees are shared, key compromise affects several tags. Buttyan [4] and Beye and Veugen [3] devised trees to withstand such attacks, but assumed adversaries to be non-adaptive, without access to side-channel information. We illustrate how in practice, side-channel information can be used to attack the system. We also describe adaptive attacks that are easy to mount and will significantly reduce tag anonymity. Theoretical analysis of the implications on anonymity in key-trees leads to new requirements and a new tree construction. Simulation is used to test its performance, the results showing an improved resistance to adaptive attacks.

Threats to Networked RFID Systems

RFID technology is an area currently undergoing active development. An issue, which has received a lot of attention, is the security risks that arise due to the inherent vulnerabilities of RFID technology. Most of this attention, however, has focused on related privacy issues. The goal of this chapter is to present a more global overview of RFID threats. This can not only help experts perform risk analyses of RFID systems but also increase awareness and understanding of RFID security issues for non-experts. We use clearly defined and widely accepted concepts from both the RFID area and classical risk analysis to structure this overview.