Privacy Analysis and Protocols for Decentralized Online Social Networks

Sammanfattning: Decentralized Online Social Networks (DOSNs) are evolving as a promising approach to mitigate design-inherent privacy flaws of logically centralized services such as Facebook, Google+ or Twitter. Common approaches to implement a DOSN build upon a peer-to-peer (P2P) architecture in order to avoid the central aggregation of sensitive user data at one provider-controlled location.While the absence of a single point of data aggregation strikes the most powerful attacker from the list of adversaries, the decentralization also removes some privacy protection afforded by the provider's intermediation of all communication in a centralized Online Social Network (OSN). As content storage, access right management, retrieval and other administrative tasks of the service become the obligation of the users, it is non-trivial to hide the metadata of objects and information flows, even when the content itself is encrypted. Such metadata is, deliberately or as a side effect, hidden by the provider in a centralized system.Implementing the different features of a privacy-presvering DOSN does not only face these general challenges but must also cope with the absence of a trusted agent with full access to all data. For example user authentication should provide the same usabilty known from common centralized OSN services, such as ease of changing a password, revoking the access of a stolen device or resetting a forgotten password via e-mail or security questions. All this without relying on a trusted third party such as an identity provider. Another example is user search, where the challenge is to protect user data while making user findable at the same time. An implementation of such a feature in a DOSN has to work without assuming a trusted provider having access to all user profiles maintaining a global search index.In this work we analyze the general privacy-problems in a DOSN, especially those arising from metadata. Furthermore, we suggest two privacy-preserving implementations of standard OSN features, i.e., user authentication via password-login and user search via a knowledge threshold. Both implementations do not rely on a trusted, central provider and are therefore applicable in a DOSN cenario but can be applied in other P2P or low-trust environments as well.