Social Networks and Privacy

Sammanfattning: Centralized online social networks pose a threat to their users’ privacy as social network providers have unlimited access to users’ data. Decentralized social networks address this problem by getting rid of the provider and giving control to the users themselves, meaning that only the end-users themselves should be able to control access of other parties to their data. While there have been several proposals and advances in the development of privacy- preserving decentralized social networks, the goal of secure, efficient, and available social network in a decentralized setting has not been fully achieved.This thesis contributes to the research in the field of security for social networks with focus on decentralized social networks. It studies encryption-based access control and man- agement of cryptographic keys/credentials (required for this access control) via user accounts with password-based login in decentralized social networks.First, this thesis explores the requirements of encryption for decentralized social networks and proposes a list of criteria for evaluation that is then used to assess existing encryption- based access control systems. We find that all of them provide confidentiality guarantees (of the content itself), while privacy (of information about the content or access policies) is either not addressed at all or it is addressed at the expense of system’s performance and flexibility.We highlight the potential of two classes of privacy preserving schemes in the decen- tralized online social network (DOSN) context: broadcast encryption schemes with hidden access structures and predicate encryption (PE) schemes, and propose to use them. Both of these classes contain schemes that exhibit desirable properties and better fulfill the criteria.Second, the thesis analyses predicate encryption and adapts it to the DOSN context as it is too expensive to use out of the box. We propose a univariate polynomial construction for access policies in PE that drastically increases performance of the scheme but leaks some part of the access policy to users with access rights. We utilize Bloom filters as a means of decreasing decryption time and indicate objects that can be decrypted by a particular user. The thesis demonstrates that adapted scheme shows good performance and thus user experience by making a newsfeed assembly experiment.Third, the thesis presents a solution to the problem of management of cryptographic keys for authentication and communication between users in decentralized online social networks. We propose a password-based login procedure for the peer-to-peer (P2P) setting that allows a user who passes authentication to recover a set of cryptographic keys required for the application. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as remembered logins, password change, and recovery of the forgotten password. The combination of these protocols allows emulating password logins in centralized systems. The results of performance evaluation indicate that time required for logging in operation is within acceptable bounds.