Economy & Finance

A taxonomy-based model of security and privacy in online social networks

Description
A taxonomy-based model of security and privacy in online social networks
Published
of 14
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Related Documents
Share
Transcript
   Int. J. Computational Science and Engineering, Vol. 9, No. 4, 2014  325 Copyright © 2014 Inderscience Enterprises Ltd.   A taxonomy-based model of security and privacy in online social networks L. Caviglione* Institute of Intelligent Systems for Automation (ISSIA) – Genoa Branch,  National Research Council of Italy (CNR), Via De Marini, 6 – I-16149, Genova, Italy Fax: +39-010-6475600 E-mail: luca.caviglione@ge.issia.cnr.it *Corresponding author M. Coccoli Department of Communications, Computer and Systems Science, University of Genoa, Via Opera Pia, 13 – I-16145, Genova, Italy Fax: +39-010-3536533 E-mail: mauro.coccoli@unige.it  A. Merlo Department of Communications, Computer and Systems Science, University of Genoa, Via Opera Pia, 13 – I-16145, Genova, Italy and e-Campus University, Via Isimbardi, 10 – I-22060, Novedrate, Como, Italy Fax: +39-010-3536533 E-mail: alessio.merlo@dist.unige.it Abstract:  Social environments were already present in the srcinal web vision, but nowadays are mainly available through online social networks (OSNs), which are a real cultural phenomenon. However, their actual deployment is very heterogeneous, reflecting into different development choices and functional architectures. Such aspects, jointly with the intrinsic sharing of personal information, lead to severe risks both in terms of security and privacy. In this perspective, our work proposes a taxonomy-based approach to describe and model the complex security space characterising OSNs. The contributions of this paper are: 1) to introduce a systematic approach to define the ‘problem space’ of an OSN; 2) to showcase basic models for organising the engineering and the needed checking procedures. Keywords:  security; privacy; online social networks; OSNs; taxonomy; modelling. Reference  to this paper should be made as follows: Caviglione, L., Coccoli, M. and Merlo, A. (2014) ‘A taxonomy-based model of security and privacy in online social networks’,  Int. J. Computational Science and Engineering  , Vol. 9, No. 4, pp.325–338. Biographical notes:  L. Caviglione is a Researcher at the Genoa Branch of the Institute of Intelligent Systems for Automation (ISSIA) of the Italian National Research Council of Italy (CNR). He received his PhD in Electronic and Computer Engineering from the University of Genoa, Italy. His research interests include p2p systems, IPv6, social networks, wireless networks, and security. He is the author and co-author of about 80 academic publications. He is an Associate Editor for the Transactions on Emerging Telecommunications Technologies , Wiley. M. Coccoli is an Assistant Professor at the University of Genoa, Italy, Faculty of Education Science, since December 2005. He is with the Department of Communications, Computer and Systems Science (DIST) of the same university. He received his PhD in Electronic Engineering and Computer Science from the University of Genoa in 2000. His research interests include e-learning, social networks, and multi-agent systems.  326  L. Caviglione et al.   A. Merlo received his PhD in Computer Science from the University of Genoa, Italy where he worked on performance and access control issues related to grid computing. His research interests include security issues in web and distributed computing. He is currently working as a Teaching Assistant at E-Campus University and as an Associate Researcher at University of Genoa and at the Italian National Research Council of Italy (CNR). 1 Introduction Enabling  social   interactions among individuals is a critical requirement for many network applications. Boosted by the availability of ubiquitous connectivity, the internet is even more an internet of people (IoP), rather than a simple internetwork of hosts (Zhang et al., 2011). This paradigm has also accounted for the huge success of Web 2.0, which enables to create and share contents with an increased degree of social connectivity. Although, such features were already present in the srcinal web vision. Specifically, the Social Web Incubator Group within the World Wide Web Consortium (W3C) put effort in the definition of a social web, where “people can create networks of relationships overlapped with the entire web, while controlling their own  privacy and data” (http://www.w3.org/2005/Incubator/ socialweb/XGR-socialweb-20101206). Unfortunately, as today, social services are not based on standardised architectures. Rather, they are implemented by ad hoc frameworks that are becoming real cultural phenomena. Online social networks (OSNs) are the archetype of this new wave of applications counting millions of active users worldwide [see, e.g., Caviglione and Coccoli (2011) and references therein]. Even if a definition is absent, an informal one can be as follows: ‘an OSN enables the interaction among participants according to some relationship basis’. Such links can be very mixed, since they can be based on friendship, business partnership, or common interests. As a consequence, OSNs are highly specialised, e.g., there are general-purpose services for dealing with specific topics, such as books and travelling. To make some examples, we mention Facebook, Google+ and Twitter. Facebook and Google+ offer a rich set of functionalities, ranging from text and multimedia sharing, to AV communications. Instead, Twitter is limited to 140 character long text messages. Despite, the ‘space of features’ offered by OSNs is very split, their popularity is mainly given by the following core characteristics: 1 they allow to share user-generated contents in a quick and simple way (e.g., there is no need for additional hosting or authoring tools) 2 they support user-to-user real-time communications, as well as asynchronous conversations through messages and comments 3 many OSNs are appealing development environments since they provide a set of applications programming interfaces (APIs) to create new services or to extend  basic functionalities (Esfahani and Malek, 2010) 4 earlier incarnations of OSNs were ‘closed’ but cross-service interaction through specific interfaces is  becoming possible (Caviglione and Coccoli, 2011) 5 the availability of web development techniques, such as the asynchronous JavaScript and XML (AJAX), enable OSNs to be highly interactive also with real-time features (e.g., to promptly notify changes within a user’s network of contacts) (Caviglione, 2011) 6 many OSNs can be accessed via client-interfaces specifically crafted for tablets, handheld devices and gaming consoles, making the service ubiquitously available (Hu et al., 2010) 7 the full support of mobility and localisation services, makes OSNs suitable for exercising geo-tagged information (Rao and Nagpal, 2011). Unfortunately, features 1 to 7 reflect into a variety of security hazards and privacy issues. We mention, among the others: 1 Unintentional disclosure of personal information increasing the exposure to social engineering techniques (Caviglione and Coccoli, 2011). 2 Due to complex or incoherent privacy and security settings, users can reveal their geographical position, leading to breaches in their physical space (Ruiz Vicente et al., 2011). 3 The joint utilisation of different specialised services can bring to a new type of attacks based on profiles merging (Krishnamurthy and Wills, 2009).  Nevertheless, the availability of suitable data structures can ease automatic and massive user  profiling campaigns (Raad et al., 2010). 4 OSNs are widely accessed from mobile devices, e.g., via IEEE 802.11 air interfaces, causing additional risks due to weak network protocols (Wu et al., 2007). Besides, battery operated appliances can be endangered  by a new class of energy-draining attacks (Caviglione et al., 2011). 5 Third party web applications can access to user profiles, turning the OSN into an effective attack platform [see, e.g., Haifeng et al. (2010) for a detailed survey]. 6 To offer interactive and comprehensive user-interfaces, mash-ups  and specific web programming paradigms are adopted. This increases the risk of attacks such as request forgeries (Siddiqui and Verma, 2011).     A taxonomy-based model of security and privacy in online social networks 327   7 The availability of client-interfaces for connecting to OSN services from a variety of appliances (e.g., set-top boxes and gaming consoles) may foster new threats based upon stack misbehaviours, or protocol fingerprinting. This is worsened by devices without a full-featured TCP/IP stack that could have exploitable erratic behaviours. Therefore, the investigation of  privacy  and  security  aspects of OSNs is mandatory to guarantee their safe and successful utilisation. Yet, it is a complex task, since OSNs have a two-fold heterogeneity, i.e., in terms of  features  and technologies . As a result, it is very unlikely to have an ultimate security model   or a unified methodology  of analysis. Rather, it would be useful to understand the ‘space’ of issues generated by an OSN application, also to develop proper countermeasures and evaluating the effectiveness of state-of-the-art solutions. In this perspective, the contributions of the paper are: 1 to provide a comprehensive understanding, also through  basic modelling, of the hazards introduced by OSN applications 2 to investigate privacy issues and possible related exploits 3 to showcase a model of a prototypal OSN service, also for highlighting the needed engineering 4 to help in the definition of checking procedures. At the authors’ best knowledge, this is the first work capturing the majority of security and privacy issues related to the adoption of OSN based on models and detailed taxonomies. However, a partial survey on the topic has been compiled by Hongyu et al. (2011). The remainder of the paper is structured as follows: Section 2 introduces a taxonomy-based model of OSN-security. Section 3 discusses the security issues of technologies implementing OSN platforms. Section 4 deals with problems due to devices and users’ habits, while Section 5 portraits hazards of the ‘social’ portion of such services. Section 6 presents a graph-based model of an OSN emphasising the most critical vulnerabilities. Lastly, Section 7 concludes the work and also proposes future research directions. 2 Taxonomy of OSN-security In this section, we discuss the critical importance of security in an OSN-based framework. To this aim, Figure 1 presents a taxonomy -based model of OSN-security, which is composed by four main functional spaces (namely, device ,  personal  ,  social   and technological  ). Since devices and users are tightly coupled, they are merged to reduce the number of spaces. Specifically: •   User space : it accounts for weaknesses caused by devices or users’ habits. It is further subdivided into: 1 device 2 personal space. As regards 1, it represents issues related to the set of features offered by a device used to access an OSN service (Vildjiounaite et al., 2007; surveys issues introduced by mobile devices, as well as countermeasures). Concerning 2, it groups all the  behaviours endangering other spaces, e.g., social engineering attacks. •   Social space : it is the set of issues affected by the design of the OSN, e.g., datatypes and personal information managed. A possible example concerns  private information disclosable via GPS updates. We also mention user-to-user insecurities, which can lead to bullying or blackmailing (Ochoa et al., 2011) and (Honjo et al., 2011).  •   Technological space : it represents the set of security risks related to specific technologies (both hardware and software) used to implement the OSN service. A  paradigmatic case could be when accessing an OSN via the web. Hence, its known flaws can be exploited (Criscione et al., 2009). Another example is the remote attack of an OSN via publicly accessible web-services (Jun and Wooyong, 2003).  Figure 1  Taxonomy-based model of OSN-exploitable hazards 2.1 Minimal taxonomy-based space modelling To characterise the role of the OSN we want to model how the merge of technological and human factors makes the three-layer taxonomy as a ‘base’ to build a more complex security domain. To this aim, let us define U  s ,  S  s  and T  s  as the user, social and technological space, respectively. Also, let us define C  ss  as the OSN combined security space . We model C  ss  as a combination of the features characterising each space: ( ) ,,  f  = ss s s s C  U S T   (1) where  f  ( ⋅ ) is an OSN-characterising function for generating the space. Defining a unique model for  f  ( ⋅ ), possibly analytical, could be impossible, since an OSN mixes a huge  328  L. Caviglione et al.  set of information, services and technologies for malicious operations. However, Section 6 will present the  graph modelling   of a toy OSN explaining how to systematically use the proposed spaces. To evaluate the number of attacks when combining different spaces (fixed the implementation and the features offered by an OSN service), let us introduce as | ⋅  | a kind of cardinality operator. Formally: ≥ + + ss s s s C U S T   (2) which states that an OSN can amplify the number of attacks through the joint exploitation of its physical deployment, stored personal details of a victim, as well as social attitudes. This is a consequence of its intrinsic coupling of devices, (wrong) habits, error-prone engineering choices and technologies. Before showcasing a paradigmatic example to support the validity of equation (2), let us explain how the functional relationship introduced in equation (1) can be derived. Let us consider arrows connecting the different spaces depicted in Figure 1. As it can be noticed, all of them  point to the OSN. By exploiting its central role, it could be  possible to create ‘paths’ from a layer to another. The type and the number of paths characterise the functional relationship  f  ( ⋅ ). Such concept is graphically depicted in Figure 2. Figure 2  The security space generated by the different component of an OSN and how it can be exploited Let us denote with S   an attack that can be performed in a given space, e.g., the attacker has an exploit, while T   is an action belonging to another space, but not in the attacker’s scope. Thus, the attacker, by using the OSN, can shift from a space to another, i.e., he/she constructs a path from S   to T  . We clarify the concept with a toy example of an attacker wanting to gain access to the OSN account of a user (i.e., this is the target outcome T  ). Forcing the OSN tout court   could require a non-trivial knowledge, resulting unfeasible for the average attacker. However, he/she could: 1 Check if the victim’s profile has some publicly available information, for instance, the e-mail address. 2 Investigate for known weaknesses, e.g., a legacy user/password recovery procedure. For the sake of the example, let us assume that a ‘secret question’ mechanism is used, and the answer lies within the user profile in the OSN. 3 Perform an identity theft attack, or create an ad hoc fake profile, to become ‘friend’ of the victim. Thus, he/she can find the answer to the secret question. This step can be simple, since many users do allow untrusted entities to access their personal information (Newk-Fon et al., 2008). 4 Violate the e-mail. Since many OSNs send the 2-ple ( username , password ) at each password change/restore, the attacker can easily retrieve such values. This can also be done through social phishing (Jagatic et al., 2007). 5 Finally, gain access to the victim’s profile without any technological knowledge. Steps 1 to 5 explain how to ‘move’ from a space to another. Other possible approaches can rely on developing well-crafted malicious third party applications, or using traffic sniffing tools when in presence of IEEE 802.11 unencrypted accesses. The latter can also allow to acquire information for forcing a target device via endpoint  profiling through web search engines, such as Google (Trestian et al., 2010).  2.2 Extension to the multiple-profile case Since a user can have different accounts in different OSNs, it would be possible to take advantage of this condition, to combine different C  ss . Therefore, we can extend the model  presented in equation (1) as follows: 1  N ii = = ∑ ss ss C  C   (3) where i ss C   is the OSN combined security space of the i th  service, and  N   is the number of OSNs where the same user has been identified. Section 5.2 will explain how to merge  profiles. The model presented in equation (3) also gives some ideas on possible countermeasures against  space  and  profile merging  . For instance: •   Reducing the number of hazards for all the OSNs by acting on both spaces, and service implementation, i.e., min(  f  ( ⋅ ) i ), min(||), min(||), min(||), iii s s s U S T   for i  = 1, …,  N  . This can be done through optimising the OSN architecture, for instance, in terms of privacy management (thus acting over  f  ( ⋅ ) i ), or improving the implementation of client-interfaces (therefore reducing (||). i s U    •   Increasing the degree of space decoupling within a given OSN as to minimise the presence of paths. This     A taxonomy-based model of security and privacy in online social networks 329  divide et impera  strategy should be at the basis of a good design of any OSN service. •   Cutting the chances of identifying the same user in different OSNs, i.e., having equation (3) not hold since the number  N   of i ss C   is smaller. •   Mixing the previous approaches. 3 Issues of the technological space We discuss specific drawbacks of the technological space identified in Section 2, focusing on web technologies and network issues. Since OSNs are essentially web applications, they potentially have all the vulnerabilities  belonging to the current model of the web (Joshi et al., 2001). To avoid compromising data privacy, confidentiality and application availability, they must be properly corrected with the single-OSN level of granularity. In the following, we showcase the most risky vulnerabilities that can impact over a general web application. To complete the picture, we also introduce some possible hazards due to the specific traffic patterns  produced by web-based OSN services. 3.1 The OWASP top-ten vulnerabilities The Open Web Application Security Projects (OWASP) (http://www.owasp.org) updates every year the ten top-risky vulnerabilities for web applications. The most recent list is composed by: 1 Injection. Such flaws, such as structured query language (SQL) and lightweight directory access  protocol (LDAP) injections occur when untrusted data is sent to an interpreter as a part of a query or a command. This can trick the interpreter forcing the execution of unintended commands or accessing unauthorised data. 2 Cross-site scripting (XSS). Such flaws occur whenever an application sends untrusted data to a user without  proper validation and escaping. XSS allows attackers to execute scripts in the victim’s browser, resulting in session hijacking, or redirect of the browser to malicious sites. 3 Broken authentication and session management. Application functionalities related to authentication and session management are often not correctly implemented, allowing attackers to compromise  passwords, keys, session tokens, or exploit other flaws to arbitrarily assume identities. 4 Insecure direct object reference. A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, a directory, or a database key. Without proper checks attackers can manipulate these references to access data without proper authorisations. 5 Cross-site request forgery (XSRF). It forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information. Then the attacker can generate requests appearing as legitimate. 6 Security misconfiguration. Good security practices require having proper configurations defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained, since many products are not shipped with secure defaults. This can include the constant update of all software. 7 Insecure cryptographic storage. Many web applications do not protect with appropriate encryption or hashing sensitive data, such as credit cards, social security numbers (SSN) and authentication credentials. Then the attacker can gain information to conduct identity theft, credit card fraud, or other crimes. 8 Failure to restrict URL access. Many web applications check the uniform resource locator (URL) access rights only just before rendering protected links and buttons. However, applications need to perform similar controls each time these pages are accessed. Conversely, attackers will be able to forge URLs to access hidden  pages. 9 Insufficient transport layer protection. Applications frequently fail to authenticate, encrypt, and protect the confidentiality and integrity of sensitive network traffic. The main flaws are due to weak algorithms, and expired or invalid certificates. 10 Unvalidated redirect and forwards. Web applications frequently redirect users to other pages and websites, by using untrusted data to determine the destinations. Without proper validation, attackers can redirect victims to phishing or malware sites. An important remark is that the aforementioned vulnerabilities can be easily automated, e.g., via scripts. Therefore, it is very important to protect the portion of the technological space that is overlapped with the web. In Section 6, we will propose a practical model to exploit such features to move through spaces as presented in Section 2. 3.2 HTTP traffic issues The traffic produced by OSN applications exhibits well-defined characteristics, which can be exploited for different malicious actions. Even if anachronistic, one of the major risks is still due to the adoption of HTTP instead of HTTPS for moving data between clients and servers. Even so, traffic sniffing is not always a simple task, e.g., capturing packets from a digital subscriber loop (DSL) is harder than in an IEEE 802.11 wireless access.  Nevertheless, the joint adoption of HTTP over non- protected (or weakly protected accesses, such as those
Search
Related Search
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks