Social Networking Security Secure your Social environment. Facebook, MySpace, My Life, Google + Privacy and Security Settings Do not leave settings as default Go through the custom settings 87% of Facebook users have Friends of Friends set. Settings change when Facebook changes need to check these as we all know how often Facebook changes
Social Networking Security To whom is your information available? Friends, groups, friends of friends, everyone Applications – privacy policies What’s available? Where you are and long you will be there “Checking in” Vacations – I’m going to be away, so I’m not HOME! Confidential Information Useful for: ID Theft or answers to your secret questions Posing as friend
Table of Contents Definition of social networking sites Potential threats Real life examples Related work A proposed model
Fig. 1 Fast growing number of patent applications in social network
Social Network Sites/Services (SNS)continued Mimicking in-person interactions Storing large amount of personal information Violating the principle of least privilege Users inclined to reveal private info/activities to someone they know Bringing security issues
Security issues from SNS Accidental data release Intentional use of private data for marketing purposes Identity theft Worms and viruses And many more
A recent famous case: M16 chief’s wife blows his cover on Facebook Details on where they live and work, their friends’ identities Sir John Sawer on the beach in one of the family photos
Another case US Marines prohibits Twitter, MySpace, Facebook. Effective immediately. (As of Aug 03, 2009 ) Will last a year. A waiver is possible.
Facebook’s new featuresFacebook: change in geographynetworks and new privacy features.
Facebook Options Facebook User Facebook Page Facebook Group Open: All content is public Closed: Limited public content; members can see all content. Secret: Members and content are private.
Facebook Group Problems1. Members can add friends Friends could add you to the new group2. When Facebook group administrators step down, anyone else can take over For small groups, administrators can edit group name or info moderate discussion message group members
Are there other risks? “Checking In” shares your current location on… Foursquare and Facebook Places Benefits: Discounts and Offers Risks: Confrontations and Break-ins
Cyberbullying vs. TraditionalBullying The perpetrator can be anonymous The size of the audience is enormous The perpetrator has finer access to the target There are no non-verbal cues (gestures, tone of voice, etc.) to clarify communication The perpetrator does not witness the harm directly – no opportunity for empathy
Why don’t young people report it? Adults are incapable of Technology Young people are digital natives while adults are digital immigrants They expected solution - “just don’t use the device or site” Misunderstanding the importance of technology to young people
Minimize chances of being avictim Setting privacy settings carefully Do NOT share passwords Avoid websites that are designed for malicious Be vigilant Report abuse on websites when it occurs Save “cyber-footprints” Block or de-friend offenders.
Facebook – the newbackground check Employers are using social networks to screen job applicants – 91% Screening is done early on Facebook, Twitter, Flickr, YouTube give employers a personal view of candidates Social Intelligence Corp., scours the Internet
Work that is being done, cont’d Andrew Besmer - user-to-application policy, in addition to existing user-to- user policy and default application policy Effectively limits the applications’ access to users private information Complex, time-consuming settings for applications may impel users to skip applying proper policies
Facebook Security Facebook provides easy tools to help you: Keep track of your activity Keep track of your logins Control the information you share Prove your identity if you ever lose access to your account
A User-Server-Agent Model View Audition Log USER SERVER INDEPENDENT INVESTIGATOR (AGENT)
A User-Server-Agent Model Audits all access Server audits users’ activities information Log in time, duration, IP addresses, access information Users can view activities SERVER related to their own accounts Provides log upon Agents can view all activities request of specified accounts
A User-Server-Agent ModelWhat a user sees What an agent sees Kevin’s visit Kevin visits Sara Bella’s visit Kevin visits Mike Sara’s visit Kevin visits Dave Mike’s visit Kevin visits Alice Dave’s visit . .USER INDEPENDENT . . INVESTIGATOR . . (AGENT)
A User-Server-Agent Model Accepts Investigation Step I Requests Step III Provides Results to User Step II INDEPENDENT INVESTGATOR (AGENT) Analyze Information On server
A User-Server-Agent Model Agent receives decrypted request from user Alice sends request for concern about Kevin’s activities Agent will see “03tn90a” and “01ad53h” in stead of “Alice” and “Kevin”, in the request Agent connects to server, asks for information on account 01ad53h After decryption server recognizes account name is Kevin
A User-Server-Agent Model What action can an agent perform? Use combined policies to detect unusual activities: IP address, multiple profiles access in a short term, inactive socializing activities How can an agent help a user? Simplest: suggest revoking “friend” label of malicious users Suggest server take action on malicious accounts Report to authorities when necessary
Conclusion Increasing use of SNS Security/privacy is a big issue User-Server-Agent model
Future work Investigate/watch privacy frequently Other functions will be added