Social Snapshots: Digital Forensics for Online Social Networks

2,117 views

Published on

Presented at ACSAC 2011, Orlando, Florida.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Social Snapshots: Digital Forensics for Online Social Networks

  1. 1. Outline Brief background Design Results and Evaluation Concluding remarks References Social Snapshots Digital Forensics for Online Social Networks Markus Huber∗† , Martin Mulazzani∗ , Manuel Leithner∗ , Sebastian Schrittwieser∗ , Gilbert Wondracek‡ , Edgar Weippl∗ *SBA Research † Vienna PhD school of informatics ‡ Vienna University of Technology ACSAC 2011, Orlando (FL)Markus Huber SBA Research, mhuber@sba-research.org1/23 Social Snapshots: Digital Forensics for Online Social Networks
  2. 2. Outline Brief background Design Results and Evaluation Concluding remarks References 1 Brief background Social Snapshots 2 Design Authentication Modules 3 Results and Evaluation Evaluation Results: information gathering 4 Concluding remarksMarkus Huber SBA Research, mhuber@sba-research.org2/23 Social Snapshots: Digital Forensics for Online Social Networks
  3. 3. Outline Brief background Design Results and Evaluation Concluding remarks References Brief BackgroundMarkus Huber SBA Research, mhuber@sba-research.org3/23 Social Snapshots: Digital Forensics for Online Social Networks
  4. 4. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesOnline Social Networks (OSNs) Currently largest and fasted growing web services Personal data of hundreds of million people Facebook, LinkedIn, XING, etc. 1 Replace traditional means of digital storage, sharing, and communication Need for novel digital forensics data collection methods 2 Research on OSNs security issues Empirical studies [1, 2, 4, 3, 5] depend on initial data gatheringMarkus Huber SBA Research, mhuber@sba-research.org4/23 Social Snapshots: Digital Forensics for Online Social Networks
  5. 5. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesState-of-the-art information gathering methods Extraction of sensitive information poses non-trivial challenge Simple web crawlers (libwww etc.) Number of shortcomings 1 High network traffic 2 Additional or hidden data 3 MaintainabilityMarkus Huber SBA Research, mhuber@sba-research.org5/23 Social Snapshots: Digital Forensics for Online Social Networks
  6. 6. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesSocial SnapshotsMain contributions Novel techniques to gather OSNs data Hybrid approach: Third-party application + crawling Social Snapshot prototype for Facebook Core framework released as open-source software First experimental evaluation Based on FacebookMarkus Huber SBA Research, mhuber@sba-research.org6/23 Social Snapshots: Digital Forensics for Online Social Networks
  7. 7. Outline Brief background Design Results and Evaluation Concluding remarks References DesignMarkus Huber SBA Research, mhuber@sba-research.org7/23 Social Snapshots: Digital Forensics for Online Social Networks
  8. 8. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesDesign goals Simulate average user Limit network-traffic, gathering-duration Standard Web Browser Collection of meta-data Rely on rich data available through APIs Open-source software (OSS)Markus Huber SBA Research, mhuber@sba-research.org8/23 Social Snapshots: Digital Forensics for Online Social Networks
  9. 9. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesSocial Snapshot Framework Social snapshot Third-party client application 6. API requests 7. social data 2. Shared secret Social Network Service Cloud 1. Authentication 3. Contact list (credentials / cookie) 4. Session secret 5. Crawler data Social data pool automated web browser Web server Web serverMarkus Huber SBA Research, mhuber@sba-research.org9/23 Social Snapshots: Digital Forensics for Online Social Networks
  10. 10. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesAuthenticationHow-to gather the initial authentication token Consent Easiest case, preferred method for research Hijack social networking sessions WiFi, LAN Extraction from forensic image Stored authentication cookies from seized hard-drivesMarkus Huber SBA Research, mhuber@sba-research.org10/23 Social Snapshots: Digital Forensics for Online Social Networks
  11. 11. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesModulesSocial Snapshot Framework modules Social snapshot client Automated web browser Third-party social snapshot application Hijack Digital image forensics AnalysisMarkus Huber SBA Research, mhuber@sba-research.org11/23 Social Snapshots: Digital Forensics for Online Social Networks
  12. 12. Outline Brief background Design Results and Evaluation Concluding remarks References Results and EvaluationMarkus Huber SBA Research, mhuber@sba-research.org12/23 Social Snapshots: Digital Forensics for Online Social Networks
  13. 13. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesEvaluationEvaluation based on Facebook Element Download social snapshot Contact details − !Crawler Evalation based on News feed − !Graph API Facebook Checkins − !Graph API Photo Tags − !Graph API At the time of writing: Video Tags − !Graph API largest online social Friends name onlya !Graph API network Likes name onlya !Graph API Movies name onlya !Graph API Support for third-party Music name onlya !Graph API applications Books name onlya !Graph API Graph API enables access Groups name onlya !Graph API Profile feed (Wall) limitedb !Graph API great majority of account Photo Albums limitedb !Graph API content Video Uploads limitedb !Graph API Messages limitedb !Graph APIMarkus Huber SBA Research, mhuber@sba-research.org13/23 Social Snapshots: Digital Forensics for Online Social Networks
  14. 14. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesEvaluationGraph API Result example {” i d ” : ” 12345678 ” , ”name” : ” John Doe” , ” f i r s t n a m e ” : ” John ” , ” l a s t n a m e ” : ”Doe” , ” l i n k ” : ” h t t p : //www. f a c e b o o k . com/ j o h n d o e ” , ” username ” : ” j o h n d o e ” , ” b i r t h d a y ” : ” 04/01/1975 ” , ” hometown ” : {” i d ” : ” ” , ”name” : n u l l } , ” q u o t e s ” : ” s o c i a l s n a p s h o t y o u r a c c o u n t ! . n” , ” g e n d e r ” : ” male ” , ” e m a i l ” : ” j o h n d o e @ e x a m p l e . com” , ” t i m e z o n e ” : 2 , ” l o c a l e ” : ” en US ” , ” v e r i f i e d ” : t r u e , ” u p d a t e d t i m e ” : ”2011−05−15 T 1 3 : 0 5 : 1 9 +0000”}Markus Huber SBA Research, mhuber@sba-research.org14/23 Social Snapshots: Digital Forensics for Online Social Networks
  15. 15. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesEvaluationChallenges Hijack module No direct support to set cookies in Selenium (patch for server) Graph API SDK Too slow (modified original lib) Crawling of contact details List of friends (via API) Plaintext emails replaced with images (image generation script) Emails get removed completely (address.yahoo.com) Recruiting test subjects Challenging (25 test subjects)Markus Huber SBA Research, mhuber@sba-research.org15/23 Social Snapshots: Digital Forensics for Online Social Networks
  16. 16. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesResults: information gathering Run-Time Third-party application 12.79min on average Crawler 14min on average Fetched elements Third-party required 9802 API requests on average Crawler processed 238 friend profiles on average After 162 plaintext email addresses we had to solve 85 email addresses with OCRMarkus Huber SBA Research, mhuber@sba-research.org16/23 Social Snapshots: Digital Forensics for Online Social Networks
  17. 17. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesResults: information gathering Video/demo.aviMarkus Huber SBA Research, mhuber@sba-research.org17/23 Social Snapshots: Digital Forensics for Online Social Networks
  18. 18. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesResults: information gathering Bob Dalton 7:44:50 AM 12:32:50 PM 3:20:32 PM 5:51:35 PM Uploaded digital picture Private Message Wall Post ID 123456789 ID 11111111 ID 77777777 Privacy: EVERYBODY Like Wall Post ID 1234567 ID 00000000 of User 123456 To Grat Dalton Privacy: ALL_Friends 1 Comments UTC-5 Matched Source Image: CIMG2216.JPG ID 333333 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 1/13/2011 12:00 AM 1/14/2011 12:00 AM User Bill Power ID 222222 Private Message Wall Post ID 1234567 ID 0000001 User Dick Broadwell ID 4444444 User Grat Dalton ID 333333 User Dick Broadwell ID 4444444 6:43:12 AM Posted video ID 1234567 Comment Wall Post ID 123456789 6:27:12 PM 10:56:50 AM 8:48:00 PMMarkus Huber SBA Research, mhuber@sba-research.org18/23 Social Snapshots: Digital Forensics for Online Social Networks
  19. 19. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesResults: information gathering William H. Press Guy L. Steele, ... Srinidhi Varada... Guido van Rossum Daniel Mopati K... Yukihiro Matsum... G.M. Nijssen Amir Pnueli David H. D. War... Terry Winograd Gordon Plotkin Sophie Wilson Vinod Dham James Z. Wang Michael I. Schw... Adi Shamir Barbara J. Grosz Alan Perlis Joseph Weizenbaum Carl Kesselman Susan Dumais Philip-Emeagwali Cleve Moler Grady Booch James G. Nell Donald Firesmith Donald Knuth Janet L. Kolodner Larry Wall Stephen Muggleton James Gosling Frances E. Allen Alfred Aho Jack E. Bresenham Butler W. Lampson Sanjeev Arora James C. Beatty... David A. Huffman Joseph F Traub George Jeffrey D. Ullman Boole Per Brinch Hansen François Vernadat Ken Kennedy Wim Ebbinkhuijsen Richard Veryard Chris McKinstry Adriaan van Wij... Joseph Halpern Jie Wu Thomas Sterling Gordon Cormack Börje Langefors Michael Stonebr... Les Hatton Leonard Adleman Herman Hollerith Michael Garey Joseph Kruskal Marvin Minsky Edward H. Short... Kathleen R. McK... Bruce Schneier Andrew Herbert Ken Thompson Edwin Catmull John George Kem... Godfried Toussa... Edsger Dijkstra Fred B. Schneider Thomas E. Kurtz Jonathan James Douglas McIlroy Carl Sassenrath Marilyn A. Walker He Jifeng Robert Floyd Seinosuke Toda Edgar F. Codd Fernando J. Cor... Neil J. Gunther James H. Wilkin... Eric Horvitz David Liddle Christopher Ric... Bernard Galler Herbert W. Franke Zvi Galil Marco Dorigo Admiral Grace H... Ron Rivest Winston W. Royce Luis von Ahn William Kahan Frieder Nake Tim Berners-Lee Mihai Nadin John McCarthy Edmund M. Clarke David S. Johnson Gerrit Blaauw John L. Hennessy Jiawei Han Ole-Johan Dahl Charles E. Leis... Tom Gruber Bill Gropp Leonard Kleinrock Robin Milner Erik Demaine Steve Whittaker Dennis E. Wisno... Lambert Meertens Paul Dourish Ivar Jacobson Hector Garcia-M... Joyce K. Reynolds John Koza Alan Burns Douglas Lenat Stephen R. Bourne David A. Bader Stephen Wolfram Yuri Matiyasevich Tom Lane (compu... Paul Graham Michael Dertouzos Ian Goldberg Peter Wegner Michael L. Scott Brian Cantwell ... J.C.R. Licklider Martin Hellman William Wulf Andries van Dam Sjaak Brinkkemper Simon Colton Jonathan Bowen Zhou Chaochen Alan Turing Andrew Ng James Martin Andrew Appel Patrick Cousot Vinton Cerf Kurt Gödel Bert Bos Murray Turoff Christopher Str... Dragomir R. Radev Douglas T. Ross Joseph Sifakis Mark Overmars David Gelernter Amos Nuwasiima George Sadowsky Alexander Dewdney Alan Dix Emil Post Bertrand Meyer Adam Riese Jeff Rulifson John C. Reynolds Andrey Ershov Brian Randell Manindra Agrawal John Backus Jan Weglarz Gordon MooreMarkus Huber SBA Research, mhuber@sba-research.org19/23 Social Snapshots: Digital Forensics for Online Social Networks
  20. 20. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesResults: information gathering Joel Moses Robert E. Kahn Andrew S. Tanenbaum David Liddle 2011-07-15T13:08:14 2011-07-05T15:30:17 2011-07-05T15:30:17 os question ssl broken unix problem James Martin 2011-07-15T14:11:55 Gerald Jay Sussman phd students party Robert Sproull 2011-07-15T14:11:55 2011-07-15T14:11:55 Tom DeMarco 2011-07-15T14:11:55 2011-07-05T15:30:17 2011-07-01T11:48:10 2011-07-15T14:11:55 social snapshot 2011-07-22T07:40:08 2011-07-17T19:59:48 2011-07-15T14:11:55 book chapter 2011-06-28T14:26:55 2011-07-15T14:11:55 2011-07-15T14:11:55 2011-07-03T14:36:45 2010-06-22T14:10:23 south africa Raj Reddy fs carving Kristen Nygaard 2011-07-17T21:12:02 Wil van der Aalst 2011-07-17T21:15:16 Peter Bernus Stephen C. 2011-07-15T14:11:55 Johnson 2011-07-17T21:12:02 Bruce Schneier 2011-08-30T05:56:36 2011-06-30T16:27:33 2011-07-01T08:39:14 2011-07-15T14:11:55 2011-08-19T13:38:04 pyflag fb forensics sha vs. ripedm 2011-06-25T13:35:56 Jonathan Schaeffer Madhu Sudan 2011-09-09T11:52:35 2011-06-30T09:15:31 2011-08-30T05:56:36 2011-07-17T21:14:17 Karen Sparck-Jones Leslie Valiant 2011-08-22T08:55:15 2010-05-26T10:21:06 2011-08-22T09:02:05 business plan privacy glitch 2011-06-28T08:48:32 Joseph Halpern IFIP meeting 2011-09-13T15:04:50 John Krogstie 2011-07-20T18:32:41 ACSAC florida digital forensics preprint ifip12 Gordon Moore Ronald Stamper Andrew Herbert 2011-09-09T09:08:13 CCS 2012 Arne Sølvberg Michael O. Rabin 2011-08-26T15:07:21 2011-07-17T21:14:17 whitebox crypto 2010-05-26T10:21:06 2011-08-22T09:02:05 Roland Carl Backhouse Nello Cristianini presentation Bruce Schneier Jon Postel T. V. Raman Bert Sutherland Yukihiro Matsumoto bbq tomorrow social graph paper reviews Marilyn A. Walker 2011-09-13T15:04:50 2011-07-20T18:32:41 Sheila Greibach Gordon Cormack Alonzo ChurchMarkus Huber SBA Research, mhuber@sba-research.org20/23 Social Snapshots: Digital Forensics for Online Social Networks
  21. 21. Outline Brief background Design Results and Evaluation Concluding remarks References Concluding remarksMarkus Huber SBA Research, mhuber@sba-research.org21/23 Social Snapshots: Digital Forensics for Online Social Networks
  22. 22. Outline Brief background Design Results and Evaluation Concluding remarks References Social Snapshot tool extracts Facebook data in less than 15 minutes Malicious social snapshots FiTM attacks[3] Privacy surveys Data liberationMarkus Huber SBA Research, mhuber@sba-research.org22/23 Social Snapshots: Digital Forensics for Online Social Networks
  23. 23. Outline Brief background Design Results and Evaluation Concluding remarks ReferencesThank you for your time! Questions? mhuber@sba-research.org http://socialsnapshot.nysos.net Participate in our survey and get your social snapshot: http://is.gd/snapshotsurveyMarkus Huber SBA Research, mhuber@sba-research.org23/23 Social Snapshots: Digital Forensics for Online Social Networks
  24. 24. Outline Brief background Design Results and Evaluation Concluding remarks References L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. All your contacts are belong to us: automated identity theft attacks on social networks. In Proceedings of the 18th international conference on World wide web, pages 551–560. ACM, 2009. H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Zhao. Detecting and characterizing social spam campaigns. In Proceedings of the 10th annual conference on Internet measurement, pages 35–47. ACM, 2010. M. Huber, M. Mulazzani, E. Weippl, G. Kitzler, and S. Goluch. Friend-in-the-middle attacks: Exploiting social networking sites for spam. Internet Computing, 2011.Markus Huber SBA Research, mhuber@sba-research.org23/23 Social Snapshots: Digital Forensics for Online Social Networks
  25. 25. Outline Brief background Design Results and Evaluation Concluding remarks References T. Jagatic, N. Johnson, M. Jakobsson, and F. Menczer. Social phishing. Communications of the ACM, 50(10):94–100, 2007. G. Wondracek, T. Holz, E. Kirda, and C. Kruegel. A Practical Attack to De-Anonymize Social Network Users. In Proceedings of the IEEE Symposium on Security and Privacy, 2010.Markus Huber SBA Research, mhuber@sba-research.org23/23 Social Snapshots: Digital Forensics for Online Social Networks

×