Proc. of Int. Conf. on Recent Trends in Information, Telecommunication and Computing, ITC
Privacy for Multiparty Access in Social Networking Sites: A Survey Ami Intwala1 and Mahesh Maurya2 1
Mukesh Patel School of Technology Management and Engineering (MPSTME), Computer Engineering, Mumbai, India Email: intwalaami@gmail.com 2 Professor, MPSTME-NMIMS, Mumbai, India Email: maheshkmaurya@yahoo.co.in
Abstract— Social Networking Sites have become the means of the communication and have experienced growth in the recent years. As these sites offer services for free of costs are attracting the people all around the world. Some technologies are emerging in the field of Internet but still the users are facing the security leakages by unauthorized users. Many of the Social Sites are managed by the Third Party Domains which keep track of all the user information along with the access details. Most Online Social Networking (OSN) Sites provide an “accept all or nothing” mechanism for managing permission from Third Party Access (TPA) to access user’s private data [3]. The Social Media sites do not provide any mechanism for privacy on the shared data among the multiple users. Many users share their personal information without knowing about the cyber thefts and risks associated with it. From the survey it has been found that the teenagers are least concerned about the navigating privacy. Privacy associated with the Social media is the very crucial thing. Different methods are discussed regarding sharing of the personal information and leakage of this information through different mediums. Different models are also proposed in this paper regarding the privacy control of third party access of the personal information. An approach is proposed which allows users to share their access control configuration for TPA s with their friends who can reuse and rate such configurations [3]. Index Terms— Social Networking, Multiparty Access Control, Multiparty Access Control (MPAC) specification, Personally Identifiable Information (PII), Collaborative Privacy Management (CPM)
I. INTRODUCTION Social networking sites are gaining the attraction of the people all around the world. The number is increasing every year of the Internet users who are also using Social networking sites, as these sites help the users to communicate easily in any part of the word. Microsoft made computers easy for everyone to use. Google helps us search out data. YouTube keeps everyone entertained. But Facebook has a huge advantage over those other sites: the emotional investment of its users [7]. So, as the size of the Social Media users are increasing due to its reliable usage, the management of the privacy of the personal data is also increased. These sites also help people to share photos and videos, make new friends and be in contact with the old friends. Most of the times the services provided by these sites are free of cost [2]. So hackers consider it as an advantage to get more and more information of the user. Kirkpatrick’s explained that today’s youth do not care about privacy and will not take any steps to protect it [5]. It was also found that youths (age 18-29 years) DOI: 02.ITC.2014.5.549 © Association of Computer Electronics and Electrical Engineers, 2014
are now becoming conscious about the privacy and they manage which parts of their profiles are accessible to others. Facebook has changed the social DNA, making users more accustomed to openness [7]. There are some drawbacks of using the social sites. Many times the users are unaware of the thefts related to social sites, so they share their personal information and pictures easily on the social medium. As access has become easier it became the centre of attraction for the users which also results in the security issues. All the users are provided with their individual space on the social sites where they can share their information and sometimes it may also contain their personal information like name, gender, DOB, education etc. which is actually known as the user profile. It is also possible for the user to comment or like on the other user space and can tag users from his/her own space which is actually giving the hyperlink to tagged user profile. This all requires security of the information which is shared by the user. Users have control over their own space but have no control over the other’s space. There are some of the basics security provided to all the users, like if the user wants to remove the tag on his/her photo, then it is possible to restrict other users to watch that photo publicly but the photo still remains in that space. On reporting to the social networking sites, the sites only allow us to keep or delete the content which result in too loose or too restrictive decision making [1]. Users should have control over their personal data which is shared with the social networking sites. The OSN sometimes, manage the user’s data with the help of the TPAs. Many of the social sites are managing the user’s details database using the Third-Party Domain Management. Even if a user is explicitly informed that a TPA would access certain pieces of information, she/he has no control over sharing only a subset of that information, the only alternative being not installing and using the application [3]. There are many issues regarding the privacy and security on the social sites. As the users are becoming aware of the thefts on social media they are now expecting different social sites company to clarify the privacy settings attached to each piece of information they post as well as what happens to the data after they share it [7]. Web application and web specification are deployed on the internet so policy based approach for the security requirements have achieved the great attention of the users. Policy-based computing handles complex system properties by separating policies from system implementation and enabling dynamic adaptability of system behaviours by changing policy configurations without reprogramming the systems [4]. XACML (eXtensible Access Control Markup Language) is used to specify access control policy for web applications. XACML profile for role-based access control (RBAC) provides a mapping between the RBAC and XACML [4]. To systematically represent the XACML policies, the method proposed is Answer Set Programming (ASP). Another model which is provided is MPAC (Multi-Party Access Control) model for the multiparty authorization requirements. II. ISSUES RELATED TO SOCIAL SITES As we all know that the cyber treat are increasing in the society. So here we will discuss some of the issues which became the centre of attraction for all people using the social networking sites. A. Privacy Privacy is the main issue in the social networking sites as users share their personal information without being aware of the cyber thefts. Sometimes it is possible that the users are unaware that their information are used and shared by the strangers. It is also possible that the users are least concerned about their information shared by some fake. Basic privacy is given to the users by the social sites but later user should be careful while making friends and accessing sites. For example, a user account has a privacy applied to it and only the friends in the list can view the information provided by user. Now a friend of his has no such privacy settings. So anyone can access user account from his friend’s account. B. User Authentication The user control over his/her space should be more specific. The user should get the highest priority of authentication when it is related to their personal information. For example, a user shares the information with a group of friends. Among them a friend again shares the information to their friends. In this manner the information is transferred to stranger and the chances of the misuse of the information increases. Thus, to share the shared information again, the authentication is to be provided by the owner of that information. C. Authorization vs. Social Network Growth It is the fact that if authentication is given to the user about their account then the growth of the sites will affect. So the company related to the sites give less preference to the authentication rather than the growth of the sites. So the authentication given to the users are limited which results in the security issues. The 459
company always provides the highest priority to the growth of the network than to the personal information provided by the user. Company provides ease of access of the application but the security provided is limited. D. Friends It has been found that user’s so-called “friends” could be the bigger threat to their privacy. For example, ‘If you are friends with someone on Facebook, and you trust them with your data. That’s the big privacy problem that most Facebook users have. They have too many friends that they don’t really know’ Kirkpatrick said [8]. Users share their any information with the friends, without knowing that sometimes they are sharing the information with some of the strangers. E. Permission Authentication Some permission of the resources is not assigned to the authenticated users, so some of permissions should be assigned to the users in the form of individual roles. This might reduce the leakage of the information to some extent as the user will be authenticating the strangers in his/her way. For example, a user (A) comments and tags a friend (B) with it on some of the other friend space (C) then the tagged friend has no authentication on that comment. F. Potential for Exploitation Actually there are two kinds of users: i. Creators: The actual users which share their information to the sites. They are also called the owner of the account. ii. Curators: The one who found the photo on the site, download it and paste it on the other sites. Generally, they try to access any account and get the information from it. That information thy uses and create another account with which the actual user is unaware. So, there is a big issue regarding the misuse of the information provided or shared. G. Child Safety Teenagers are attracted to the sites more as they are not aware of the risks associated with it. Sometimes parents also help their child to use sites without making aware of the risks. Teenagers share the information, photos and comments or write the status which attracts the spammer to know the users habits and try to evaluate their personal life. It is found that many of the children have experienced the harassment of social media [2]. According to Emily Bazelon a journalist, Facebook is trying to hit the kids from the neurological weak spot. According to her kids don’t have the same kind of impulse control that adults do [6]. H. Social Network Fatigue As we all know, the users cannot connect to another user unless they are on the same network platform. So the information required is same to create account on different sites, which may lead to the leakage of the information through any sites. For example, if the user has the account on Facebook and tries to connect to a friend who is using Google+, then it is not possible. Both the user should have the similar platform. I. Third-Party Access Third Party domains keep track of the information accessed by the user. Some sites hire the Third Party Access to keep track of the information accesses by the user. So it is even possible that the information tracked is leaked by the third-party through some servers. Even if the user is informed that some part of the information is accessed by the TPA, but the user have no control over the sharing of the information. The user should be careful before accessing such applications.
Fig. 1: A Disseminator share user’s profile
460
Fig. 2: User share a relationship
III. METHODS A. MPAC for Social Sites Multiple users have the different authorization requirements to a single resource [1]. The way to handle the account and provide privacy to the account differs from user to user. Thus the site is unable to provide privacy to users according to their requirements. The below scenarios show the authorization of the user provided by the sites: a. Profile Sharing: The users are authenticated to show their basic information name, gender, DOB, education, working status etc. to their friends which are authorized. It is completely based on the owner that what kind of information they want to share with the public which can be known or unknown to the user. Sometimes it may also be possible that the information is leaked through their friend’s profile attribute. Consider Fig.1, here the third party accessor (Accessor) is trying to access the user (Disseminator) account through the friend’s (owner) profile. So it can be judged that if the friends profile has weak privacy setting then also the information can be leaked. When any data is shared from the any user space to his/her own space is known as the disseminator. For example, if the user friend has uploaded a photo and user share the photo to his/her space then the user is the disseminator. b. Relationship Sharing: Any user can share their relationship with the other user member of the friend’s list. A user can only regulate and control the one direction of the relationship. If the user is in relationship with other members then he/she can access their friends list also. In Fig. 2, a user (Owner) has a relationship with another user (Stakeholder) shares a relationship with the Accessor. This means that if the accessor is in relationship with the user can he/ she can easily access the information of the stakeholder from the user account. In general, stakeholders are known as the tagged users. The tagged users are actually nothing but giving the hyperlink to that users account. For example, if the user has uploaded a photograph consisting of three friends and has tagged his both friends along with the photo, then both the friends are called the stakeholders of the photo and also have the control over that photo. c. Content Sharing: Sharing any content is nothing but sharing the information such as content, upload the photo, share comment and tag the other users. It also includes the status content which has been viewed by all in the friend’s list. Fig. 3 indicates that if a photo containing multiple users is shared on the network, then the user itself is the owner who uploaded the photo and the other in the photo are stakeholders. It is possible that for content there can be multiple stakeholders.
Fig. 3: Shared content has multiple stakeholders
Fig. 4: Shared content published by a contributor
Fig. 4 shows that if the user comment on the friend’s profile by tagging another friend to it, then user is the contributor, tagged friend is the stakeholder and the friends profile is the owner of the space. Contributor is actually the user who is sharing the content to some friend’s space. It means user is actually contributing to someone else’s space from his/her space. For example, if a user’s friend has uploaded a photograph in his space and the user comments on it, then the user is known as the contributor and the user’s friend is known as the owner of that photograph. In Fig. 5, it is possible for the disseminator to share the information shared by some other friend to his/her friends group. B. Personally Identifiable Information (PII) Personally Identifiable Information can be defined as, the information which can be used to distinguish or to trace an individual’s identity either alone or when combined with other information which is linkable to the 461
specific individual [2]. Table 1 show some of the level of the PII Availability based on the attribute of the PII and the count is based on the different Social Networking Sites. From the information provided the malicious user’s tries to access the habit and behaviour of the user. Sometimes this information is used to make another account on the same site or the different sites. For example, a user is having the account on Facebook but not on LinkedIn. So the information is used to create the malicious account on LinkedIn outside the awareness of the owner. C. Third Party Domains used by SNSs Some of the networking sites use the third party domains to keep track of all the users related to those sites. So the Third Party domains are constantly tracking users visit to the sites and record it, which can create a greater issue of the privacy in SNSs [2]. In the survey, it was found that Orkut doesn’t use any third party domain to track users visit, Twitter uses “google-analysis.com” and Facebook uses “advertising.com” and “atdmt.com” [2]. The information transferred to the third-party can be in three ways: The referrer header, the Uniform Resource Locator (URL), or the Cookie. So there are chances of the leakage through these mediums also.
Fig. 5: Disseminator sharing the information TABLE I: PII AVAILABILITY COUNT [2] Attributes of PII Personal Photo Location Name Gender DOB Friends
Always Available 9 5 5 4 2 1
Levels of the PII Availability Available by default Unavailable by default 2 1 7 0 6 1 6 0 5 4 10 1
Always Unavailable 0 0 0 2 1 0
IV. TECHNOLOGIES USED A. MPAC Policy Specification To enable a collaborative authorization management of data sharing in OSNs, it is essential for MPAC policies to be in place to regulate access over shared data, representing authorization requirements from multiple associated users [1]. a. Accessor Specification: Accessors are the users who are authorized to use the shared data. Accessors may also be the set of user’s names, set of relationship name and the set of group name in the Social networking site. b. Data Specification: Data are composed of the information from user profile, user relationship and the user content. The sensitivity levels (SL) are assigned for the data by the controllers for the shared data items. c. MPAC Policy is given by the combination of both the specifications i.e. Accessor Specification and Data Specification. B. eXtensible Access Control Markup Language Based on the program written in the XACML (eXtensible Access Control Markup Language) and different constraints defined in the program, it becomes easy for the system to decide whether the user who is trying to access the information should be permitted or not at some particular time. Policy and policy sets is the root of 462
the XACML policies. Policy set is composed of a policies or policies sets, policy combining algorithm and a target. A target defines as the subject, resources and actions the policy or policy set applies to [4]. If for a policy or a policy set, the target is true then the decision is taken on the request otherwise no decision is taken. A rule set is the set of rules which consists of a target, condition and its effect. A target is defined as the subject, resource or the action the rules or rules set applies to. The conditions are the Boolean Expressions which restrict the target and the effect can be any among ‘permit’, ‘deny’, or ‘intermediate’. There are four different rule combining algorithms: 1. Permit Overrides: If there is any applicable rule that evaluates to permit, then the decision is permit. If there is no applicable rule that evaluates to permit but there is an applicable rule that evaluates to deny, then the decision is deny. Otherwise, the decision is Not Applicable. 2. Deny Overrides: If there is any applicable rule that evaluates to deny, then the decision is deny. If there is no applicable rule that evaluates to deny but there is an applicable rule that evaluates to permit, then the decision is permit. Otherwise, the decision is Not Applicable. 3. First Applicable: The decision is the effect of the first applicable rule in the listed order. If there is no applicable rule, then the decision is Not Applicable. 4. Only-One-Applicable: If more than one rule is applicable, then the decision is indeterminate. If there is only one applicable rule, then the decision is true for that rule. If no rule is applicable, then the decision is not applicable. C. Role-based Access Control RBAC is based on the role of the subjects and can specify the security policy in a way that maps to an organizational structure [4]. Roles are organized in a partial order ≥, so that if x ≥ y then a role x inherits the permissions of a role y. Therefore members of a role x are also implicitly members of a role y. With the help of role based access control (RBAC) it is possible for the user to identify the incompatible roles of the user and prevent it based on different constraints specified. Identifying the conflicts and preventing it can be achieved by the Separation of Duty (SoD) principle. SoD constraints in RBAC can be divided into: 1. Static SoD constraints: The constraint requires that no user should be assigned to any conflicting roles. For example, a single user cannot work as an Engineer and as a developer simultaneously. 2. Dynamic SoD constraints: The constraint requires that no user can activate conflicting roles simultaneously. For example, a user can be an engineer and developer but at a particular time the user should perform only a single role, i.e. either engineer or a developer. 3. Historical SoD constraints: The constraints restrict the assignment and activation of conflicting roles over the course of time. For example, the according to time the user can be assigned different roles. Or it shows that at a particular time the user is having which role. a. Answer Set Programming: The idea of Answer Set Programming (ASP) is to represent the search problem user is interested in as a logic program whose intended models, called “stable models” (answer sets), correspond to the solutions of the problem, and then find these models using an answer set solver-a system for computing stable models [4]. The language used by the ASP is effective non-monotonic language. The mathematical foundation of Answer Set Programming was originated from understanding the meaning of negation as failure in Prolog, which has the rules of the form a1 a2, a3,…., am, not am+1,….,not an
(1)
where all ai are atoms and ‘not’ is the symbol for negation as the failure is also known as default negation. The above equation indicates that, if you have generated a2, ..., am and it is impossible to generate any of am+1, …, an then you may generate a1. D. Collaborative Privacy Management (CPM) Framework a. Overview The framework provides the interceptor mechanism which acts as the membrane between the TPAs and the OSNs. All the information requested has to pass to this membrane and is intercepted. During installation, the framework make use of the personal information of the user, for which the user have the option whether to allow permission or send some dummy data for his/her privacy. The user can also change the privacy permission for the specific application. 463
Fig. 6: Interceptor mechanism on the CPM Framework
b. Interceptor Implementation The prototype implementation of the CPM was done on the Facebook Platform Application. The framework is presented exactly as any other application inside an IFrame but in reality is it sits between TPAs and Facebook servers. Fig. 6 illustrates the interception mechanism which operates as follows. 1. Interceptor prevent applications from interacting directly with Facebook's Graph API (Graph API is the primary way to communicate to the Facebook); the CPM Interceptor exports an identical API through which it captures all outgoing application data requests, noting the access token of each one. 2. Using this access token CPM extracts the application ID and the user information from whom the request was initiated. 3. The Interceptor then forwards each such request to Facebook's Graph API using the same access token and retrieves the corresponding data items. 4. Having retrieved the data, CPM Framework evaluates and filters it according to the user's access control rules before returning this filtered data to the original TPA. V. CONCLUSIONS The user should not share the personal information until a proper privacy settings are applied on the user account. Due to information leakage, threats occur which can harm user’s privacy. Collaborative privacy management approach is used to raise awareness about data privacy issues arising from the third party access. MPAC model was formulated along with the multiparty policy specification scheme. A framework was designed to analyze the XACML-Based RBAC Policy which efficiently supports the larger access control policies. All the different kinds of methods and technologies discussed are basically set on the user system so that the user can gain more privacy from the Internet. For the future scope, we would like to investigate more comprehensive conflict resolution approach. The Collaborative management approach should be applied on large amount of the data sets. The Mapping approach of the XACML should handle the complicated conditions. The main thing is the making the model which gives the highest authentication and priority to the user whose information is being leaked and misused. ACKNOWLEDGMENT With immense pleasure we would also like to thank Dr. Dhirendra Mishra, Assistant Professor and Head of Department, Computer Engineering for his constant support and guidance throughout my project work. We would also like to thank everyone who participated in this project. REFERENCES [1] Hongxin Hu, Gail-JoonAhn, and Jan Jorgensen, “Multiparty Access Control for Online Social Networks: Models and mechanisms”, IEEE Transactions on Knowledge and Data Engineering, July 2013 [2] Pallavi I. Powale, and Ganesh D. Bhutkar, “Overview of Privacy in Social Networking Sites (SNS)”, International Journal of Computer Application, July 2013 [3] Pauline Anthonysamy, Awais Rashid, James Walkerdine, Phil Greenwood, GeorgiosLarkou, “Collaborative Privacy Management for Third-Party Applications in Online Social Networks”, Lancaster University, 2012
464
[4] Gail-JoonAhn, Hongxin Hu, Joohyung Lee and YunsongMeng, “Representing and Reasoning about Web Access Control Policies”, Arizona State University, 2011. [5] Danah Boyd and Ezster Hargittai “Facebook Privacy Settings: Who Cares?”, First-Monday Peer-Revied Journal on the Internet, Vol. 15, August 2010 [6] The New York Times, “Facebook Shifts Its Rules on Privacy for Teenagers”, 17th October 2013. [7] Dan Fletcher, “How Facebook is Redefining Privacy”, Time Magazine, May 2010. [8] Ann Babe, “Krikpatrick: Privacy Lawsuit won’t Slow Facebook’s Momentum”, January 2014.
465