1 / 25

Social Networking Security

Social Networking Security. Adam C. Champion and Dong Xuan CSE 4471: Information Security. Outline. Overview of Social Networking On-line Social Networking Mobile Social Networking Threats and Attacks Defense Measures. Online Social Networking (OSN).

ulric-delaney
Download Presentation

Social Networking Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social Networking Security Adam C. Champion and Dong Xuan CSE 4471: Information Security

  2. Outline • Overview of Social Networking • On-line Social Networking • Mobile Social Networking • Threats and Attacks • Defense Measures

  3. Online Social Networking (OSN) • Online Web services enabling people to connect with each other, share information • Common friends, interests, personal info, … • Post photos, videos, etc. for others to see • Communicate via email, instant message, etc. • Major OSN services: Facebook, Twitter, MySpace, LinkedIn, etc.

  4. “Giving people the power to share and make the world more open and connected.”

  5. OSN Popularity • Over 900 million Facebook users worldwide [6] • Over 150 million in U.S. [5] • Over 450 million access via mobile [6] • 300 million pictures uploaded to Facebook daily [6] • Over 140 million Twitter users; over 340 million Tweets sent daily [7] • Over 175 million LinkedIn members in over 200 countries [8]

  6. Benefits of OSN Communication • Vast majority of college students use OSNs • Organizations want to market products, services, etc. to this demographic • OSNs can help them reach these potential buyers • OSNs provide communal forum for expression (self, group, mass), collaboration, etc. • Connect with old friends, find new friends and connect • Play games with friends, e.g., Mafia Wars, Scrabulous • Commerce in “virtual items” • But using OSNs poses security issues for orgs as well as individuals

  7. Mobile Social Networking • E-SmallTalker • E-Shadow

  8. Application Scenario: Conference

  9. Small Talk • People come into contact opportunistically • Face-to-face interaction • Crucial to people's social networking • Immediate non-verbal communication • Helps people get to know each other • Provides the best opportunity to expand social network • Small talk is an important social lubricant • Difficult to identify significant topics • Superficial

  10. A Naive Approach of Smartphone-based Small Talk • Store all user’s information, including each user’s full contact list • User report either his own geo-location or a collection of phone IDs in his physical proximity to the server using internet connection or SMS • Server performs profile matching, finds out small talk topics (mutual contact, common interests, etc.) • Results are pushed to or retrieved by users

  11. However…… • Require costly data services (phone’s internet connection, SMS) • Require report and store sensitive personal information in 3rd party • Trusted server may not exist • Server is a bottleneck, single point of failure, target of attack

  12. E-SmallTalker – A Fully Distributed Approach • No Internet connection required • No trusted 3rd party • No centralized server • Information stored locally on mobile phones • Original personal data never leaves a user’s phone • Communication only happens in physical proximity

  13. E-Shadow • Enhanced E-SmallTalker • Local profiles • Mobile phone based local social interaction tools • E-Shadow publishing • E-Shadow localization

  14. Outline • Overview of Social Networking • Threats and Attacks • Defense Measures

  15. OSN Security Threats/Attacks • Malware distribution • Cyber harassment, stalking, etc. • Information “shelf life” in cyberspace • Privacy issues: • Information about person posted by him/herself, others • Information about people collected by OSNs • Information posted on OSNs impacts unemployment, insurance, etc. • Organizations’ concerns: brand, laws, regulations

  16. MSN Security Threat/Attacks • Personal information leakage • Particularly dangerous because of physical proximity • Malware distribution

  17. Outline • Overview of Social Networking • Threats and Attacks • Defense Measures

  18. “Common Sense” Measures (1) • Use strong, unique passwords • Provide minimal personal information: avoid entering birthdate, address, etc. • Review privacy settings, set them to “maximum privacy” • “Friends of friends” includes far more people than “friends only” • Exercise discretion about posted material: • Pictures, videos, etc. • Opinions on controversial issues • Anything involving coworkers, bosses, classmates, professors • Anything related to employer (unless authorized to do so) • Be wary of 3rd party apps, ads, etc. (P.T. Barnum’s quote) • Supervise children’s OSN activity

  19. “Common Sense” Measures (2) • “If it sounds too good to be true, it probably is” • Use browser security tools for protection: • Anti-phishing filters (IE, Firefox) • Web of Trust (crowdsourced website trust) • AdBlock/NoScript/Do Not Track Plus • Personal reputation management: • Search for yourself online, look at the results… • Google Alerts: emails sent daily to you about results for any search query (free), e.g., your name • Extreme cases: • Cease using OSNs, delete accounts • Contact law enforcement re. relentless online harassment

  20. E-SmallTalker: Privacy-Preserved Information Exchange • Example of Alice’s Bloom filter • Alice has multiple contacts, such as Bob, Tom, etc. • Encode contact strings, Firstname.lastname@phone_number, such as “Bob.Johnson@5555555555” and “Tom.Mattix@6141234567”

  21. E-Shadow: Layered Publishing • Spatial Layering • WiFi SSID • at least 40-50 meters, 32 Bytes • Bluetooth Device (BTD) Name • 20 meters, 2k Bytes • Bluetooth Service (BTS) Name • 10 meters, 1k Bytes • Temporal Layering • For people being together long or repeatedly • Erasure Code

  22. Final Remarks • On-line social networking systems are very popular and mobile social networking systems are emerging • Malware distribution and personal information leakage are two most prominent threats and attacks • Personal countermeasures are most effective

  23. References (1) • G. Bahadur, J. Inasi, and A. de Carvalho, Securing the Clicks: Network Security in the Age of Social Media, McGraw-Hill, New York, 2012. • H. Townsend, 4 Jun. 2010, http://www.k-state.edu/its/security/training/roundtables/presentations/SIRT_roundtable-RisksofSocialNetworking-Jun10.ppt • U.S. Dept. of State, “Social Networking Cyber Security Awareness Briefing,”http://www.slideshare.net/DepartmentofDefense/social-media-cyber-security-awareness-briefing • National Security Agency, “Social Networking Sites,”http://www.nsa.gov/ia/_files/factsheets/I73-021R-2009.pdf • Consumer Reports, Jun. 2012, http://www.consumerreports.org/cro/magazine/2012/06/facebook-your-privacy/index.htm • S. Sengupta, 14 May 2012, http://www.nytimes.com/2012/05/15/technology/facebook-needs-to-turn-data-trove-into-investor-gold.html?_r=1&pagewanted=all • T. Wasserman, 21 Mar. 2012, http://mashable.com/2012/03/21/twitter-has-140-million-users/ • LinkedIn Corp., 2012, http://press.linkedin.com/about • R. Richmond, “Web Gang Operating in the Open,” 16 Jan. 2012, https://www.nytimes.com/2012/01/17/technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-the-open.html?_r=1

  24. References (2) • J. Drömer and D. Kollberg, “The Koobface malware gang – exposed!”, 2012, http://nakedsecurity.sophos.com/koobface/ • Wikipedia, https://en.wikipedia.org/wiki/Suicide_of_Megan_Meier • M. Schwartz, “The Trolls Among Us,” 3 Aug. 2008, https://www.nytimes.com/2008/08/03/magazine/03trolls-t.html?pagewanted=all • M. Raymond, “How Tweet It Is!: Library Acquires Entire Twitter Archive,” 14 Apr. 2010, http://blogs.loc.gov/loc/2010/04/how-tweet-it-is-library-acquires-entire-twitter-archive/ • B. Borsboom, B. van Amstel, and F. Groeneveld, “Please Rob Me”, http://pleaserobme.com • D. Love, “13 People Who Got Fired for Tweeting,” 16 May 2011, http://www.businessinsider.com/twitter-fired-2011-5?op=1 • C. Smith and C. Kanalley, “Fired Over Facebook: 13 Posts That Got People Canned,”http://www.huffingtonpost.com/2010/07/26/fired-over-facebook-posts_n_659170.html • https://twitter.com/BPglobalPR • http://curl.haxx.se/ • http://jonathonhill.net/2012-05-18/unshorten-urls-with-php-and-curl/ • http://www.securingsocialmedia.com/resources/

More Related