Post on 08-Mar-2020
transcript
Threats & Vulnerabilities in Online Social Networks
Lei Jin LERSAIS Lab @ School of Information
SciencesUniversity of Pittsburgh
03 26 20103-26-2015
Topics• Focus is the new vulnerabilities that exist in online
social networks– Typical online social networks (OSN); E.g., Facebook &
Li k dILinkedIn
– Location-based social networks (LBSN); E.g., Foursquare & Yelp& Yelp
• Not the traditional problems in online systems– Secure Communication
– Web-based Attacks; E.g., SQL Injection, Cross Site ScriptingScripting
LERSAIS Lab @ School of Information Sciences 2
Outline• Identity & Authentication Problems• Identity & Authentication Problems
– Email Address, Connections of Identities & Login
– Social Authentication
– Identity Validation
• Privacy Issues– Privacy of User ProfilesPrivacy of User Profiles
– Privacy of Friendships
• Malicious Resources LERSAIS Lab @ School of Information Sciences Slide 3
Purpose• Be aware of these problems & know how to mitigate• Be aware of these problems & know how to mitigate
or avoid the potential attacks
• Start to know current research topics regarding• Start to know current research topics regarding security & privacy in online social networks
LERSAIS Lab @ School of Information Sciences 4
5LERSAIS Lab @ School of Information Sciences
Background – OSN
User Profile
Messages &
Userg
Comments
Pictures
Friendship Link
Friend List Friend List
Link
LERSAIS Lab @ School of Information Sciences 6
Friend List Friend List
LBSN
U Venue
Create venues
User VenueExplore various places
Check in at venues
(user, venue, time,…)
VENUE
CHECK-IN
LERSAIS Lab @ School of Information Sciences 7
Friendship Network (name, location, category,…)
VENUE
E titi El t & M h i• User Identity / User Profile
Entities, Elements & Mechanisms• User’s Social Network
– Attributes
• Venue (LBSN)
– Friends
– Mutual Friends
– Attributes– Recommended Friends
• User’s Posts
M h i
– Messages
– Photos
h k i ( ) • Mechanisms– User Authentication
A C t l M h i
– Check-ins (LBSN)
LERSAIS Lab @ School of Information Sciences 8
– Access Control Mechanisms
Outline• Identity & Authentication Problems• Identity & Authentication Problems
– Email Address, Connections of Identities & Login
– Authentication
• Privacy Issues– Privacy of User Profiles
– Privacy of FriendshipsPrivacy of Friendships
• Malicious Resources
LERSAIS Lab @ School of Information Sciences Slide 9
Email Address as Identity [1]• Most online systems adopt a user’s email address as• Most online systems adopt a user s email address as
the user’s identity• Caused and causing many threatsCaused and causing many threats
– Used to identify various identities of a user in many online systems
– More vulnerable regarding online password cracking
• Share the same passwordp
• Avoid the limits of fail login times
– Cracking one email address = Cracking related onlineCracking one email address Cracking related online accounts associated with this email address
LERSAIS Lab @ School of Information Sciences 10
Email Address as Identity (cont.)• Possible solutions• Possible solutions
– Different email addresses?
– Different passwords?
– Password management?
LERSAIS Lab @ School of Information Sciences Slide 11
Email Address as Identity (cont.)• Email address is private & sensitivep• Anonymous Email Service
– Like Craigslist email system
– leijin@anonymous.com <-> leijin@gmail.com
– Anonymous.comAccept, extract messages and construct the new email, send
No any record
Not record leijin@gmail.com as a plaintext
– GmailNot disclose leijin@anonymous.com
LERSAIS Lab @ School of Information Sciences Slide 12
Outline• Identity & Authentication Problems• Identity & Authentication Problems
– Email Address, Connections of Identities & Login
– Authentication
• Privacy Issues– Privacy of User Profiles
– Privacy of FriendshipsPrivacy of Friendships
• Malicious Resources
LERSAIS Lab @ School of Information Sciences Slide 13
Authentication problems in OSNs
• Authentication between a user and a social• Authentication between a user and a social network system: facilitating login attempts (Login)(Login)
• Authentication between users: validating a user’s identity (Identity Validation)
LERSAIS Lab @ School of Information Sciences Slide 14
Login• Motivations• Motivations
– Difficult to remember text-based passwords
– Tend to use one simple password for multiple systems
• Social Authentication: adopting users’ knowledge in OSNs to authenticate users in order to facilitate their login attempts
LERSAIS Lab @ School of Information Sciences Slide 15
Photo-Based Authentication• Proposed by Yardi et al [2]• Proposed by Yardi et al. [2]
• Basic idea: authenticate a user’s login using the tagged photos in Facebook based on the assumptiontagged photos in Facebook based on the assumption that a user can identify their friends from various photosp otos
LERSAIS Lab @ School of Information Sciences Slide 16
Photo-Based Authentication (cont.)
• Facebook Implementation• Facebook Implementation
• It is triggered when the system detects a suspicious login attempt according to a set of heuristicslogin attempt, according to a set of heuristics– the user logs in from a different geographical location
– uses a new device (e.g., computer or smartphone) for the first time to access his account
LERSAIS Lab @ School of Information Sciences Slide 17
Photo-Based Authentication (cont.)
• A sequence of 7 pages featuring authentication• A sequence of 7 pages featuring authentication challenges after the password-based authentication
• Each challenge is comprised of 3 photos of an online• Each challenge is comprised of 3 photos of an online friend; the names of 6 people from the user’s social circle are listed and the user has to select the one c c e a e sted a d t e use as to se ect t e o edepicted
• The user is allowed to fail in 2 challenges, or skipThe user is allowed to fail in 2 challenges, or skip them, but must correctly identify the people in at least 5 to pass the social authentication test
LERSAIS Lab @ School of Information Sciences Slide 18
Issues in Photo-based Social Issues in Photo-based Social Authentication• Kim et al. [3][ ]
– Friend information is not private enough
– People in the photos can be automatic recognized using face i i lrecognition tools
– Such a social authentication is vulnerable to statistical guessing attack for the names
• Polakis et al. [4] conducted the real attacks for the photo-based social authentication in Facebook– Access to 42% of friends -> solve 22% of Facebook social
authentication tests
– Access to 120 faces of friends - > solve 100%Access to 120 faces of friends > solve 100%
LERSAIS Lab @ School of Information Sciences Slide 19
Improvements• Polakis et al. [5]Polakis et al. [5]
– photo selection by using photos that fail software-based face recognition
– photo transformation where faces are transformed so as to render image matching techniques ineffective
– remaining recognizable to humans who are familiar with the depictedg g p
• Results:– Attack -> solve 0.4% of the challengesg
– Users are able to identify their friends in over 99% of the photos with faces unrecognizable by software, and can solve over 94% of the challenges with transformed photoschallenges with transformed photos
LERSAIS Lab @ School of Information Sciences Slide 20
Improvements (cont.)• Jain et al [6]: asks users to verify information about• Jain et al. [6]: asks users to verify information about
private their social contacts and their interactions
• Results: not as what they expected since many users• Results: not as what they expected, since many users tend to forget their private information and their private activitiesp vate act v t es
LERSAIS Lab @ School of Information Sciences Slide 21
Conclusions - Login • Social authentication (e g photo-based• Social authentication (e.g., photo-based
authentication) still needs many improvements– Not each user has enough friends who are tagged in theNot each user has enough friends who are tagged in the
photos
– No enough appropriate photos for authenticationsNo enough appropriate photos for authentications
– Theatrical analysis: How secure is it?
LERSAIS Lab @ School of Information Sciences Slide 22
Identity Validation• Motivations• Motivations
• Difficult to identify the authenticity of a user’s identity in an OSNidentity in an OSN– Identity Clone Attacks [7] -> Various Security & Privacy
AttacksAttacks
LERSAIS Lab @ School of Information Sciences Slide 23
Cloned Identity
LERSAIS Lab @ School of Information Sciences 24
Identity Clone Attack [7] - Design• Attributes: name education birthdayAttributes: name, education, birthday…• Friend network
– Friend List (FL): Connected friends of an ID( )
– Recommended Friend List (RFL): Generated by OSN systems (function of “People You May Know”
b k)on Facebook)
Share same RFs
Excluded Friend List (EFL):– Excluded Friend List (EFL): Social embarrassments
Attackers - try to connect these individuals
LERSAIS Lab @ School of Information Sciences 25
Attackers try to connect these individuals
What are the best targets
I iN t Inactive Account
Not having Account
Popular /
Account
Popular / Authority Account
LERSAIS Lab @ School of Information Sciences 26
Account
Attribute As TargetSub Targets:
1. Attribute Values
2. Privacy Settingsy g
LERSAIS Lab @ School of Information Sciences 27
i d k A Friend Networks As Target
FLFLRFLEFLEFL
FLRFLRFLEFLFaked ID
LERSAIS Lab @ School of Information Sciences28
Faked ID
Cloned Identity Detection [7]
Profile SetAn Input Identity
Profile Profile
Authentication Schemes
Candidate List
Filtering
Fake Identity List
Validation
Suspicious Identity List
SimilaritySimilarity Computation
Thresholds Profile Similarity h
LERSAIS Lab @ School of Information Sciences 29
Schemes
P fil Si il itProfile SimilarityAttribute Similarity
SA( , )
| | | |
cv
att c v
c v
SAS P P
A A
Basic Principle: Similar Attributes in Two Profiles
Friend Network SimilarityFor Basic Profile Similarity (BPS)
( , ) ( )c v ff frfbfn fefS P P S S S Basic Principle:
Mutual Friends in Friend Networks
F M lti l f k d Id titi P fil Si il it (MFIPS)( , ) ( ) ( )
mfn c v s ff s cf s frf s cfrf s fefS P P S S S S S
For Multiple-faked Identities Profile Similarity (MFIPS)
LERSAIS Lab @ School of Information Sciences 30
Basic Principle: Similar Friends in Friend Networks
Identity Validation• Li et al [8] propose a key exchange protocol that• Li et al. [8] propose a key exchange protocol that
utilizes the secret questions, which work like a "naturally pre-distributed" secret information between y ptwo parties
LERSAIS Lab @ School of Information Sciences Slide 31
Identity Validation (cont.)• Proposed by Zhao et al [9]• Proposed by Zhao et al. [9]
• Basic Idea:– A user trusts their friends and the trust in a social network
system is transitive. A user could find a trusted path, indicating the transmission of the trust, to another in a g ,social graph
– When two strangers meet in a social network, if they can g , yfind a trusted path, then they can rely on this common trusted persons in the path to authenticate each other
LERSAIS Lab @ School of Information Sciences Slide 32
Conclusions - Identity Validation• Many limitations• Many limitations
• Li et al:– Friends in the physical world
– Not enough secrets
– How to select secrets
• Zhao et al:• Zhao et al:– trust may not be transitive
LERSAIS Lab @ School of Information Sciences Slide 33
C l i Id tit V lid ti Conclusions - Identity Validation (cont.)
A i l h [ ]• A practical approach [7]:– To ask users to provide their IDs in the real world
– Education
LERSAIS Lab @ School of Information Sciences Slide 34
Outline• Identity & Authentication Problems• Identity & Authentication Problems
– Email Address, Connections of Identities & Login
– Authentication
• Privacy Issues– Privacy of User Profiles & Shared Resources
– Privacy of FriendshipsPrivacy of Friendships
• Malicious Resources
LERSAIS Lab @ School of Information Sciences Slide 35
Infer User’s Profile Information• Assumptions: Friends tend to share the same interests• Assumptions: Friends tend to share the same interests
• Inferring a targeted user’s private attribute based on his/her friends’ public attributeshis/her friends public attributes
• Example [10]:– A user hides his education and occupation from the public
– Many of a user’s friends are current students at the University of Pittsburgh
– Inference: University of Pittsburgh, Student
LERSAIS Lab @ School of Information Sciences 36
Issues related to Shared Resources• Photos
– A photo includes multiple individuals
– One of them posts it in his/her wall
– Privacy: others in the photos may be upset
• Check-ins (LBSNs) [11]– A user exposes where and when he is
– A user exposes where his lives
A ’ f i d th l th ’ l ti l t d– A user’s friend or other people expose the user’s location related information
• Existing Access Control mechanisms cannot address all of these problems [12]
LERSAIS Lab @ School of Information Sciences 37
Outline• Identity & Authentication Problems• Identity & Authentication Problems
– Email Address, Connections of Identities & Login
– Authentication
• Privacy Issues– Privacy of User Profiles & Shared Resources
– Privacy of FriendshipsPrivacy of Friendships
• Malicious Resources
LERSAIS Lab @ School of Information Sciences Slide 38
Issues Related to Users’ Friend Lists
• Importance of the friend list• Importance of the friend list
• What a user’s friends reveals– Family, Work, Income, Reputation, Religion…
– Used for Identity Clone Attacks
– Used for Inferring Private Attributes
LERSAIS Lab @ School of Information Sciences 39
Attacks - Expose a User’s Social Attacks - Expose a User s Social Network
• Mutual-friend based Attack [13]
• Friendship Identification and Inference Attack [14]p [ ]
LERSAIS Lab @ School of Information Sciences 40
Mutual Friend Feature
• Show mutual friendsShow mutual friends between two users
• Useful feature, e.g. Friend gRecommendation, Friend Introduction
Lack of the Access ControlLack of the Access Control Mechanism !
LERSAIS Lab @ School of Information Sciences 41
Attack Example
DE
A
Alice BobB
CC
LERSAIS Lab @ School of Information Sciences 42
Defense ApproachesR• Reasonno restriction for querying mutual friends
• Defense approachesHide user profilep
Access control to query mutual friends
43
F i d hi Id ifi i & I f Friendship Identification & Inference Attack• Users’ Privacy Settings for Friend Lists• Users Privacy Settings for Friend Lists
– Private
– Friends w/o an excluding list
– Public
LERSAIS Lab @ School of Information Sciences 44
Inconsistent Policies
A CA’s Friend List C’s Friend List
A CC
A
LERSAIS Lab @ School of Information Sciences 45
Inconsistent Preferences Example -1
A TF
BEInference
D CG
LERSAIS Lab @ School of Information Sciences 46
Inconsistent Preferences Example -2
Inference
A TE
BD C
Inference
D C
LERSAIS Lab @ School of Information Sciences 47
Key Issue• How to conduct effective inferences to identify the• How to conduct effective inferences to identify the
private friendships– GuessGuess
– Similarity-based inferences
– Random-walk inferences
LERSAIS Lab @ School of Information Sciences Slide 48
Attack Schemes• One attacker node & one target• One attacker node & one targetAdversary chooses a number of users, who are the
most likely to be friends of a target, at one time b d th l l tibased on the calculations
• Multiple attacker nodes & one targetCombine the attack knowledge (segments of the
network) from different attacker nodes to be a more completed segment of the network
• Topology of the entire social network (multiple attacker nodes & multiple targets)Attack the most vulnerable targets first
49
Defense Approaches
A’ i d i C’ i d i
A CA’s Friend List C’s Friend List
A
C
• Squicciarini et al. -> voting algorithm & game theory
• Hu et al. -> Label Privacy Level, minimize privacy risk & sharing loss
LERSAIS Lab @ School of Information Sciences 50
Outline• Identity & Authentication Problems• Identity & Authentication Problems
– Email Address, Connections of Identities & Login
– Authentication
• Privacy Issues– Privacy of User Profiles
– Privacy of FriendshipsPrivacy of Friendships
• Malicious Resources
LERSAIS Lab @ School of Information Sciences Slide 51
Venue Attacks in LBSNs [15]• Venue AttributesVenue Attributes
– Creator
– OwnerOwner
– Name
Address– Address
– Geo-location
C t– Category
– Statistical Information - Owner
– Promotion/Coupon (Set by Owner)
LERSAIS Lab @ School of Information Sciences 52
Malicious Venue Creation Attack• ANY user can create ANY type of a venue withoutANY user can create ANY type of a venue without
being subjected to any AUTHENTICATION and the AUTHORIZATION from the actual owner
• Venue Not Created in a LBSN– Does not exist in the real world: deceive and confuse users,
d t ’ t t f LBSNdestroy users’ trust for LBSNs
– Exists in the real world but not willing to share; e.g. home, private placep p
• Venue Already Created in a LBSN– Create a similar venue using a similar/alternative name; e gCreate a similar venue using a similar/alternative name; e.g.,
School of Information Sciences - iSchoolLERSAIS Lab @ School of Information Sciences 53
Venue Ownership Hijacking Attack• Bypass the owner authentication process & become the owner
of the created venueof the created venue• Owner Authentication in Foursquare, Yelp and Facebook
Place– Phone number
– Address
• Impacts– Expose customers’ visit information: users’ privacy
Manipulate coupons/promotions: financial loss and/or destroy user trust– Manipulate coupons/promotions: financial loss and/or destroy user trust on the venue
– Change the address of the venue
– …
LERSAIS Lab @ School of Information Sciences 54
Venue Location Hijacking Attack• Venue’s location is associated with its geo-location• Venue s location is associated with its geo-location
not the physical address
• Geo location is dynamic in terms of possible• Geo-location is dynamic in terms of possible inaccurate GPS signals
• Location pdate: the center of all the honest check ins• Location update: the center of all the honest check-ins marked by a LBSN
LERSAIS Lab @ School of Information Sciences 55
’ Ch k i & k d ’ h Ch k i & k d
Users’ Dishonest Check-ins & Marked
Users’ Honest Check-ins & Marked as Host Check-ins by System
Users’ honest Check-ins & Marked as Dishonest Check-ins by System
Users’ Dishonest Check-ins & Marked Users Dishonest Check ins & Marked as Dishonest Check-ins by System
Actual Location of the Venue
Users Dishonest Check ins & Marked as Honest Check-ins by System
Manipulated Location of the VenueManipulated Location of the Venue
IIIIIIIV
LERSAIS Lab @ School of Information Sciences 56
Th M t f th L ti f th LERSAIS L bThe Movements of the Locations of the LERSAIS LabCorrect Location 2013-04-08
2013-03-11
2013-04-17
2013-03-07
2013-05-02
Targeted Location2013-02-25
2013-05-12
LERSAIS Lab @ School of Information Sciences 57
2013 05 12
Combined Venue Attacks
Venue Location Hijacking
Venue Ownership HijackingHijacking
attack Hijacking
attack
Malicious V C tiVenue Creation
attack
LERSAIS Lab @ School of Information Sciences 58
Moved 2 Miles away in May,
Moved 3 Miles away in July,
New Venue Created & Its Check-ins in
LERSAIS Lab @ School of Information Sciences 59
y y,2012
y y,2012 August, 2012
fReferences1) Jin, L., Takabi, H., & Joshi, J. B. (2010, August). Security and privacy risks of using e-mail
address as an identity. In Social Computing (SocialCom), 2010 IEEE Second International y p g ( ),Conference on (pp. 906-913). IEEE.
2) Yardi, S., Feamster, N., & Bruckman, A. (2008). Photo-based authentication using social networks. In Proceedings of the first workshop on Online social networks (pp. 55-60). ACM.
3) Kim, H., Tang, J., & Anderson, R. (2012). Social authentication: harder than it looks. In Financial ) , , g, , , ( )Cryptography and Data Security (pp. 1-15). Springer Berlin Heidelberg.
4) Polakis, I., Lancini, M., Kontaxis, G., Maggi, F., Ioannidis, S., Keromytis, A. D., & Zanero, S. (2012). All your face are belong to us: breaking Facebook's social authentication. In Proceedings of the 28th Annual Computer Security Applications Conference (pp. 399-408). ACM.
5) Polakis, I., Ilia, P., Maggi, F., Lancini, M., Kontaxis, G., Zanero, S., ... & Keromytis, A. D. (2014, November). Faces in the distorting mirror: Revisiting photo-based social authentication. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 501-512). ACM.
6) Jain S Lang J Gong N Z Song D Basuroy S & Mittal P (2015) New Directions in6) Jain, S., Lang, J., Gong, N. Z., Song, D., Basuroy, S., & Mittal, P. (2015). New Directions in Social Authentication. NDSS Workshop on Usable Security.
7) Jin, L., Takabi, H., & Joshi, J. B. (2011, February). Towards active detection of identity clone attacks on online social networks. In Proceedings of the first ACM conference on Data and application security and privacy (pp. 27-38). ACM.
LERSAIS Lab @ School of Information Sciences 60
References8) Li, L., Zhao, X., & Xue, G. (2012, May). An identity authentication protocol in online social networks. In
Proceedings of the 7th ACM Symposium on Information Computer and Communications Security (pp 28-29)Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security (pp. 28 29). ACM.
9) Zhao, X., Li, L., & Xue, G. (2011, December). Authenticating strangers in fast mixing online social networks. In Global Telecommunications Conference (GLOBECOM 2011), 2011 IEEE (pp. 1-5). IEEE.
10) Mislove, A., Viswanath, B., Gummadi, K. P., & Druschel, P. (2010, February). You are who you know: inferring user profiles in online social networks In Proceedings of the third ACM international conference on Web searchuser profiles in online social networks. In Proceedings of the third ACM international conference on Web search and data mining (pp. 251-260). ACM.
11) Jin, L., Long, X., & Joshi, J. B. (2012, October). Towards understanding residential privacy by analyzing users' activities in foursquare. In Proceedings of the 2012 ACM Workshop on Building analysis datasets and gathering experience returns for security (pp. 25-32). ACM.
) i hi ( ) l i f l h i f12) Jin, L., Long, X., Joshi, J. B., & Anwar, M. (2012, August). Analysis of access control mechanisms for users' check-ins in Location-Based Social Network Systems. In Information Reuse and Integration (IRI), 2012 IEEE 13th International Conference on (pp. 712-717). IEEE.
13) Jin, L., Joshi, J. B., & Anwar, M. (2013). Mutual-friend based attacks in social network systems. Computers & security, 37, 15-30.
14) Jin, L., Takabi, H., Long, X., & Joshi, J. (2014, November). Exploiting Users' Inconsistent Preferences in Online Social Networks to Discover Private Friendship Links. In Proceedings of the 13th Workshop on Privacy in the Electronic Society (pp. 59-68). ACM.
15) Jin, L., & Takabi, H. (2014, November). Venue attacks in location-based social networks. In Proceedings of the 1st ACM SIGSPATIAL International Workshop on Privacy in Geographic Information Collection and Analysis( 1) ACM(p. 1). ACM.
LERSAIS Lab @ School of Information Sciences Slide 61
Questions?
LERSAIS Lab @ School of Information Sciences 62