The design of secure and usable access schemes to personal
data represent a major challenge of online social networks
(OSNs). State of the art requires prior interaction to grant
access. Sharing with users who are not subscribed or previously
have not been accepted as contacts in any case is
only possible via public posts, which can easily be abused
by automatic harvesting for user profiling, targeted spearphishing,
or spamming. Moreover, users are restricted to the
access rules defined by the provider, which may be overly restrictive,
cumbersome to define, or insufficiently fine-grained.
We suggest a complementary approach that can be easily
deployed in addition to existing access control schemes,
does not require any interaction, and includes even public,
unsubscribed users. It exploits the fact that different social
circles of a user share different experiences and hence encrypts
arbitrary posts. Hence arbitrary posts are encrypted,
such that only users with sufficient knowledge about the owner
can decrypt.
Assembling only well-established cryptographic primitives,
we prove that the security of our scheme is determined by
the entropy of the required knowledge. We consequently
analyze the efficiency of an informed dictionary attack and
assess the entropy to be on par with common passwords.
A fully functional implementation is used for performance
evaluations, and available for download on the Web.
Additional information:
Online Ressource
Dieser Eintrag ist Teil der Universitätsbibliographie.
Das Dokument wird vom Publikationsserver der Universitätsbibliothek Mannheim bereitgestellt.
Search Authors in
