Security and Privacy in Social Network

In this blog, I will talk about differences between social network security objectives and conventional security services.

(1) Social Network Security Objectives

Three main security objectives are privacy, integrity and availability.

Privacy

Privacy in OSNs encompasses user profile privacy, communication privacy, message confidentiality and information disclosure. In principle, privacy calls for the possibility to hide any information about any user, even to the extent of hiding their participation in the OSN in the first place. Moreover privacy has to be met by default all information on all users and their actions has to be hidden from any other party internal or external to the system, unless explicitly disclosed by the users themselves. Requiring explicit disclosure leads to the need for access control. Access to information on a user may only be granted by the user directly the access control has to be as fine grained as the profile, and each attribute has to be separately manageable.
Integrity

The user’s identity and data must be protected against unauthorized modification and tampering. In addition to conventional modification detection and message authentication, integrity in the context of OSNs has to be extended. The authentication has to ensure the existence of real persons behind registered OSN members.
Availability

In OSNs, this availability specifically has to include robustness against censorship, and the seizure or hijacking of names and other key words. Apart from availability of data access, availability has to be ensured along with message exchange among members.

(2) Conventional Security Services

Followings are considered to be the security services that can be provided optionally within the framework of the OSI Reference Model. The authentication services require authentication information comprising locally stored information and data that is transferred (credentials) to facilitate the authentication.
Access control: This service provides protection against unauthorized use of resources accessible via OSI. These may be OSI or non-OSI resources accessed via OSI protocols. This protection service may be applied to various types of access to a resource or to all accesses to a resource.
Authentication: These services including peer entity authentication and data origin authentication can provide for the authentication of a communicating peer entity and the source of data.
Data integrity: These services including connection integrity with recovery, connection integrity without recovery, selective field connection integrity, connectionless integrity and selective field connectionless integrity can counter active threats.
Data confidentiality: These services including connection confidentiality, connectionless confidentiality, selective field confidentiality and traffic flow confidentiality can provide for the protection of data from unauthorized disclosure.
Non-repudiation: This service may take one or both of two forms: non-repudiation with proof of origin and non-repudiation with proof of delivery. Non-repudiation with proof of origin: The recipient of data is provided with proof of the origin of data. This will protect against any attempt by the sender to falsely deny sending the data or its contents. Non-repudiation with proof of delivery: The sender of data is provided with proof of delivery of data. This will protect against any subsequent attempt by the recipient to falsely deny receiving the data or its contents.

(3) Conclusion

Different from OSNs, conventional security services also provide the authentication, access control and non-repudiation services. OSNs provide the privacy and availability services while conventional security services do not. And OSNs extend the integrity service.
In my opinion, social network contains mass of the real information. And information or message posted to the social network will reflect the real life of the users. So the privacy is very important. Majority members act on the social websites every second. Some applications may need the information from the social network, whether they are third-party applications or not. So the social network should provide the availability services. In other networks, different networks have different demands in the security services.

Here’s a fun video from YouTube, which tells us “Dos and Don’ts when using social networks”:

                                 

Social Network Analysis

"Social network analysis is the mapping and measuring of relationships and flows between people, groups, organizations, computers or other information/knowledge processing entities." 

----Valdis Krebs, 2002

Social Network Analysis (SNA) is a study of patterns between actors which include people, groups, and other network members. Each participant in the community is called an actor and depicted as a node. SNA not only focuses on the actors and the relationship between them, but also values relations between actors which are depicted as links or ties. It is a method for visualizing our people and connecting power, leading us to identify how we can best be interacted to share knowledge.

In the context of knowledge management, SNA enables relationships between people to be mapped in order to identify knowledge flows: who do people seek information and knowledge from? Who do they share information and knowledge with? In contrast to an organization chart which shows formal relationships such as who works where and who reports to whom, a social network analysis chart shows informal relationships. It allows managers to visualize and understand the many relationships that can either facilitate or impede knowledge creation and sharing. Because these relationships are normally invisible, SNA is sometimes referred to as an 'organizational x-ray', showing the real networks that operate underneath the surface organizational structure. Thus, social network analysis is mostly used to meet the following specific needs:

• Facilitate identification of who knows who and who might know what.

• Identify isolated teams or individuals and knowledge bottlenecks.

• Improve the effectiveness of formal and informal communication channels.

• Accelerate the flow of knowledge and information across functional and organizational boundaries.

• Raise awareness of the importance of informal networks.

• Visualize relationships within and outside of the organization.

• Strategically work to improve knowledge flows.

Here are some applications of social network analysis:

Application of SNA in Social Psychology Research

Nowadays, SNA is increasingly being used to evaluate the communication patterns and status structures that emerge during students’ web-based discussions. SNA can reveal the most prolific and the most influential students, as well as those students who are isolated those who assume roles as mediators between their classmates.

Application of SNA in Knowledge Processes

SNA is now applied to analyze existing knowledge exchange processes in companies. In the past, these processes were mainly analyzed by traditional business process modeling methods, some of which are working with a specific knowledge perspective. The SNA however has no direct reference to processes; here persons with specific relationships (e.g. knowledge exchange) are mainly the object of interest. Therefore SNA metrics can be used to analyze knowledge and information flows in companies or in specific communities.

Application of SNA to Collaborative Team Formation

Team formation is a challenging problem in many large organizations in which it is entirely possible for two individuals to work on similar projects without realizing it. By applying social network analysis to mappings of co-authors and to mappings of related research paper keywords, it is easy to help generate teams of diverse individuals with similar interests and aptitudes.

Communication and Social Behaviors on the Internet

From lecture 5&6 we get to know about social psychology theories of groups and group behaviors, together with knowledge management and knowledge building. In the following part, I will describe them in details.

Social Psychology Theories of Groups and Group Behaviors

Firstly, let’s take a look at the meaning of group structure: The group is a structure consists of members with different roles, status, relations and communication networks, as well as subgroups. Members in a group typically coordinate their actions by communicating with one another, and communication can be defined as the process by which an individual transmits information to another person. So it is obvious that communication in groups may serve functions which include controlling group members, expressing emotions, and exchanging information.

A most significant function of groups is to make decisions. Here’s a particular rule: a group adopts can be influenced by the nature of the decision-making task. For example, if the task is to decide which restaurant to eat in, the group might adopt majority wins. Another thing worthy to say is that a group can have a leader, who enables groups to function as productive and coordinated wholes. In social psychology, leadership is a process of social influence through which an individual recruits and mobilizes the aid of others in the attainment of a collective goal.

Knowledge Building Principles

Suggested by Marlene Scardamalia, there are 12 principles acting as a system to facilitate development of knowledge building communities such as Real Ideas, Authentic Problems, Improvable Ideas, Idea Diversity, etc. To find more about them and their supporting socio-cognitive dynamics and technological dynamics, please see http://lcp.cite.hku.hk/resources/KBSN/Q1/KB_Principle.html.

Finally, I want to talk about some influential factors. As we know, communication and social behaviors on the internet can be affected by the patterns of ties among people. The more people are socially connected, the more intensely they are likely to communicate using various media available to them. It is applicable to describe human relationships across two media too. Another obvious thing is that internet social communication supplements and is an extension of traditional social behaviors. The more a person interacts traditionally and the more intimate his/her relationships, the more he/she would use the Internet to maintain communication with others and the more intimate would be his/her online communication. Social motives and attributes have also been linked to online communication. Those with low or unsatisfactory traditional social contacts use the Internet more frequently than others. For example, a single child who is isolated uses an online support group more frequently than those who are not. 

Questions in Class Activity One and Two: 1. The definition of Social Cloud: A Social Cloud is a resource and service sharing framework utilizing relationships established between members of a social network. 2. The possible applications of a Social Cloud: The passage shows 5 different potential applications of a Social Cloud, which are: Social Computation Cloud; Social Storage Cloud; Social Collaborative Cloud; Social Cloud for Public Science; Enterprise Social Cloud.

What was the epistemic aims in (1) Class Activity One (individual work) and (2) Class Activity Two (group work)? Is there any change in epistemic aim? If so, why did you change your aims?

For individual work, the epistemic aims to obtain the right answer from the given article, which is mainly about understanding and acquiring true. But for group work, since we have already formed our own understanding individually, the epistemic aim changes to a higher level – reorganization of concepts through making discussion. By knowing others’ answers and explanation, we are able to reflect thoughts from a different view, which we didn’t have before. This helps improve our answers, as well as our way of thinking.

Is there any difference in terms of individual and group epistemic cognition, how?

I think so. Individuals get new knowledge only by themselves. They rely on their personal experiences to solve problems. There would be no feedback or opinions from other people. So it’s difficult for individual to justify the correctness of the new belief. But group members can get new knowledge from the others, forming a new platform of learning and gaining fresh ideas to solve questions. Through group discussion, various ideas and knowledge can be connected to reach a higher level of cognition.  

How did you approach to the problem individually and in group, respectively? Is there any difference in the processes involved?

Individually, my approach to the problem is: 1st, read the two questions; 2nd, scan the article quickly, and highlight several important sentences related to the questions; 3rd, focus on the highlighted sentences, summarize the answer.

In group, my approach to the problem is: 1st, finish individual work; 2nd, everyone explains his original answers; 3rd, make group discussion and form some general ideas; 4th, summarize answers, and everyone’s understanding of knowledge improves.

In conclusion, group epistemic cognition is based on individual epistemic cognition, and everyone’s understanding of knowledge will be improved after discussion.

Psychology and Cognition in Online Social Networks

What is Epistemic Cognition? 

Epistemic Cognition is the process of knowing and, in a more precise way, the process of being aware, knowing, thinking, learning and judging. 

A three-level model of cognitive processing is proposed to specify complex monitoring when we are faced with problems. At the first level, cognition, individuals compute, memorize, read, perceive, solve problems, etc. At the second, metacognitive level, individuals monitor their own progress when they are engaged in these first-order tasks. At the third level, epistemic cognition, individuals reflect on the limits of knowing, the certainty of knowing, and criteria of knowing. Epistemic assumptions influence how individuals seek into the nature of problems and make up their minds what kinds of strategies are suitable for solving them. Although cognitive and metacognitive processes appear to develop in childhood and are used throughout the life span, recent research shows that epistemic cognitive monitoring develops in the latest adolescent and adult years.

About what I have learnt in Lecture 3-4.

In the lecture 3, I have learnt that the cognition can be categorized to three different levels. Before that, I just know that people observe things and understand concepts in different levels. But I have not considered about what are the features of each level. During the lecture, In my opinion, the most important theory I have learnt is that epistemic level of cognition is the highest and it can create new knowledge by the interaction and discussion within social networks. In the following lectures, I also want to know something about how our critical thinking ability is linked with epistemic level and knowledge building.

In the lecture 4, Prof. Rosanna Chan had a very detailed introduction about social psychology and social cognitive theory, as well as collaboration on online social networks. In the end of the slides, 5 levels of responses to unfamiliar information are defined: sub-assimilation, direct assimilation, surface-constructive, implicit knowledge-building, explicit knowledge-building. But I think one more response may be added into these levels: rejection of knowledge building. E.g. I totally don't understand [the statement], or even I think it is wrong. This kind of response seems to be the most negative attitude to unfamiliar information.

By taking the lectures and surfing on the Internet, I got to know a very important feature of the human cognitive architecture, and probably an essential one able to function efficiently in a fast changing environment, is that beliefs and decisions need not to be the product of explicit reasoning. Assuming that I throw a ball to you and you may seize it with your hands. How did you do that? Would you measure the distances and velocities and compute arriving time? I'm afraid not. Instead, humans and some higher animals have a built-in cognitive module whose purpose is to rapidly produce predictions, so that we can rely upon these predictions to form consciousness what we are going to do next.

Further discussion about "knowledge building at epistemic cognition level"

Knowledge building is a social activity. It results in the creation or modification of public knowledge--knowledge that lives "in the world" and is available to be worked on and used by other people. A single person cannot be limited to building new knowledge. However, in a community or public environment where people can join together and discuss problems, certain improvements will be made to the existing understandings. For example, in Baidu Entry (http://baike.baidu.com/view/19060.htm), people can comment on the previous entries and even enhance the existing information using the most updated one. In this way our system of knowledge is improving day by day. 

What Is Social Networking?

Social networking is a focus on facilitating the building of social relationships among people who share opinions, discover information, or even get real-life connections. Sometimes social networking is in person, especially in schools and workplace, but it is most popular as an online service.

Social networking started off as a service to help to get to know those members in your community, to help business grow and open different horizons for personal use. It has become one of the biggest ways to communicate in your line of business or personal life. Most social networks are now based on web, and provide a means for people to interact over the internet. Social networking sites help users share events, activities and interests within there individual networks.

Before taking the course of Social Networking, my understanding of this concept is some kind of network application which enables people to share information with the others. During my undergraduate study, I was in charge of an innovation project named as "Group Purchase Navigation Software based on Mobile Internet".  It mainly focuses on "MSNS"(Mobile Social Networking Services) ,a new idea brought up by a professor in my university. So after discussing how to reflect the characteristics of social network with my team members, we decided that the function of the software should not only include provision of goods' information, but also sharing in social networking sites and recommendation to friends via SMS.    I                

                                     
                  

After taking the lectures for the last two weeks, I began to realize that there are way more things in addition to our design. Maybe we can add function such as getting people together to buy things at a lower prize; Maybe by using our software, you are able to know and contact people who have a similar taste. Social Networking is a process of connecting people. Social platforms like facebook build up social environments and provide social experiences to participants. It helps people to form closed communities or groups so they can collaborate on information and ideas.

During the courses, I have learnt the definition of social media and social networking, together with related aspects. I also get to know that a social task is a larger view of collaborative work in a social network, and study the examples of social tasks: "idea generation", "codevelopment", "finding people". In the further lectures, I want to learn more about the social behaviors and how to do a comprehensive social network analysis. 

In lecture 2, Professor raised a question about the difference between user-based filtering and item-based filtering methods for derived social recommendations. So let's make a brief description. As we know, some social systems can process the behavior of a social group over time and generate recommendations based on this data. However, the derived social recommendation relies on complex software analysis to generate the recommendation using the index such as "most read", "most commented", "most emailed" and so on. Unlike the direct recommendation approach, the visibility of other users or their choices is not an important factor to newly arrived users. In my opinion, user-based filtering method means that if something is in your friends' preference, then you would most probably like it; As for item-based filtering method, it means that if an item has similar characteristics as those you have liked before, then you may also like this one. For these two methods, the first one is about a research on your friends, predicting how much you would like an item by studying their taste; the second one is about a research on those items that you have liked, defining to what extent you would like the target item. It's hard to say which one is better. In most companies, the item-based filtering method is used, such as Amazon. But in Digg and some other company, user-based filtering method is used and effect is good.So we'd better to say: different situation, different recommendation.