Security and Privacy in Social Network

In this blog, I will talk about differences between social network security objectives and conventional security services.

(1) Social Network Security Objectives

Three main security objectives are privacy, integrity and availability.

Privacy

Privacy in OSNs encompasses user profile privacy, communication privacy, message confidentiality and information disclosure. In principle, privacy calls for the possibility to hide any information about any user, even to the extent of hiding their participation in the OSN in the first place. Moreover privacy has to be met by default all information on all users and their actions has to be hidden from any other party internal or external to the system, unless explicitly disclosed by the users themselves. Requiring explicit disclosure leads to the need for access control. Access to information on a user may only be granted by the user directly the access control has to be as fine grained as the profile, and each attribute has to be separately manageable.
Integrity

The user’s identity and data must be protected against unauthorized modification and tampering. In addition to conventional modification detection and message authentication, integrity in the context of OSNs has to be extended. The authentication has to ensure the existence of real persons behind registered OSN members.
Availability

In OSNs, this availability specifically has to include robustness against censorship, and the seizure or hijacking of names and other key words. Apart from availability of data access, availability has to be ensured along with message exchange among members.

(2) Conventional Security Services

Followings are considered to be the security services that can be provided optionally within the framework of the OSI Reference Model. The authentication services require authentication information comprising locally stored information and data that is transferred (credentials) to facilitate the authentication.
Access control: This service provides protection against unauthorized use of resources accessible via OSI. These may be OSI or non-OSI resources accessed via OSI protocols. This protection service may be applied to various types of access to a resource or to all accesses to a resource.
Authentication: These services including peer entity authentication and data origin authentication can provide for the authentication of a communicating peer entity and the source of data.
Data integrity: These services including connection integrity with recovery, connection integrity without recovery, selective field connection integrity, connectionless integrity and selective field connectionless integrity can counter active threats.
Data confidentiality: These services including connection confidentiality, connectionless confidentiality, selective field confidentiality and traffic flow confidentiality can provide for the protection of data from unauthorized disclosure.
Non-repudiation: This service may take one or both of two forms: non-repudiation with proof of origin and non-repudiation with proof of delivery. Non-repudiation with proof of origin: The recipient of data is provided with proof of the origin of data. This will protect against any attempt by the sender to falsely deny sending the data or its contents. Non-repudiation with proof of delivery: The sender of data is provided with proof of delivery of data. This will protect against any subsequent attempt by the recipient to falsely deny receiving the data or its contents.

(3) Conclusion

Different from OSNs, conventional security services also provide the authentication, access control and non-repudiation services. OSNs provide the privacy and availability services while conventional security services do not. And OSNs extend the integrity service.
In my opinion, social network contains mass of the real information. And information or message posted to the social network will reflect the real life of the users. So the privacy is very important. Majority members act on the social websites every second. Some applications may need the information from the social network, whether they are third-party applications or not. So the social network should provide the availability services. In other networks, different networks have different demands in the security services.

Here’s a fun video from YouTube, which tells us “Dos and Don’ts when using social networks”: