In
this blog, I will talk about differences between social network security objectives and conventional security services.
(1) Social
Network Security Objectives
Three main security objectives are
privacy, integrity and availability.
Privacy
Privacy in OSNs encompasses user
profile privacy, communication privacy, message confidentiality and information
disclosure. In principle, privacy calls for the possibility to hide any
information about any user, even to the extent of hiding their participation in
the OSN in the first place. Moreover privacy has to be met by default all
information on all users and their actions has to be hidden from any other
party internal or external to the system, unless explicitly disclosed by the
users themselves. Requiring explicit disclosure leads to the need for access
control. Access to information on a user may only be granted by the user
directly the access control has to be as fine grained as the profile, and each
attribute has to be separately manageable. Integrity
The user’s identity and data must be
protected against unauthorized modification and tampering. In addition to
conventional modification detection and message authentication, integrity in
the context of OSNs has to be extended. The authentication has to ensure the existence
of real persons behind registered OSN members. Availability
In OSNs, this availability
specifically has to include robustness against censorship, and the seizure or
hijacking of names and other key words. Apart from availability of data access,
availability has to be ensured along with message exchange among members.
(2) Conventional Security Services
Followings are considered to be the
security services that can be provided optionally within the framework of the
OSI Reference Model. The authentication services require authentication
information comprising locally stored information and data that is transferred
(credentials) to facilitate the authentication. Access control: This service provides protection against unauthorized use of
resources accessible via OSI. These may be OSI or non-OSI resources accessed
via OSI protocols. This protection service may be applied to various types of
access to a resource or to all accesses to a resource. Authentication: These services including peer entity authentication and
data origin authentication can provide for the authentication of a communicating
peer entity and the source of data. Data integrity: These services including connection integrity with recovery,
connection integrity without recovery, selective field connection integrity,
connectionless integrity and selective field connectionless integrity can
counter active threats. Data confidentiality: These services including connection confidentiality,
connectionless confidentiality, selective field confidentiality and traffic
flow confidentiality can provide for the protection of data from unauthorized
disclosure. Non-repudiation: This service may take one or both of two forms:
non-repudiation with proof of origin and non-repudiation with proof of
delivery. Non-repudiation with proof of origin: The recipient of data is
provided with proof of the origin of data. This will protect against any
attempt by the sender to falsely deny sending the data or its contents.
Non-repudiation with proof of delivery: The sender of data is provided with
proof of delivery of data. This will protect against any subsequent attempt by
the recipient to falsely deny receiving the data or its contents.
(3) Conclusion
Different from OSNs, conventional
security services also provide the authentication, access control and
non-repudiation services. OSNs provide the privacy and availability services
while conventional security services do not. And OSNs extend the integrity
service. In my opinion, social network
contains mass of the real information. And information or message posted to the
social network will reflect the real life of the users. So the privacy is very
important. Majority members act on the social websites every second. Some
applications may need the information from the social network, whether they are
third-party applications or not. So the social network should provide the availability
services. In other networks, different networks have different demands in the
security services.
Here’s a fun video from YouTube, which tells us “Dos and Don’ts
when using social networks”:
Thank you for showing us the differences between social network security objectives and conventional security services. I have learnt a lot.We need to do many things to avoid online dangers, right?
Absolutely!As we all know,most social networking sites offer basic features of online interaction, communication, and interest sharing; individuals create online profiles that other users can view.So we should be careful when dealing with social network.
Good topic! Just some questions: 1. Paragraph: Different from OSNs, conventional security services also provide the authentication, access control and non-repudiation services. OSNs provide the privacy and availability services while conventional security services do not. And OSNs extend the integrity service. Here should it be difference or extension? Just from my understanding and what I conceive from your text, OSN extends security level to a higher level due to the confidential user activity and information. So my question would be: is there anything that OSN has while conventional approaches don't? (please forgive me for being naive. ><)
2. Can I somehow equalize data integrity with Integrity, access control with availability, and privacy with confidentiality? If not, what are the differences?
I don't think access control is equal to availability. Availability requires the resources is available when it is needed. Ensuring availability also involves preventing denial-of-service attacks. While access control means user can get access to the resource he/she is authorized to. It's something related to Authenticity and Confidentiality IMHO.
Very good summary on OSN Security. By the way, the video of "Dos and Don’ts when using social networks" is fun. It is also a summary of prevention of threats while using OSN. I am going to share this video to my friend and give a "like" to it :)
Oh, the youtube video is funny. Thanks for sharing. There are too many security problems on social networks. I think we should pay some attention to the privacy and follow the best practices even if we are using McAfee software that recommended by the video.
Security topic must be one of the most worrying aspects of social network tech before it is applied widely. And I think it will be quite a good news if we can deal with that problem under the help of SNA itself -- by providing varied protection for different users, identifying and insulating potential high-risk websites in advance, etc. Thank you for your detailed introduction on security and privacy topic in social network.
Three main security objectives are
privacy, integrity and availability.
Privacy
Thank you for showing us the differences between social network security objectives and conventional security services. I have learnt a lot.We need to do many things to avoid online dangers, right?
ReplyDeleteAbsolutely!As we all know,most social networking sites offer basic features of online interaction, communication, and interest sharing; individuals create online profiles that other users can view.So we should be careful when dealing with social network.
DeleteGood topic!
ReplyDeleteJust some questions:
1. Paragraph:
Different from OSNs, conventional security services also provide the authentication, access control and non-repudiation services. OSNs provide the privacy and availability services while conventional security services do not. And OSNs extend the integrity service.
Here should it be difference or extension? Just from my understanding and what I conceive from your text, OSN extends security level to a higher level due to the confidential user activity and information. So my question would be: is there anything that OSN has while conventional approaches don't? (please forgive me for being naive. ><)
2. Can I somehow equalize data integrity with Integrity, access control with availability, and privacy with confidentiality? If not, what are the differences?
Thanks!!!
I don't think access control is equal to availability. Availability requires the resources is available when it is needed. Ensuring availability also involves preventing denial-of-service attacks. While access control means user can get access to the resource he/she is authorized to. It's something related to Authenticity and Confidentiality IMHO.
DeleteThe video is rather funny, and it is an ad eventually! Thx for sharing~
ReplyDeleteVery good summary on OSN Security. By the way, the video of "Dos and Don’ts when using social networks" is fun. It is also a summary of prevention of threats while using OSN. I am going to share this video to my friend and give a "like" to it :)
ReplyDeleteOh, the youtube video is funny. Thanks for sharing. There are too many security problems on social networks. I think we should pay some attention to the privacy and follow the best practices even if we are using McAfee software that recommended by the video.
ReplyDeleteSecurity topic must be one of the most worrying aspects of social network tech before it is applied widely. And I think it will be quite a good news if we can deal with that problem under the help of SNA itself -- by providing varied protection for different users, identifying and insulating potential high-risk websites in advance, etc. Thank you for your detailed introduction on security and privacy topic in social network.
ReplyDelete