Social Networks and Privacy OLEKSANDR BODRIAGOV Licentiate Thesis Stockholm, Sweden, 2015 KTH Royal Institute of Technology School of Computer Science and Communications TRITA-CSC-A 2015:07 Department of Theoretical Computer Science ISSN-1653-5723 SE-100 44 Stockholm ISBN 978-91-7595-571-1 SWEDEN Akademisk avhandling som med tillst˚andav Kungl Tekniska h¨ogskolan framl¨aggestill offentlig granskning f¨oravl¨aggandeav teknologie licentiatexamen i datalogi den 09 juni, 2015 i sal E2 Lindstedsv¨agen3, Kungliga Tekniska H¨ogskolan, Stockholm. c Oleksandr Bodriagov, January 13, 2015 Tryck: Universitetsservice US AB Abstract Centralized online social networks pose a threat to their users' privacy as social network providers have unlimited access to users' data. Decentralized social networks address this problem by getting rid of the provider and giving control to the users themselves, meaning that only the end-users themselves should be able to control access of other parties to their data. While there have been several proposals and advances in the development of privacy- preserving decentralized social networks, the goal of secure, efficient, and available social network in a decentralized setting has not been fully achieved. This thesis contributes to the research in the field of security for social networks with focus on decentralized social networks. It studies encryption-based access control and man- agement of cryptographic keys/credentials (required for this access control) via user accounts with password-based login in decentralized social networks. First, this thesis explores the requirements of encryption for decentralized social networks and proposes a list of criteria for evaluation that is then used to assess existing encryption- based access control systems. We find that all of them provide confidentiality guarantees (of the content itself), while privacy (of information about the content or access policies) is either not addressed at all or it is addressed at the expense of system's performance and flexibility. We highlight the potential of two classes of privacy preserving schemes in the decen- tralized online social network (DOSN) context: broadcast encryption schemes with hidden access structures and predicate encryption (PE) schemes, and propose to use them. Both of these classes contain schemes that exhibit desirable properties and better fulfill the criteria. Second, the thesis analyses predicate encryption and adapts it to the DOSN context as it is too expensive to use out of the box. We propose a univariate polynomial construction for access policies in PE that drastically increases performance of the scheme but leaks some part of the access policy to users with access rights. We utilize Bloom filters as a means of decreasing decryption time and indicate objects that can be decrypted by a particular user. The thesis demonstrates that adapted scheme shows good performance and thus user experience by making a newsfeed assembly experiment. Third, the thesis presents a solution to the problem of management of cryptographic keys for authentication and communication between users in decentralized online social networks. We propose a password-based login procedure for the peer-to-peer (P2P) setting that allows a user who passes authentication to recover a set of cryptographic keys required for the application. In addition to password logins, we also present supporting protocols to provide functionality related to password logins, such as remembered logins, password change, and recovery of the forgotten password. The combination of these protocols allows emulating password logins in centralized systems. The results of performance evaluation indicate that time required for logging in operation is within acceptable bounds. 3 Sammanfattning Centraliserade sociala online n¨atverk utg¨orett hot mot anv¨andarnasintegritet. Detta eftersom leverant¨orerav sociala n¨atverkstj¨ansterhar obegr¨ansadtillg˚angtill anv¨andarnasinformation. Decentraliserade sociala n¨atverk l¨oserintegritetsproblemet genom att eliminera leverant¨orer och ge anv¨andarnakontroll ¨over deras data. Inneb¨ordenav detta ¨aratt anv¨andarnasj¨alva f˚ar best¨ammavem som f˚artillg˚angtill deras data. Aven¨ om det finns flera f¨orslagoch vissa framsteg i utvecklingen avseende integritetsbevarande decentraliserade sociala n¨atverk, har m˚aletom s¨akra,effektiva, och tillg¨angligasociala n¨atverk i en decentraliserad milj¨ointe uppn˚attsfullt ut. Denna avhandling bidrar till forskning inom s¨akerhet avseende sociala n¨atverk med fokus p˚a decentraliserade sociala n¨atverk. Avhandlingen inriktas p˚akrypteringsbaserad ˚atkomstkontroll och hantering av kryptografiska nycklar (som kr¨avsf¨ordenna ˚atkomstkontroll) med hj¨alpav anv¨andarkonton med l¨osenordsbaseradinloggning i decentraliserade sociala n¨atverk. F¨orstunders¨oker denna avhandling krav p˚akryptering f¨ordecentraliserade sociala n¨atverk och f¨oresl˚arutv¨arderingskriterier. Dessa utv¨arderingskriterier anv¨ands sedan f¨orbed¨omning av befintliga krypteringsbaserade system f¨or˚atkomstkontroll. V˚arutredning visar att samtliga garanterar sekretess av sj¨alva inneh˚allet.Integritet av information om inneh˚alleteller˚atkomstprinciper ¨ardock inte skyddat alls, alternativt skyddade p˚abekostnad av systemets prestanda och flexi- bilitet. Vi lyfter fram potentialen i tv˚aklasser av integritetsbevarande system i DOSN samman- hang: broadcast-krypteringssystem med dolda tillg˚angsstruktureroch predikat krypteringssys- tem; vi f¨oresl˚aranv¨andning av dessa system. B˚adadessa klasser inneh˚allersystem som uppvisar ¨onskv¨ardaegenskaper och uppfyller kriterier p˚aett b¨attres¨att. F¨ordet andra analyserar avhandlingen predikat kryptering och anpassar denna till DOSN sammanhang, eftersom det ¨arf¨ordyrt att anv¨andasom det ¨ar.Vi f¨oresl˚aren "univariate poly- nomial construction" f¨or˚atkomstprinciper i predikat kryptering som drastiskt ¨okar systemets prestanda, men l¨acker n˚agondel av˚atkomstprincipen till anv¨andaremed˚atkomstr¨attigheter.Vi anv¨anderBloom-filter f¨oratt minska dekrypteringstiden och indikera objekt som kan dekrypteras av en viss anv¨andare.Genom att g¨oraett experiment med nyhetsfl¨odessammans¨attningvisas att det anpassade systemet ger goda resultat och d¨armed anv¨andarupplevelse. F¨ordet tredje presenterar avhandlingen en l¨osningp˚aproblemet avseende hanteringen av kryptografiska nycklar f¨orautentisering och kommunikation mellan anv¨andarei decentraliserade sociala online n¨atverk. Vi f¨oresl˚aren l¨osenordsbaseradinloggningsprocedur f¨orpeer-to-peer (P2P) milj¨on,som g¨oratt anv¨andarensom passerar autentisering f˚ar˚atervinnaen upps¨attning kryptografiska nycklar som kr¨avsf¨orapplikationen. F¨orutoml¨osenordsinloggning presenterar vi ocks˚ast¨odprotokoll f¨oratt ge relaterat funktionalitet, s˚asominloggning med lagrade l¨osenord, l¨osenordsbyte, och ˚aterst¨allningav bortgl¨omdal¨osenord. Kombinationen av dessa protokoll till˚atersimulera l¨osenordsinloggning i centraliserade system. Prestandautv¨arderingen visar att tiden som kr¨avsf¨orinloggning ¨arinom acceptabla gr¨anser. Acknowledgements It took me a few years to write this thesis, and I must say that it was not the easiest task in my life. It required a lot of time, dedication, and concentration. I would like to express my gratitude to all people that helped me on this way. First and foremost, I would like to thank my adviser Sonja Buchegger for her help, support, invaluable advices, and guidance. She was the one who taught me how to do research in a structured way. Her simple and elegant guidelines, like a rule of thumb for writing introduction in papers, have been very useful to me in various situations beyond academic context. Second, I would like to thank my colleagues from our small but quite efficient research group: Gunnar Kreitz, Benjamin Greschbach, and Guillermo Rodr´ıguez-Cano.I really enjoyed working with you all! I would also like to express my gratitude to Siavash Soleimanifard, Oliver Schwarz, and Pedro de Carvalho Gomes for sharing their thoughts and comments whenever I asked them. Thanks to Dilian Gurov for his counsel on writing this thesis. I am thankful to all members of the theoretical computer science group at KTH for making this group a very friendly place to work in. Special thanks to Benjamin Greschbach, Guillermo Rodr´ıguez-Cano, Oliver Schwarz, Pedro de Carvalho Gomes, and Siavash Soleimanifard for many fun and interesting conversations. Last but not least, a big thanks to my friends at NGO \Unga Ukrainare i Sverige": Max, Vira, Ola, Kostya, Oksana, Alyona, Sergii, Tetiana, and Roman. You all are great people, and I am grateful for your support, company, and for the fantastic and unforgettable experience we have had. Oleksandr Bodriagov, Stockholm, January 2015. Table of Contents Table of Contents 7 List of Figures 9 List of Tables 9 1 Introduction 11 1.1 Background . 11 1.2 Motivation and related work . 13 1.3 Research methodology . 17 1.4 Thesis contribution . 17 1.5 Conclusions and Future work . 21 2 Errata for included publications 23 Bibliography 25 3 Encryption for Peer-to-Peer Social Networks 29 3.1 Introduction . 29 3.2 Essential criteria for the P2P encryption systems . 31 3.3 Existing P2P OSN Architectures . 33 3.4 Evaluation of existing encryption schemes based on our criteria . 34 3.5 Broadcast Encryption . 36 3.6 Predicate Encryption . 37 3.7 Comparison and Discussion . 39 3.8 Conclusions . 40 References . 43 4 Access Control in Decentralized Online Social Networks: Applying a Policy- Hiding Cryptographic