Towards the Next Generation of Online Social Networks by Alireza Mahdian B.S., Sharif University of Technology, 2005 A thesis submitted to the Faculty of the Graduate School of the University of Colorado in partial fulfillment of the requirement for the degree of Doctor of Philosophy Department of Computer Science August 31, 2012 This thesis entitled: “Towards the Next Generation of Online Social Networks” written by Alireza Mahdian has been approved for the Department of Computer Science SUBMITTED BY: Alireza Mahdian SUPERVISOR AND COMMITTEE CHAIR: Professor Shivakant Mishra Department of Computer Science SIGNED: SUPERVISOR AND COMMITTEE CO-CHAIR: Professor Richard Han Department of Computer Science SIGNED: COMMITTEE MEMBERS: Professor John Black Department of Computer Science SIGNED: Professor Chris GauthierDickey Department of Computer Science University of Denver SIGNED: Professor Qin Lv Department of Computer Science SIGNED: The final copy of this thesis has been examined by the signatories, and we find that both the content and the form meet acceptable presentation standards of scholarly work in the above mentioned discipline. Mahdian, Alireza (PhD, Computer Science) Towards the Next Generation of Online Social Networks Thesis directed by Prof. Shivakant Mishra and Prof. Richard Han Abstract This thesis considers the design of a social network that addresses the shortcomings of the existing ones, and identifies user privacy, security, and service availability as strong motivations that push the architecture of the proposed design to be distributed. We describe our design in detail and identify the property of resiliency as a key objec- tive for the overall design philosophy. We define the system goals, threat model, and trust model as part of the system model, and discuss the challenges in adapting such distributed frameworks to become highly available and highly resilient in potentially hostile environments. We propose a distributed solution called MyZone to address these challenges based on a trust- based friendship model for replicating user profiles and disseminating messages, and evaluate the feasibility of our solution based on availability, resource utilization and scalability. iii Dedications I dedicate this dissertation to my family, especially to my mom and dad for their words of encouragement, to my uncle Saed and his family who supported me morally and financially and to my aunt Zohreh who has always comforted me in times of frus- tration. Thank you for having faith in me over the years. Acknowledgements This thesis would not have been possible without the help, support and patience of my great advisers, Prof. Richard Han and Prof. Shivakant Mishra, not to mention their invaluable advices throughout my study. I am grateful to my committee members Prof. John Black, Prof. Chris GauthierDickey and Prof. Qin Lv for their invaluable advices, discussions and feedbacks. I would like to acknowledge the financial, aca- demic and technical support of the Department of Computer Science at the University of Colorado at Boulder and its staff, particularly in the award of Graduate Teaching Assistantship that provided the necessary financial support for my study. Last, but by no means least, I thank my friends who dedicated their time and resources to my ex- periment and provided invaluable feedbacks to improve the initial releases of MyZone. v Contents 1 Introduction 1 2 Problem Statement 8 3 Related Works 8 4 Assumptions 12 4.1 System Requirements . 12 4.2 Security Model . 13 4.2.1 Trust Model . 14 4.2.2 Adversary Model . 15 5 Design Goals and Challenges 17 5.1 Design Goals . 17 5.2 Challenges . 19 5.2.1 Availability Challenges . 19 5.2.2 Resiliency Challenges . 22 5.2.3 Routing Challenges . 22 5.2.4 Connectivity Challenges . 23 5.2.5 Security Challenges . 24 5.2.6 Traffic Optimization and Power Management Challenges . 25 6 System Design Architecture 26 6.1 Service Layer . 27 vi 6.2 Application Layer . 46 7 Security Measures 58 7.1 Security Attacks and Scenarios . 59 7.2 Security Measures . 61 7.2.1 Analysis of Algorithm i . 64 7.2.2 Prevention . 66 7.2.3 Detection . 67 7.2.4 Recovery . 68 7.3 Discussion of Security Limitations . 70 8 Implementation 71 8.1 Service Layer Implementation . 71 8.2 Application Layer Implementation . 73 9 Evaluation 90 9.1 Experimental setup . 90 9.2 Availability . 93 9.3 Resource Utilization . 109 9.4 Scalability . 114 10 Summary of Work 123 10.1 Future Works . 125 A Appendix 131 vii List of Tables i Description of the interfaces for Rendezvous Server, and Relay Server compo- nents of the service layer. 76 ii Description of the interfaces for Certificate Authority Server, STUN Server, and Peer components of the service layer. 77 iii MyZone setting attributes for the application layer. 86 iv Different configurations for our emulations. 116 v XML Schema for settings. 131 vi XML Schema for mirror entry. 132 vii XML Schema for friends. 132 viii XML Schema for passphrase entry. 132 ix XML Schema for zone entry. 133 x XML Schema for file list entries. 133 xi XML Schema for basic user information. 134 xii XML Schema for events. 135 xiii XML Schema for private messages. 136 xiv XML Schema for wall posts. 137 xv XML Schema for link posts. 138 xvi XML Schema for photo albums. 139 xvii XML Schema for audio albums. 140 xviii XML Schema for video albums. 141 xix XML Schema for deleted entries. 142 viii xx XML Schema for pending change entry. 142 ix List of Figures i Deployment diagram for local deployment . 30 ii Sequence digram of the scenario where a relay server registers with a ren- dezvous server. 31 iii Sequence diagram of the scenario where a peer requests a certificate from a certificate authority (CA). 32 iv Sequence diagram of the scenario where a peer requests for a relay server from a rendezvous server. 34 v Sequence diagram of the scenario where a peer registers with a relay server. 35 vi Sequence diagram of the scenario where a peer registers with a rendezvous server. 37 vii Sequence diagram of the scenario where a peer locates another peer. 39 viii Sequence diagram of a scenario where a peer connects to another peer. 40 ix Sequence diagram of the scenario where a peer sends friendship request to a rendezvous server. 41 x Database schema for the rendezvous server database. 43 xi Peer registration with rendezvous servers located on a chord ring. 46 xii Peer look up process on chord ring. 47 xiii Design architecture for the entire application layer. 55 xiv The modified peer registration process for the global deployment model. 62 xv Overall view of all the composing packages of the service layer and their rela- tionships. 74 x xvi Class diagram for the net package. 74 xvii Class diagram for the RendezvousServer package. 75 xviii Class diagram for the peer package. 75 xix Class diagram for the entire application layer. 78 xx A snapshot of the web interfaces implemented by index.jsp. 81 xxi A snapshot of the web interfaces implemented by profile.jsp. 82 xxii A snapshot of the web interfaces implemented by messages.jsp. 82 xxiii A snapshot of the web interfaces implemented by events.jsp. 83 xxiv A snapshot of the web interfaces implemented by friends.jsp. 83 xxv A snapshot of the web interfaces implemented by mirrors.jsp. 84 xxvi A snapshot of the web interfaces implemented by settings.jsp. 84 xxvii A snapshot of the web interfaces implemented by settings.jsp that manages the zones. 85 xxviii Classification of subjects based on Timezone and Location . 93 xxix Trend of average numbers of successful and unsuccessful update sessions for a day. ........................................ 96 xxx Trend of average success ratios of update sessions for a day. 96 xxxi Trend of average numbers of successful and unsuccessful update sessions for the entire duration of experiment. 97 xxxii Trend of average success ratios of update sessions for the entire duration of the experiment. 98 xxxiii Trend of average numbers of successful and unsuccessful posts for a day. 99 xxxiv Trend of average success ratios of posts for a day. 100 xi xxxv Trend of average numbers of successful and unsuccessful posts for the entire duration of the experiment. 101 xxxvi Trend of average success ratios of posts for the entire duration of the experiment. 102 xxxvii Number of subjects based on their number of mirrors and devices. 102 xxxviii Average success ratios of sessions over a day for different groups of subjects based on their number of mirrors and devices. 104 xxxix Average success ratios of sessions over the entire duration of the experiment for different groups of subjects based on their number of mirrors and devices. 106 xl Average impact ratio of the availability of subjects based on their number of mirrors over the entire duration of the experiment. 107 xli Average impact ratio of the availability of subjects based on the rank of the mirror over the entire duration of the experiment. 107 xlii The average impact ratio of the availability of subjects based on their number of devices over the entire duration of the experiment. 108 xliii Histogram of the number of users with respect to the mirroring storage capacity they are willing to allocate. ..