PRIVACY-AWARE DECENTRALIZED ARCHITECTURES FOR SOCIALLY NETWORKED SYSTEMS Shirin Nilizadeh Submitted to the faculty of the University Graduate School in partial fulfillment of the requirements for the degree Doctor of Philosophy in the School of Informatics and Computing, Indiana University September 2014 Accepted by the Graduate Faculty, Indiana University, in partial fulfillment of the requirements for the degree of Doctor of Philosophy. Doctoral Committee Apu Kapadia, Ph.D. Yong-Yeol Ahn, Ph.D. Nikita Borisov, Ph.D. Minaxi Gupta, Ph.D. XiaoFeng Wang, Ph.D. 17 June 2014 ii Copyright c 2014 Shirin Nilizadeh iii To my parents, I would not be who am today without them To my husband, Majid Deldar, for his endless love and support all the way through my PhD To my daughter, Auvin, who gives me courage to continue my professional journey iv Acknowledgments I owe my gratitude primarily to my supervisor, Professor Apu Kapadia. I am deeply grateful for so much guidance, encouragement, and his consistent support during my five-year PhD study at Indiana University Bloomington (IUB). I appreciate all the time he has spent discussing research ideas, editing my papers, offering constructive critiques, and patiently mentoring me. It was an honor for me to work with him. I am truly grateful for the two-year Fellowship that was granted to me by IU’s School of Infor- matics and Computing (SOIC). I would like to give my sincere thanks to my research committee, Professors Yong-Yeol Ahn, Nikita Borisov, Minaxi Gupta, and Xiaofeng Wang. Their insight and advice proved very useful during the preparation of this thesis. Further, I would like to thank all my co-authors on my very first project related to Pythia, my advisor, Professor Apu Kapadia, Naveed Alam, and Dr. Nathaniel Husted. The experience greatly inspired and motivated me to advance through this research direction. The work on DECENT and Cachet would not have been possible without the efforts of Dr. Sonia Jahid, Professor Prateek Mittel, and Professor Nikita Borisov. For our recent work on community-enhanced de-anonymization of social networks, I would like to thank Professor Yong-Yeol Ahn for his inspiring ideas and helpful suggestions. I give my thanks to Professor Steven Myers for mentoring me when I just started my PhD. He has been a reliable resource afterwards and always has given me instructive advice. I want to thank Professor Minaxi Gupta, with whom I worked on a project very early in my PhD; though the work is outside the scope of the thesis, the collaborative experience was very much appreciated. Finally, I am very grateful to Professor Jean Camp, who not only provide me with intellectual support, but also guided me in finding a community of researchers to collaborate with inside and outside of IUB. I also value my experience in the Deter group at University of Southern California’s Information v Science Institute (ISI). It was enjoyable to work with my mentor and collaborator Dr. James Blythe. I want to thank the Center for Complex Networks and Systems Research (CNetS) and Dr. Lilian Weng for providing a dataset from Twitter. I am grateful for the technical support team at the SOIC, where Bruce Shei in particular has provided help running extensive experiments on the School’s servers and clusters. I also thank John McCurley who patiently edited several of our papers and my dissertation. All my dear friends and colleagues have offered me a great amount of joy, happiness, and courage along the way. I enjoyed scrum meetings, privacy lab lunches and weekly security reading group meetings with Tousif Ahmed, Zheng Dong, Dr. Vaibhav Garg, Roberto Hoyle, Dr. Nathaniel Husted, Qatrunnada Ismail, Greg Norcie, Dr. Sameer Patil, Zahid Rahman, Dr. Roman Schlegel, Robert Templeman, Dr. Rui Wang, Xiaoyong Zhou, and all other members of the security group. I also thank all my Iranian friends in Bloomington for their kindness and support. You helped alleviate some of the stress of living far away from home. I would like to express my gratitude to Professor Babak Sadeghiyan, who has been my mentor in all years of my MSc and PhD studies. His advice has helped me to find my way in life. I am certainly indebted to my parents the most. Their endless love, encouragement, and guid- ance supported me throughout my education, enduring the physical distance between us. I am grateful beyond words for all that they have given me. I thank my kind siblings, Amir Farhad, Farnoush, and Amir Farzad, who were always ready to talk with me and soothe my homesickness. I would like to remember my grandfather Ali Mohammad Nilipour Tabatabaei, who passed during my PhD research and who was the true supporter of my graduate studies. I do not even know how to thank my dear husband, Majid Deldar. He trusted me and left all his achievements in Iran to accompany me here in USA so that I could live my dream. He has been through this PhD with me. I felt his love and wholehearted support every day, and I would not have been able to survive without it. I hope we will remember these years forever, together. vi Shirin Nilizadeh PRIVACY-AWARE DECENTRALIZED ARCHITECTURES FOR SOCIALLY NETWORKED SYSTEMS Online social networks (OSNs) and socially networked applications have become a part of lives of billions of people around the world. The centralized architecture of these networks poses a threat to the privacy of their users who share their personal information with the providers of these services. Building a decentralized, peer-to-peer (P2P) network is an alternative approach to building a social network. P2P networks are inherently resistant to censorship and centralized control. However, providing the same functionalities as OSNs is challenging in P2P networks, because not everyone in these networks is trustworthy, and without having a central authority enforcing users’ privacy polices is more challenging. In order to reveal the unreliability of centralized systems, this dissertation proposes a framework for de-anonymizing users in anonymized social networks by using the community structure of these networks. We show that even a trusted centralized service provider may not be able to provide privacy for its users in this context. Then, by creating three distributed systems– Pythia, DECENT and Cachet – we demonstrate that it is possible to provide a P2P architecture for centralized OSNs, which 1) provides adequate privacy-preserving mechanisms, 2) is resistant to censorship and centralized control, 3) gives users fine-grained control of their data, 4) is scalable, and, 5) is efficient for important applications such as ‘newsfeeds’ and ‘trending topics’. Pythia is the first privacy-aware P2P network for social search where askers anonymously send their questions and experts anonymously answer the questions. DECENT is a more generalized P2P architecture for OSNs that implements basic OSN functionalities and protects the confidentiality, integrity and availability of user content. Finally, Cachet uses a hybrid structured-unstructured overlay paradigm in which a conventional distributed hash table is augmented with social links between users enabling efficient dissemination and retrieval of data. vii Contents 1 Introduction 1 2 Related Work 6 2.1 Privacy and Security Problems in OSNs . .6 2.2 Anonymizing and de-anonymizing of social networks . .7 2.2.1 Social Network anonymization . .7 2.2.2 De-anonymization attacks based on structure . 10 2.2.3 De-anonymization attacks based on other attributes . 11 2.2.4 Network alignment . 12 2.3 Question and Answering Systems . 12 2.4 Peer-to-Peer Networks . 14 2.5 Decentralized OSNs . 15 2.6 Access Control in Centralized OSNs . 17 2.7 Information Dissemination in P2P Networks . 17 3 Problem and Thesis Statement 19 3.1 Problem Formulation . 19 3.2 Thesis . 20 3.3 Dissertation Road Map . 21 3.3.1 Community-enhanced de-anonymization of online social networks . 21 3.3.2 A privacy-aware P2P socially networked question and answering system . 22 3.3.3 Decentralized P2P architecture for privacy-preserving social networking . 24 3.3.4 Social Caching for Decentralized P2P Social Networks . 24 viii 4 Community-Enhanced De-Anonymization of Online Social Netowrks 26 4.1 Definitions and attack models . 28 4.1.1 Definitions and assumptions . 28 4.1.2 Attack model . 29 4.2 Background . 29 4.2.1 Re-identification algorithm by Narayanan and Shmatikov (NS) . 29 4.2.2 Community Detection . 31 4.2.3 Degree of Anonymity . 32 4.3 Our Approach: Community-enhanced De-anonymization . 33 4.3.1 Community Mapping . 34 4.3.2 Seed enrichment and Local propagation . 35 4.3.3 Global propagation . 37 4.4 Degree of Anonymity . 37 4.4.1 Degree of anonymity of community-blind de-anonymization algorithm . 39 4.4.2 Degree of anonymity of community-aware de-anonymization algorithm . 40 4.5 Evaluation . 42 4.5.1 Data sets . 43 4.5.2 Experimental set up . 44 4.5.3 Measuring Performance . 46 4.6 Results . 49 4.6.1 Impact of noise, seed size, and network size on overall performance . 49 4.6.2 Seed enrichment boosts the number of seeds and makes the propagation algorithm to be started with more information . 53 4.6.3 Results for overlapping data sets . 53 4.6.4 Time complexity . 55 4.7 Summary . 55 ix 5 A Privacy Aware, Peer-to-Peer Network for Social Search 57 5.1 System Model and Security Goals . 59 5.1.1 P2P Social Network . 60 5.1.2 System model . 60 5.1.3 Privacy and Security goals . 61 5.1.4 Attack model . 62 5.2 Architecture . 63 5.2.1 Creating social communities .