Apr 1, 2012

Post 4 - Online Social Network Security

Security Objectives on OSNs:




Have you ever seen some pornographic post in Facebook and required you to LIKE and watch the content? Have you ever seen your photo been stolen and posted into other forum? The security in social networking is a new topic and highly concerned.


1. The conventional security objectives are as following:. From wikipedia (http://en.wikipedia.org/wiki/Security_service_%28telecommunication%29


Authentication
These services provide for the authentication of a communicating peer entity and the source of data as described below.
Peer entity authentication
This service, when provided by the (N)-layer, provides corroboration to the (N + 1)-entity that the peer entity is the claimed (N + 1)-entity.
Data origin authentication
This service, when provided by the (N)-layer, provides corroboration to an (N + 1)-entity that the source of the data is the claimed peer (N + 1)-entity.
Access control
This service provides protection against unauthorized use of resources accessible via OSI. These may be OSI or non-OSI resources accessed via OSI protocols. This protection service may be applied to various types of access to a resource (e.g., the use of a communications resource; the reading, the writing, or the deletion of an information resource; the execution of a processing resource) or to all accesses to a resource.
Data confidentiality
These services provide for the protection of data from unauthorized disclosure as described below
Connection confidentiality
This service provides for the confidentiality of all (N)-user-data on an (N)-connection
Connectionless confidentiality
This service provides for the confidentiality of all (N)-user-data in a single connectionless (N)-SDU
Selective field confidentiality
This service provides for the confidentiality of selected fields within the (N)-user-data on an (N)-connection or in a single connectionless (N)-SDU.
Traffic flow confidentiality
This service provides for the protection of the information which might be derived from observation of traffic flows.
Data integrity
These services counter active threats and may take one of the forms described below.
Connection integrity with recovery
This service provides for the integrity of all (N)-user-data on an (N)-connection and detects any modification, insertion, deletion or replay of any data within an entire SDU sequence (with recovery attempted).
Connection integrity without recovery
As for the previous one but with no recovery attempted.
Selective field connection integrity
This service provides for the integrity of selected fields within the (N)-user data of an (N)-SDU transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted or replayed.
Connectionless integrity
This service, when provided by the (N)-layer, provides integrity assurance to the requesting (N + 1)-entity. This service provides for the integrity of a single connectionless SDU and may take the form of determination of whether a received SDU has been modified. Additionally, a limited form of detection of replay may be provided.
Selective field connectionless integrity
This service provides for the integrity of selected fields within a single connectionless SDU and takes the form of determination of whether the selected fields have been modified.
Non-repudiation
This service may take one or both of two forms.
Non-repudiation with proof of origin
The recipient of data is provided with proof of the origin of data. This will protect against any attempt by the sender to falsely deny sending the data or its contents.
Non-repudiation with proof of delivery
The sender of data is provided with proof of delivery of data. This will protect against any subsequent attempt by the recipient to falsely deny receiving the data or its contents.



2. Three main security objectives are identified in the context of OSNs (From lecture notes week 10 slides 6-10)
  • Privacy
    • user profile privacy
    • communication privacy
    • message confidentiality
    • information disclosure
    • all information on all users and their actions has to be hidden from any other party internal or external to the system
    • access to information on a user may only be granted by the user directly
  • Integrity 
    • the user's identity and data must be protected against unauthorized modification and tampering
    • The authentication has to ensure the existence of real persons behind registered OSN members
  • Availability
    • Data published  by users has to be continuously available since it may be used for business or careers
    • Apart from availability of data access, mess exchange among members are to be ensured.

3. The difference between conventional online networks and the OSNs (From lecture notes week 10 slides 34-66)

As online social network is the new trend and it contains a huge amount of personal data, the interested parties would like to exploit the security hole in the social platforms. The following are some of the examples that happen in the social network case.

  • Spam on online social networks
  • Phishing on OSNs
  • sybil attack
  • malware attacks
    • Koobface
    • Likejacking on Facebook
    • CSRF
  • XSS
    • Persistent
    • Non-Persistent
Posted by at 5 comments:

Mar 12, 2012

Post 3 - SNA

  1. Social Network Analysis is the study of pattern of interaction between actors
    • Focus on the social actor and the relationship between the actors
    • Each participant in the community is called an actor and depicted as a node
    • Valued relations between actors are depicted as links, or ties, either directed or undirected, between the corresponding nodes
  2.   
Undirected graph
It is a undirected graph.


Geodesic Distance
Alice Bob Carol David Eva
Alice - 1 1 1 2
Bob 1 - 2 1 2
Carol 1 2 - 1 2
David 1 1 1 - 1
Eva 2 2 2 1 -


Cutpoint
David is the cutpoint of the network. If David is removed, the connection between Eva to Alice,Bob,Carol would be cut.

Bridge
The bridge is the connection between David-Eva. It it is removed, Eva would be isolated.

Density
2L / G(G-1) = 2*6 / (5*4) =  0.6

Degree Centrality:
Alice - 3,  Bob - 2,  Carol - 2,  David - 4, Eva - 1

Group Degree Centrality:
(1 + 2 + 2 + 0 + 3) / (4 * 3) = 0.67

Closeness Centrality: 
Alice - 0.2,  Bob - 0.167,  Carol - 0.167,  David - 0.25,  Eva - 0.143

Group Closeness Centrality:
= [(0.25 – 0.2) + (0.25-0.167) + (0.25 – 0.167) + (0.25 – 0.143)] / {[(5-1)(5-2)]/(2*5-3)}
= 0.189

Betweeness Centrality:  
Alice - 1/2 = 0.5
Bob - 0
Carol - 0
David - 1/2 + 1 + 1 + 1 = 3.5 (B-C, B-E, C-E, A-E)
Eva - 0

Group Betweeness  Centralization: 
=2 * [(3.5 - 0.5) + 3.5 + 3.5 + 3.5] / [(5-1)^2 * (5-2)]
= 0.5625


c)
When we use the degree, closeness and group centralization index to measure the centralization of the network,  we find that the normalized index is about 0.5, that means the whole network is connected as a fair connection. David has the highest centralization index. It show that David is the most influential person in the network.

If the 5 students are to be coordinated, David would be suitable for assigning a post of Captain. On the other side, Eva is only connected to David and she can only obtain information from him. Therefore, a new connection is to be suggested to Eva to Alice/Bob/Carol. Then all of the centrality index would be increased.
Posted by at 1 comment:

Mar 2, 2012

Post 2 - Learning Progress & Recent Social networking topic


In the last few weeks, I have about the recent development of the social networking. Before I study this course, I just know the most popular social networking sites such as Facebook, twitter and so on. And I didn't know there are many other popular and useful social networking sites with other purpose. Also, I was amazed about the method for analyzing the social networking by using the graph theory.


Week 4


Blogosphere, Information Sharing and Cases of Social Marketing
  • Blogs
    • A good channel for social media marketing
    • a good way for company to reach out and build a community with customer and clients
  • Social Media Marketing
    • A new way of marketing enabled by information sharing
  • Social Recommendation
    • Direct - Like or recommend after creation or discovery of good content
    • Derived - Analysis to generate recommendation like most read and most commented


    Week 5

    Social Multimedia computing
    • Social Multimedia
      • The hybrid of multimedia and social media
      • supports new types of user interaction
      • provides additional context for understanding multimedia content
    • Two vies of social mutimedia computing
      • Social computing over multimedia
      • Social empowered multimedia computing
    • Social multimedia examples
      • Social multimedia search
      • Interactive services and entertainment
      • Healthcare

    Week 6

    Social Network Analysis

    • Graphical representation
      • Directed and Undirected graph
    • Technical Terms
      • Dyad, Path
      • Cutpoint
      • Bridge
      • Degree
      • Density
      • Geodesic Distances
      • Clique (N-Clique)
      • Plex (K-Plex)
      • Centrality
        • Degree Centrality
        • Closeness Centrality
        • Betweenness Centrality
    Posted by at No comments:

    Feb 16, 2012

    Post 1 - Learning Progress & Recent Social networking topic

    Learning Progress.


    Week 1

    Social media and social networking
    • Social media
      • It is disseminated through social interaction.
      • Based on user participation and user-generated content.
      • A shift in how people discover, share, and read news and information
    • Social networking
      • A focus on building social relationships among people.
      • Building online communities
      • Interactive communication among participants
    • Social computing
      • Focus on computing technologies that enable social networking
    Week 2

    Social Experience
    • individual
    • social network
    • closed workgroup
    • a team collaboration software
    • visible workgroup
    • community
    • mass collaboration
    Cognitive processing and memory
    • Memory principles
      • assumption of limited capacity
      • control mechanism
      • 2-way flow of information
      • genetically prepared to process and organize info in specific way
    • Memory Stages
      • Short Term memory
      • Long Term memory
      • Semantic memory
    Social nature of human activity

    • Personal and social constructivism
    • Situated and distributed cognition
    • Local and non-local communities of practice
    Week 3


    Theory of knowledge and cognition

    • Level 1 Cognition - Data
    • Level 2 Meta-cognition - Information
    • Level 3 Epistemic-cognition - Knowledge
    Social Tasks
    • Idea generation
      • Social brainstorming
      • Prediction markets
    • Codevelopment
      • Crowdsourcing
      • Distributed human computation
      • Opensource development
    • Finding People
      • Relationship mapping and mining
      • Location-centered social interactions


    Big changes on Google search - Google Knowledge Graph

    Google search is well developed based on the keyword search and becomes the dominant searching engine in the world with no doubt. Recently, Google is going to have a big step forward to improve their searching algorithm by "Knowledge Graph". The knowledge graph is built on the knowledge provided by the social media www.freebase.com with over a billion topics.

    The social networking can benefit our life in different circumstance. Now, Google is going to adopt it on the search engine.


    Posted by at 2 comments:
    Subscribe to: Comments (Atom)