Socially-Aware Distributed Hash Tables for Decentralized Online Social Networks

Many decentralized online social networks (DOSNs) have been proposed due to an increase in awareness related to privacy and scalability issues in centralized social networks. Such decentralized networks transfer processing and storage functionalities from the service providers towards the end users. DOSNs require individualistic implementation for services, (i.e., search, information dissemination, storage, and publish/subscribe). However, many of these services mostly perform social queries, where OSN users are interested in accessing information of their friends. In our work, we design a socially-aware distributed hash table (DHTs) for efficient implementation of DOSNs. In particular, we propose a gossip-based algorithm to place users in a DHT, while maximizing the social awareness among them. Through a set of experiments, we show that our approach reduces the lookup latency by almost 30% and improves the reliability of the communication by nearly 10% via trusted contacts.Comment: 10 pages, p2p 2015 conferenc

Enabling Social Applications via Decentralized Social Data Management

An unprecedented information wealth produced by online social networks, further augmented by location/collocation data, is currently fragmented across different proprietary services. Combined, it can accurately represent the social world and enable novel socially-aware applications. We present Prometheus, a socially-aware peer-to-peer service that collects social information from multiple sources into a multigraph managed in a decentralized fashion on user-contributed nodes, and exposes it through an interface implementing non-trivial social inferences while complying with user-defined access policies. Simulations and experiments on PlanetLab with emulated application workloads show the system exhibits good end-to-end response time, low communication overhead and resilience to malicious attacks.Comment: 27 pages, single ACM column, 9 figures, accepted in Special Issue of Foundations of Social Computing, ACM Transactions on Internet Technolog

TACASHI: Trust-Aware Communication Architecture for Social Internet of Vehicles

[EN] The Internet of Vehicles (IoV) has emerged as a new spin-off research theme from traditional vehicular ad hoc networks. It employs vehicular nodes connected to other smart objects equipped with a powerful multisensor platform, communication technologies, and IP-based connectivity to the Internet, thereby creating a possible social network called Social IoV (SIoV). Ensuring the required trustiness among communicating entities is an important task in such heterogeneous networks, especially for safety-related applications. Thus, in addition to securing intervehicle communication, the driver/passengers honesty factor must also be considered, since they could tamper the system in order to provoke unwanted situations. To bridge the gaps between these two paradigms, we envision to connect SIoV and online social networks (OSNs) for the purpose of estimating the drivers and passengers honesty based on their OSN profiles. Furthermore, we compare the current location of the vehicles with their estimated path based on their historical mobility profile. We combine SIoV, path-based and OSN-based trusts to compute the overall trust for different vehicles and their current users. As a result, we propose a trust-aware communication architecture for social IoV (TACASHI). TACASHI offers a trust-aware social in-vehicle and intervehicle communication architecture for SIoV considering also the drivers honesty factor based on OSN. Extensive simulation results evidence the efficiency of our proposal, ensuring high detection ratios >87% and high accuracy with reduced error ratios, clearly outperforming previous proposals, known as RTM and AD-IoV.Kerrache, CA.; Lagraa, N.; Hussain, R.; Ahmed, SH.; Benslimane, A.; Tavares De Araujo Cesariny Calafate, CM.; Cano, J.... (2019). TACASHI: Trust-Aware Communication Architecture for Social Internet of Vehicles. IEEE Internet of Things. 6(4):5870-5877. https://doi.org/10.1109/JIOT.2018.2880332S587058776

Fake Profile Identification on Online Social Networks

Online social networks are web-based applications that allow user to communicate and share knowledge and information. The number of users who make use of these platforms are experiencing rapid growth both in profile creation and social interaction. However, intruders and malicious attackers have found their way into the networks, using fake profiles, thus exposing user to serious security and privacy problem.  Every user in the online social network should verify and authenticate their identities, with the other users as they interact. However, currently verification of user’s profiles and identities is faced with challenges, to the extent that a user may represent their identity with many profiles without any effective method of identity verification. As a result of this vulnerability, attackers create fake profiles which they use in attacking the online social system. In addition, online social networks use a logically centered architecture, where their control and management are under a service; provider, who must be entrusted with the security of data and communication traces; this further increases the vulnerability to attacks and online threats. In this paper, we demonstrate the causes and effects of fake profiles on online social networks, and then provide a review of the state-of-the-art mechanism for identifying and mitigating fake profiles on online social networks. Keywords: online social networks, fake profiles, sybil attack, fake account

On designing large, secure and resilient networked systems

2019 Summer.Includes bibliographical references.Defending large networked systems against rapidly evolving cyber attacks is challenging. This is because of several factors. First, cyber defenders are always fighting an asymmetric warfare: While the attacker needs to find just a single security vulnerability that is unprotected to launch an attack, the defender needs to identify and protect against all possible avenues of attacks to the system. Various types of cost factors, such as, but not limited to, costs related to identifying and installing defenses, costs related to security management, costs related to manpower training and development, costs related to system availability, etc., make this asymmetric warfare even challenging. Second, newer and newer cyber threats are always emerging - the so called zero-day attacks. It is not possible for a cyber defender to defend against an attack for which defenses are yet unknown. In this work, we investigate the problem of designing large and complex networks that are secure and resilient. There are two specific aspects of the problem that we look into. First is the problem of detecting anomalous activities in the network. While this problem has been variously investigated, we address the problem differently. We posit that anomalous activities are the result of mal-actors interacting with non mal-actors, and such anomalous activities are reflected in changes to the topological structure (in a mathematical sense) of the network. We formulate this problem as that of Sybil detection in networks. For our experimentation and hypothesis testing we instantiate the problem as that of Sybil detection in on-line social networks (OSNs). Sybil attacks involve one or more attackers creating and introducing several mal-actors (fake identities in on-line social networks), called Sybils, into a complex network. Depending on the nature of the network system, the goal of the mal-actors can be to unlawfully access data, to forge another user's identity and activity, or to influence and disrupt the normal behavior of the system. The second aspect that we look into is that of building resiliency in a large network that consists of several machines that collectively provide a single service to the outside world. Such networks are particularly vulnerable to Sybil attacks. While our Sybil detection algorithms achieve very high levels of accuracy, they cannot guarantee that all Sybils will be detected. Thus, to protect against such "residual" Sybils (that is, those that remain potentially undetected and continue to attack the network services), we propose a novel Moving Target Defense (MTD) paradigm to build resilient networks. The core idea is that for large enterprise level networks, the survivability of the network's mission is more important than the security of one or more of the servers. We develop protocols to re-locate services from server to server in a random way such that before an attacker has an opportunity to target a specific server and disrupt it’s services, the services will migrate to another non-malicious server. The continuity of the service of the large network is thus sustained. We evaluate the effectiveness of our proposed protocols using theoretical analysis, simulations, and experimentation. For the Sybil detection problem we use both synthetic and real-world data sets. We evaluate the algorithms for accuracy of Sybil detection. For the moving target defense protocols we implement a proof-of-concept in the context of access control as a service, and run several large scale simulations. The proof-of- concept demonstrates the effectiveness of the MTD paradigm. We evaluate the computation and communication complexity of the protocols as we scale up to larger and larger networks