Social Networking Security - PowerPoint PPT Presentation

Loading...

PPT – Social Networking Security PowerPoint presentation | free to download - id: 42888a-MjViZ



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Social Networking Security

Description:

Social Networking Security Adam C. Champion and Dong Xuan CSE 4471: Information Security Outline Overview of Social Networking On-line Social Networking Mobile Social ... – PowerPoint PPT presentation

Number of Views:1156
Avg rating:3.0/5.0
Slides: 26
Provided by: AdamCh9
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Social Networking Security


1
Social Networking Security
  • Adam C. Champion and Dong Xuan
  • CSE 4471 Information Security

2
Outline
  • Overview of Social Networking
  • On-line Social Networking
  • Mobile Social Networking
  • Threats and Attacks
  • Defense Measures

3
Online Social Networking (OSN)
  • Online Web services enabling people to connect
    with each other, share information
  • Common friends, interests, personal info,
  • Post photos, videos, etc. for others to see
  • Communicate via email, instant message, etc.
  • Major OSN services Facebook, Twitter, MySpace,
    LinkedIn, etc.

4
Giving people the power to share and make the
world more open and connected.
5
(No Transcript)
6
OSN Popularity
  • Over 900 million Facebook users worldwide 6
  • Over 150 million in U.S. 5
  • Over 450 million access via mobile 6
  • 300 million pictures uploaded to Facebook daily
    6
  • Over 140 million Twitter users over 340 million
    Tweets sent daily 7
  • Over 175 million LinkedIn members in over 200
    countries 8

7
Benefits of OSN Communication
  • Vast majority of college students use OSNs
  • Organizations want to market products, services,
    etc. to this demographic
  • OSNs can help them reach these potential buyers
  • OSNs provide communal forum for expression (self,
    group, mass), collaboration, etc.
  • Connect with old friends, find new friends and
    connect
  • Play games with friends, e.g., Mafia Wars,
    Scrabulous
  • Commerce in virtual items
  • But using OSNs poses security issues for orgs as
    well as individuals

8
Mobile Social Networking
  • E-SmallTalker
  • E-Shadow

9
Application Scenario Conference
10
Small Talk
  • People come into contact opportunistically
  • Face-to-face interaction
  • Crucial to people's social networking
  • Immediate non-verbal communication
  • Helps people get to know each other
  • Provides the best opportunity to expand social
    network
  • Small talk is an important social lubricant
  • Difficult to identify significant topics
  • Superficial

11
A Naive Approach of Smartphone-based Small Talk
  • Store all users information, including each
    users full contact list
  • User report either his own geo-location or a
    collection of phone IDs in his physical proximity
    to the server using internet connection or SMS
  • Server performs profile matching, finds out small
    talk topics (mutual contact, common interests,
    etc.)
  • Results are pushed to or retrieved by users

12
However
  • Require costly data services (phones internet
    connection, SMS)
  • Require report and store sensitive personal
    information in 3rd party
  • Trusted server may not exist
  • Server is a bottleneck, single point of failure,
    target of attack

13
E-SmallTalker A Fully Distributed Approach
  • No Internet connection required
  • No trusted 3rd party
  • No centralized server
  • Information stored locally on mobile phones
  • Original personal data never leaves a users
    phone
  • Communication only happens in physical proximity

14
E-Shadow
  • Enhanced E-SmallTalker
  • Local profiles
  • Mobile phone based local social interaction tools
  • E-Shadow publishing
  • E-Shadow localization

15
Outline
  • Overview of Social Networking
  • Threats and Attacks
  • Defense Measures

16
OSN Security Threats/Attacks
  • Malware distribution
  • Cyber harassment, stalking, etc.
  • Information shelf life in cyberspace
  • Privacy issues
  • Information about person posted by him/herself,
    others
  • Information about people collected by OSNs
  • Information posted on OSNs impacts unemployment,
    insurance, etc.
  • Organizations concerns brand, laws, regulations

17
MSN Security Threat/Attacks
  • Personal information leakage
  • Particularly dangerous because of physical
    proximity
  • Malware distribution

18
Outline
  • Overview of Social Networking
  • Threats and Attacks
  • Defense Measures

19
Common Sense Measures (1)
  • Use strong, unique passwords
  • Provide minimal personal information avoid
    entering birthdate, address, etc.
  • Review privacy settings, set them to maximum
    privacy
  • Friends of friends includes far more people
    than friends only
  • Exercise discretion about posted material
  • Pictures, videos, etc.
  • Opinions on controversial issues
  • Anything involving coworkers, bosses, classmates,
    professors
  • Anything related to employer (unless authorized
    to do so)
  • Be wary of 3rd party apps, ads, etc. (P.T.
    Barnums quote)
  • Supervise childrens OSN activity

20
Common Sense Measures (2)
  • If it sounds too good to be true, it probably
    is
  • Use browser security tools for protection
  • Anti-phishing filters (IE, Firefox)
  • Web of Trust (crowdsourced website trust)
  • AdBlock/NoScript/Do Not Track Plus
  • Personal reputation management
  • Search for yourself online, look at the results
  • Google Alerts emails sent daily to you about
    results for any search query (free), e.g., your
    name
  • Extreme cases
  • Cease using OSNs, delete accounts
  • Contact law enforcement re. relentless online
    harassment

21
E-SmallTalker Privacy-Preserved Information
Exchange
  • Example of Alices Bloom filter
  • Alice has multiple contacts, such as Bob, Tom,
    etc.
  • Encode contact strings, Firstname.lastname_at_phone_n
    umber, such as Bob.Johnson_at_5555555555 and
    Tom.Mattix_at_6141234567

22
E-Shadow Layered Publishing
  • Spatial Layering
  • WiFi SSID
  • at least 40-50 meters, 32 Bytes
  • Bluetooth Device (BTD) Name
  • 20 meters, 2k Bytes
  • Bluetooth Service (BTS) Name
  • 10 meters, 1k Bytes
  • Temporal Layering
  • For people being together long or repeatedly
  • Erasure Code

23
Final Remarks
  • On-line social networking systems are very
    popular and mobile social networking systems are
    emerging
  • Malware distribution and personal information
    leakage are two most prominent threats and
    attacks
  • Personal countermeasures are most effective

24
References (1)
  1. G. Bahadur, J. Inasi, and A. de Carvalho,
    Securing the Clicks Network Security in the Age
    of Social Media, McGraw-Hill, New York, 2012.
  2. H. Townsend, 4 Jun. 2010, http//www.k-state.edu/i
    ts/security/training/roundtables/presentations/SI
    RT_roundtable-RisksofSocialNetworking-Jun10.ppt
  3. U.S. Dept. of State, Social Networking Cyber
    Security Awareness Briefing, http//www.slidesha
    re.net/DepartmentofDefense/social-media-cyber-secu
    rity-awareness-briefing
  4. National Security Agency, Social Networking
    Sites, http//www.nsa.gov/ia/_files/factsheets/I7
    3-021R-2009.pdf
  5. Consumer Reports, Jun. 2012, http//www.consumerre
    ports.org/cro/magazine/2012/06/facebook-your-priv
    acy/index.htm
  6. S. Sengupta, 14 May 2012, http//www.nytimes.com/2
    012/05/15/technology/facebook-needs-to-turn-data-
    trove-into-investor-gold.html?_r1pagewantedall
  7. T. Wasserman, 21 Mar. 2012, http//mashable.com/20
    12/03/21/twitter-has-140-million-users/
  8. LinkedIn Corp., 2012, http//press.linkedin.com/ab
    out
  9. R. Richmond, Web Gang Operating in the Open, 16
    Jan. 2012, https//www.nytimes.com/2012/01/17/tec
    hnology/koobface-gang-that-used-facebook-to-spread
    -worm-operates-in-the-open.html?_r1

25
References (2)
  1. J. Drömer and D. Kollberg, The Koobface malware
    gang exposed!, 2012, http//nakedsecurity.sopho
    s.com/koobface/
  2. Wikipedia, https//en.wikipedia.org/wiki/Suicide_o
    f_Megan_Meier
  3. M. Schwartz, The Trolls Among Us, 3 Aug. 2008,
    https//www.nytimes.com/2008/08/03/magazine/03tro
    lls-t.html?pagewantedall
  4. M. Raymond, How Tweet It Is! Library Acquires
    Entire Twitter Archive, 14 Apr. 2010,
    http//blogs.loc.gov/loc/2010/04/how-tweet-it-is-l
    ibrary-acquires-entire-twitter-archive/
  5. B. Borsboom, B. van Amstel, and F. Groeneveld,
    Please Rob Me, http//pleaserobme.com
  6. D. Love, 13 People Who Got Fired for Tweeting,
    16 May 2011, http//www.businessinsider.com/twitte
    r-fired-2011-5?op1
  7. C. Smith and C. Kanalley, Fired Over Facebook
    13 Posts That Got People Canned,
    http//www.huffingtonpost.com/2010/07/26/fired-ove
    r-facebook-posts_n_659170.html
  8. https//twitter.com/BPglobalPR
  9. http//curl.haxx.se/
  10. http//jonathonhill.net/2012-05-18/unshorten-urls-
    with-php-and-curl/
  11. http//www.securingsocialmedia.com/resources/
About PowerShow.com