Social networking with frientegrity: Privacy and integrity with an untrusted provider

Ariel J. Feldman, Aaron Blankstein, Michael J. Freedman, Edward W. Felten

Research output: Contribution to conferencePaperpeer-review

32 Scopus citations

Abstract

Today’s social networking services require users to trust the service provider with the confidentiality and integrity of their data. But with their history of data leaks and privacy controversies, these services are not always deserving of this trust. Indeed, a malicious provider could not only violate users’ privacy, it could equivocate and show different users divergent views of the system’s state. Such misbehavior can lead to numerous harms including surreptitious censorship. In light of these threats, this paper presents Frientegrity, a framework for social networking applications that can be realized with an untrusted service provider. In Frientegrity, a provider observes only encrypted data and cannot deviate from correct execution without being detected. Prior secure social networking systems have either been decentralized, sacrificing the availability and convenience of a centralized provider, or have focused almost entirely on users’ privacy while ignoring the threat of equivocation. On the other hand, existing systems that are robust to equivocation do not scale to the needs social networking applications in which users may have hundreds of friends, and in which users are mainly interested the latest updates, not in the thousands that may have come before. To address these challenges, we present a novel method for detecting provider equivocation in which clients collaborate to verify correctness. In addition, we introduce an access control mechanism that offers efficient revocation and scales logarithmically with the number of friends. We present a prototype implementation demonstrating that Frientegrity provides latency and throughput that meet the needs of a realistic workload.

Original languageEnglish (US)
Pages647-662
Number of pages16
StatePublished - Jan 1 2012
Event21st USENIX Security Symposium - Bellevue, United States
Duration: Aug 8 2012Aug 10 2012

Conference

Conference21st USENIX Security Symposium
Country/TerritoryUnited States
CityBellevue
Period8/8/128/10/12

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Social networking with frientegrity: Privacy and integrity with an untrusted provider'. Together they form a unique fingerprint.

Cite this