Online Social Network Security

In lecture 9 we learnt a lot about online social networks security and privacy issues, including online social networks (OSNs) security objectives, social networks data, social networks connection service and OSNs security and privacy issues four topics. I only know the security and privacy always the most key issues in social network, when implementing the social network system or platform, it always the first key points need think about and fix before. Now I have more deeply knowledge about online social network security. OSNs contains three main security objectives privacy, integrity and availability; there are 6 types of security networks data: service data, disclosed data, entrust data, incidental data, behavioral data and derived data; Major social-networking sites such as Facebook Platform, Google Friend Connect, and MySpaceID used social-networks connect services (SNCSs) allow third-party sites develop social applications and extend their services without host or social network; We study two example to know more clearly about SNCSs, Facebook Platform and OAuth 2.0, also study the challenges and issues of SNCSs. At last we learnt a lot of example of OSNs Security and Privacy Issues.

To experience how to formulate our view according to principles in knowledge building and epistemic cognition in a social network environment, which may lead to the creation of new knowledge, I read the Wikipedia’s descriptions about Security service (telecommunication) to give some views about online social network security.

First, let me describe what the conventional security objectives/security services are. The OSI security services containing five key points, authentication, access control, data confidentiality, data integrity and non- repudiation. For authentication, these services provide authentication for peer entity and data origin authentication. For access control, this service provides protection against unauthorized access to a resource, such as using, reading, writing, deletion or execution. For data confidentiality, these services provides for the protection of data from unauthorized disclosure as connection, selective field, traffic flow confidentiality. For data integrity, these services counter active threats and may take one of the forms such as connection integrity with recovery, connection integrity without recovery, selective field connection integrity, connectionless integrity, and selective field connectionless integrity. For non-repudiation, this service may take one or both of two forms such as non-repudiation with proof of origin and non-repudiation with proof of delivery.

Secondary, let me describe what social network security objectives are. Reference to our lecture notes, security objectives in social network are privacy, integrity and availability. For privacy in OSNs, it focus on user profile privacy, communication privacy, message confidentiality privacy, and information disclosure. For integrity, user’s identity and data must be protected against unauthorized modification and tampering. For availability, the content published by users should be continuously available.

Thirdly, let me talk about my view of the differences between the social network security objectives and conventional online networks. The privacy and availability is new in social network security objects, which are not mentioned in conventional online networks. The privacy in social network may involve many components of conventional networks security objectives, such authentication, access control, and data confidentiality. Users publish their own information, which is only accessed by a part of users (who are on their contacts). And these users also need be authenticated in this group. The communications between these users are confidential, only trusted parties can trace, know it. Furthermore, in social network, the information is prevented to disclosure to other entrusted parties. All in all, information of users and their communications, actions is hidden to anyone unless users approved the access request themselves.

At last, I will share my opinion for a case of one of the above differences. Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA, who is the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple's London apartment and the locations of their children and Sir John's parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network^[1]. Even we assume that the wife chose some features that social network provides protection on privacy, avoid untruth party to access it. There still are threats such as Digital dossier aggregation: profiles on online SNSs can be downloaded and stored by third parties, creating a digital dossier of personal data. Furthermore the malicious hackers can hack and get the information, or though some posted photo to locate the users.

Nowadays, social networks add many interesting features, such as status updating, locating services. At the mean time, these features bring many threats. Criminals can use social networks to target people in the real world. A report from The Digital Criminal, found that 38% of users of sites like Facebook and Twitter have posted status updates saying when they are away for the weekend. According to that same report, 23% of social media users have discussed vacation plans "wall-to-wall" outside the privacy of their own page and 17% have reported seeing people’s residential addresses posted on pages that can be seen by strangers ^[2]. Maybe users should not so rely on social network security now, after all, it born to this world not very long. Users should protect themselves by good practice as well, such as do not upload sensitive information to SNS (e.g. detail addresses, phone number, email addresses), do not share detail status on SNS (e.g. when, where to take vaction) and so on. 

SNA for an Example

In lecture 6-8, we learnt a lot of things about social networking analysis, such as the graphical representation of social networks, terminologies for SNA, concepts on centrality and centralization, prestige, ranking algorithms and SNA examples. It is really a new word to me, I didn’t think that the social network can be analyzed using so many methods. To help our revision on SNA, we need analyze the following social network example.

Before analyzing the above social network, let me describe what SNA is first. Social network analysis (SNA) is the study of relationships and flows between individuals or entities such as people, groups, organizations, computers, URLs, and other connected information/knowledge entities. The nodes in the network represent the people or groups while the links or ties represent the relationships or flows between the nodes. SNA provides both visual and mathematical analysis of social relationships ^[1]. There are two kinds social network, one mode and two mode networks. One node networks only contain one type nodes, which means all nodes are of the same type; Two mode networks involve relations among two different types of nodes.

OK, it is time to analyze the above social network. First, let me describe this social network according what I learnt in lecture 6-8. It is a network contains five nodes, and 6 ties, which can be said 5 students, 6 relationships. This is a non-directional network. The relationships are:

(1)  For Alice, she has relationship with Bob, Carol and David;

(2)  For Bob, he has relationship with Alice and David;

(3)  For Carol, she has relationship with Alice and David;

(4)  For David, he has relationship with everyone in this network, i.e. Alice, Bob, Carol, and Eva;

(5)  For Eva, she only has relationship with David.

To finding patterns about the above social network more easily, we can use a simple matrix to represent it.

	Alice	Bob	Carol	David	Eva
Alice	-	1	1	1	0
Bob	1	-	0	1	0
Carol	1	0	-	1	0
David	1	1	1	-	1
Eva	0	0	0	1	-

From the above symmetrical matrix we can say it is undirectional network. May be we can treat the above social network as their friendships on facebook. We can calculate the density of this social network: 

{Alice, Bob, David} and {Alice, Carol, David} are cliques because they have maximum density(1). If we only consider {Alice, Bob, Carol, David}, it is a 2-plex. Because 4 nodes in which every nodes has a tie to at least 4-k=2 others in the set. In this 2-plex, every node is connected to at least two others in the set.

Secondly, let me calculate the three popular individual centrality measures(degree centrality, closeness centrality and betweeness centrality)  respectively to analyze different roles and grouping in this social network.

Degree Centrality

The concept of degrees - the number of direct connections a node has is used by social network researchers to measure network activity or popularity of a node. The following graph shows nodes (n_i) and their centrality C_D(n_i): Also

Also they can be normalized as C'_D= d(n_i)/(g-1) as:

Alice: 3/4=0.75 ; Bob: 2/4=0.5; Carol: 2/4=0.5; David: 4/4=1; Eva: 1/4=0.25. From this result, we can say David has the most direct connections in the network, making him the most active node in the network. He is most influential because he has relationships with all other in the network. By the way, we can calculate the freeman which used to measure the group degree centralization to analyze how large the sum of differences can actually be. Here the largest degrees of the network is C_D(n*) = 4

Closeness Centrality

This centrality measures the geodesic distances between some particular node and all other nodes connected with it. An actor is considered important is he/she is relatively close to all other actors. We can base on the closeness centrality formula to calculate the closeness centrality of each node.

P.S. 

C_C(Alice) =0.2; C_C(Bob) = C_C(Carol)≈0.17; C_C(David) =0.25; C_C(Eva) ≈0.14

To get the normalized closeness centrality C’_C(n_i)= C_C(n_i)(g-1), here g-1=4:

C'_C(Alice) =0.8; C'_C(Bob) = C'_C(Carol)≈0.68; C'_C(David) =1; C'_C(Eva) ≈0.56

The pattern of David's direct ties allow him to access all the nodes in the network more quickly than anyone else. He has the shortest paths to all others - he is close to everyone else. In another way, we can say David is most influential because he is close to everyone.By the way, we can also calculate the group closeness centralization to measure the overall level of closeness of this network.

C=(0.25-0.2)+2x(0.25-0.17)+(0.25-0.14)=0.5+0.16+0.11=0.77

Betweeness Centrality

Betweeness centrality is used to measure quantifying the control of a human on the communication between other humans in a social network. It counts the number shortest path between a node i and k that actor j resides on.



Then we can get,

C_B(Alice) = 0.5; C_B(Bob) = C_B(Carol) = C_B(Eva) = 0; C_B(David) = 3.5

To normalize the result:

C'_B(Alice) ≈ 0.083; C_B(Bob) = C_B(Carol) = C_B(Eva) = 0; C_B(David) ≈ 0.583

David has the most direct ties, he is able to act as a gatekeeper controlling the flow of resources between the alters that he or she connects. By the way, the following is the group betweeness centrality calculation:

Therefore,  C_B=[(0.583-0.083)+(0.583-0)x2+(0.583-0.583)] / 4≈0.5623=56.23%

Assumptions

At last, suppose I am conducting a research on the social network of these five students and the above results are obtained, the findings and their implications are discussed base on my data. David connects with everyone in this social network. He is the core person in this network. Also, David is in an excellent position to monitor the information flow in the network --he has the best visibility into what is happening in the network. Eva is the isolates of the network, she only connects with David. She is on the periphery. As the core person in the network, David may encourage Eva participate more in the network. 



When learning how to calculate the betweeness centrality, I could not get the same answer as the ring example on the lecture notes. After discussing with Dr. Rosanna and classmates, I found that I used the wrong formula (directional network) without over two in the denominator [ only (g-1)(g-2)]. I was more familiar with the calculation after discussing with others, participating in social network can help the learning process.

Social Media Marketing vs Traditional Marketing

We learnt a lot of things about social media in lecture 4 and 5, such as example platforms in social networking, social marketing and commerce, and social multimedia. Before these lectures, I just thought that the social media was only for entertainment or people relationships build up tools, never know that social media also can used by commercial purpose. Customers can interact with company, provide feedback, and learn more about company culture, products and service through social media marketing. In lecture notes, I read that “Social media has changed the way to do traditional marketing and even online marketing.”, so I am very curious about the difference between traditional marketing and social media marketing, and what advantages of social media marketing. To help the analysis, I read thought the lecture notes again and did some online research.

Ok, let's talk about what is traditional marketing and social media marketing first. Traditional marketing is advertising through TV, radio and print such as newspapers, magazines and leaflet mostly. Users are forced to get the latest information most of time, which interrupt their focus, such as watch their favorite TV show, listen to their style of music or read the latest news of their interest. Unfortunately, company can only attract 1-2% people using this way.

Social media marketing put effects on create attractive content and encourage readers sharing with their social networks. Usually, it's much more convinced when a friend tells you about it not the company itself. So we can say this kind of marketing is driven by word-of-mouth. There are many social networking websites such as facebook, twitter, google+, youtube, blogs and so one nowadays. Everyone can interact with each other and build relationships through these platforms. When products or companies join those social tools, peoples can share products experiences. These social media allow users to copy the promoted products information including comments post on their own websites, which is sharing to their friends. By repeating message, more and more users see the message, more and more potential customers created, more and more traffic brought to products or company.

For traditional marketing, it is always the hardest part to keep your customers, hope them will come back and bring more customers to you. But for social media marketing, it is opposite. It is about recognizing that your existing customers are your best assets. You can reach your existing customers to remind them to come back and make word of mouth by using social media.

Social media differs from traditional marketing that it involves two-way communication. After watching a video about social media marketing (as following video), I list the advantages of social media marketing as following:

·         Customer acquisition: reach much more customers and networks of people.

·         Brand awareness: brand much easier and faster; less competition yet.

·         Targeted Marketing: easily targeted, tracked, and quantifiable. can be tracked on real time. Inexpensive.

·         Customer intention: communication with customers about new products, special promotions, or merely education on your business.

·         Immediate results: increased site traffic, lead acquisition, ultimately increased sales.

Although there are so many benefits of social media marketing, you cannot throw other marketing tactics away. In fact, social media marketing works best when combined with other marketing activities especially email marketing. At last, I read a good blog written by Dr Vikram Venkateswaran really want to share here - How Social Media Marketing complements Traditional Marketing: Oprah Winfrey Example. It uses Oprah interview as an example to explain the social media is not replacement of traditional media but a very impotent component of the marketing mix.



Open Source Development

I did not know that our knowledge can be divided to different cognition levels and types, building knowledge is a process, and our mind can be engaged in social networking environments by doing social tasks and about knowledge there is something called Epistemological Belief before learning the lectures on week 3.  In this lecture, I found that a topic about “open source” is very interesting which is also related my job now. So I did surfing on the Internet to do some related research to know further, also tried to thinking and analyzing this topic according my own experience.

On Wikipedia, I found some descriptions for open source development. Open Source Development is the production or development process of software whose source code is publicly available. The source code can be available and visible to anyone want to study, change, and improve it. On the contrary, “closed” means the software vendors keep the source code secrets to public, only their own developers can read, modify, and change the source code. In the past, the open source development method was not so structured. There were no clear tools, phrases for development. The situation becomes better since the found of open source community. There are many popular open source software products nowadays, such as Linux, Apache, PHP, Mozilla Firefox, Google Chromium, and Android, etc.

 

There was concept of free sharing of technological information very long ago, even before computers came out. In the early years of automobile development, a association which grew out of the Motor Vehicle Manufacturers Association, was found to make member companies free shared patents openly between all the manufacturers. When internet came out and became more and more popular, the sharing of source code on the internet began. And now, the term of “open source” is widely known, and this development method praise highly in IT area.

I am writing programs in my company now. It is really convenient to have “open source”. Sometimes you just need using open source and do some modification, customization, the applications and programs can be produced quickly, it is a very efficient way; Sometimes you really meet bottle neck, cannot fix the bugs or problems, just post the source code on the internet forums, or discuss on development community, you can find the solution very quickly, after all, this is pooling the wisdom of the masses; Sometimes the technology is very new to you, you really don’t know how to start, just find tutorials, sample code, experience sharing on internet, you can follow step by step easily, etc. It is really a good thing to have “open source” in the world.

I did some research to comparing Apple IPhone and Google Android phone last semester, and analyzed that Google Android phone would beat Apple IPhone in future because of its open source platform. “It’s hitting Apple where it hurts by giving away ‘App Inventor’ – an application just about anyone can use to easily make applications for Android.” (Daniel Roth, How Android Will Beat iPhone: Google Gives Away App Inventor). Many companies built innovative new business model around open source, by deriving their revenues from other method such as support and training services. In “Android business model threatens Apple’s strength in smartphone market” we can find that open source business model can win in the market. Also, "There is a trend towards governments around the world encouraging the use of free or Open Source software (so called 'FOSS policies')." (Open Source)

But there is still one thing confusing me, is that open source for developing everything? Is there anything better to be developed closed?