Online Social Network Security

In lecture 9 we learnt a lot about online social networks security and privacy issues, including online social networks (OSNs) security objectives, social networks data, social networks connection service and OSNs security and privacy issues four topics. I only know the security and privacy always the most key issues in social network, when implementing the social network system or platform, it always the first key points need think about and fix before. Now I have more deeply knowledge about online social network security. OSNs contains three main security objectives privacy, integrity and availability; there are 6 types of security networks data: service data, disclosed data, entrust data, incidental data, behavioral data and derived data; Major social-networking sites such as Facebook Platform, Google Friend Connect, and MySpaceID used social-networks connect services (SNCSs) allow third-party sites develop social applications and extend their services without host or social network; We study two example to know more clearly about SNCSs, Facebook Platform and OAuth 2.0, also study the challenges and issues of SNCSs. At last we learnt a lot of example of OSNs Security and Privacy Issues.

To experience how to formulate our view according to principles in knowledge building and epistemic cognition in a social network environment, which may lead to the creation of new knowledge, I read the Wikipedia’s descriptions about Security service (telecommunication) to give some views about online social network security.

First, let me describe what the conventional security objectives/security services are. The OSI security services containing five key points, authentication, access control, data confidentiality, data integrity and non- repudiation. For authentication, these services provide authentication for peer entity and data origin authentication. For access control, this service provides protection against unauthorized access to a resource, such as using, reading, writing, deletion or execution. For data confidentiality, these services provides for the protection of data from unauthorized disclosure as connection, selective field, traffic flow confidentiality. For data integrity, these services counter active threats and may take one of the forms such as connection integrity with recovery, connection integrity without recovery, selective field connection integrity, connectionless integrity, and selective field connectionless integrity. For non-repudiation, this service may take one or both of two forms such as non-repudiation with proof of origin and non-repudiation with proof of delivery.

Secondary, let me describe what social network security objectives are. Reference to our lecture notes, security objectives in social network are privacy, integrity and availability. For privacy in OSNs, it focus on user profile privacy, communication privacy, message confidentiality privacy, and information disclosure. For integrity, user’s identity and data must be protected against unauthorized modification and tampering. For availability, the content published by users should be continuously available.

Thirdly, let me talk about my view of the differences between the social network security objectives and conventional online networks. The privacy and availability is new in social network security objects, which are not mentioned in conventional online networks. The privacy in social network may involve many components of conventional networks security objectives, such authentication, access control, and data confidentiality. Users publish their own information, which is only accessed by a part of users (who are on their contacts). And these users also need be authenticated in this group. The communications between these users are confidential, only trusted parties can trace, know it. Furthermore, in social network, the information is prevented to disclosure to other entrusted parties. All in all, information of users and their communications, actions is hidden to anyone unless users approved the access request themselves.

At last, I will share my opinion for a case of one of the above differences. Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA, who is the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple's London apartment and the locations of their children and Sir John's parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network^[1]. Even we assume that the wife chose some features that social network provides protection on privacy, avoid untruth party to access it. There still are threats such as Digital dossier aggregation: profiles on online SNSs can be downloaded and stored by third parties, creating a digital dossier of personal data. Furthermore the malicious hackers can hack and get the information, or though some posted photo to locate the users.

Nowadays, social networks add many interesting features, such as status updating, locating services. At the mean time, these features bring many threats. Criminals can use social networks to target people in the real world. A report from The Digital Criminal, found that 38% of users of sites like Facebook and Twitter have posted status updates saying when they are away for the weekend. According to that same report, 23% of social media users have discussed vacation plans "wall-to-wall" outside the privacy of their own page and 17% have reported seeing people’s residential addresses posted on pages that can be seen by strangers ^[2]. Maybe users should not so rely on social network security now, after all, it born to this world not very long. Users should protect themselves by good practice as well, such as do not upload sensitive information to SNS (e.g. detail addresses, phone number, email addresses), do not share detail status on SNS (e.g. when, where to take vaction) and so on. 

SNA for an Example

In lecture 6-8, we learnt a lot of things about social networking analysis, such as the graphical representation of social networks, terminologies for SNA, concepts on centrality and centralization, prestige, ranking algorithms and SNA examples. It is really a new word to me, I didn’t think that the social network can be analyzed using so many methods. To help our revision on SNA, we need analyze the following social network example.

Before analyzing the above social network, let me describe what SNA is first. Social network analysis (SNA) is the study of relationships and flows between individuals or entities such as people, groups, organizations, computers, URLs, and other connected information/knowledge entities. The nodes in the network represent the people or groups while the links or ties represent the relationships or flows between the nodes. SNA provides both visual and mathematical analysis of social relationships ^[1]. There are two kinds social network, one mode and two mode networks. One node networks only contain one type nodes, which means all nodes are of the same type; Two mode networks involve relations among two different types of nodes.

OK, it is time to analyze the above social network. First, let me describe this social network according what I learnt in lecture 6-8. It is a network contains five nodes, and 6 ties, which can be said 5 students, 6 relationships. This is a non-directional network. The relationships are:

(1)  For Alice, she has relationship with Bob, Carol and David;

(2)  For Bob, he has relationship with Alice and David;

(3)  For Carol, she has relationship with Alice and David;

(4)  For David, he has relationship with everyone in this network, i.e. Alice, Bob, Carol, and Eva;

(5)  For Eva, she only has relationship with David.

To finding patterns about the above social network more easily, we can use a simple matrix to represent it.

	Alice	Bob	Carol	David	Eva
Alice	-	1	1	1	0
Bob	1	-	0	1	0
Carol	1	0	-	1	0
David	1	1	1	-	1
Eva	0	0	0	1	-

From the above symmetrical matrix we can say it is undirectional network. May be we can treat the above social network as their friendships on facebook. We can calculate the density of this social network: 

{Alice, Bob, David} and {Alice, Carol, David} are cliques because they have maximum density(1). If we only consider {Alice, Bob, Carol, David}, it is a 2-plex. Because 4 nodes in which every nodes has a tie to at least 4-k=2 others in the set. In this 2-plex, every node is connected to at least two others in the set.

Secondly, let me calculate the three popular individual centrality measures(degree centrality, closeness centrality and betweeness centrality)  respectively to analyze different roles and grouping in this social network.

Degree Centrality

The concept of degrees - the number of direct connections a node has is used by social network researchers to measure network activity or popularity of a node. The following graph shows nodes (n_i) and their centrality C_D(n_i): Also

Also they can be normalized as C'_D= d(n_i)/(g-1) as:

Alice: 3/4=0.75 ; Bob: 2/4=0.5; Carol: 2/4=0.5; David: 4/4=1; Eva: 1/4=0.25. From this result, we can say David has the most direct connections in the network, making him the most active node in the network. He is most influential because he has relationships with all other in the network. By the way, we can calculate the freeman which used to measure the group degree centralization to analyze how large the sum of differences can actually be. Here the largest degrees of the network is C_D(n*) = 4

Closeness Centrality

This centrality measures the geodesic distances between some particular node and all other nodes connected with it. An actor is considered important is he/she is relatively close to all other actors. We can base on the closeness centrality formula to calculate the closeness centrality of each node.

P.S. 

C_C(Alice) =0.2; C_C(Bob) = C_C(Carol)≈0.17; C_C(David) =0.25; C_C(Eva) ≈0.14

To get the normalized closeness centrality C’_C(n_i)= C_C(n_i)(g-1), here g-1=4:

C'_C(Alice) =0.8; C'_C(Bob) = C'_C(Carol)≈0.68; C'_C(David) =1; C'_C(Eva) ≈0.56

The pattern of David's direct ties allow him to access all the nodes in the network more quickly than anyone else. He has the shortest paths to all others - he is close to everyone else. In another way, we can say David is most influential because he is close to everyone.By the way, we can also calculate the group closeness centralization to measure the overall level of closeness of this network.

C=(0.25-0.2)+2x(0.25-0.17)+(0.25-0.14)=0.5+0.16+0.11=0.77

Betweeness Centrality

Betweeness centrality is used to measure quantifying the control of a human on the communication between other humans in a social network. It counts the number shortest path between a node i and k that actor j resides on.



Then we can get,

C_B(Alice) = 0.5; C_B(Bob) = C_B(Carol) = C_B(Eva) = 0; C_B(David) = 3.5

To normalize the result:

C'_B(Alice) ≈ 0.083; C_B(Bob) = C_B(Carol) = C_B(Eva) = 0; C_B(David) ≈ 0.583

David has the most direct ties, he is able to act as a gatekeeper controlling the flow of resources between the alters that he or she connects. By the way, the following is the group betweeness centrality calculation:

Therefore,  C_B=[(0.583-0.083)+(0.583-0)x2+(0.583-0.583)] / 4≈0.5623=56.23%

Assumptions

At last, suppose I am conducting a research on the social network of these five students and the above results are obtained, the findings and their implications are discussed base on my data. David connects with everyone in this social network. He is the core person in this network. Also, David is in an excellent position to monitor the information flow in the network --he has the best visibility into what is happening in the network. Eva is the isolates of the network, she only connects with David. She is on the periphery. As the core person in the network, David may encourage Eva participate more in the network. 



When learning how to calculate the betweeness centrality, I could not get the same answer as the ring example on the lecture notes. After discussing with Dr. Rosanna and classmates, I found that I used the wrong formula (directional network) without over two in the denominator [ only (g-1)(g-2)]. I was more familiar with the calculation after discussing with others, participating in social network can help the learning process.