In lecture 9 we learnt a lot about online social networks security and privacy issues, including online social networks (OSNs) security objectives, social networks data, social networks connection service and OSNs security and privacy issues four topics. I only know the security and privacy always the most key issues in social network, when implementing the social network system or platform, it always the first key points need think about and fix before. Now I have more deeply knowledge about online social network security. OSNs contains three main security objectives privacy, integrity and availability; there are 6 types of security networks data: service data, disclosed data, entrust data, incidental data, behavioral data and derived data; Major social-networking sites such as Facebook Platform, Google Friend Connect, and MySpaceID used social-networks connect services (SNCSs) allow third-party sites develop social applications and extend their services without host or social network; We study two example to know more clearly about SNCSs, Facebook Platform and OAuth 2.0, also study the challenges and issues of SNCSs. At last we learnt a lot of example of OSNs Security and Privacy Issues.
To experience how to formulate our view according to principles in knowledge building and epistemic cognition in a social network environment, which may lead to the creation of new knowledge, I read the Wikipedia’s descriptions about Security service (telecommunication) to give some views about online social network security.
First, let me describe what the conventional security objectives/security services are. The OSI security services containing five key points, authentication, access control, data confidentiality, data integrity and non- repudiation. For authentication, these services provide authentication for peer entity and data origin authentication. For access control, this service provides protection against unauthorized access to a resource, such as using, reading, writing, deletion or execution. For data confidentiality, these services provides for the protection of data from unauthorized disclosure as connection, selective field, traffic flow confidentiality. For data integrity, these services counter active threats and may take one of the forms such as connection integrity with recovery, connection integrity without recovery, selective field connection integrity, connectionless integrity, and selective field connectionless integrity. For non-repudiation, this service may take one or both of two forms such as non-repudiation with proof of origin and non-repudiation with proof of delivery.
Secondary, let me describe what social network security objectives are. Reference to our lecture notes, security objectives in social network are privacy, integrity and availability. For privacy in OSNs, it focus on user profile privacy, communication privacy, message confidentiality privacy, and information disclosure. For integrity, user’s identity and data must be protected against unauthorized modification and tampering. For availability, the content published by users should be continuously available.
Thirdly, let me talk about my view of the differences between the social network security objectives and conventional online networks. The privacy and availability is new in social network security objects, which are not mentioned in conventional online networks. The privacy in social network may involve many components of conventional networks security objectives, such authentication, access control, and data confidentiality. Users publish their own information, which is only accessed by a part of users (who are on their contacts). And these users also need be authenticated in this group. The communications between these users are confidential, only trusted parties can trace, know it. Furthermore, in social network, the information is prevented to disclosure to other entrusted parties. All in all, information of users and their communications, actions is hidden to anyone unless users approved the access request themselves.
At last, I will share my opinion for a case of one of the above differences. Sir John Sawers is the incoming head of MI6, essentially the British equivalent of the CIA, who is the director of the United States Central Intelligence Agency, which is responsible for providing national security intelligence to senior U.S. policymakers, including the President, and who manages the operations, personnel, and budget of the CIA. His wife posted sensitive personal information to her Facebook page, including the address of the couple's London apartment and the locations of their children and Sir John's parents. She also posted family photos that included her half-brother, who was an associate and researcher for a historian who has been convicted of Holocaust denial. Her Facebook profile was left open to anyone in the London network[1]. Even we assume that the wife chose some features that social network provides protection on privacy, avoid untruth party to access it. There still are threats such as Digital dossier aggregation: profiles on online SNSs can be downloaded and stored by third parties, creating a digital dossier of personal data. Furthermore the malicious hackers can hack and get the information, or though some posted photo to locate the users.
Nowadays, social networks add many interesting features, such as status updating, locating services. At the mean time, these features bring many threats. Criminals can use social networks to target people in the real world. A report from The Digital Criminal, found that 38% of users of sites like Facebook and Twitter have posted status updates saying when they are away for the weekend. According to that same report, 23% of social media users have discussed vacation plans "wall-to-wall" outside the privacy of their own page and 17% have reported seeing people’s residential addresses posted on pages that can be seen by strangers [2]. Maybe users should not so rely on social network security now, after all, it born to this world not very long. Users should protect themselves by good practice as well, such as do not upload sensitive information to SNS (e.g. detail addresses, phone number, email addresses), do not share detail status on SNS (e.g. when, where to take vaction) and so on.