research-article

Leveraging Social Feedback to Verify Online Identity Claims

Authors:
Michael Sirivianos

Cyprus University of Technology

Cyprus University of Technology
View Profile

,
Kyungbaek Kim

Chonnam National University

Chonnam National University
View Profile

,
Jian Wei Gan

TellApart

TellApart
View Profile

,
Xiaowei Yang

Duke University

Duke University
View Profile

Authors Info & Claims

ACM Transactions on the Web Volume 8 Issue 2Article No.: 9pp 1–38https://doi.org/10.1145/2543711

Published:01 March 2014Publication History

ACM Transactions on the Web

Abstract

Anonymity is one of the main virtues of the Internet, as it protects privacy and enables users to express opinions more freely. However, anonymity hinders the assessment of the veracity of assertions that online users make about their identity attributes, such as age or profession. We propose FaceTrust, a system that uses online social networks to provide lightweight identity credentials while preserving a user’s anonymity. FaceTrust employs a “game with a purpose” design to elicit the opinions of the friends of a user about the user’s self-claimed identity attributes, and uses attack-resistant trust inference to assign veracity scores to identity attribute assertions. FaceTrust provides credentials, which a user can use to corroborate his assertions. We evaluate our proposal using a live Facebook deployment and simulations on a crawled social graph. The results show that our veracity scores are strongly correlated with the ground truth, even when dishonest users make up a large fraction of the social network and employ the Sybil attack.

References

Yong-Yeol Ahn, Seungyeop Han, Haewoon Kwak, Sue Moon, and Hawoong Jeong. 2007. Analysis of topological characteristics of huge online social networking services. In Proceedings of the 16th International Conference on World Wide Web (WWW’07). 835--844. Google ScholarDigital Library
Randy Baden, Neil Spring, and Bobby Bhattacharjee. 2009. Identifying close friends on the internet. In Proceedings of the 8th ACM Workshop on Hot Topics on Networks (HotNets’09).Google Scholar
Leyla Bilge, Thorsten Strufe, Davide Balzarotti, and Engin Kirda. 2009. All your contacts are belong to us: Automated identity theft attacks on social networks. In Proceedings of the 18th International Conference on World Wide Web (WWW’09). Google ScholarDigital Library
Yazan Boshmaf, Ildar Muslukhov, Konsantint Beznosov, and Matei Ripeanu. 2011. The socialbot network: When bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC’11). 93--102. Google ScholarDigital Library
Jan Camenisch and Els van Herreweghen. 2002. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02). 21--30. Google ScholarDigital Library
Qiang Cao, Michael Sirivianos, Xiaowei Yang, and Tiago Pregueiro. 2012. Aiding the detection of fake accounts in large scale social online services. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation (NSDI’12). 15. Google ScholarDigital Library
Alice Cheng and Eric Friedman. 2005. Sybil-proof reputation mechanisms. In Proceedings of the ACM SIGCOMM Workshop on Economics of Peer-to-Peer Systems (P2PEcon’05). 128--132. Google ScholarDigital Library
Alice Cheng and Eric Friedman. 2006. Manipulability of pagerank under sybil strategies. In Proceedings of the 1st Workshop on the Economics of Networked Systems (NetEcon’06).Google Scholar
George Danezis and Prateek Mittal. 2009. SybilInfer: Detecting sybil nodes using social networks. In Proceedings of the 16th Annual Network and Distributed System Security Conference (NDSS’09).Google Scholar
Jeffrey Dean and Sanjay Ghemawat. 2004. MapReduce: Simplified data processing on large clusters. In Proceedings of the 6th Conference on Symposium on Operating Systems Design and Implementation (OSDI’04). 10. Google ScholarDigital Library
John R. Douceur. 2002. The sybil attack. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS’02) Revised Papers. 251--260. Google ScholarDigital Library
FaceTrust-Credentials. 2011. FaceTrust - Certify your identity through your online social network, web archive. http://web.archive.org/web/20111104214113/, http://www.facetrust.net/.Google Scholar
Minas Gjoka, Maciej Kurant, Carter T. Butts, and Athina Markopoulou. 2010. A walk in facebook: Uniform sampling of users in online social networks. In Proceedings of the 29th Conference on Information Communications (INFOCOM’10). 2498--2506. Google ScholarDigital Library
Ratan Kuman Guha, Ravi Kumar, Prabhakar Raghavan, and Andrew Tomkins. 2004. Propagation of trust and distrust. In Proceedings of the 13th International Conference on World Wide Web (WWW’04). 403--412. Google ScholarDigital Library
Zoltan Gyongyi, Hector Garcia-Molina, and Jan Pedersen. 2004. Combating web spam with trustrank. In Proceedings of the 13th International Conference on Very Large Data Bases (VLDB’04). 576--587. Google ScholarDigital Library
Amy Harmon. 2004. Amazon glitch unmasks war of reviewers. http://www.nytimes.com/2004/02/14/us/amazon-glitch-unmasks-war-of-reviewers.html.Google Scholar
Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, and Calton Pu. 2011. Reverse social engineering attacks in online social networks. In Proceedings of the 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA’11). 55--74. Google ScholarDigital Library
Paul Jaccard. 1901. Etude comparative de la distribution florale dans une portion des alpes et des jura. Bulletin del la Societe Vaudoise des Sciences Naturelles 37, 547--579.Google Scholar
Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. 2003. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th International Conference on World Wide Web (WWW’03). 640--651. Google ScholarDigital Library
Adam Langley. 2013. Google security blog, enhancing digital certificate authority. http://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html.Google Scholar
Jure Leskovec and Christos Faloutsos. 2006. Sampling from large graphs. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD’06). 631--636. Google ScholarDigital Library
Chris Lesniewski-Laas and M. Frans Kaashoek. 2010. Whanau: A sybil-proof distributed hash table. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI’10). 8. Google ScholarDigital Library
Raph Levien. 2003. Attack-resistant trust metrics. www.levien.com/thesis/compact.pdf.Google Scholar
Raph Levien and Alexander Aiken. 1997. Attack-resistant trust metrics for public key certification. In Proceedings of the 7th Conference on USENIX Security Symposium (SSYM’97). 18. Google ScholarDigital Library
Merkin. 2006. Worth double the money. http://tinyurl.com/y8pqgvl.Google Scholar
Alan Mislove, Massimiliano Marcon, Krishna P. Gummadi, Peter Druschel, and Samrat Bhattacharjee. 2007. Measurement and analysis of online social networks. In Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement (IMC’07). 29--42. Google ScholarDigital Library
Marti Motoyama, Damon McCoy, Kirill Levchenko, Geoffrey M. Voelker, and Stefan Savage. 2011. Dirty jobs: The role of freelance labor in web service abuse. In Proceedings of the 20th USENIX Security Symposium. Google ScholarDigital Library
Greg Norcie, Emilliano De Cristofaro, and Victoria Bellotti. 2013. Bootstrapping trust in online dating: Social verification of online dating profiles. In Proceedings of the Financial Cryptography and Data Security Workshop on Usable Security (USEC’13).Google ScholarCross Ref
Lawrence Page, Sergey Brin, Rajeev Motwani, and Terry Winograd. 1999. The pagerank citation ranking: Bringing order to the web. Tech. rep., Stanford. http://www.cs.odu.edu/~mln/teaching/cs791s07/?method=getElement&element=~week4~KleinVuppala.pdf.Google Scholar
Arlen Parsa. 2009. Belkin’s amazon rep paying for fake online reviews. http://tinyurl.com/yzgp9co.Google Scholar
Radia Perlman. 1999. An overview of pki trust models. IEEE Netw. 13, 6, 38--43. Google ScholarDigital Library
Ansley Post, Vijit Shah, and Alan Mislove. 2011. Bazaar: Strengthening user reputations in online market-places. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation (NSDI’11). 14. Google ScholarDigital Library
Josep M. Pujol and Ramon Sangesa Jordi Delgado. 2002. Extracting reputation in multi agent systems by means of social network topology. In Proceedings of the 1st International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS’02). 467--474. Google ScholarDigital Library
Anirudh Ramachandran and Nick Feamster. 2008. Authenticated out-of-band communication over social links. In Proceedings of the 1st Workshop on Online Social Networks (WOSN’08). 61--66. Google ScholarDigital Library
Venugoplalan Ramasubramanian and Emin Gun Sirer. 2005. Perils of transitive trust in the domain name system. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC’05). 35. Google ScholarDigital Library
Michael Reiter and Stuart Stubblebine. 1997. Toward acceptable metrics of authentication. In Proceedings of the IEEE Symposium on Security and Privacy (SP’97). 10--20. Google ScholarDigital Library
Michael Reiter and Stuart Stubblebine. 1999. Authentication metric analysis and design. ACM Trans. Inf. Syst. Secur. 2, 2, 138--158. Google ScholarDigital Library
Rental-Scam. 2013. Waterloo regional police service, apartment rental scam. http://www.wrps.on.ca/staying-safe/fraud-prevention/apartment-rental-scam.Google Scholar
Oliver Richters and Tiago P. Peixoto. 2011. Trust transitivity in social networks. PLoS One 6, 4.Google ScholarCross Ref
Michael Sirivianos, Kyungbaek Kim, and Xiaowei Yang. 2009. FaceTrust: Assessing the credibility of online personas via social networks. In Proceedings of the 4th USENIX Conference on Hot Topics in Security (HotSec’09). 2. Google ScholarDigital Library
Yair Sovran, Alana Libonati, and Jinyang Li. 2008. Pass it on: Social networks stymie censors. In Proceedings of the 7th International Conference on Peer-to-Peer Systems (IPTPS’08). 3. Google ScholarDigital Library
William Stallings. 1995. Protect Your Privacy: A Guide for PGP Users. Prentice-Hall. Google ScholarDigital Library
Dinh Nguyen Tran, Bonan Min, Jinyang Li, and Lakshminarayanan Subramanian. 2009. Sybil-resilient online content rating. In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI’09). 15--28. Google ScholarDigital Library
Kevin Walsh and Emin Gun Sirer. 2006. Experience with an object reputation system for peer-to-peer filesharing. In Proceedings of the 3rd Conference on Networked Systems Design and Implementation (NSDI’06). Google ScholarDigital Library
Alma Whitten and Doug Tygar. 1999. Why johnny can’t encrypt: A usability evaluation of pgp 5.0. In Proceedings of the 8th Conference on USENIX Security Symposium (SSYM’99). 14. Google ScholarDigital Library
Wikipedia. 2013. Root certificate. http://en.wikipedia.org/wiki/Rootcertificate.Google Scholar
Baoning Wu, Vinay Goel, and Brian D. Davison. 2006. Topical trustrank: Using topicality to combat web spam. In Proceedings of the 15th International Conference on World Wide Web (WWW’06). 63--72. Google ScholarDigital Library
Zhi Yang, Chrito Wilson, Xiao Wang, Tingting Gao, Ben Y. Zhao, and Yafei Dai. 2011. Uncovering social network sybils in the wild. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement Conference (IMC’11). 259--268. Google ScholarDigital Library
Sarita Yardi, Nick Feamster, and Amy Bruckman. 2008. Photo-based authentication using social networks. In Proceedings of the 1st Workshop on Online Social Networks (WOSN’08). 55--60. Google ScholarDigital Library
Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman. 2006. SybilGuard: Defending against sybil attacks via social networks. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’06). 267--278. Google ScholarDigital Library
Haifeng Yu, Phillip Gibbons, Michael Kaminsky, and Feng Xiao. 2008. A near-optimal social network defense against sybil attacks. In Proceedings of the IEEE Symposium on the 29th IEEE Symposium on Security and Privacy (SP’08). 3--17. Google ScholarDigital Library
Haifeng Yu, Chenwei Shi, Michael Kaminsky, Phillip B. Gibbons, and Feng Xiao. 2009. DSybil: Optimal sybil-resistance for recommendation systems. In Proceedings of the 30th IEEE Symposium on Security and Privacy (SP’09). 283--298. Google ScholarDigital Library
Jian Zhang, Phillip Porrs, and Johannes Ullrich. 2008. Highly predictive blacklisting. In Proceedings of the 17th Conference on Security Symposium (SS’08). 107--122. Google ScholarDigital Library
Yao Zhao, Yinglian Xie, Fang Yu, Qifa Ke, Yuan Yu, Yan Chen, and Elliot Gillum. 2009. Botgraph: Large scale spamming botnet detection. In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI’09). 321--334. Google ScholarDigital Library
Philip R. Zimmerman. 1995. The Official PGP User’s Guide. MIT Press.Google Scholar

Index Terms

Leveraging Social Feedback to Verify Online Identity Claims

Recommendations

Identity and User Behavior in Online Communities
GROUP '20: Companion Proceedings of the 2020 ACM International Conference on Supporting Group Work

In online communities, people share and discuss information at all levels of topic sensitivity. Identity policies within these communities range from real names to anonymity. The amount of user engagement, the quality of the information, disinformation ...
Read More
Application-layer design patterns for accountable-anonymous online identities

Both anonymity and accountability play important roles in sustaining the Internet's functionality; however, there is a common misconception that increasing the anonymity of Internet identities requires diminishing their accountability, and vice versa. ...
Read More
Privacy leakage analysis in online social networks

Online Social Networks (OSNs) have become one of the major platforms for social interactions, such as building up relationship, sharing personal experiences, and providing other services. The wide adoption of OSNs raises privacy concerns due to personal ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on the Web Volume 8, Issue 2
March 2014
226 pages
ISSN:1559-1131
EISSN:1559-114X
DOI:10.1145/2600093
Editor:
Marc Najork
Microsoft Research, USA
Issue’s Table of Contents
Copyright © 2014 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 March 2014
- Accepted: 1 November 2013
- Revised: 1 September 2013
- Received: 1 July 2012
Published in tweb Volume 8, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Anonymity
online credential
online identity
online social network
privacy
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 5
  Total Citations
  View Citations
- 501
  Total Downloads
- Downloads (Last 12 months)15
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Leveraging Social Feedback to Verify Online Identity Claims

ACM Transactions on the Web

Abstract

References

Cited By

Index Terms

Recommendations

Identity and User Behavior in Online Communities

Application-layer design patterns for accountable-anonymous online identities

Privacy leakage analysis in online social networks