Abstract
Anonymity is one of the main virtues of the Internet, as it protects privacy and enables users to express opinions more freely. However, anonymity hinders the assessment of the veracity of assertions that online users make about their identity attributes, such as age or profession. We propose FaceTrust, a system that uses online social networks to provide lightweight identity credentials while preserving a user’s anonymity. FaceTrust employs a “game with a purpose” design to elicit the opinions of the friends of a user about the user’s self-claimed identity attributes, and uses attack-resistant trust inference to assign veracity scores to identity attribute assertions. FaceTrust provides credentials, which a user can use to corroborate his assertions. We evaluate our proposal using a live Facebook deployment and simulations on a crawled social graph. The results show that our veracity scores are strongly correlated with the ground truth, even when dishonest users make up a large fraction of the social network and employ the Sybil attack.
- Yong-Yeol Ahn, Seungyeop Han, Haewoon Kwak, Sue Moon, and Hawoong Jeong. 2007. Analysis of topological characteristics of huge online social networking services. In Proceedings of the 16th International Conference on World Wide Web (WWW’07). 835--844. Google ScholarDigital Library
- Randy Baden, Neil Spring, and Bobby Bhattacharjee. 2009. Identifying close friends on the internet. In Proceedings of the 8th ACM Workshop on Hot Topics on Networks (HotNets’09).Google Scholar
- Leyla Bilge, Thorsten Strufe, Davide Balzarotti, and Engin Kirda. 2009. All your contacts are belong to us: Automated identity theft attacks on social networks. In Proceedings of the 18th International Conference on World Wide Web (WWW’09). Google ScholarDigital Library
- Yazan Boshmaf, Ildar Muslukhov, Konsantint Beznosov, and Matei Ripeanu. 2011. The socialbot network: When bots socialize for fame and money. In Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC’11). 93--102. Google ScholarDigital Library
- Jan Camenisch and Els van Herreweghen. 2002. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02). 21--30. Google ScholarDigital Library
- Qiang Cao, Michael Sirivianos, Xiaowei Yang, and Tiago Pregueiro. 2012. Aiding the detection of fake accounts in large scale social online services. In Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation (NSDI’12). 15. Google ScholarDigital Library
- Alice Cheng and Eric Friedman. 2005. Sybil-proof reputation mechanisms. In Proceedings of the ACM SIGCOMM Workshop on Economics of Peer-to-Peer Systems (P2PEcon’05). 128--132. Google ScholarDigital Library
- Alice Cheng and Eric Friedman. 2006. Manipulability of pagerank under sybil strategies. In Proceedings of the 1st Workshop on the Economics of Networked Systems (NetEcon’06).Google Scholar
- George Danezis and Prateek Mittal. 2009. SybilInfer: Detecting sybil nodes using social networks. In Proceedings of the 16th Annual Network and Distributed System Security Conference (NDSS’09).Google Scholar
- Jeffrey Dean and Sanjay Ghemawat. 2004. MapReduce: Simplified data processing on large clusters. In Proceedings of the 6th Conference on Symposium on Operating Systems Design and Implementation (OSDI’04). 10. Google ScholarDigital Library
- John R. Douceur. 2002. The sybil attack. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS’02) Revised Papers. 251--260. Google ScholarDigital Library
- FaceTrust-Credentials. 2011. FaceTrust - Certify your identity through your online social network, web archive. http://web.archive.org/web/20111104214113/, http://www.facetrust.net/.Google Scholar
- Minas Gjoka, Maciej Kurant, Carter T. Butts, and Athina Markopoulou. 2010. A walk in facebook: Uniform sampling of users in online social networks. In Proceedings of the 29th Conference on Information Communications (INFOCOM’10). 2498--2506. Google ScholarDigital Library
- Ratan Kuman Guha, Ravi Kumar, Prabhakar Raghavan, and Andrew Tomkins. 2004. Propagation of trust and distrust. In Proceedings of the 13th International Conference on World Wide Web (WWW’04). 403--412. Google ScholarDigital Library
- Zoltan Gyongyi, Hector Garcia-Molina, and Jan Pedersen. 2004. Combating web spam with trustrank. In Proceedings of the 13th International Conference on Very Large Data Bases (VLDB’04). 576--587. Google ScholarDigital Library
- Amy Harmon. 2004. Amazon glitch unmasks war of reviewers. http://www.nytimes.com/2004/02/14/us/amazon-glitch-unmasks-war-of-reviewers.html.Google Scholar
- Danesh Irani, Marco Balduzzi, Davide Balzarotti, Engin Kirda, and Calton Pu. 2011. Reverse social engineering attacks in online social networks. In Proceedings of the 8th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA’11). 55--74. Google ScholarDigital Library
- Paul Jaccard. 1901. Etude comparative de la distribution florale dans une portion des alpes et des jura. Bulletin del la Societe Vaudoise des Sciences Naturelles 37, 547--579.Google Scholar
- Sepandar D. Kamvar, Mario T. Schlosser, and Hector Garcia-Molina. 2003. The eigentrust algorithm for reputation management in p2p networks. In Proceedings of the 12th International Conference on World Wide Web (WWW’03). 640--651. Google ScholarDigital Library
- Adam Langley. 2013. Google security blog, enhancing digital certificate authority. http://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html.Google Scholar
- Jure Leskovec and Christos Faloutsos. 2006. Sampling from large graphs. In Proceedings of the 12th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (SIGKDD’06). 631--636. Google ScholarDigital Library
- Chris Lesniewski-Laas and M. Frans Kaashoek. 2010. Whanau: A sybil-proof distributed hash table. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI’10). 8. Google ScholarDigital Library
- Raph Levien. 2003. Attack-resistant trust metrics. www.levien.com/thesis/compact.pdf.Google Scholar
- Raph Levien and Alexander Aiken. 1997. Attack-resistant trust metrics for public key certification. In Proceedings of the 7th Conference on USENIX Security Symposium (SSYM’97). 18. Google ScholarDigital Library
- Merkin. 2006. Worth double the money. http://tinyurl.com/y8pqgvl.Google Scholar
- Alan Mislove, Massimiliano Marcon, Krishna P. Gummadi, Peter Druschel, and Samrat Bhattacharjee. 2007. Measurement and analysis of online social networks. In Proceedings of the 7th ACM SIGCOMM Conference on Internet Measurement (IMC’07). 29--42. Google ScholarDigital Library
- Marti Motoyama, Damon McCoy, Kirill Levchenko, Geoffrey M. Voelker, and Stefan Savage. 2011. Dirty jobs: The role of freelance labor in web service abuse. In Proceedings of the 20th USENIX Security Symposium. Google ScholarDigital Library
- Greg Norcie, Emilliano De Cristofaro, and Victoria Bellotti. 2013. Bootstrapping trust in online dating: Social verification of online dating profiles. In Proceedings of the Financial Cryptography and Data Security Workshop on Usable Security (USEC’13).Google ScholarCross Ref
- Lawrence Page, Sergey Brin, Rajeev Motwani, and Terry Winograd. 1999. The pagerank citation ranking: Bringing order to the web. Tech. rep., Stanford. http://www.cs.odu.edu/~mln/teaching/cs791s07/?method=getElement&element=~week4~KleinVuppala.pdf.Google Scholar
- Arlen Parsa. 2009. Belkin’s amazon rep paying for fake online reviews. http://tinyurl.com/yzgp9co.Google Scholar
- Radia Perlman. 1999. An overview of pki trust models. IEEE Netw. 13, 6, 38--43. Google ScholarDigital Library
- Ansley Post, Vijit Shah, and Alan Mislove. 2011. Bazaar: Strengthening user reputations in online market-places. In Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation (NSDI’11). 14. Google ScholarDigital Library
- Josep M. Pujol and Ramon Sangesa Jordi Delgado. 2002. Extracting reputation in multi agent systems by means of social network topology. In Proceedings of the 1st International Joint Conference on Autonomous Agents and Multiagent Systems (AAMAS’02). 467--474. Google ScholarDigital Library
- Anirudh Ramachandran and Nick Feamster. 2008. Authenticated out-of-band communication over social links. In Proceedings of the 1st Workshop on Online Social Networks (WOSN’08). 61--66. Google ScholarDigital Library
- Venugoplalan Ramasubramanian and Emin Gun Sirer. 2005. Perils of transitive trust in the domain name system. In Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (IMC’05). 35. Google ScholarDigital Library
- Michael Reiter and Stuart Stubblebine. 1997. Toward acceptable metrics of authentication. In Proceedings of the IEEE Symposium on Security and Privacy (SP’97). 10--20. Google ScholarDigital Library
- Michael Reiter and Stuart Stubblebine. 1999. Authentication metric analysis and design. ACM Trans. Inf. Syst. Secur. 2, 2, 138--158. Google ScholarDigital Library
- Rental-Scam. 2013. Waterloo regional police service, apartment rental scam. http://www.wrps.on.ca/staying-safe/fraud-prevention/apartment-rental-scam.Google Scholar
- Oliver Richters and Tiago P. Peixoto. 2011. Trust transitivity in social networks. PLoS One 6, 4.Google ScholarCross Ref
- Michael Sirivianos, Kyungbaek Kim, and Xiaowei Yang. 2009. FaceTrust: Assessing the credibility of online personas via social networks. In Proceedings of the 4th USENIX Conference on Hot Topics in Security (HotSec’09). 2. Google ScholarDigital Library
- Yair Sovran, Alana Libonati, and Jinyang Li. 2008. Pass it on: Social networks stymie censors. In Proceedings of the 7th International Conference on Peer-to-Peer Systems (IPTPS’08). 3. Google ScholarDigital Library
- William Stallings. 1995. Protect Your Privacy: A Guide for PGP Users. Prentice-Hall. Google ScholarDigital Library
- Dinh Nguyen Tran, Bonan Min, Jinyang Li, and Lakshminarayanan Subramanian. 2009. Sybil-resilient online content rating. In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI’09). 15--28. Google ScholarDigital Library
- Kevin Walsh and Emin Gun Sirer. 2006. Experience with an object reputation system for peer-to-peer filesharing. In Proceedings of the 3rd Conference on Networked Systems Design and Implementation (NSDI’06). Google ScholarDigital Library
- Alma Whitten and Doug Tygar. 1999. Why johnny can’t encrypt: A usability evaluation of pgp 5.0. In Proceedings of the 8th Conference on USENIX Security Symposium (SSYM’99). 14. Google ScholarDigital Library
- Wikipedia. 2013. Root certificate. http://en.wikipedia.org/wiki/Rootcertificate.Google Scholar
- Baoning Wu, Vinay Goel, and Brian D. Davison. 2006. Topical trustrank: Using topicality to combat web spam. In Proceedings of the 15th International Conference on World Wide Web (WWW’06). 63--72. Google ScholarDigital Library
- Zhi Yang, Chrito Wilson, Xiao Wang, Tingting Gao, Ben Y. Zhao, and Yafei Dai. 2011. Uncovering social network sybils in the wild. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement Conference (IMC’11). 259--268. Google ScholarDigital Library
- Sarita Yardi, Nick Feamster, and Amy Bruckman. 2008. Photo-based authentication using social networks. In Proceedings of the 1st Workshop on Online Social Networks (WOSN’08). 55--60. Google ScholarDigital Library
- Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman. 2006. SybilGuard: Defending against sybil attacks via social networks. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM’06). 267--278. Google ScholarDigital Library
- Haifeng Yu, Phillip Gibbons, Michael Kaminsky, and Feng Xiao. 2008. A near-optimal social network defense against sybil attacks. In Proceedings of the IEEE Symposium on the 29th IEEE Symposium on Security and Privacy (SP’08). 3--17. Google ScholarDigital Library
- Haifeng Yu, Chenwei Shi, Michael Kaminsky, Phillip B. Gibbons, and Feng Xiao. 2009. DSybil: Optimal sybil-resistance for recommendation systems. In Proceedings of the 30th IEEE Symposium on Security and Privacy (SP’09). 283--298. Google ScholarDigital Library
- Jian Zhang, Phillip Porrs, and Johannes Ullrich. 2008. Highly predictive blacklisting. In Proceedings of the 17th Conference on Security Symposium (SS’08). 107--122. Google ScholarDigital Library
- Yao Zhao, Yinglian Xie, Fang Yu, Qifa Ke, Yuan Yu, Yan Chen, and Elliot Gillum. 2009. Botgraph: Large scale spamming botnet detection. In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI’09). 321--334. Google ScholarDigital Library
- Philip R. Zimmerman. 1995. The Official PGP User’s Guide. MIT Press.Google Scholar
Index Terms
- Leveraging Social Feedback to Verify Online Identity Claims
Recommendations
Identity and User Behavior in Online Communities
GROUP '20: Companion Proceedings of the 2020 ACM International Conference on Supporting Group WorkIn online communities, people share and discuss information at all levels of topic sensitivity. Identity policies within these communities range from real names to anonymity. The amount of user engagement, the quality of the information, disinformation ...
Application-layer design patterns for accountable-anonymous online identities
Both anonymity and accountability play important roles in sustaining the Internet's functionality; however, there is a common misconception that increasing the anonymity of Internet identities requires diminishing their accountability, and vice versa. ...
Privacy leakage analysis in online social networks
Online Social Networks (OSNs) have become one of the major platforms for social interactions, such as building up relationship, sharing personal experiences, and providing other services. The wide adoption of OSNs raises privacy concerns due to personal ...
Comments