TABLE OF CONTENTS
Abstract
Contents
List of Acronyms
CHAPTER ONE
1 Introduction
1.1 Background Information
1.2 Statement of Problem
1.3 Objectives
1.4 Methodology
1.5 Outline of the Thesis
CHAPTER TWO
2 Literature Review
2.1 Literature Survey
2.2 Cryptography Security
2.3 Secret Sharing Scheme
2.3.1 Share Distribution
2.3.2 Key Reconstruction
2.4 Data-based Access Control
2.5 Hash Function
2.5.1 Types of Hash Function
2.6 Cryptography Encryption
2.7 Symmetric Key Cryptography
CHAPTER THREE
3 Design of the Work
3.1 Introduction
3.2 Modeling
3.3 Pro le Structure
3.4 Algorithm Selection
3.4.1 Hash Algorithm
3.4.2 Secret Key Algorithm
3.5 Examples using Indirect Access Control Method
CHAPTER FOUR
4 Implementation
5 Results and Discussion
5.1 Introduction
5.2 Evaluation
5.2.1 Con dentiality
5.2.2 Scalability
5.2.3 Flexibility
CHAPTER SIX
6 Conclusions and Recommendations
6.1 Conclusion
6.2 Recommendation
References
Appendix
Abstract
Social networking has become a popular way to be in contact with each other. In social networking, people tend to share a wide range of information with other users of the networking site. Here, security of personal information has become a most critical issue. One of the important issues in online social network is that how user privacy is protected because online social network providers have full control over users' data. The online social network providers typically store users' information permanently. Meanwhile, the trend in information security is mov-ing the security perimeter as close to the data as possible. We want to move the perimeter closer to the data, but do this without being able to derive who is accessing which data. An e cient privacy protection mechanism is important for online social networking sites that can be used to protect the privacy of online users' data from third parties. An access control mechanism shifts the control over data sharing back to the users by providing them with exible and dynamic access policies. Hence, instead of relying on credentials given by a person trying to access information, there is a need to protect the data using only the data itself. In this context where decryption of data is made possible by already knowing some part of the data. This thesis work discusses the implementation of data based access control in social networking sites. That is, personal information is made available only to those who already have some of this information. We de ned and analyzed types of data based access control methods (direct, indirect and order-invariant data based access control methods). An e ort is made to design suitable policy in order to apply them to social networking sites. We implemented our solution in a prototype platform for social networking sites using a Java based prototype and My Structured Query Language (MySQL) database. Our experimental re-sults verify the e ectiveness of indirect data based access control method over social networking sites. This mechanism provides enhanced security features from both eavesdrop attacks and provider attacks. Moreover, we present a performance study of the implemented prototype.
Chapter 1
Introduction
1.1 Background Information
A social networking website is an online platform that allows users to create a public pro le and interact with other users on the website. The rst social net-working site SixDegrees.com was launched in 1997 [1]. Six Degrees allowed users to create pro les, list and message their friends and traverse friend's listings, thus tting the de nition above. Even though there were millions of users, users did not have many direct friends and Six Degrees did not o er much functionality besides messaging. The website nally shut down in 2000 [1]. During and after this period other websites started adding Online Social Networks (OSN) features to their existing content, essentially becoming OSNs, with various degrees of suc-cess. In the years that followed, new OSNs started from scratch and began to o er functionality beyond simply listing and browsing friends.
When registering to a social network, the user will be given an account and a pro le, where he or she is able to modify personal information, specify relation-ships with other users and even manage personal resourses, such as comments and photos. So there is a need to protect sensitive information from unauthorized people. The traditional access control implemented in social networks is based on the relationship between each user. A member from a social network can decide which personal information is accessible by marking a given item as public or pri-vate. Although this approach has the advantage of being easy to implement, lacks exibility. The relationship settings do not allow users to specify their own access control requirements, which might lead to a too loose or too restrictive access control policy [2]. Moreover, social networks store information remotely, rather than on a user's personal computer. This means the privacy policy may change at any time without a user's permission. Due to this content that was posted with restrictive privacy settings may become visible....
================================================================
Item Type: Project Material | Size: 60 pages | Chapters: 1-5
Format: MS Word | Delivery: Within 30Mins.
================================================================
