Paradigm Shift in the Security-n-Privacy Implementation of Semi-Distributed Online Social Networking

Social Networking Applications has gained tremendous response from all the sections of people across the entire world from last few years. Social networking has crossed all the boundaries and glued whole world population together. Users of OSN (Online Social Networking) sites can re-connect with school friends, find some activity or even life partners, and make new friends. OSN has also revolutionized the business community. Now the companies leverage OSN’s credibility and build their reputation, get invaluable information about the customers. The companies are also using OSN for the advertising and the recruitment processes. However, posting of user information on OSN poses greater threats/risks as identity theft, online stalking, and information leakage. The volume and accessibility of personal information available on social networking sites have attracted malicious people who seek to exploit this information. This imposes greater threat to the users’ privacy and security. In this article many security and privacy challenges currently faced by OSN applications are mentioned. The distributed OSN architecture with an external control module is proposed and a prototype is also presented which overcomes many of the privacy, security, accessibility and identity challenges in different perspectives faced by current OSN applications.


Introduction
Social networking is a new form of interacting on-line where participants in a virtual network can share information and communicate with one another (Murchu et al., 2004).Social networking and community-based online services offer great fun and many benefits, both to individual users and to organizations.Users can re-establish contact with old school friends, find activity or even life partners, create art, and make new friends.Companies can leverage them to build their brand, get invaluable information about what their customers really think, and fix problems as they arise, among many other value-adding activities.However, social networking sites can also be a source of personal information leaks.They can also become a malware attack vector, when not used cautiously (Trendmicro, 2009).All the current social networking sites offer a lot of interesting functionality but also bring potential problems related to privacy, information accountability and ownership of information (Buchegger et al., 2009).The increasing risk of misuse of personal data processed by online social networking applications is evident from computer science research (Nissenbaum, 2006;Helen et al., 2004;Cranor & Lorrie, 2003).
The centralized OSN model, widely adopted by prevailing social networks, makes an explicit trade-off that maintain viable monetary incentives for the provider at cost of sacrificing user control on their own data.In this "walled garden" OSN architecture, all personal information, social data, and relationships are exposed to a single provider, who can generate revenue through content-driven ads placement, or in some cases, selling user datasets.In contrast, distributed OSN architectures take the opposite extreme; total privacy (www.w3.org, 2009).Replacing centralized OSN providers with peer-to-peer (P2P) services (Buchegger et al., 2009;Antonia & Grand, 2009), where no central authority can claim the right to exploit the data, is a proposal that is achieving widespread success among the scientific community.In section 4 we have mentioned some of the security and privacy challenges currently faced by OSN sites.And in section 6; the proposed architecture tried to overcome these challenges.However, it was not possible to overcome all the challenges currently faced by online social networking sites.

OSN Strengths
A few of OSN strengths are mentioned below: 1) People could interact with new people and their already known acquaintances, where in person contact is not possible.
2) Greater number of people could be reached by posting information on the wall.
3) Lot of other useful services is available through the third party applications accessible within the sites.
4) Users reach ability is inevitable with friends and relatives across the world.
5) Business communities' utilizes it to build their brands and for advertising purposes.They could deliver improved customer service and respond effectively to feedback.
7) It's a great way to get you known in the network in your field or industry.
8) Social networking could be used to get feedback on ideas immediately.9) Social networking could be a great way for students to get in touch with other students in the same school.
10) Social Networking sites offer students the opportunity to create a positive self-image.The profiles give them a chance to create the image of themselves that they want people to see by putting their best qualities.

Security and Privacy Challenges
Apart from the strengths discussed above, current OSN applications have a certain number of security and privacy concerns some of which are listed below: 1) A user has no absolute control over the information posted by her, whoever has access to it.
2) The privacy settings in the OSN sites are static in nature (Liu et al., 2011).
3) Any user could post information about you, either favorable to you or vice-versa.
5) The things (Note 1)we post could live there forever.
6) Personal life and business matters are more exposed.
7) Sometimes posting personal information about your vacation, etc could put your life in danger.
8) The application provider could sell the user data to third party application providers, business communities etc for the financial gain (Gao et al., 2011).9) Attackers can spread worms and establish botnets more easily because of the rich and frequent interactions in the OSN.Malware can propagate over social networks via profile, interaction, and third-party applications (Luo et al., 2009).10) The personal information is very useful to attackers.Privacy such as password, bank account and social security number are the very thing attackers are looking for.Once attackers gain these information they can commit further crimes, even identity theft (Cutillo et al., 2009).

Online Social Networking Site Launched (Year) Total Users (2012) in millions
11) In social networks attacker can disguise himself as a legitimate user and uses social engineering to entice other users to click the designed URL.Users in social networks are willing to accept the invitation of strangers and communicate with them.This will lead to a phishing attack (Cutillo et al., 2009).
12) The enormous amount of digital information about the users (i.e, profiles, photos, videos, messages ect.) is located on a single centralized server which poses a greater threat to users privacy and security.

Related Work
Cutillo et al. ( 2009) proposed decentralized OSN based on a P2P architecture whereby basic security and privacy problems as well as the lack of a priori trust and incentives are addressed by leveraging on real-life trust between users, such that services like data storage or profile data routing are performed by peers who trust one another in the social network.It consists of three-tier architecture with a direct mapping of layers to the OSN levels.The user-centered social network layer implementing the SN level of the OSN.The P2P substrate implementing the AS Services.The Internet, representing the CT level each party is thus represented by a node that is viewed as a host node in the internet a peer node in the P2P overlay, and a member in the SN layer.In addition to these nodes, it also features a trusted identification service (TIS), providing each node unambiguous identifiers: the node identifier for the SN level and a pseudonym.
Monica et al. ( 2009) proposed distributed platform that retains the core functionalities of a centralized service with the additional advantage of returning ownership of the data to the user.The existence of a distributed solution offers consumer choice and puts pressure on centralized services to treat the data with the care and discretion they desire.A distributed, technically more efficient, platform may even supplant centralized services if privacy can be monetized to generate new classes of viral applications and more effective targeted marketing.
Geambasu et al. ( 2007) describes a P2P middleware solution that enables users to share personal data based on pre-created views that are based on a SQL-like query language.Access is managed using capabilities, which are cumbersome for a client to carry, can be accidentally shared, broadcasted and are harder to revoke.
The PeerSon system ( 2009) is one of the first P2P design for a OSN.The goal of user information privacy is achieved through symmetric encryption of content stored in a DHT.The P2P network serves mainly as a lookup service: once the two endpoints' contacts have been retrieved from the DHT, direct connections are established.When a friend is offline, update notifications are managed asynchronously through the DHT using a pull approach.Full decentralization and encryption prevent, respectively, the ''Big Brother'' effect and network crawling activities aimed to data collection.However, advanced access control features like highly dynamic group membership are not taken into account.
In Graffi et al. (2009) authors propose a DHT-based storage with access control capabilities for social shared resources.Encrypted items are published together with several copies of the secret key; each copy is encrypted with the key of a user who has access permission for that resource.A drawback of this solution is that when the access control list of a specific content must be changed, a new updated item has to be built and stored again.
User registration phase and secure P2P communications are inspected as well.Narendula et al. (2010) proposed an initial design of such a system, referred to as porkut, where users organize a social network over a P2P overlay with privacy-preserving data access.They briefly outline the system architecture and mainly focus on the distributed storage layer.Specifically, they propose a decentralized mechanism for users to manage their own online social network on top of resources collectively contributed by themselves.Such a design is motivated with several goals in mind: a) It eliminates the requirement for a single big brother who can exploit the users' profile data for his own interest without users' consent.b) It preserves the privacy of individual's social profile content, as they have complete control on who can access which parts of the content.c) It exploits the trust relationships among users in the social network to improve the content availability and the storage performance.Krishnamurthy and Wills (2009) showed that most users on OSNs are vulnerable to having their OSN identity information linked with tracking cookies.Unless an OSN user is aware of this leakage and has taken preventive measures, it is currently trivial to access the user's OSN page using the ID information.The two immediate consequences of such leakage: First, since tracking cookies have been gathered for several years from non-OSN sites as well, it is now possible for third-party aggregators to associate identity with those past accesses.Second, www.ccsen since users be linked w

The Pro
The

. User privileges
Control Module: It is an algorithm shown below designed for the specific purpose integrated with the core application which works as follows; firstly, when a new user registers in the DOSN application, the control module requires filling a validation key (Note 4) from the user along with the other fields; it may be her phone number, address, or anything which uniquely identifies that user.Then the user data; name, password, location, date of birth, phone number etc is stored in the same user system.An access control (Note 5) mechanism is devised to control the access to the user data.

Stop
This access control mechanism is applied to all the replicas and ensures that the user data is safe.None of the following; adversary, third party application providers and the business communities could access the user information directly (Note 6) or even with the service providers consent.If a third party application wants to access the user information, a formal request has to be sent via the service provider's interface to the user's inbox for the verification and for approval.The approval/rejection is at the sole discretion of the user.
Secondly, when a user posts any message on the friend's wall before the message is displayed the control module sends the same message to the targets inbox (Note 7).When the target approves the message, then only the same is displayed on her wall.This mechanism prevents every user to post any type of information on their friend's walls without the consent of the target user.Thirdly, when the user adds a new friend in her list, the privacy settings are dynamically generated by the control module for this friend.So, every time a user adds new friend to her list, she has to set the privacy settings for that contact.These privacy settings are editable.Users could change the existing privacy settings as per the requirement later.Lastly, the privacy settings for the friend-of-a-friend remain same as are with the newly added friend.
Some notations used in the following algorithm are 'un' is the username, 'pw' is user the password, 'r' is registration variable, 'p' is used for the publish option,'m' is the message, 'f' is the friend variable, and 'ak' is used as access key, 'pcy' is used for privacy setting variable, 'inbx' is the friend inbox variable.

Working Steps
The algorithm shown is summarized into the following points: Case I: If the user is registered: • The user adds a new friend in her list with the new dynamic privacy settings for that user.
• The user requests to post a message on her friend's wall or a photo view.
• The control module forwards this request to the friend's inbox for the verification with the approve / delete option.
If the friend approves the request, it is published on the friend's wall.
Case II: If the user is not registered: • The user has to register herself with the application by providing the validation key along with all details.
• The control module generates an access control list and stores it with user data.
• Now the user is ready to login.

Advantages
1) Distributed architecture of OSN application could be utilized for more availability, security, privacy of user data, which is considered to be the most important requirement for current OSNs.
2) The de-centralization of the OSN increases the availability of the network for the users and prevents the D-O-S attacks (Kryczka et al., 2009).
3) The privacy settings for the newly added contacts are dynamic with the inclusion of control module with the application.
4) As far as security is concerned the user data (photos, videos, messages etc.) is stored in the user systems with an access control mechanism.
5) Privacy of users' data is maintained by utilizing the relationships among the users and the verification/approval of data to be displayed by sending the notification to the users' inbox.
6) The distributed architecture of OSN is robust via the detection and cleaning of malicious and infected nodes in the network (Duma et al., 2006;Fung et al., 2008).
7) A user could write on the wall; view the photographs of her friend only if she has the required privileges in the ACL, after getting the required permission from her friend or acquaintance.
8) At the time of registration a user has to fill a key which uniquely identifies that user, so there is no possibility of anonymous users.9) Low implementation costs for service providers as the provider only needs to store basic user info, social graphs and core application part the rest of the user data is stored in the user systems.
10) With the help of unique validation key users' identity in the system is protected from any identity theft.
11) With the help of same validation key the program bots could not register and appear as legitimate user in the system.

Drawbacks
1) The user data for the availability purpose is replicated among many user systems that make the data redundant.
2) All the data in the system is distributed in nature so the data Synchronization must be maintained all the time.
3) Advanced routing algorithms (Note 8) need to be implemented at the routers.
4) The requirement of validation key for the registration purpose by the application; some users are reluctant to disclose any kind of personal information.
5) Maximum uptime of user systems to maintain the data availability.
6) The user could post any type of information on her own wall about herself, friends, friend-of-a-friend or anybody else.

Conclusion
By implementing the proposed architecture, OSN's will be more secure, and reliable rather than having the threat of losing the privacy of users information, the user data and identity will be more secured in this architecture.However, there are some disadvantages related to this system which are discussed in section 6.2; while designing the architecture users concerns were considered to be more important.Social networking is meant to bring people with similar interests together.These sites allow people to communicate with each other and meet people with similar ideas.OSN is a great tool for business purposes if used correctly, the business communities are now turning to various OSN's to increase their product advertisement and awareness.Information spreads faster through OSN than a real life network.And this information sometimes harm the users; when it travels through spheres, and ends up with the people to whom it was not intended for.This poses a serious threat over the user's privacy, and security.The Proposed Distributed Architecture addressed some common privacy, security, and accessibility challenges faced by the OSN's today.In our future work we will consider some type of control over the users own wall postings and more concrete mechanism to prevent program bots registering with the applications and will also try to overcome more privacy, security and accessibility challenges with the current OSN's.

Figure
Figure 2. A

Table 1 .
Number of OSN users