Online Social Network Security

1. Conventional Security Services

The following are considered to be the security services which can be provided optionally within the framework of the OSI Reference Model. The authentication services require authentication information comprising locally stored information and data that is transferred (credentials) to facilitate the authentication.

Authentication

These services including peer entity authentication and data origin authentication can provide for the authentication of a communicating peer entity and the source of data.

Access control

This service provides protection against unauthorized use of resources accessible via OSI. These may be OSI or non-OSI resources accessed via OSI protocols. This protection service may be applied to various types of access to a resource or to all accesses to a resource.

Data confidentiality

These services including connection confidentiality, connectionless confidentiality, selective field confidentiality and traffic flow confidentiality can provide for the protection of data from unauthorized disclosure.

Data integrity

These services including connection integrity with recovery, connection integrity without recovery, selective field connection integrity, connectionless integrity and selective field connectionless integrity can counter active threats.

Non-repudiation

This service may take one or both of two forms: non-repudiation with proof of origin and non-repudiation with proof of delivery. Non-repudiation with proof of origin: The recipient of data is provided with proof of the origin of data. This will protect against any attempt by the sender to falsely deny sending the data or its contents. Non-repudiation with proof of delivery: The sender of data is provided with proof of delivery of data. This will protect against any subsequent attempt by the recipient to falsely deny receiving the data or its contents.

2. Social Network Security Objectives

Three main security objectives are privacy, integrity and availability.

Privacy

Privacy in OSNs encompasses user profile privacy, communication privacy, message confidentiality and information disclosure. In principle, privacy calls for the possibility to hide any information about any user, even to the extent of hiding their participation in the OSN in the first place. Moreover privacy has to be met by default all information on all users and their actions has to be hidden from any other party internal or external to the system, unless explicitly disclosed by the users themselves. Requiring explicit disclosure leads to the need for access control. Access to information on a user may only be granted by the user directly the access control has to be as finegrained as the profile, and each attribute has to be separately manageable.

Integrity

The user’s identity and data must be protected against unauthorized modification and tampering. In addition to conventional modification detection and message authentication, integrity in the context of OSNs has to be extended. The authentication has to ensure the existence of real persons behind registered OSN members.

Availability

In OSNs, this availability specifically has to include robustness against censorship, and the seizure or hijacking of names and other key words. Apart from availability of data access, availability has to be ensured along with message exchange among members

3. Differences

Conventional security services also provide the authentication, access control and non-repudiation services while OSNs do not. OSNs provide the privacy and availability services while conventional security services do not. And OSNs extend the integrity service.

It’s because social network contains mass of the real information. And information or message posted to the social network can reflect the real life of the owners. So the privacy is very important. Majority members act on the social website every second. And some applications whether they are third-party applications or not need the information from the social network. So the social network should provide the availability services. In other networks, different networks have different demands in the security services.

4. Revise

The second part of the blog contents was come from the lecture notes 10 (slides 6-10). The first part of the blog contents was come from the internet. URL: http://en.wikipedia.org/wiki/Security_service_%28telecommunication%29. And the third part comes from my own ideas after the reading and comparison between the conventional security services and OSNs.

Security of Social Network

In the lecture 8, we keep on learning SNA especially the two SNA examples about the PageRank and HITS. And we get some knowledge or concept about the newly developed area of social network, that is to say, semantic web in the lecture 9. We finally learned several kinds of security phenomenons or problems of the social network in lecture 10. The knowledge of semantic web is totally new to me. And I get to realize the importance of the security of social network.

Security of the social network has become an increasingly important issue nowadays. Then what the definition of network security is? Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs conducting transactions and communications among businesses, government agencies and individuals.

I have just read a news about it. It’s in Chinese.

社交网络安全问题严重

北京时间1月6日消息，据外国媒体报道，ZoneAlarm最近发表一份安全报告指出，目前Facebook上的垃圾信息问题严重，超过20%的链接为病毒。

ZoneAlarm在近期发表安全报告中指出，Facebook目前每月拥有8亿的活跃会员，其中超过400万人会被垃圾信息骚扰，更为严重的是，在Facebook的所有连接中，超过20%的讯息链接是病毒。

据了解不久之前Facebook上就广泛流传“2012 世界末日预言”和“全智贤撕裙广告”的图片，但是这些都是恶意应用程序，在用户点击进去之后，该应用程序就会自动在用户的页面上自动分享，是用户成为垃圾信息的发送中心。

近期国内也出现了中国互联网有史以来波及面最广、规模最大的泄密事件。去年12月21日以来，CSDN、天涯、人人网、世纪佳缘等多家网站被曝遭到黑客攻击，包括密码等大量用户数据库被公布在互联网上，引发广泛关注。一时间，修改密码成为网友的头等大事。

随着社交网络的快速发展，由于社交网络账户中包含着大量的用户个人信息，其中包含着巨大的商业价值，而使其成为黑客攻击的新重点目标。

建议用户加强自身的账号安全意识，不使用未经授权的可疑应用程序；采用安全性较强的密码；不接受未知朋友的邀请；不点击可疑链接；注意识别朋友分享的信息与状态。

转载自：http://www.molei.net/article/68629.html

Perhaps the related laws should be set and technical methods of the website must be taken. But in the aspect of the users of the social network. Here is some tips.

Be careful with your password. Do not enter the password on another website without checking. The website can also be one phishing sites whose targets are your Facebook, Twitter, MySpace, Renren, Weibo accounts.

Be careful with the third-party application. Try to make sure the application is not a virus or something before you give the authorization to it.

Do not click on the links strangers put on your comments without checking. Some viruses may be installed on your computer without your attention while your clicking.

Since it is already an information age nowadays, perhaps we should relax and enjoy the happiness the social network can bring to us after we ensure that we are not one of the victims or disseminators of viruses or malicious plugs.

If you want to learn more tips about the security of the social network, you can watch the following video.

Reference: http://en.wikipedia.org/wiki/Network_security

 http://tech.hexun.com/2009-02-16/114504139.html

Social Network Analysis

1. Describe briefly what is social network analysis(SNA)

A social network is a group of collaborating individuals or entities that are related to each other.

SNA(Social Network Analysis) is the study of the pattern of interaction between actors which focuses on the social actor and the relationship between the actors.

In SNA, Social network is formally defined as a set of social actors, or nodes, members that are connected by one or more types of relations. The units are most commonly individuals, groups or organizations, but in principle any units that can be connected to other units can be studied as nodes, such as web pages, blogs, emails, instant messages, families, journal articles, neighborhoods, classes, sectors within organizations, positions, or nations.

2. Example to explain the social network analysis

The following is a social network formed by 5 students.

(a). Describe the above social network according to your best knowledge.

It seems to be one mode network since the five people are of the same type. And this graph is a undirected graph. It consists a set of nodes and links. And the direction of a link is not presented, in which case the existence of a link between Alice and David necessarily implies the existence of a link from David to Alice.

I think acquaintances or friends can be the relation between them.

Alice knows Bob, Carol and David.

Bob knows Alice and David.

Carol knows Alice and David.

David knows Alice, Bob, Carol and Eva.

Eva only knows David.

The two people linked with each other know each other or they are friends or acquaintances.

Of course, the network or links can be some other kinds of relations which are undirected in social network.

(b). Within this social network, who is the most influential?

1). Present the network in a matrix:

	Alice	Bob	Carol	David	Eva
Alice	-	1	1	1	0
Bob	1	-	0	1	0
Carol	1	0	-	1	0
David	1	1	1	-	1
Eva	0	0	0	1	-

It seems that David have the most connection in this network.

2). Density:

Density of the network:

3). Centrality

Centrality identify which nodes are in the ‘center’ of the network.

Degree Centrality: Degree centrality is the sum of all other actors who are directly connected to the actor in concern.

According to the definition:

	Degree Centrality
Alice	0.75
Bob	0.5
Carol	0.5
David	1
Eva	0.25

Closeness Centrality: Closeness represents the mean of the geodesic distances between some particular node and all other nodes connected with in. Describes the average distances between one node and all other nodes connected with it.

According to the definition:

	Closeness Centrality
Alice	0.8
Bob	0.67
Carol	0.67
David	1
Eva	0.57

Betweenness Centrality: It is a measure of the potential for control as an actor who is high in “betweenness” is able to act as a gatekeeper controlling the flow of resources (information, money, power, e.g.) between the alters that he or she connects.

According to the definition:

	Betweenness Centrality
Alice	0.17
Bob	0
Carol	0
David	0.83
Eva	0

After the comparison, we can find that the value for David whether it is in the degree centrality, closeness centrality or betweenness centrality is bigger than the other four people. David has the most connections with the other four people. If you want to transmit some information in this network, the best way is to transmit the information through David in most case. Besides, David functions as a gatekeeper who can control the flow of information etc in this network. If you want to control this network, the best way is to control David.

(c). Findings and implications based on the data.

Except the information that David is the key node in this network, we can find Eva is almost an isolate node except the connection with David. Information etc can be transmitted without passing through Bob, Carol and Eva. Bob and Carol seem to be not so important in this network except Eva.

If this is a relationship network, we can find that David and Alice might be more outgoing and easygoing. They have more friends and they can get more information. David might be the head of the group. Eva might be shy who will not make friends with strangers easily.

If this is a social network on the Internet, twitter for instance, we can guess the information on David’s or Alice’s homepage must be more interesting than the others. They have higher reputation than the others. And they must log on the website frequently. Eva might just simply register on the website and forget about it after that. David and Alice is more active in this social network. And you can get more information about all the five people and even make friends with them through David if you also have connection with David. This is the fastest way to get into this network.

Six degrees of separation and Human flesh search

    In the lecture 4 & 5, we have learned what a good blog should contain. Besides, the lectures remind of us that the social medias are valuable for marketing, for they can help to connect the buyers or the similar products together to promote the products etc. They can also set up the connection who have the same interests in some aspects. People interact with each other and set up a network which leads to the development of social computing and other applications.

After having some knowledge about the social computing and doing the calculation in recent classes, I think the social network both shortens the distance between people and endangers us to some degree.

I would like to mention two concepts here: Six degrees of separation and Human flesh search.

Six degrees of separation refers to the idea that everyone is on average approximately six steps away, by way of introduction, from any other person on Earth, so that a chain of, "a friend of a friend" statements can be made, on average, to connect any two people in six steps or fewer. It was originally set out by Frigyes Karinthy and popularized by a play written by John Guare.

   The concept is appropriate when the network is not taken into consideration. Nowadays we can leave a message to the people directly especially on Facebook or Twitter etc. Social network has made the distance between people to become even shorter. 

In this case, how to use the social network to reach your goals is a meaningful issue or skill. Can you get the hiden information or find the relation after reading several news about different people? Or can you find the potential market in the social network? Or can you find the exact people and get to contact with him/her? Although social network can help us solve some problems which cannot be solved before, there is still a problem that it can be used to do human flesh search.

Human Flesh Search is a primarily Chinese internet phenomenon of massive researching using Internet media such as blogs and forums. It has generally been stigmatized as being for the purpose of identifying and exposing individuals to public humiliation, usually out of Chinese nationalistic sentiment, or to break the Internet censorship in the People's Republic of China. More recent analyses, however, have shown that it is also used for a number of other reasons, including exposing government corruption, identifying hit and run drivers, and exposing scientific fraud, as well as for more "entertainment" related items such as identifying people seen in pictures.

   It brings people harm. People may be interested in the life of someone perhaps he/she made a small mistake in the public or perhaps he/she is simply a "nerd". Once the human flesh search of him/her begins, nothing of him/her will be privacy. This might finally lead to the collapse of him/her and even the whole family. 

   If you want to know exactly about the Six degrees of separation, you can watch the video below. Reprinted from http://www.youtube.com/watch?v=EVhx96Oml3U.

Gained knowledge and some sharing

We have been learning social network for around four weeks now.

In the first three weeks, we get to understand social network gradually. We define social network and realize that social network is not simply a communication platform. It contains so much information that it has much function including social computing etc for instance. We have various social experiences when we are in different social networks acting as different roles. Knowledge about memory as well as cognition is new to me to some degree when they are used in social network.

I got some new knowledge about the genre of the social network during the learning. I thought that only the Facebook, Twitter, Renren, Weibo and that kind are social network. I didn’t realize recruitment websites or witkey websites are also social networks. And I would like to recommend some useful websites here since we all prepare to work now.

http://www.zhubajie.com/ is my favorite witkey website in Chinese mainland. And we also have http://www.witkeysky.com/html/index.html , http://www.taskcn.com/ and http://www.vikecn.com/ etc.

And we can not only find jobs in the Career Planning and Development Centre of our school. http://jijis.org.hk and http://www.jiujik.com/jshome_b5.html are also the local websites to find jobs in Hongkong. This information is what I would like to share.

Besides, information flood in this era, what and how can we select to read and accept is the most important issue that I concern. And how can we pick out the right information for our decisions to base since there is so much in the social network.

The answer is about the cognition in my opinion. We should collect data, come up with the information and form our knowledge basing on the information we get.

Epistemic cognition is the third level of cognition which can solve this question to some degree. It is also the highest level that led to construction of new knowledge. People share with or learn from the others to produce new knowledge. It is also a process to convince oneself. Epistemic cognition is built on the true beliefs and former knowledge of individuals. After making sure the certainty and sources of knowledge, people start to do analysis and justifications. After this process, they get their own new knowledge. They choose the information and knowledge they trust and make the final decision. They will surely not accept all what they have received. So we should keep thinking while reading especially when we are surfing in the social networks.

If you has any thoughts about this blog, I welcome you to give me more different ideas and information.