Encryption for Peer-to-Peer Social Networks

Abstract

To address privacy concerns over online social networking services, several distributed alternatives have been proposed. These peer-to-peer (P2P) online social networks do not rely on centralized storage of user data. Instead, data can be stored not only on a computer of a profile owner but almost anywhere (friends' computers, random peers from the social network, third-party external storage, etc.). Since the external storage is often untrusted or only semi-trusted, encryption plays a fundamental role in security of P2P social networks. Encryption, however, also adds some overhead in both the time and space domains. To be scalable, a system that relies heavily on encryption should use as efficient algorithms as possible. It also needs to provide the functionality of changing access rights at reasonable cost, and, crucially, the system should preserve privacy properties itself. That is, beyond user data confidentiality, it has to protect against information leakage about users' access rights and traffic analysis. In this paper we explore the requirements of encryption for P2P social networks in detail and propose a list of criteria for evaluation. We then compare a set of approaches from the literature according to these criteria. We find that none of the current P2P architectures for social networks manages to achieve secure, efficient, 24/7 access control enforcement and data storage. They either rely on trust, require constantly running servers for each user, use expensive encryption, or fail to protect privacy of access information. In the search for a solution that better fulfills the criteria, we found that some broadcast encryption (BE) schemes exhibit several desirable properties. We thus propose to use BE schemes with high performance encryption/decryption regardless of the number of identities/groups for an efficient encryption-based access control in the P2P environment. We define relevant properties for the BE schemes to be used in the P2P social network scenario and describe advantages that such schemes have compared to encryption techniques used in existing P2P architectures.