1 / 26

FaceTrust : Assessing the Credibility of Online Personas via Social Networks

Michael Sirivianos , Kyungbaek Kim and Xiaowei Yang in collaboration with J.W. Gan , C. Carlon and D. Jiang Duke University and UC Irvine Aug 11 @ HotSec 2009. FaceTrust : Assessing the Credibility of Online Personas via Social Networks. Motivation.

dorit
Download Presentation

FaceTrust : Assessing the Credibility of Online Personas via Social Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Michael Sirivianos, Kyungbaek Kim and XiaoweiYang in collaboration with J.W. Gan, C. Carlon and D. Jiang Duke University and UC Irvine Aug 11 @ HotSec 2009 FaceTrust: Assessing the Credibility of Online Personas via Social Networks

  2. Motivation • Online world without identity credentials: • Makes determining who and what to believe • difficult

  3. Outline • Why do we need a stronger online identity? • Design • Social Tagging • Assessing Credibility • OSN-issued Credentials • Evaluation • Conclusions and work in progress

  4. How can Identity Credentials help? • Trustworthy online communication: • Dating websites, Craigslist, Amazon reviews, eBay transactions, first contact in OSNs • “I work in ...”, “I am a good seller”, “My name is ...” • Access control • Age-restricted sites • “I am over 18 years old” • Malware defence • “I am a reputable software author”

  5. Our Solution • Relaxed (not absolutely verified) credentials • bind an online statement (assertion) to • the probability this assertion is true • for not very critical applications, but they • can help users or apps make informed decisions • Online social network users verify their friends’ • verifiable identity assertions • OSN providers issue credentials on a user’s • assertions using his friends feedback

  6. Outline • Why do we need stronger online identity? • Design • Social Tagging • Assessing Credibility • OSN-issued Credentials • Evaluation • Conclusions and work in progress

  7. Design: Social Tagging • Users post facts/assertions on their OSN profiles: • “Am I really over 18 years old?” • Friends tag those facts as TRUE or FALSE • OSN-based crowd-vetting

  8. Challenges: • Friends can collude and lie for each other • Dishonest users may create many fake OSN • accounts, aka Sybil attack • Our approach: assess the credibility of taggers • using a trust metric

  9. Design: Assessing Credibility (1) • Advogato Trust Metric: • Attack-resistant [Levien et al., Security ’98] • Input:Graph with trust edges that indicate a trust • level X between nodes. • Output: The nodes that can be trusted by at least X.

  10. Design: Assessing Credibility (1) • Advogato Trust Metric: • Input:Graph with trust edges indicating trust level X between nodes. • Output: The nodes that can be trusted by at least X. 100% trusted node 75% trusted node 25% 75% 100% 50% 75%

  11. Design: Assessing Credibility (2) • Trust edges annotated with tagging similarity • between friends • #same-tags / #common-tags • e.g., if two friends have tagged 2 common facts • of the same user and agree on only one tag, • they have similarity 50%

  12. Design: Assessing Credibility (3) • Use Advogato to compute the tagging credibility • (or weight) in [0, 1] of tags made by each user i : wi • Use weighted average of tags by friends iof j on • j’s assertion (dij = +1 if TRUE, -1 if FALSE) to • compute credibility of j’sassertion: • max(iwi * dij/ iwi, 0)

  13. Design: OSN-issued Credentials • Relaxed credentials issued by the OSN provider: • {assertion type, assertion, credibility} • idemix [Camenisch et al. EuroCrypt 01, CCS 02] • Obtain cryptographic credential from credential authority • Prove possession of credential to verifying authority • without revealing identity • Verifying authorities cannot link credential showings • Firefox plugin based on idemix Java code • If unlinkability (surveillance-resistance) not required or • if required but the user does not mind creating multiple • credentials for the same assertion: • use simple web based credential, e.g.,

  14. An Age Example

  15. An Age Example

  16. An Age Example

  17. Outline • Why do we need a stronger online identity? • Design • Social Tagging • Assessing Credibility • OSN-issued Credentials • Evaluation • Conclusions and work in progress

  18. Evaluation • How well do credibility scores correlate with truth? • Can the design withstand dishonest user tagging and • Sybil attacks? • Experimental Setting: • Honest and dishonest users make one assertion each • Dishonest users tag both dishonest and honest • assertions as TRUE • Obtain average credibility of honest and dishonest • assertions

  19. The #tags per user matters • 10% dishonest • As #tags increase, honest users have more credibility • Dishonest users always have low credibility • Sybils have slightly more credibility than dishonest

  20. Credibility is robust as %dishonest increases • at most 20 tags per user • Honest users always have high credibility • Dishonest user credibility not high even when 50% • Sybils have slightly more credibility than dishonest

  21. Conclusions • FaceTrust is: • An OSN-based approach to identity verification: • crowd-vetting through social tagging • relaxed and lightweight credentials • Employs robust trust metric for attack resistance • Employs anonymous credentials to preserve privacy

  22. Work in Progress • Need to validate our hypotheses: • That users are willing to tag • do they find tagging fun and useful? • That users mostly tag accurately • are there many honest taggers? • Facebook application up and running • we are collecting usage data, tags and social graph • Exploring other trust metrics: • TrustRank [Gyongyi et al. VLDB 04]

  23. Thank You! Facebook application “Am I really?” at: http://apps.facebook.com/am-i-really Questions?

More Related