This paper looks at the crucial issues of security, user privacy, and communication integrity, inherent to the pervasive social networking (PSN) (a cyber-physical social system for nearby strangers) that spans self-organized heterogeneous networks. The authors critique the centralized and decentralized controls as solutions due to the denial-of-service (DoS) vulnerability of the former and the network dynamic topology changes with the associated great communication overhead of the latter. They propose a flexible 2D scheme based on key-policy attribute-based encryption (KP-ABE) to handle the aforementioned challenges.
The authors claim to provide extensive analysis of all associated aspects of their model (for example, security, commotional complexity, communication cost, flexibility/scalability) to prove its performance advantages. They state that PSN faces unique security threats due to its nature, especially when compared to traditional social networks. When connecting with strangers, users have to maintain “inter-trust,” and the utilization of heterogeneous networks leads to a “higher risk of malicious eavesdropping and access by untrustworthy nodes compared with online social networking.”
The authors admit that their previous solution, ciphertext-policy attributed-based encryption (CP-ABE), suffers from the inefficient complexity of message encryption over PSN. In KP-ABE, the trusted server (TS) registers the PSN nodes, distributes a public key (PK_GT) for each registered node to all nodes, and “issues a secret key based on the [global trust, GT] of each node.” As they explain: “each node also has a public/secret key pair based on [local trust, LT]“ and “the public key (PK_LT) of a node based on its current identifier is shared if needed for the purpose of authentication and secure communications.” The TS issues unique certified pseudonyms to the node, “each node reports its social networking records to the TS according to [its] pseudonyms,“ and then the TS can determine each node’s general trust level based on the collected information under its unique registered identifier. Node social networking relies on pseudonyms for node privacy: “each node can anonymously authenticate GT values of other nodes and locally evaluate other node trust based on social networking experiences.”
The paper presents “a scheme to secure communication data based on two dimensions of trust in PSN,” with different possible levels for different social community group communications. The scheme uses three different encryptions to maintain data confidentiality, namely encrypt 1 to 3. Breaking the encrypt-1 and -2 algorithms is as hard as breaking the decisional bilinear Diffie-Hellman (DBDH) NP-hard problem. The encrypt-3 algorithm combines two KP-ABE algorithms together in order to achieve data access control based on both GT and LT; it is shown to be as hard to break as the other two encrypt algorithms. The authors clearly show the control PSN data access protocols with both GT and LT, and present an extensive performance analysis of their approach, including the security process asymptotic time complexities of the involved encryption algorithms, communication cost, scalability, personalized access control , and flexibility, proving their scheme efficiency compared to other approaches.
The authors implement the proposed scheme using the C language and a pairing-based cryptography library running Ubuntu 14.04. They show its applicability using their demo system over Android mobile phones, and a second desktop workstation is utilized “as a service provider to provide mobile services.” The actual tested demo operation times are consistent with their theoretical computation complexity analysis.
The authors are aware of the additional complexity in the process: “in PSN, context is linked to different social activities” and “a more sophisticated policy [is needed] based on context in PSN to achieve a more flexible and fine-grained data protection and access control.” Future improvements include “taking context into consideration in both trust evaluation and data access control” and “a distributed trust evaluation scheme without any dependency on a centralized server.”
In summary, this good read presents the challenges faced in an important field as well as some potential solutions.