12345678910111213141516171819202122232425262728293031323334353637383940414243444546 |
- Researchers Luo, Xiu, and Hengartner of the University of Waterloo in Ontario propose an architecture to protect personal information on social networking platforms \cite{luo2009facecloak}. Protection is achieved by transmitting fake data to the social network server and storing the correct data encrypted on a third party server. Authorized users can then replace the fake data with the correct data when they visit the site containing protected data. The prerequisite is that all users use a specific browser extension that communicates with the third party server and replaces content. In concrete terms, this was implemented for Facebook and both a server and an extension for the Firefox browser were developed and successfully tested.
- \subsubsection{Design Principles}
- FaceCloak's design is based on the following four principles:
- \begin{itemize}
- \item \textbf{Preservation of normal browsing experience}: In order to provide the best possible user experience, the solution should function largely automatically and require only a minimum of interaction.
- \item \textbf{No server-side changes}: The mechanism for protecting personal data should not require any server-side changes.
- \item \textbf{Self-containment and minimal user configuration}: Regardless of the technical abilities of a user, the configuration effort (e.g. the installation of a certain software) should be limited to a minimum and be feasible by everyone.
- \item \textbf{Incremental deployment}: Compatibility between users with and without using the special extension should always be ensured and should never prevent users from no longer being able to contact each other.
- \end{itemize}
- \subsubsection{FaceCloak Architecture}
- After validating several available solutions for personal data protection, the researchers decided that a client-side architecture was the best solution for automatic protection. Figure \ref{fig:facecloak-architecture} shows this architecture schematically.
- \begin{figure}[h!]
- \centering
- \includegraphics[width=0.7\textwidth]{facecloak-architecture}
- \caption{Schematic representation of the Setup Phase (1), Encryption Phase (2) and Decryption Phase (3) and the data flow taking place between the entities in FaceCloak's architecture. \cite{luo2009facecloak}}
- \label{fig:facecloak-architecture}
- \end{figure}
- During the setup phase, the browser extension is installed, and the encryption keys are generated. Afterwards, the keys for decryption are shared with the trusted contacts. In phase two, when data worthy of protection is stored, it is transmitted in encrypted form to a third party server and stored there. Only fake data is transmitted to the social network server. In phase three, whenever an authorized contact calls up a profile page and fake data is transmitted by the social network, the extension takes care of the replacement with the real data.
- In addition to adhering to the above design principles, the proposed architecture makes the following contributions:
- \begin{itemize}
- \item The functionality of the service and the interface is not limited by the use of FaceCloak.
- \item The user decides which information should be protected and which not.
- \item The architecture can be applied to any social network.
- \end{itemize}
- \subsubsection{FaceCloak for Facebook}
- To protect the privacy of Facebook users, Luo, Xiu, and Hengartner have developed a Firefox browser extension according to the previously described architecture, as well as a server application for storing encrypted real data \cite{facecloakXXXXdownload}.
- The extension uses \ac{AES} and a key length of 128 bits to encrypt the data. The indices for the encrypted data are calculated using SHA-1. The authors propose an e-mail for the key exchange. For this purpose, the browser extension automatically generates e-mail texts and recipient lists and forwards them to the standard e-mail program. The recipients then have to store the received keys in the extension manually.
- In order to protect data with FaceCloak, the prefix @@ must be added to the information in a text field. For other form elements such as dropdowns, radio buttons or checkboxes, the extension creates additional options that also start with @@. When submitting the form, the extension intervenes and replaces the data marked with @@ with fake data. The data to be protected is encrypted with the stored keys and transferred as a key-value pair to the third party server where it is stored. FaceCloak can protect all profile information, but only for name, birthday, and gender algorithms for the meaningful creation of fake data are implemented.
- In addition to profile information, the extension can also protect Facebook Wall and Facebook Notes data. The contents of arbitrary Wikipedia articles are transmitted as fake data to avoid attracting attention with random and unusual character strings.
- When loading a profile page that contains protected data, the extension with asynchronous \ac{HTTP} requests retrieves the information from the third party server, decrypts it, and replaces the fake data. A large part of the replacement can thus be performed during the load process so that the user does not see the fake data. However, since Facebook also loads content asynchronously, some replacements can only be performed with a time delay and the fake data is shortly visible.
- The keys have to be transferred to all devices and stored in the extension to use the same account. It is not possible to use multiple accounts with the same Firefox profile, as all data is stored in the extension and these are always bound to exactly one Facebook account.
- The latest version 0.6 from August 2010 cannot be installed in the current Firefox (version 65). Furthermore, it is unknown if the server is still running. Therefore it is not possible to check if the extension still works. Due to the numerous updates and sometimes severe changes that Facebook has experienced in the last eight years, it is doubtful that the extension will still function today. At that time, however, it was successfully applied and proved that the proposed architecture worked.
|