Wednesday, August 21, 2019

Security Issues of Social Networking Sites

Security Issues of Social Networking Sites C. Divya Gowri, K. Rajalakshmi, PG Scholar, S.Suresh AbstractSocial Networking Sites (SNS) are a platform to build social relationship or social networks among people. It is web-based service which allows people to create public profiles; it is similar to online community. The only difference is social network service is individual centred whereas online community is group centred. It groups the individuals into specific groups for communication purpose. Millions of people like to meet other people, share and gather information, share information about their work like cooking, finding employment, e-business, e-commerce, etc., SNS involves getting access to the website you wish to socialize. Once you are granted, you can read the profile pages of others and even contact them. These SNS has greatest impact on the people who use them. Today billions of people across the world have their profiles in social networking sites. SNS becomes reason for addiction and anxiety. It starts affecting the personal relationship. This paper focuses on th e impacts of these social networking sites. Key Tems: Social Networking Sites, Personal privacy, Security issues. I. Introduction Social Networks [13] involves use of Internet to connect the users with their family, friends and acquaintances. Web-based social networking services connect people to share interests and activities across political, economic, and geographic borders. Online Social Networking sites like Twitter, Facebook, and MySpace have become popular in recent years. Social Networks have become a personal fabric of the world. In such SNS, each of your Followers (Twitter) or Friends (Facebook) will be friend with your other friends just like in real world. The connection between people is not one-on-one but a network of connection. These social networks keep track of all interactions used by their users on their sites and save them for later use. It allows users to meet new people, stay in touch with friends, and discuss about everything including jokes, politics, news, etc., Using Social networking sites marketers can directly reach customers, this is not only benefit for the marketers but it also benefits the users as they get more information about the organization and the product. There is absolutely no doubt that online social networks have become part of every individual. Though the use of these SNS is increasing day by day, the users are not aware of risks associated with updating sensitive information. Facts prove that majority of people post information like photos, share location unaware of security and privacy concerns. SNS definitely needs many security policies to keep user’s information secured. II. Literature Survey 2.1 Privacy Issues Security Risks With the use of SNSs, the security risks [4] [12] associated is also increasing rapidly. Some of the risks include cyber stalking, phishing, location disclosure, identity theft, Phreaking, Spoofing, Doxing, spam issue, profile cloning, fake product sale and cyber bullying. People provide their personal data while creating account on SNSs like Facebook, Twitter, etc. The secured data is stored in SNS and because of poor security; the data stored are not secure. Cyber Stalking It is the use of SNS to harass/stalk an individual, group or organization. It includes monitoring, vandalism [15], and gathering of information that may be used to threaten the SNS users. Phishing Phishing [7] is attempting to acquire sensitive information like username, password, and credit card information by masquerading through SNS. Location Disclosure SNS can disclose user’s information [10]. An application named ‘creepy’ can track location of the user on a map by photos uploaded in Flicker or Twitter. Identity Theft Some hackers attack through application in which they ask permission for accessing their profile of SNS (Facebook, Twitter, etc.). When SNS users allow doing so, hackers get all information so that they can misuse users’ information without their knowledge or permission. Phreaking It is gaining unauthorized access to a user’s profile. It is advisable not to give phone numbers, passwords that provide direct access to a user’s profile. Spoofing Some attackers deceive computers by faking one’s identity. IP spoofing masks or hides computer’s IP address. Doxing It is publicly posting a person’s identity including full name, address, pictures, date of birth typically retrieved from any social sites. Spam Issues SNS is widely spread with spam. It includes message spam and content spam [5] [6]. Spammers attack legitimate users account and post unwanted messages/comment on their wall or send those content to their friends so that the reputation of the legitimate users is spoiled. Profile Cloning Profile Cloning [3][8] is that the hackers retrieve the profile information of the SNSs users and make a clone of the profile. They make this clone to spoil the reputation of the users. This is one of the most popular risks associated with the SNSs and it is also done without the permission or knowledge of the SNS user. Another form of profile cloning is â€Å"Cross-site profile cloning†. In this method, hackers steal information from one social site and make this information to create a profile in another SNS. Fake Product Sale The hackers advertise on the SNSs for selling products by offering huge discount and free products. When users try to purchase these products, they are asked to provide account information which is retrieved by attackers and they misuse the information. Cyber bullying Cyber bullies [10] often post information that spoils the reputation of a SNS user; also they spread lies about them, write hateful comments, and upload disgusting photos or abusive images. 2.2 Attacking scenarios Click Jacking In this type of attack, attackers post videos and when the users click on the page, some malicious actions takes place. This type of attack is common in Facebook where users like a page or a picture or a video and the users are trapped. Content Based Image Retrieval In this attack [9], the attackers match the patterns of images associated with the profile of the SNS users so that attackers know the current location of a user. De-Anonymization Attack In this De-Anonymization attack [1] the user’s anonymity can be revealed by history stealing and group membership information. Neighbourhood attack In this attacker [2] finds the neighbors of the victim node. Based on user’s profile and personal information, attackers are attracted by user’s personal information like their name, date of birth, contact information, relationship status, current work and education background. There can be leakage of information because of poor privacy settings. Many profiles are made public to others i.e. anyone can view their profile. Next is leakage of information through third party application. Social networking sites provide an Application Programming Interface (API) for third party developers to create applications. Once users access these applications the third party can access their information automatically. Malicious Software updates An attacker may deliver malicious software to update the system. This may be used to disrupt computer system, obtain sensitive information or gain access to any private information. Evil Twin Attack In this attack [11], it allows attackers to impersonate people or companies in SNS. This is used for the purpose of financial gain, physical crimes, defamation and information gathering. The attackers create a twin profile in the name of other person (legitimate user) and send friend request or messages to get money or just gather information. 2.3 Prevention strategies Internet is always â€Å"Public† SNS users post anything on the internet and it is always available in public. Thus it is user’s responsibility to post information that users are comfortable with. This may include their personal information and photos in which users are tagged in. Also once when users post information online, it cannot be deleted. Even if the information is deleted from a site, cached copy remains on the World Wide Web. Limit the amount Always limit the amount of personal information you post. Do not disclose private information such as your residential address, contact number, etc. Assess your settings Users must be aware of their privacy settings. The default settings of the site will allow anyone to see your profile. But you can customize your settings to restrict certain people from seeing your profile. Be cautious of Third party applications Some third party applications will ask for your private information while you run those applications. Avoid running those applications that are suspicious and limit the amount of information that the applications can access. Create secure passwords provide your account with passwords which are hard to be guessed. If user’s password is compromised, somebody may access your account and pretend to be like you without your knowledge. Always provide different passwords for different accounts which may confuse the cyber criminals. Combine upper and lower case letters with symbols and numbers to create secure passwords. Change your passwords frequently. Activate your firewall Firewalls are considered as the first line of cyber defence. They block connections to unknown sites and will protect the system from viruses and hackers. Avoid being scammed Prevent viruses/malware infecting your system by installing and frequently updating antivirus software. Beware of things you post Whatever you post online, it remains in cache even if you are not able to see. It is advisable to think before posting pictures that you don’t want your employers or parents to see. Know your friends Online friends should not be taken as real friends unless you know them personally. Beware of what you share with those strange friends. Install from Trusted source- Install applications or software’s that comes from well- known or trusted sites. Remember that free software may come with malware. Once you install an application, keep it up-to-date. If you no longer use an application, delete it. Avoid Wi-Fi spots Avoid accessing your personal accounts from public computers like Internet centres or through public Wi-Fi spots. It is always preferred to use high security settings on any SNS. IV. CONCLUSION SNS have become a likely target for attackers due to sensitive information available. The growth of social networking sites shows tremendous changes in personal and social behavior of internet users. It has become an essential medium of communication and an entertainment among adults. Though it affects the daily activities of the users, many cyber crime activities evolved, the popularity of such sites are not going to reduce. SNS can be used for sales and marketing, but the security risks can put a company or individual in a compromising position. Many cyber laws have to be fortified so that cyber criminals cannot escape from committing a crime. Many SNS are implementing different security mechanisms to SNS users. Also users must be careful and prevent themselves from being attacked. V. REFERENCES [1] Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel, â€Å" Practical Attack to De-anonymize Social Network Users,† IEEE Symposium on Security and Privacy, 2010, pp.223-238. [2] Bin Zhou and Jian Pei, â€Å"Preserving Privacy in Social Networks Against Neighborhood Attacks,† Data Engineering, 2008. ICDE 2008. IEEE 24th International Conference on, Apr. 2008, pp.506-515. [3] M. Balduzzi, C. Platzer, T. Holz, E. Kirda, D. Balzarotti, and C. Kruegel, â€Å"Abusing Social Networks for Automated User Profiling,† Symposium on Recent Advances in Intrusion Detection (RAID), vol. 6307, Sep. 2010, pp. 422-441. [4] Dolvara Gunatilaka, â€Å"A Survey of Privacy and Security Issues in Social Networks†, http://www.cse.wustl.edu/~jain/cse57111/ftp/social/index.html [5] Garrett Brown, Travis Howe, Micheal Ihbe, Atul Prakash, and Kevin Borders, â€Å"Social networks and context-aware spam,† CSCW 08 Proceedings of the 2008 ACM conference on Computer supported cooperative work, 2008, pp.403-412. http://www.eecs.umich.edu/~aprakash/papers/cscw08_socialnetworkspam.pdf. [6] B. Markines, C. Cattuto and F. Menczer, Social Spam Detection,Proc. 5th Intl Workshop Adversarial Information Retrieval on the Web(AIRWeb 09), ACM Press, 2009, pp. 41–48. [7]T.N. Jagatic et al., Social Phishing,Comm. ACM,vol. 50, no. 10, 2007, pp. 94–100. [8] Khayyambashi, M.R.; Rizi, F.S. An approach for detecting profile cloning in online social networks,e-Commerce in Developing Countries: With Focus on e-Security (ECDC), 2013 7th Intenational Conference on,On page(s): 1 – 12. [9] A. Acquisti and R. Gross† Imagined Communities Awareness, Information Sharing, and Privacy on the Facebook†. In 6th Workshop on Privacy Enhancing Technologies, June 2006. [10] D. Rosenblum., â€Å"What Anyone Can Know. In The Privacy Risks of Social Networking Sites†, IEEE Security and Privacy, 2007. [11] Carl Timm,Richard Perez, â€Å"Seven Deadliest Social Network Attacks†, Syngress/Elsevier, 2010 [12] Dwyer, C., Hiltz, S. R., Passerini, K. â€Å"Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace†. Proceedings of AMCIS 2007, Keystone, CO. Retrieved September 21, 2007 [13] D. D. Boyd and N. B. Ellison, ;Social Network Sites: Definition, History and Scholarship,; Journal of Computer-Mediated Communication, vol. 13, pp. 210-230, 2007. [14] P. Heymann, G. Koutrika and H. Garcia-Molina, Fighting Spam on Social Web Sites: A Survey of Approaches and Future Challenges,IEEE Internet Computing,vol. 11, no. 6, 2007, pp. 36–45. [15]W. Xu, F. Zhang and S. Zhu, Toward Worm Detection in Online Social Networks,Proc. 26th Ann. Computer Security Applications Conf.(ACSAC 10), ACM Press, 2010, pp. 11–20.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.