POST4: Online Social Network Security

Social network does facilitate our daily life, but there is also a problem that can't be ignored- the security! Not long ago, some social network websites in mainland China said that some username and password are stolen by hackers, which is really terrible. The incident also reminds us that we should pay attention to the security issues of social network.

Conventional Security Objective

• Availability-The ongoing availability of systems addresses the processes, policies, and controls used to ensure authorized users have prompt access to information.  This objective protects against intentional or accidental attempts to deny legitimate users access to information or systems.
• Integrity of Data or Systems-System and data integrity relate to the processes, policies, and controls used to ensure information has not been altered in an unauthorized manner and that systems are free from unauthorized manipulation that will compromise accuracy, completeness, and reliability.
• Confidentiality of Data or Systems-Confidentiality covers the processes, policies, and controls employed to protect information of customers and the institution against unauthorized access or use.
• Accountability-Clear accountability involves the processes, policies, and controls necessary to trace actions to their source.  Accountability directly supports non-repudiation, deterrence, intrusion prevention, security monitoring, recovery, and legal admissibility of records.
• Assurance-Assurance addresses the processes, policies, and controls used to develop confidence that technical and operational security measures work as intended.  Assurance levels are part of the system design and include availability, integrity, confidentiality, and accountability. Assurance highlights the notion that secure systems provide the intended functionality while preventing undesired actions.

Integrity and accountability combine to produce what is known as non-repudiation. Non-repudiation can reduce fraud and promote the legal enforceability of electronic agreements and transactions.  While non-repudiation is a goal and is conceptually clear, the manner in which non-repudiation can be achieved for electronic systems in a practical, legal sense may have to wait for further judicial clarification. 

OSI Security Service

The following are considered to be the security services which can be provided optionally within the framework of the OSI Reference Model. 

Authentication: Provide for the authentication of a communicating peer entity and the source of data, including peer entity authentication and data origin authentication.

Access Control: This service provides protection against unauthorized use of resources accessible via OSI. These may be OSI or non-OSI resources accessed via OSI protocols. This protection service may be applied to various types of access to a resource or to all accesses to a resource.

Data Confidentiality: Including Connection Confidentiality, Connectionless Confidentiality, Selective Field Confidentiality and Traffic Flow Confidentiality. These services provide for the protection of data from unauthorized disclosure.

Data integrity: These services counter active threats and may take one of the forms: Connection integrity with recovery, Connection integrity without recovery, Selective field connection integrity, Connectionless integrity, Selective field connectionless integrity.

Non-repudiation: This service may take one or both of two forms.Non-repudiation with proof of origin and Non-repudiation with proof of delivery.

Social Network Security Objects

From lecture week 10, I gained knowledge about security objectives on OSNs ( Online Social Networks). There are 3 main security identified in the context of OSNs: Privacy, Integrity and Availability. 

Privacy: Privacy in OSNs encompasses user profile privacy, communication privacy, message confidentiality and information disclosure. In principle, privacy calls for the possibility to hide any information about any user, even to the extent of hiding their participation in the OSN in the first place. Moreover privacy has to be met by default. Requiring explicit disclosure leads to the need for access control.

Integrity: As part of integrity, the user's identity and data must be protected against unauthorized and tampering. 

Availability: Availability of user profiles is consequently required as a basic feature, even though considering recreational use. In OSNs, this availability specifically has to include robustness against censorship, and the seizure or hijacking of names and other key words. 

Social Network Security Objectives VS Conventional Online Network Security Objectives 

As above mentioned, there are some differences between OSNs security objectives and conventional network security objectives. 

Privacy in OSNs security includes many aspects of conventional network security objectives, such as authentication, access control and data confidentiality. In principle, privacy calls for the possibility to hide any information about any user, even to the extent of hiding their participation in the OSN in the first place. In OSN, it requires more: all information on all users and their actions has to be hidden from any other party internal or external to the system, unless explicitly disclosed by the users themselves. Access to information on any user may only be granted by the user directly, the access control has to be as finegrained as the profile, and each attribute has to be separately manageable. For example, on Facebook we can set privacy settings to prevent strangers getting our information or sending messages to us.

When it comes to integrity, as part of integrity, the user's identity and data must be protected against unauthorized modification and tampering. In addition to conventional modification detection and message authentication, integrity in the context of OSNs has to be extended, and the authentication has to ensure the existence of real persons behind registered OSN members. Recently, some movie stars' weibo accounts are stolen, hackers take advantage of these accounts to post some false news on weibo, causing a lot of negative  effects, which is really terrible. This example tells us it is important to ensure the identity behind a certain accounts is real.

OSNs also have more requirements on availability. Since some social network service are used as professional tools to aid their members' business or careers, data published by users has to be continuously available. In OSNs, this availability specifically has to include robustness against censorship, and the seizure or hijacking of names and other key words. Apart from availability of data access, availability has to be ensured along with message exchange among members. For example, nowadays many companies advertise or do marketing promotion on facebook, so it is very important to ensure the service on these social network is available.

POST 3:Social Network Analysis(SNA)

What is SNA?
In lecture 6 and 7, I have learned a lot of things about Social Network Analysis (SNA), for example, graphical representation of social networks, some terminologies, centrality and etc. I am so amazed that social network can be calculated and analyzed by using so many mathematical methods. 

So what is SNA? Social network analysis (SNA) is the mapping and measuring of relationships and flows between people, groups, organizations, computers, URLs, and Social network analysis views social relationships in terms of network theory consisting of nodes and ties. Nodes are the individual actors within the networks, and ties are the relationships between the actors. SNA provides both a visual and a mathematical analysis of human relationships. 

A SNA example

In order to have a better understanding of SNA, I'd like to introduce some concepts of it by analyzing the following example.

From the above picture, we can easily see it is a non-directional network which involves 5 nodes and 6 ties. In other words, in the sociograph there are 5 actors and 6 relationships. We can represent the relationships among the members of this social network by using a matrix as follows. And it is possible to find patterns about the communities that the social network represent.

Cutpoint: A node which, if delected, will make the network disconnected. So in this case, we can easily know David is the cutpoint.

Bridge: A tie which, if delected, will make network disconnected. In the example, the tie connected David and Eva is the bridge.

Degree: The degree of a node is the number of links that are incident with it. Equvalently, the degree of a node is the number of nodes adjacent to it. With regard to this instance, the degree of each nodes is shown as follows. 

Density: The proportion of ties that exist out of all possible ties, which is equal to the number of links divided by the number of vertices in a complete graph with the same number of nides. We can calculate the density of this social network like this:

 

Geodesic Distances: The shortest of all the paths between two nodes is called the geodesic path, and the distance of the geodesic path is the geodesic distance. In this case, the distances between each two nodes are shown below.

Clique: Maximum set of nodes in which every node is connected to every other is a Clique. In this network, {Alice, Bob, David} and {Alice, Carol, David} are cliques.

K-Plex: A set of n nodes in which every node has a tie to at least n-k others in the set. In the case, {Alice, Bob, Carol, David} is a 2-plex, because every node has a tie to at least 2 other nodes.

Calculations & Measurements

When analyzing different roles in the social network, many methods can be used, such as Centrality and Influence Range.

 Centrality: Centrality identifies which nodes are in the "center" of the network, in other words, the "key player". So we can use this method to find who is the most influencial person in our example. There are 3 standard centrality measures capture a wide range of "importance" in a network: Degree Centrality, Closeness Centrality and Betweenness Centrality.

Degree Centrality: Degree Centrality is the sum of all other actors who are directly connected to the actor in concern. It signifies activity or popular. It can be normalized as :

 

Closeness Centrality: An actor is considered important if he/she is relatively close to all other actors. Closeness represents the mean of the geodesic distances between some particular node and all other nodes connected with it. It can be understood as how long does it take for a message to spread inside the network from a particular node. Closeness is based on the inverse of the geodesic distance of each actor to every other actor in the network. Closeness Centrality can be expressed as:

Normalized Closeness Centrality can be expressed as:

 Betweenness Centrality: The number of times a node connects pairs of other nodes, who otherwise would not be able to reach one another. It is a measure of the potencial for control as an actor who is high in "betweenness"is able to act as a gatekeeper controlling the flow of resources between the alters that he/she connects. Betweenness Centrality counts the number of shortest paths between i and j that actor j resides on. Betweenness Centrality can be expressed as :

 g_jk = the number of geodesics connecting jk, g_jk(n_i) = the number that actor i is on.
The formula can also be nomalized as: 

As introduced above, we can calculate the centrality of each node and analyze as follows:

 From the matrix we can see David is the most influental actor from 3 aspects:
1. David has relationships with all the other actors, and he has the most direct connections in this social network, which makes him the most active node in the social network. He also has the largest value of each attribute.
2.The distances between David and other actors are the shortest, that is to say, he has the shortest way anyone else, which makes him communicate with others more quikly than anyone in the same network.
3. David has the most direct connection with others, and for Alice, Bob and Carol, if they want to communicate with Eva, they must via David, vice versa. It means that David acts as a gatekeeper controlling the flow of resources between the alters he connects. It is also made him the most influencial one.

Influence Range  
Define influence range of n_i as the set of actors who are reachable from n_i. Define J_i as the number of actors in the influence range of actor i (excluding i itself). It is an "improved" actor-level centrality closeness index considers how proximate n_i is to the actors in its influence range. It can be expressed as follows:

This index is a ratio of the fraction of the actors in the group who are reachable, to the average distance that these actors are from the actor n_i. The calculation result shows as follows:

 From the result, we can easily see, by using this measure we can also decide that David is the most influential actor.

Conclusion  
 From our analysis, we can draw a conclusion that David is the "key player"of this social network, and absolutely he is the most influential actor.

Findings 
After analyzing the this social network, I obtained much.
1. SNA plays an important role in analyzing social network. By using different measures of SNA, we can have a deep understanding of a particular social network, such as knowing its characteristics and finding the "key player" of it. So I found SNA is an useful way to measuring social networks.
2. When dealing with some cases, we can have different measures, for example, in this case we can use influence range and centrality to decide who is the most influential actor in our social network. And no doubt, this two measurs help us get the same answer. That is to say, despite different measures are used for analyzing the same social network, they can acheive the same goal and even the same answer, and in turn, they can also be used for mutual autentication, verifing whether the answer is correct.
3. SNA can be also used in our daily life or in the work to help us dealing with different situations and problems. Government can use it, companies can use it , everyone can use. It can help us have a better understanding of our social network, our business and our life.
  
  

POST 2: Thinking about blogs

In week 4 and 5, we continued learning knowledge about social networking. As we go further, I gained more and more in this field.

In week 4, we learned more about social media, and also learned the concept of blogosphere and some other things related to it. Further more, we gained knowledge about information sharing and cases for social marketing-a new concept for me. In week 5, we learned 4 aspects of social multimedia computing: interaction and computing, its applications, research issues about it, and some key challenges.

Before taking this course, I've already known something about blogs. But I've never tried to write one until our teacher Professor Chan asked us to. After these weeks, I've experienced how to post my view on a blog and share with my classmates and I also want to know more about it. As I wished, the lecture of week 4 taught me some knowledge about blog and some other social media. Nowadays, social networks and blogs are the most popular activities online, even including beating personal emails. We can know from Wikipedia that a blog is a personal journal published on the WWW. Blogs are usually the work of a single individual ( occasionally of a small group), and often are themed on a single subject. Even some popular brands and commercial sites also publish blogs written by their employees to provide more information about their products and services. 

With more and more people felt fascinate in writing blogs, I can't help thinking what can we benefit from this activity. After doing some research and ask many friends this question, I have known some and now I want to share with you.

There are 10 benefits we can gain from writing blogs:

Being critical of ideas. Blogging forces an opinion on issues, so we can  make more effort to figure out what is fact, opinion, well researched, worth the cyberspace it's written on, or not.

Making sense of experiences. Writing is a great way to figure out what worked, what didn’t work, and why. Through trying to pass on useful stuff, it becomes even more useful for me.

Getting feedback. We can get feedback from comments, emails and site stats. It’s a wonderful way to connect with a wider community and share knowledge.

Learning. Every post requires some research and fact checking, so we can learn big and little things all the time.

Being accountable. If we blog about something we feel absolutely accountable for it. Accountability is a great way of making changes and learning about oneself.

Being reflective. Reflection is a great way of learning: reinforcing positive things, or changing negative ones, and figuring out which is which. 30 minutes or so each day to think about something that is relevant to performance and productivity is a wonderful habit.

Connecting with like minded people. It’s true that birds of a feather flock together, and those with the same interests find ways of getting in touch, either directly or by being introduced. Blogging is a wonderful way of connecting with people who are working on similar issues or care about similar things.

Refining ideas and practice. I often come back to themes over and over again, refining my ideas all the time. Writing, experience, getting new information and trying different things all get added into the refinement process.

Listening. we may listen to things more carefully, particularly if we want to write about them. It’s amazing how much more active we have to be in getting things correct, and it’s a great discipline.

It’s satisfying. Whatever else is going on at work or at home, Getting to Excellent gets more readers and more interesting all the time, which is a tremendous source of satisfaction. Which I suppose is another way of saying I enjoy it.

So write your blog and enjoy your life!

POST1: To gain from social networking

Before taking this course, I've never thought about anything intensive in the field of social networking,though I have used various social network websites for several years. As representatives in this area，Facebook and Twitter are famous websites all over the world and millions of people get addicted to them.In China, social network websites, such as,renren and weibo are also welcomed by many people, especially teenagers. However, not long ago I just thought they are something for fun, just like some entertainment websites.This course have changed my point of view on these sites, and I have understood more about social networking gradually.

By learning lecture 1-3,I understand that online social networking is very complex, these social networking websites are not just platforms for peoples to communicate or share something interesting with others,neither they are simply for fun. Actually，social networking concerned with the conduction of various social behaviors over the internet, as well as the underlying technologies. It is an interdisciplinary subject involving multiple fields including computer networks and applications, psychology, as well as sociology. In the first 3 lectures, we defined social media,social computing,social networking, the relationships of them,as well as applications.From the lecture,I also obtained knowledge about social experience and its model, values/benefits in a social environment, and social nature of human activity, in which we learned human information processing and interesting things about our memory.Furthermore, I learned about how our mind is engaged in social networking environments,and how should we design social environments.

Up to now,the concept impressed me most is social computing.Because I've never known the technologies behind social networking before,and it is the area closely related to information engineering.I'll share something about social computing as follows.

Social computing is a general term for an area of computer science that is concerned with the intersection of social behavior and computational systems. It has become an important concept for use in business. It is used in two ways as detailed below.

In the weaker sense of the term, social computing has to do with supporting any sort of social behavior in or through computational systems. It is based on creating or recreating social conventions and social contexts through the use of software and technology. Thus, blogs, email, instant messaging,social network services, wikis, social bookmarking and other instances of what is often called social software illustrate ideas from social computing, but also other kinds of software applications where people interact socially.

In the stronger sense of the term, social computing has to do with supporting “computations” that are carried out by groups of people, an idea that has been popularized in James Surowiecki's book, The Wisdom of Crowds. Examples of social computing in this sense include collaborative filtering, online auctions, prediction markets, reputation systems, computational social choice, tagging, and verification games. The Social Information Processing page focuses on this sense of social computing.

Social computing has become more widely known because of its relationship to a number of recent trends. These include the growing popularity of social software and Web 2.0, increased academic interest in social network analysis, the rise of open source as a viable method of production, and a growing conviction that all of this can have a profound impact on daily life.