Get access

Publishing and sharing encrypted data with potential friends in online social networks

Authors

  • Huimin Shuai,

    1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
    2. University of Chinese Academy of Sciences, Beijing, China
    3. Software Development Center, Agricultural Bank of China, Beijing, China
    Search for more papers by this author
  • Wen Tao Zhu,

    Corresponding author
    1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
    • Correspondence: Wen Tao Zhu, State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, 87C Min Zhuang Road, Beijing 100093, China.

      E-mail: wtzhu@ieee.org

    Search for more papers by this author
  • Xin Liu

    1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
    2. University of Chinese Academy of Sciences, Beijing, China
    Search for more papers by this author

ABSTRACT

Making friends by publishing and sharing personal data in a special interest group has become popular in online social networks. Data security is a major concern, as digital content can be easily accessed from all over the Internet, and the online social network service provider is often for profit and semi-trusted. The standard solution to data security is encryption, but sharing of encrypted data then becomes a challenging task. In this paper, employing attribute-based encryption (ABE), we propose Masque+, a novel hierarchical and fine-grained access control mechanism. On the basis of key policy ABE, the service provider manages users on the system level, but without being able to access their sensitive data. On the basis of ciphertext policy ABE, members of an interest group may customize their own access policies specifically. Masque+ features pragmatic functionalities like user revocation on the system level and the group level, respectively. We also build a prototype to validate the cryptographic algorithms involved in Masque+ and evaluate their performances. Real experimental data show that Masque+ incurs fairly reasonable costs even in cases where the access control policy is significantly complex. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary