社群網路是目前相當流行的資訊分享及交流平台，吸引了許多的
使用者在其中進行線上社交活動。然而，目前現存的社群網路面對嚴
重的網路安全及個人隱私的問題。使用者的個人資訊可能被社群網路
營運者外洩或者是因為不好的安全隱私控制功能而導致被其他使用
者無限制地存取。本篇論文目的在於設計一具有良好的安全隱私控制
機制的社群網路架構，使得使用者能在其中安全地分享資訊並且能嚴
格控制自己的個人資訊。除此之外，本篇論文還提供了安全社交的機
制，能讓使用者在不透漏個人資訊的情況下仍能找到興趣高度相關的
新朋友。最後，在加入安全機制的前提下，本篇論文顯示具有良好的
可行性與執行上良好的效率。

Online Social Networks (OSNs) have attracted a phenomenal number of users for sharing data
and socialization recently. However, existing OSNs are facing security and privacy issues. OSNs
possess plenty of user data, which might be leaked either by OSN providers or other OSN users
if unsophisticated security mechanisms are used. Besides, improper or complicated privacy settings
offered by some OSNs prohibits users to thoroughly protect their privacy. In this paper, we
propose a secure OSN framework with an efficient access control mechanism for preserving user
data privacy. Besides, secure socialization that allows finding friends without exposing personal
information is also incorporated in the proposed OSN. We show that the proposed OSN is more
practical and efficient in comparison to existing OSN security frameworks.

[1] “Facebook statistics.” [Online]. Available: http://newsroom.fb.com/
[2] H. Gao, J. Hu, T. Huang, J.Wang, and Y. Chen, “Security Issues in Online Social Networks,”
Internet Computing, IEEE, vol. 15, no. 4, pp. 56 –63, july-aug. 2011.
[3] C. Zhang, J. Sun, X. Zhu, and Y. Fang, “Privacy and Security for Online Social Networks:
Challenges and Opportunities,” Network, IEEE, vol. 24, no. 4, pp. 13 –18, july-august 2010.
[4] B. Krishnamurthy and C. E. Wills, “On the Leakage of Personally Identifiable Information
via Online Social Networks,” in Proceedings of the 2nd ACM workshop on Online social
networks, ser. WOSN ’09. New York, NY, USA: ACM, 2009, pp. 7–12.
[5] E. Steel and G. A. Fowler, “Facebook in Privacy Breach,” Wall Street Journal, october 2010.
[6] J. Angwin and G. A. Fowler, “Selling You on Facebook,” Wall Street Journal, april 2012.
[7] G. Wondracek, T. Holz, E. Kirda, and C. Kruegel, “A Practical Attack to De-anonymize
Social Network Users,” in Security and Privacy (SP), 2010 IEEE Symposium on, may 2010,
pp. 223 –238.
[8] R. Gross and A. Acquisti, “Information Revelation and Privacy in Online Social Networks,”
in Proceedings of the 2005 ACM workshop on Privacy in the electronic society, ser. WPES
’05. New York, NY, USA: ACM, 2005, pp. 71–80.
[9] Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A.Mislove, “Analyzing facebook privacy settings:
User expectations vs. reality,” in Proceedings of the 2011 ACM SIGCOMM conference
on Internet measurement conference, ser. IMC ’11. New York, NY, USA: ACM, 2011, pp.
61–70.
[10] C. Ngeno, P. Zavarsky, D. Lindskog, and R. Ruhl, “User’s Perspective: Privacy and Security
of Information on Social Networks,” in Social Computing (SocialCom), 2010 IEEE Second
International Conference on, aug. 2010, pp. 1038 –1043.
[11] S. Guha, K. Tang, and P. Francis, “NOYB: Privacy in Online Social Networks,” in Proceedings
of the first workshop on Online social networks, ser.WOSN ’08. New York, NY, USA:
ACM, 2008, pp. 49–54.
[12] L. Cutillo, R. Molva, and T. Strufe, “Safebook: A Privacy-Preserving Online Social Network
Leveraging on Real-Life Trust,” Communications Magazine, IEEE, vol. 47, no. 12, pp. 94
–101, dec. 2009.
[13] A. Tootoonchian, S. Saroiu, Y. Ganjali, and A. Wolman, “Lockr: Better Privacy for Social
Networks,” in Proceedings of the 5th international conference on Emerging networking experiments
and technologies, ser. CoNEXT ’09. New York, NY, USA: ACM, 2009, pp.
169–180.
[14] R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin, “Persona: An Online Social
Network with User-Defined Privacy,” in Proceedings of the ACM SIGCOMM 2009 conference
on Data communication, ser. SIGCOMM ’09. New York, NY, USA: ACM, 2009, pp.
135–146.
[15] W. Dong, V. Dave, L. Qiu, and Y. Zhang, “Secure Friend Discovery in Mobile Social Networks,”
in INFOCOM, 2011 Proceedings IEEE, april 2011, pp. 1647 –1655.
[16] F. Raji, A. Miri, M. Jazi, and B. Malek, “Online Social Network with Flexible and Dynamic
Privacy Policies,” in Computer Science and Software Engineering (CSSE), 2011 CSI International
Symposium on, june 2011, pp. 135 –142.
[17] G.-H. Chiou and W.-T. Chen, “Secure Broadcasting Using the Secure Lock,” Software Engineering,
IEEE Transactions on, vol. 15, no. 8, pp. 929 –934, aug 1989.
[18] J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-Policy Attribute-Based Encryption,” in
Security and Privacy, 2007. SP ’07. IEEE Symposium on, may 2007, pp. 321 –334.
[19] A. Fiat and M. Naor, “Broadcast Encryption,” in Advances in Cryptology X CRYPTO 93, ser.
Lecture Notes in Computer Science, D. Stinson, Ed. Springer Berlin / Heidelberg, 1994,
vol. 773, pp. 480–491.
[20] C. Gentry and B. Waters, “Adaptive Security in Broadcast Encryption Systems (with Short
Ciphertexts),” in Advances in Cryptology - EUROCRYPT 2009, ser. Lecture Notes in Computer
Science, A. Joux, Ed. Springer Berlin / Heidelberg, 2009, vol. 5479, pp. 171–188.
[21] A. V. Aho, J. E. Hopcroft, and J. Ullman, Data Structures and Algorithms, 1st ed., Boston,
MA, USA, 1983.
[22] W. Dong, V. Dave, L. Qiu, and Y. Zhang, “Secure Friend Discovery in Mobile Social Networks,”
in INFOCOM, 2011 Proceedings IEEE, april 2011, pp. 1647 –1655.
[23] P. Paillier, “Public-key Cryptosystems Based on Composite Degree Residuosity Classes,” in
Proceedings of the 17th international conference on Theory and application of cryptographic
techniques, ser. EUROCRYPT’99. Berlin, Heidelberg: Springer-Verlag, 1999, pp. 223–238.