article

A privacy-aware architecture for a web rating system

Authors:

L. J. CampAuthors Info & Claims

IBM Journal of Research and Development, Volume 53, Issue 2

Pages 290 - 305

Published: 01 March 2009 Publication History

Abstract

Net Trust is a fraud-detection application that enhances security while protecting privacy. Net Trust identifies fraudulent Web sites by aggregating individual opinions, user-selected browsing histories, and third-party information. In this paper, we examine the security properties intrinsic to the implementation of the Net Trust ratings system. The ratings system protects against attacks by limiting diffusion of information to those with whom there is an off-line trust relationship. We also propose a richclient/ thin-server implementation architecture and examine the privacy properties of this architecture. The privacy properties function not only to prevent the compromising of user confidentiality, but also to make the ratings system more robust. By utilizing trusted off-line social networks, Net Trust enhances the security and privacy of the ratings data. The implementation architecture maintains high data availability while empowering browser-history owners with final control over data access. The Net Trust analysis we present illustrates the mutual reinforcement of individual privacy (defined as user control over personal information) and security (defined as the resiliency of data confidentiality and the efficacy of the rating system).

References

[1]

Alexa Internet Privacy Policy, Alexa Internet Inc., http:// www.alexa.com/site/help/privacy?p=TBStartpageWt 40 B1.

[2]

Phishing Activity Trends, Anti-Phishing Working Group (April 2007), http://www.antiphishing.org/reports/apwg report April 2007.pdf.

[3]

R. K. Chellappa and S. Shivendu, "Incentive Design for 'Free' but 'No Free Disposal' Services: The Case of Personalization under Privacy Concerns," Proceedings of the Workshop on the Economics of Information Security (WEIS 2007), June 2007, http://weis07.infosecon.net/ papers/48.pdf.

[4]

N. Chou, R. Ledesma, Y. Teraguchi, and J. C. Mitchell, "Client-side Defense Against Web-based Identity Theft," Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS '04), February 2004, http://theory.stanford.edu/~jcm/papers/ spoofguard-ndss.pdf.

[5]

R. Dingledine, N. Mathewson, and P. Syverson, "Tor: The Second-generation Onion Router," Proceedings of the 13th USENIX Security Symposium, August 2004, pp. 303-320.

Digital Library

[6]

J. R. Douceur, "The Sybil Attack," Proceedings of the 1st International Peer-To-Peer Systems Workshop (IPTPS 2002), March 2002, http://www.cs.rice.edu/ Conferences/IPTPS02/101.pdf.

Digital Library

[7]

J. Franklin, V. Paxson, A. Perrig, and S. Savage, "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants," Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07), Alexandria, VA, 2007 http://www.icir.org/ vern/papers/miscreant-wealth.ccs07.pdf.

Digital Library

[8]

A. A. Friedman, "Information Networks and Social Trust," Social Science Research Network (February 2006), http://papers.ssrn.com/sol3/papers.cfm?abstract_ id=882370.

[9]

A. Genkina and L. J. Camp, "Case Study: Net Trust," in Phishing and Countermeasures: Understanding the Increasing Problem of Electronic Identity Theft, M. Jakobsson and S. Meyers, Eds., John Wiley & Sons, Hoboken, NJ (2007).

[10]

Google Safe Browsing for Firefox, Google (2007), http:// www.google.com/tools/firefox/safebrowsing.

[11]

R. Gross, A. Acquisti, and J. H. Heinz, "Information Revelation and Privacy in Online Social Networks," Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society (WPES'05), ACM Press, New York (2005), pp. 71-80.

Digital Library

[12]

T. Hammond, T. Hannay, B. Lund, and J. Scott, "Social Bookmarking Tools (I): A General Review," D-Lib Magazine <b>11</b>, No. 4 (April 2005), http://www.dlib.org/ dlib/april05/hammond/04hammond.html.

[13]

T. Hansen, D. Crocker, and P. Hallam-Baker, Domain-Keys Identified Mail (DKIM) Overview, Internet Engineering Task Force Internet Draft (June 11, 2007), http:// tools.ietf.org/html/draft-ietf-dkim-overview-05.

[14]

P. Hariharan, F. Asgharpour, and L. J. Camp, "Net-Trust--Recommendation System for Embedding Trust in a Virtual Realm," http://www.ljean.com/files/ Recommend2007.pdf.

[15]

M. Kotadia, "Samy Opens New Front in Worm War," Cnet News (October 17, 2005), http://news.cnet.com/ Samy-opens-new-front-in-worm-war/2100-7349_ 3-5897099.html.

[16]

H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication," Internet Engineering Task Force RFC 2104 (February 1997), http:// www.ietf.org/rfc/rfc2104.txt.

[17]

D. Liben-Nowell, J. Novak, R. Kumar, P. Raghavan, and A. Tomkins, "Geographic Routing in Social Networks," Proceedings of the National Academy of Science <b>102</b>, No. 33, 11623-11628 (2005).

[18]

D. Liu and L. J. Camp, "Proof of Work Can Work," Proceedings of the 2006 Workshop on the Economics of Information Security (WEIS 2006), June 2006, http:// weis2006.econinfosec.org/docs/50.pdf.

[19]

B. Markines, L. Stoilova, and F. Menczer, "Bookmark Hierarchies and Collaborative Recommendation," Proceedings of The 21st National Conference on Artificial Intelligence (AAAI-06), July 2006, http://www. informatics.indiana.edu/fil/papers/gal06.pdf.

Digital Library

[20]

N. McFarlane, Rapid Application Development with Mozilla, Prentice Hall PTR, Upper Saddle River, NJ (2003).

Digital Library

[21]

M. McPherson, L. Smith-Lovin, and J. M. Cook, "Birds of a Feather: Homophily in Social Networks," Annual Review of Sociology <b>27</b>, No. 1, 415-444 (2001).

[22]

M. Meiss, F. Menczer, S. Fortunato, A. Flammini, and A. Vespignani, "Ranking Web Sites with Real User Traffic," Proceedings of the first International ACM Conference on Web Search and Data Mining (WDSM 2008), 2008, http://velblod.videolectures.net/2008/contrib/wsdm08_ stanford/meiss_mark/wsdm08_meiss_rws_01.ppt.

Digital Library

[23]

T. Moore and R. Clayton, "Examining the Impact of Website Take-down on Phishing," Anti-Phishing Web Group eCrime Researchers Summit, Pittsburgh (October 2007), http://people.seas.harvard.edu/~tmoore/ ecrime07-pres.pdf.

Digital Library

[24]

T. Moore and R. Clayton, "An Empirical Analysis of the Current State of Phishing Attack and Defense," Proceedings of the 6th Workshop on Economics of Information Security (WEIS 2007), June 2007, http://www.cl.cam.ac. uk/~rnc1/weis07-phishing.pdf.

[25]

Netcraft Anti-Phishing Toolbar, Netcraft Ltd., http:// toolbar.netcraft.com/.

[26]

A. Odlyzko, "Privacy, Economics, and Price Discrimination on the Internet," Proceedings of the 5th International Conference on Electronic Commerce (ICEC '03), ACM Press, New York (2003), pp. 355-366.

Digital Library

[27]

Phishing Filter: Help Protect Yourself from Online Scams, Microsoft Corp. (2008), http://www.microsoft.com/ protect/products/yourself/phishingfilter.mspx.

[28]

StumbleUpon Privacy Policy, StumbleUpon.com (October 2007), http://www.stumbleupon.com/privacy.html.

[29]

Y. Zhang, S. Egelman, L. Cranor, and J. Hong, "Phinding Phish: Evaluating Anti-Phishing Tools," Proceedings of the 14th Annual Network & Distributed System Security Symposium (NDSS 2007), March 2007, http://lorrie. cranor.org/pubs/ndss-phish-tools-final.pdf.

[30]

Z. Schall-Zimmerman, E.T.H.O.S. (Ethical Technology in the Homes of Seniors), Ambient Trust (2008), http:// ethos.indiana.edu/?page_id=24.

Cited By

Cohen RLam DAgarwal NCormier MJagdev JJin TKukreti MLiu JRahim KRawat RSun WWang DWexler M(2014)Using computer technology to address the problem of cyberbullyingACM SIGCAS Computers and Society10.1145/2656870.265687644:2(52-61)Online publication date: 1-Jul-2014
https://dl.acm.org/doi/10.1145/2656870.2656876
Dong ZGarg VCamp LKapadia AFord RZurko MHerley CWhalen T(2012)Pools, clubs and securityProceedings of the 2012 New Security Paradigms Workshop10.1145/2413296.2413304(77-86)Online publication date: 18-Sep-2012
https://dl.acm.org/doi/10.1145/2413296.2413304
Böhme RGrossklags JPeisert SFord RGates CHerley C(2011)The security cost of cheap user interactionProceedings of the 2011 New Security Paradigms Workshop10.1145/2073276.2073284(67-82)Online publication date: 12-Sep-2011
https://dl.acm.org/doi/10.1145/2073276.2073284

Index Terms

A privacy-aware architecture for a web rating system
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Index terms have been assigned to the content through auto-classification.

Recommendations

A privacy-aware decentralized and personalized reputation system
Abstract
Reputation systems enable consumers to evaluate the trustworthiness of business entities (retailers, sellers) over the marketplace. In electronic marketplaces, the reputation of an business entity (retailer, seller) is computed by ...
A General Rating Recommended Weight-Aware Model for Recommendation System
HCC 2016: Revised Selected Papers of the Second International Conference on Human Centered Computing - Volume 9567

In recommendation system, the ratings represent the users' preference and play an important role in recommending items to users. However, the ratings of items may be influenced by many factors, such as time the latest ratings are more able to reflect ...
DynaEgo: Privacy-Preserving Collaborative Filtering Recommender System Based on Social-Aware Differential Privacy
Information and Communications Security
Abstract
Collaborative filtering plays an important role in online recommender systems, which provide personalized services to consumers by collecting and analyzing their rating histories. At the same time, such personalization may unfavorably incur ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IBM Journal of Research and Development

IBM Journal of Research and Development Volume 53, Issue 2

March 2009

136 pages

ISSN:0018-8646

Issue’s Table of Contents

Publisher

IBM Corp.

United States

Publication History

Published: 01 March 2009

Accepted: 09 October 2008

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cohen RLam DAgarwal NCormier MJagdev JJin TKukreti MLiu JRahim KRawat RSun WWang DWexler M(2014)Using computer technology to address the problem of cyberbullyingACM SIGCAS Computers and Society10.1145/2656870.265687644:2(52-61)Online publication date: 1-Jul-2014
https://dl.acm.org/doi/10.1145/2656870.2656876
Dong ZGarg VCamp LKapadia AFord RZurko MHerley CWhalen T(2012)Pools, clubs and securityProceedings of the 2012 New Security Paradigms Workshop10.1145/2413296.2413304(77-86)Online publication date: 18-Sep-2012
https://dl.acm.org/doi/10.1145/2413296.2413304
Böhme RGrossklags JPeisert SFord RGates CHerley C(2011)The security cost of cheap user interactionProceedings of the 2011 New Security Paradigms Workshop10.1145/2073276.2073284(67-82)Online publication date: 12-Sep-2011
https://dl.acm.org/doi/10.1145/2073276.2073284

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents