Special Issue "Security and Privacy in Social Networks and Solutions"

A special issue of Future Internet (ISSN 1999-5903). This special issue belongs to the section "Cybersecurity".

Deadline for manuscript submissions: closed (15 December 2020).

Special Issue Editor

Prof. Dr. Christos Kalloniatis
E-Mail Website
Guest Editor
Department of Cultural Technology and Communication, University of the Aegean, 81100 Mytilene, Greece
Interests: Privacy requirements engineering; Security requirements engineering; Business modelling; Security and privacy in cloud computing
Special Issues and Collections in MDPI journals

Special Issue Information

Dear Colleagues,

The advances in social networks have brought fundamental changes to users’ social life both online and offline, providing a technological field not only for their social interaction and communication but also for their resources and socio-economical practices, producing big data as well. However, besides these outstanding opportunities; the online content distribution within social networks; and their dynamic, complex, and heterogenous nature, several security and privacy issues have emerged. These issues are both associated with users’ social and technological boundaries and with providers’ current services and solutions, including the access, collection, storage, editing, and disclosure of personal information, often by third parties; data loss and data breaches; the loss of direct control from local to remote cloud servers; multiple legal jurisdictions; virtualization that brings new challenges to user authentication and authorization; non-technical issues related to the technical solutions; the sharing of platforms between users; and non-compliance with enterprise policies and legislation. Thus, security and privacy prerequisites, in order to address these issues and protect users’ privacy efficiently, are still not fully defined, and therefore a number of new services and security and privacy solutions are required.

Potential topics include but are not limited to the following:

  • Security and privacy risks in social networking;
  • Security and privacy engineering methods and tools for social networks;
  • Adaptive privacy in social networking;
  • Digital forensics for social networks;
  • Reliability, security, availability, and safety in social networking;
  • Mobile social networks security and privacy;
  • Methods and tools for social network penetration and protection;
  • Social network mining and data storage;
  • Trust and reputations in social networking;
  • Detection, analysis, prevention of spam, phishing, and misbehaviour in social networking.

Prof. Dr. Christos Kalloniatis
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Future Internet is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Social networking
  • Security and privacy risks
  • Privacy concerns
  • Security and privacy engineering methods and tools
  • Social network protection
  • Social informatics

Published Papers (10 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

Open AccessArticle
Data Protection Impact Assessment (DPIA) for Cloud-Based Health Organizations
Future Internet 2021, 13(3), 66; https://doi.org/10.3390/fi13030066 - 07 Mar 2021
Viewed by 650
Abstract
The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May [...] Read more.
The General Data Protection Regulation (GDPR) harmonizes personal data protection laws across the European Union, affecting all sectors including the healthcare industry. For processing operations that pose a high risk for data subjects, a Data Protection Impact Assessment (DPIA) is mandatory from May 2018. Taking into account the criticality of the process and the importance of its results, for the protection of the patients’ health data, as well as the complexity involved and the lack of past experience in applying such methodologies in healthcare environments, this paper presents the main steps of a DPIA study and provides guidelines on how to carry them out effectively. To this respect, the Privacy Impact Assessment, Commission Nationale de l’Informatique et des Libertés (PIA-CNIL) methodology has been employed, which is also compliant with the privacy impact assessment tasks described in ISO/IEC 29134:2017. The work presented in this paper focuses on the first two steps of the DPIA methodology and more specifically on the identification of the Purposes of Processing and of the data categories involved in each of them, as well as on the evaluation of the organization’s GDPR compliance level and of the gaps (Gap Analysis) that must be filled-in. The main contribution of this work is the identification of the main organizational and legal requirements that must be fulfilled by the health care organization. This research sets the legal grounds for data processing, according to the GDPR and is highly relevant to any processing of personal data, as it helps to structure the process, as well as be aware of data protection issues and the relevant legislation. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Open AccessArticle
Identifying Privacy Related Requirements for the Design of Self-Adaptive Privacy Protections Schemes in Social Networks
Future Internet 2021, 13(2), 23; https://doi.org/10.3390/fi13020023 - 21 Jan 2021
Viewed by 828
Abstract
Social Networks (SNs) bring new types of privacy risks threats for users; which developers should be aware of when designing respective services. Aiming at safeguarding users’ privacy more effectively within SNs, self-adaptive privacy preserving schemes have been developed, considered the importance of users’ [...] Read more.
Social Networks (SNs) bring new types of privacy risks threats for users; which developers should be aware of when designing respective services. Aiming at safeguarding users’ privacy more effectively within SNs, self-adaptive privacy preserving schemes have been developed, considered the importance of users’ social and technological context and specific privacy criteria that should be satisfied. However, under the current self-adaptive privacy approaches, the examination of users’ social landscape interrelated with their privacy perceptions and practices, is not thoroughly considered, especially as far as users’ social attributes concern. This study, aimed at elaborating this examination in depth, in order as to identify the users’ social characteristics and privacy perceptions that can affect self-adaptive privacy design, as well as to indicate self-adaptive privacy related requirements that should be satisfied for users’ protection in SNs. The study was based on an interdisciplinary research instrument, adopting constructs and metrics from both sociological and privacy literature. The results of the survey lead to a pilot taxonomic analysis for self-adaptive privacy within SNs and to the proposal of specific privacy related requirements that should be considered for this domain. For further establishing of our interdisciplinary approach, a case study scenario was formulated, which underlines the importance of the identified self-adaptive privacy related requirements. In this regard, the study provides further insight for the development of the behavioral models that will enhance the optimal design of self-adaptive privacy preserving schemes in SNs, as well as designers to support the principle of PbD from a technical perspective. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Open AccessArticle
Risk Perceptions on Social Media Use in Norway
Future Internet 2020, 12(12), 211; https://doi.org/10.3390/fi12120211 - 26 Nov 2020
Cited by 2 | Viewed by 790
Abstract
Social media are getting more and more ingrained into everybody’s lives. With people’s more substantial presence on social media, threat actors exploit the platforms and the information that people share there to deploy and execute various types of attacks. This paper focuses on [...] Read more.
Social media are getting more and more ingrained into everybody’s lives. With people’s more substantial presence on social media, threat actors exploit the platforms and the information that people share there to deploy and execute various types of attacks. This paper focuses on the Norwegian population, exploring how people perceive risks arising from the use of social media, focusing on the analysis of specific indicators such as age, sexes and differences among the users of distinct social media platforms. For data collection, a questionnaire was structured and deployed towards the users of multiple social media platforms (total n = 329). The analysis compares risk perceptions of using the social media platforms Facebook (n = 288), Twitter (n = 134), Reddit (n = 189) and Snapchat (n = 267). Furthermore, the paper analyses the differences between the sexes and between the digital natives and non-natives. Our sample also includes sufferers of ID theft (n = 50). We analyse how account compromise occurs and how suffering ID theft changes behaviour and perception. The results show significant discrepancies in the risk perception among the social media platform users across the examined indicators, but also explicit variations on how this affects the associated usage patterns. Based on the results, we propose a generic risk ranking of social media platforms, activities, sharing and a threat model for SoMe users. The results show the lack of a unified perception of risk on social media, indicating the need for targeted security awareness enhancement mechanisms focusing on this topic. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Open AccessArticle
Password Managers—It’s All about Trust and Transparency
Future Internet 2020, 12(11), 189; https://doi.org/10.3390/fi12110189 - 30 Oct 2020
Viewed by 1208
Abstract
A password is considered to be the first line of defence in protecting online accounts, but there are problems when people handle their own passwords, for example, password reuse and difficult to memorize. Password managers appear to be a promising solution to help [...] Read more.
A password is considered to be the first line of defence in protecting online accounts, but there are problems when people handle their own passwords, for example, password reuse and difficult to memorize. Password managers appear to be a promising solution to help people handle their passwords. However, there is low adoption of password managers, even though they are widely available, and there are fewer studies on users of password managers. Therefore, the issues that cause people not to use password managers must be investigated and, more generally, what users think about them and the user interfaces of password managers. In this paper, we report three studies that we conducted: on user interfaces and the functions of three password managers; a usability test and an interview study; and an online questionnaire study about users and non-users of password managers, which also compares experts and non-experts regarding their use (or non-use) of password managers. Our findings show that usability is not a major problem, rather lack of trust and transparency are the main reasons for the low adoption of password managers. Users of password managers have trust and security concerns, while there are a few issues with the user interfaces and functions of password managers. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Graphical abstract

Open AccessArticle
Systematic Evaluation of LibreSocial—A Peer-to-Peer Framework for Online Social Networks
Future Internet 2020, 12(9), 140; https://doi.org/10.3390/fi12090140 - 20 Aug 2020
Cited by 3 | Viewed by 1013
Abstract
Peer-to-peer (P2P) networks have been under investigation for several years now, with many novel mechanisms proposed as is shown by available articles. Much of the research focused on showing how the proposed mechanism improves system performance. In addition, several applications were proposed to [...] Read more.
Peer-to-peer (P2P) networks have been under investigation for several years now, with many novel mechanisms proposed as is shown by available articles. Much of the research focused on showing how the proposed mechanism improves system performance. In addition, several applications were proposed to harness the benefits of the P2P networks. Of these applications, online social networks (OSNs) raised much interest particularly because of the scalability and privacy concerns with centralized OSNs, hence several proposals are in existence. However, accompanying studies on the overall performance of the P2P network under the weight of the OSN applications outside simulations are very few, if any. In this paper, the aim is to undertake a systematic evaluation of the performance of a P2P framework for online social networks called LibreSocial. Benchmark tests are designed, taking into account the random behavior of users, effects of churn on system stability and effect of replication factor. We manage to run benchmark tests for up to 2000 nodes and show the performance against costs of the system in general. From the results it is evident that LibreSocial’s performance is capable of meeting the needs of users. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Open AccessArticle
DeepDiver: Diving into Abysmal Depth of the Binary for Hunting Deeply Hidden Software Vulnerabilities
Future Internet 2020, 12(4), 74; https://doi.org/10.3390/fi12040074 - 18 Apr 2020
Cited by 1 | Viewed by 2037
Abstract
Fuzz testing is a simple automated software testing approach that discovers software vulnerabilities at a high level of performance by using randomly generated seeds. However, it is restrained by coverage and thus, there are chances of finding bugs entrenched in the deep execution [...] Read more.
Fuzz testing is a simple automated software testing approach that discovers software vulnerabilities at a high level of performance by using randomly generated seeds. However, it is restrained by coverage and thus, there are chances of finding bugs entrenched in the deep execution paths of the program. To eliminate these limitations in mutational fuzzers, patching-based fuzzers and hybrid fuzzers have been proposed as groundbreaking advancements which combine two software testing approaches. Despite those methods having demonstrated high performance across different benchmarks such as DARPA CGC programs, they still present deficiencies in their ability to analyze deeper code branches and in bypassing the roadblocks checks (magic bytes, checksums) in real-world programs. In this research, we design DeepDiver, a novel transformational hybrid fuzzing tool that explores deeply hidden software vulnerabilities. Our approach tackles limitations exhibited by existing hybrid fuzzing frameworks, by negating roadblock checks (RC) in the program. By negating the RCs, the hybrid fuzzer can explore new execution paths to trigger bugs that are hidden in the abysmal depths of the binary. We combine AFL++ and concolic execution engine and leveraged the trace analyzer approach to construct the tree for each input to detect RCs. To demonstrate the efficiency of DeepDiver, we tested it with the LAVA-M dataset and eight large real-world programs. Overall, DeepDiver outperformed existing software testing tools, including the patching-based fuzzer and state-of-the-art hybrid fuzzing techniques. On average, DeepDiver discovered vulnerabilities 32.2% and 41.6% faster than QSYM and AFLFast respectively, and it accomplished in-depth code coverage. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Open AccessArticle
Publishing Anonymized Set-Valued Data via Disassociation towards Analysis
Future Internet 2020, 12(4), 71; https://doi.org/10.3390/fi12040071 - 17 Apr 2020
Viewed by 1627
Abstract
Data publishing is a challenging task for privacy preservation constraints. To ensure privacy, many anonymization techniques have been proposed. They differ in terms of the mathematical properties they verify and in terms of the functional objectives expected. Disassociation is one of the techniques [...] Read more.
Data publishing is a challenging task for privacy preservation constraints. To ensure privacy, many anonymization techniques have been proposed. They differ in terms of the mathematical properties they verify and in terms of the functional objectives expected. Disassociation is one of the techniques that aim at anonymizing of set-valued datasets (e.g., discrete locations, search and shopping items) while guaranteeing the confidentiality property known as k m -anonymity. Disassociation separates the items of an itemset in vertical chunks to create ambiguity in the original associations. In a previous work, we defined a new ant-based clustering algorithm for the disassociation technique to preserve some items associated together, called utility rules, throughout the anonymization process, for accurate analysis. In this paper, we examine the disassociated dataset in terms of knowledge extraction. To make data analysis easy on top of the anonymized dataset, we define neighbor datasets or in other terms datasets that are the result of a probabilistic re-association process. To assess the neighborhood notion set-valued datasets are formalized into trees and a tree edit distance (TED) is directly applied between these neighbors. Finally, we prove the faithfulness of the neighbors to knowledge extraction for future analysis, in the experiments. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Open AccessArticle
Mitigating Webshell Attacks through Machine Learning Techniques
Future Internet 2020, 12(1), 12; https://doi.org/10.3390/fi12010012 - 14 Jan 2020
Cited by 3 | Viewed by 2227
Abstract
A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells [...] Read more.
A webshell is a command execution environment in the form of web pages. It is often used by attackers as a backdoor tool for web server operations. Accurately detecting webshells is of great significance to web server protection. Most security products detect webshells based on feature-matching methods—matching input scripts against pre-built malicious code collections. The feature-matching method has a low detection rate for obfuscated webshells. However, with the help of machine learning algorithms, webshells can be detected more efficiently and accurately. In this paper, we propose a new PHP webshell detection model, the NB-Opcode (naïve Bayes and opcode sequence) model, which is a combination of naïve Bayes classifiers and opcode sequences. Through experiments and analysis on a large number of samples, the experimental results show that the proposed method could effectively detect a range of webshells. Compared with the traditional webshell detection methods, this method improves the efficiency and accuracy of webshell detection. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Review

Jump to: Research

Open AccessReview
Phishing Attacks Survey: Types, Vectors, and Technical Approaches
Future Internet 2020, 12(10), 168; https://doi.org/10.3390/fi12100168 - 30 Sep 2020
Cited by 1 | Viewed by 1763
Abstract
Phishing attacks, which have existed for several decades and continue to be a major problem today, constitute a severe threat in the cyber world. Attackers are adopting multiple new and creative methods through which to conduct phishing attacks, which are growing rapidly. Therefore, [...] Read more.
Phishing attacks, which have existed for several decades and continue to be a major problem today, constitute a severe threat in the cyber world. Attackers are adopting multiple new and creative methods through which to conduct phishing attacks, which are growing rapidly. Therefore, there is a need to conduct a comprehensive review of past and current phishing approaches. In this paper, a review of the approaches used during phishing attacks is presented. This paper comprises a literature review, followed by a comprehensive examination of the characteristics of the existing classic, modern, and cutting-edge phishing attack techniques. The aims of this paper are to build awareness of phishing techniques, educate individuals about these attacks, and encourage the use of phishing prevention techniques, in addition to encouraging discourse among the professional community about this topic. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Open AccessReview
Vulnerabilities to Online Social Network Identity Deception Detection Research and Recommendations for Mitigation
Future Internet 2020, 12(9), 148; https://doi.org/10.3390/fi12090148 - 31 Aug 2020
Cited by 1 | Viewed by 1257
Abstract
Identity deception in online social networks is a pervasive problem. Ongoing research is developing methods for identity deception detection. However, the real-world efficacy of these methods is currently unknown because they have been evaluated largely through laboratory experiments. We present a review of [...] Read more.
Identity deception in online social networks is a pervasive problem. Ongoing research is developing methods for identity deception detection. However, the real-world efficacy of these methods is currently unknown because they have been evaluated largely through laboratory experiments. We present a review of representative state-of-the-art results on identity deception detection. Based on this analysis, we identify common methodological weaknesses for these approaches, and we propose recommendations that can increase their effectiveness for when they are applied in real-world environments. Full article
(This article belongs to the Special Issue Security and Privacy in Social Networks and Solutions)
Show Figures

Figure 1

Back to TopTop