社交網站安全且有效率之用戶隱私保護機制

Secure and Efficient User Privacy Protection Mechanisms for Social Network Sites

10.29767/ECS.201209.0002

黃筱鈞(Hsiao-Chun Huang)；莊文勝(Wen-Shenq Juang)

用戶隱私 ； 社交網站 ； 隱私風險 ； 分類授權 ； user privacy ； social networking sites ； privacy risks ； classified authorization

Electronic Commerce Studies

10卷3期（2012 / 09 / 30）

257 - 267

繁體中文

社交網站，諸如Facebook、MySpace，目前已成為人們與他人互相分享個人生活細節與獲得知識的主要地方，但使用者通常沒有查覺自己在社交網站上留下許多自己與朋友的個人隱私資料。而一般社交網站的隱私設定又不足以保護使用者的隱私資料，其可能使使用者的隱私資料被惡意人士獲得，進一步造成使用者隱私侵害。為了解決這些問題，陸續有相關方案被提出，諸如：Privacy-by-proxy、FaceCloak、Privacy Watch…等，但我們發現這些方案皆有相對的缺點。為了解決這些缺點，我們提出一個社交網站使用者隱私保護方案，讓使用者的隱私資料無法被其他未授權的使用者、社交網站、社交網站中的應用程式或惡意人士取得。我們將使用者的真實隱私資料以假資料替換提交至社交網站，並將使用者的真實隱私資料加密並傳送至第三方伺服器，當獲得使用者授權的朋友瀏覽其隱私資料時，再藉由外掛程式將加密資料解密，並替換社交網站上之假資料。另外我們使用單向雜湊函數運算讓瀏覽者能夠分辨社交網站傳來的資料真偽，且利用比較時戳時間的方式減少不必要的資料分辨，以提昇整體效率。

Social networking sites, such as Facebook and MySpace, have become highly popular to share information with friends and get knowledge from others in recent years. In general, users may leave their personal information on social networking sites. This privacy information may be gotten by some malicious person and cause some privacy problems. For solving these problems, although some privacy enhanced schemes have been proposed, such as: Privacy-by-proxy, FaceCloak, Privacy Watch, etc, we find that there still exist some drawbacks in these schemes. For solving all these drawbacks, we propose a user privacy protection scheme for social network sites. Our scheme can protect users' online privacy by using fake data to replace real privacy data, submitting the fake data to social networking sites, and storing the encrypted real privacy data on the third party server. Only the authorized friend can get the real privacy information of the user in our proposed scheme. For enhancing the efficiency of discarding the fake data from the Facebook, we use low-cost one-way hash functions and the timestamp technique in our proposed scheme.

1. National Institute of Standards and Technologies. (1995). Secure Hash Standard, Federal Information Processing Standards, Publication FIPS-180-1.
2. Nick Gonzalez. (2010). Global Audience. Retrieved from: http://www.checkfacebook.com/
3. Aimeur, E.,Gambs, S.,Ho, A.(2010).Towards a Privacy-Enhanced Social Networking Site.IEEE International Conference on Availability, Reliability and Security
4. Debatin, B.,Lovejoy, J. P.,Horn, A. K.,Hughes, B. N.(2009).Facebook and online privacy: Attitudes, behaviors, and unintended consequences.Journal of Computer-Mediated Communication,15(1),83-108.
5. Felt, A.,Evans, D.(2008).Privacy Protection for Social Networking APIs.Web 2.0 Security and Privacy,Oakland, CA.:
6. Gross, R.,Acquisti, A.(2005).Information Revelation and Privacy in Online Social Networks.ACM workshop on privacy in the electronic society
7. Luo, W.,Xie, Q.,Hengartner, U.(2009).FaceCloak: an Architecture for User Privacy on Social Networking Sites.IEEE Privacy, Security, Risk and Trus
8. Raji, F.,Miri, A.,Jazi, M. D.,Malek, B.(2011).Online Social Network with Flexible and Dynamic Privacy Policies.IEEE Computer Science and Software Engineering (CSSE)

1. 劉育成(2018)。隱私不再？－以身體與訊息作為隱私概念雙重性的社會實作理論觀點探究。資訊社會研究，35，87-123。
2. (2017)。大數據產業的資料隱私問題與對策。產業與管理論壇，19(1)，28-51。