Privacy Concerns of FOAF-Based Linked Data
14
Copyright 2009 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.i e Privacy Concerns of FOAF-Based Linked Data Peyman Nasirifard, Michael Hausenblas and Stefan Decker Trust and Privacy on the Social and Semantic Web The 6th Annual European Semantic Web Conference (ESWC2009) Heraklion, Greece June 1st 2009
description
Privacy Concerns of FOAF-Based Linked Data. Peyman Nasirifard, Michael Hausenblas and Stefan Decker Trust and Privacy on the Social and Semantic Web The 6th Annual European Semantic Web Conference (ESWC2009) Heraklion, Greece June 1st 2009. Agenda. Spam Spam fighting Context-aware Spam - PowerPoint PPT Presentation
Transcript of Privacy Concerns of FOAF-Based Linked Data
Copyright 2009 Digital Enterprise Research Institute. All rights reserved.
Digital Enterprise Research Institute www.deri.ie
Privacy Concerns of FOAF-Based Linked Data
Peyman Nasirifard, Michael Hausenblas and Stefan Decker
Trust and Privacy on the Social and Semantic WebThe 6th Annual European Semantic Web Conference (ESWC2009)
Heraklion, GreeceJune 1st 2009
Digital Enterprise Research Institute www.deri.ie
Agenda
Spam Spam fighting Context-aware Spam FOAF and Context-aware Spam Scenario Discussions Possible Solutions Conclusion
Digital Enterprise Research Institute www.deri.ie
Spam
We all know those unwanted emails Congratulations! You have won the national Lottery. Our company wants to hire you Save upto 50% ...
97% Of all email is Spam [4] Spam produces 17 million tons of CO2 [3] A study into spam has blamed it for the
production of more than 33bn kilowatt-hours of energy every year, enough to power more than 2.4m homes [3]
Digital Enterprise Research Institute www.deri.ie
Efforts Against Spam
In 2004, Bill Gates promised a world without SPAM by 2006 [1] Bill Gates receives 4 million SPAM per day [2] Now it is 2009 and we receice lots of SPAM
Spam Fighting CAPTCHA Email Hider (e.g., tinymail) Email Icon Generators
But some spammers hire people to circumvent above techniques [5]
Digital Enterprise Research Institute www.deri.ie
Spam vs. Context-Aware Spam
Spam Please buy our product
Context-aware Spam Your friend (Tim Berners-Lee) is using our product and
he recommends it to you Context-aware Spam has high click-through rate,
as it looks more realistic and relevant More CO2 More Time More overhead Possibility for spreading malicious links
Digital Enterprise Research Institute www.deri.ie
Semantic Web and Spam
Publicly-available structured data help spammers FOAF: Structured data for social networks
Friends Interests Contact details
Honest information is what spammers are looking for!
We create FOAF profiles taking into account that they are used by „machines“ Machines are cool, but what about spammers?
Digital Enterprise Research Institute www.deri.ie
Scenario
Cookbook: Context-aware Spam using FOAF Ingredients
– A Common search engine – A RDF parser– A bit HTML parsing and hacking techniques
Recipe: It is a recursive method (see the paper for details)
– Find FOAF profile of the seed– Get SHA1 and friends list
– Find potential emails of the seed– Use HTML parsing techniques (see the paper)– Use SHA1 hash code of the email
– Based on the granularities of the information, send suitable spam using suitable SMTP server
Result: Our seed clicked the link!
Digital Enterprise Research Institute www.deri.ie
Digital Enterprise Research Institute www.deri.ie
Our Technician Took It Serious!
Hi, all.I have just received a worrying-looking piece of spam. It seemed to come from another DERI member and contained a link to the ESWC2009 website.
It is highly likely that someone has hacked into the ESWC2009 website and is using it to send emails with links to an infected page on the same site.
Until further notice, please do not click on any links pointing to eswc2009.org, especially if these have been sent to you via email.
STI2 are investigating the situation. We will keep you informed.
Digital Enterprise Research Institute www.deri.ie
FOAF vs. Online Social Network
Finding users’ email from online social networks could be very difficult
Crawling heterogeneous and highly customizable social networks (e.g. MySpace) offers a huge overhead for spammers
Someone may generate fake user profiles with incomplete names within online social networks, whereas FOAF is considered to be “reliable”, as they are hosted on personal homepages and/or automatically generated from reliable data.
Digital Enterprise Research Institute www.deri.ie
Possible Solutions
Digital Signatures Could obstacle some sort of Context-aware Spam, but not all. Our Survey showed that even „professional“ users do not use
DS regularly Do you use it?
Looking at email headers (e.g., RFC 4408) Only technicians are potentially familiar with that Free public SMTP servers are still vulnerable
Remove SHA1 hashcode from FOAF Could lead to malfunctioning of inverse functional property
Use various hashing functions within FOAF Make it more difficult for spammers, but feasible
Mask person‘s name and/or friends‘ name and/or interests Then why FOAF?
Digital Enterprise Research Institute www.deri.ie
Conclusion
We presented how FOAF profiles can be used by a spammer
FOAF could lead to prodcuing more CO2 by making spam more intelligent
Think twice before putting much information in your publicly-available FOAF profiles
We presented some solutions that could obstacle context-aware spam partially
Digital Enterprise Research Institute www.deri.ie
References
[1] http://www.cbsnews.com/stories/2004/01/24/tech/main595595.shtml [2] http://db.tidbits.com/article/7911 [3] http://news.bbc.co.uk/2/hi/technology/8001749.stm [4] http://news.bbc.co.uk/2/hi/technology/7988579.stm [5] http://www.ibm.com/developerworks/web/library/wa-realweb10/ [6] Image sources: http://www.unstoppable-fat-loss.com/ and
http://www.peternjenga.com/blogs/greenkenya/pollution/air-pollution-in-kenya-both-urban-and-rural/
Digital Enterprise Research Institute www.deri.ie
Thank You!
Q and A
