TY - GEN
T1 - Social authentication
T2 - 16th International Conference on Financial Cryptography and Data Security, FC 2012
AU - Kim, Hyoungshick
AU - Tang, John
AU - Anderson, Ross
PY - 2012
Y1 - 2012
N2 - A number of web service firms have started to authenticate users via their social knowledge, such as whether they can identify friends from photos. We investigate attacks on such schemes. First, attackers often know a lot about their targets; most people seek to keep sensitive information private from others in their social circle. Against close enemies, social authentication is much less effective. We formally quantify the potential risk of these threats. Second, when photos are used, there is a growing vulnerability to face-recognition algorithms, which are improving all the time. Network analysis can identify hard challenge questions, or tell a social network operator which users could safely use social authentication; but it could make a big difference if photos weren't shared with friends of friends by default. This poses a dilemma for operators: will they tighten their privacy default settings, or will the improvement in security cost too much revenue?
AB - A number of web service firms have started to authenticate users via their social knowledge, such as whether they can identify friends from photos. We investigate attacks on such schemes. First, attackers often know a lot about their targets; most people seek to keep sensitive information private from others in their social circle. Against close enemies, social authentication is much less effective. We formally quantify the potential risk of these threats. Second, when photos are used, there is a growing vulnerability to face-recognition algorithms, which are improving all the time. Network analysis can identify hard challenge questions, or tell a social network operator which users could safely use social authentication; but it could make a big difference if photos weren't shared with friends of friends by default. This poses a dilemma for operators: will they tighten their privacy default settings, or will the improvement in security cost too much revenue?
UR - https://www.scopus.com/pages/publications/84865829135
U2 - 10.1007/978-3-642-32946-3_1
DO - 10.1007/978-3-642-32946-3_1
M3 - Conference contribution
AN - SCOPUS:84865829135
SN - 9783642329456
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 1
EP - 15
BT - Financial Cryptography and Data Security - 16th International Conference, FC 2012, Revised Selected Papers
Y2 - 27 February 2012 through 2 March 2012
ER -