TrustBook: Web of Trust Based Relationship Establishment in Online Social Networks

Existing online social networks open the doors of socialization for their users by providing a few and easy steps towards user account creation. The major drawback of this feature is that current social network providers lack mechanisms of determining the authenticity of an account. A genuine user's account can be easily forged with fake profile information. There is simply no mechanism to assign or bind any unique identity with user's account that prevents its forged clone to be created on the same network or across multiple networks. One of the intentions of creating a forged account is to deceive the social circle of an individual and compromise their privacy. Accepting a friend's request from a forged account can badly compromise the privacy of an individual. All this can occur to the victim in a very short span of time before she discovers this attack and remove the fake identity holder from her friend's list. To tackle with the issue of identity theft and determining genuine user accounts in online social networks, we present in this paper a novel and real world's trust based approach for verifying the legitimacy of online social network accounts. We propose to use a verification process that utilizes the use of OpenPGP digital certificates and the web of trust consequently formed by them. We define two stages for our secure design. In the first stage, our approach requires digital certificates to be uploaded on the social network server at the time of user account creation. These digital certificates are verified to restrict forged account creation on the same network and across other social networks. In the second stage, to establish a new connection this digital certificate is sent along with the friend request to the recipient. The recipient verifies its authenticity based on the web of trust associated with that certificate. In order to implement our solution, we developed a social network prototype i.e. Trust Book. We conducted an experiment to evaluate the performance of our work against well know social networking site i.e. Face book by launching forged account attacks on both. There were three performance metrics used in the experiment i.e. applicability, reliability and usability. The observations showed that our approach is applicable to all kinds of interaction scenarios. Also it has a good resilience against profile cloning and other kinds of security attacks including session hijacking, replay and channel jamming.