IJRIT International Journal of Research in Information Technology, Volume 2, Issue 3, March 2014, Pg: 571-576

International Journal of Research in Information Technology (IJRIT) www.ijrit.com

ISSN 2001-5569

Proxy-based Security Mechanism for Social Networking Site Prof.Harish Barapatre, Atharv Paranjpe & Girish More Dept. of Computer Engineering (Y.T.I.E.T.) Chandhai,Bhivpuri Road,India. [email protected] , [email protected] , [email protected]

Abstract In the past few years, social networking websites such as Facebook and Myspace become very popular. The usage rage of social networking websites even exceeds that of Google. Followed by the popularity is many potential networking threats. How to prevent and improve these threats to avoid their expansion has become a major challenge. This paper categorizes social networking websites into three main structures: The social network (SN), the network application service (NAS) and the communication interface (CI). We propose a real-time website security protection mechanism based on the concept of proxy. The client side transmits information to the social networking website through proxy. The main function of the proxy is to detect and determine the security threats of the website. These threats include web-based malware, phishing websites and malicious connection.

I. INTRODUCTION All of the user’s personal information is stored in the Facebook social networking website. Due to high usage rate, it became the target of networking attacks. For example, after the user registers successfully, some personal data is displayed by default, including name, pictures, birthday, contact information, gender, political orientation, religion, personal interests and educational background. As long as the user enters complete and accurate information, all other users in the website can see these information. Hackers can take advantage of this information to conduct social engineering, junk mail or even telecom fraud. To overcome the above threats we introduced new technology i.e. proxy server. In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems. Today, most proxies are web proxies, facilitating access to content on the World Wide Web.

Prof.Harish Barapatre, IJRIT

571

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 3, March 2014, Pg: 571-576

II. SYSTEM OVERVIEW

Fig 1. Proxy server working diagram Fig 1 represents the process of the entire service. It consists of five steps:

1. User use browser to request for visiting webpage. 2. Instead of crawling the desired webpage, browser redirect the request to the proxy. 3. Proxy sends the URL to online webpage analysis service [6-10] which will then download the web content for security scan. 4. Relate online webpage service and local scanning result. Store the comparative analysis result into the database. Add the URL to blacklist and respond warning message to the user, if it potential threat exists. 5. When any user request to browse the same webpage later on, proxy will send warning message to the user directly according the black list.

Fig 2 flowchart of proxy server process

Prof.Harish Barapatre, IJRIT

572

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 3, March 2014, Pg: 571-576

III. SYSTEM ANALYSIS 5.1 . Analysis Through Website Functionality

TABLE I compares the potential threats and website functionality. With this information, we can analyze which website functionality is most likely to bring security threat.

1) SNS: The main functionality of SNS is to establish social network or interactive relationship for people who have the same interests and activities. These services are usually based on the internet. They offer various kinds of vinculum and interaction channels such as email and instant messaging services. 2) NAS: Social networking provider offer transmission and network interaction services to the users. For example, community, fans community, psychological test and interactive web games… etc. 3) CI: Social networking provider offer platforms for user interaction and communication.

5.2. Analysis through the Core Principles of Information Security TABLE II: SECURITY PROBLEMS OF SOCIAL NETWORKING WEBSITE AND THEIR RELATIONSHIP TO THE CIA TRIAD

1) Confidentiality: This triat is to prevent information from being accessed by unauthorized individual, entity or procedure. In terms of social networking website, confidentiality means user privacy. How to protect personal data from being accessed by

Prof.Harish Barapatre, IJRIT

573

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 3, March 2014, Pg: 571-576

unauthorized person is an important issue. Using access control can achieve clear-cut information revealing. Actually, through access control, one can segment the read and publish objects.

2) Integrity: This triat protects data from being tampered to ensure true, accurate and complete data. User identity and data must be protected from unauthorized modification or alteration. In fact, falsified account and person is not uncommon in social networking website. This could lead to security breach. Therefore, registration approval and the secrecy of login data are important and deservedfurther investigation.

3) Availability: This is defined as the property of data being accessible and useable by authorized individuals upon request [13]. Some professional tools of the social networking website help users to develop their business or career. Therefore, user published data must be available continuously. Other than offering data accessibility, the system must ensure the data availability after message exchange between members.

C. Protection Investigation Through the analysis results, we suggest the following methods to enhance the security of social networking website for both of the client side and the official server side. 1) Client side 1. Social Engineering: Use fake Facebook account to notify the members that for security reasons, users need to reset their account, or to open malicious email attachment to reset their account. 2. Refer to personal privacy protection programs and solutions offered by scholars such as Faceloak [1], NOYB [2], FlyByNight [3] …, etc.. 3. Make sure each other’s identify before adding to friend list. This can avoid personal data stolen by hacker with bogus identity 4. Avoid revealing too much personal information when conducting psychological tests. 5. Purchase virtual currency through legal channel. 6. Cautiously review fans groups and communities before joining them. 7. Carefully check every application before installation. 2) Official server side 1. Use https or SSL for user login. This can prevent login information being intercepted due to plain text transmission. 2. Strengthen the verification of application service developer’s identity and their software security. 3. Conduct periodical security auditing to game developing vendors to avoid user information leakage from the game developing vendors. 4. Use secured channel to transmit data between servers.

IV. SCANNING PROCESS This paper proposes a concept of using cloud computing to construct real-time webpage security scanning module. The infrastructure shown in Fig. 2 uses proxy to collect many online anti-virus and online webpage security scanning services. In addition it combines webpage scanning software to simultaneously scan the webpage security of which user is about to browse.

Prof.Harish Barapatre, IJRIT

574

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 3, March 2014, Pg: 571-576

The scanning result is stored in the black list if the webpage is threatening. The black list is used to raise warning whenever the user wants to browse the webpage in the list. Pros and Cons

The pros and cons of proposed real-time webpage scanning service are listed in TABLE III.

Bassically we are giving security to user in chatting system.because usually in chat hacker can make his move and hack the users data.

Fig 3 Code for chat system

Fig 4 Scapshot of Socail networking site

Prof.Harish Barapatre, IJRIT

575

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 3, March 2014, Pg: 571-576

V. CONCLUSION This paper proposes the current information security threats that may encountered by social networking website such as our BuddyNet. We conduct cross analysis of these threats with the service infrastructure of social networking website and the CIA triad. We also propose suggestions and improvement solutions for both of the user and the official website. Back to the reality, the most important issue for internet security is highly rely on the correct habit of browsing the internet. Therefore, we would like to reinforce the information security concept for all of the users using social networking websites. Finally, we introduce the concept of webpage security scanning service through proxy server to provide internet users a more secured networking environment.

ACKNOWLEDGMENT We are immensely obliged to Prof. Harish Barapatre sir for his immense support for the project and for his guidance and supervision. It has indeed been a fulfilling experience for working out this project report. Lastly, we thank almighty & our parents, for their constant encouragement without which this project would not be possible.

REFERENCES 1] Internet Information Server 4 and Proxy Server 2 24seven (24Seven) by Stigler, Linsenbardt.Sybex International. Paperback- 1 September, 1999 2] MCSE Exam Notes: Proxy Server 2 (MCSE Exam Notes) by Richardson, Todd Lammle.Sybex International. Paperback- 1 October, 1998 3] MCSE: Implementing and Supporting Microsoft Proxy Server 2.0 (MCSE) by Steve Clark.Prentice Hall. PaperbackSeptember 1999 4] MCSE Proxy Server 2 by Ed Tittel.Coriolis Group. Paperback- 15 June, 1998 5] www.wikipedia.com 6] https://www.w3school.com 7] www.ask.com 8] Acquisti, Alessandro, and Gross, Ralph. (2006). Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook.In Golle, P. and Danezis, G. (Eds.), Proceedings of 6th Workshop on Privacy Enhancing Technologies.

Prof.Harish Barapatre, IJRIT

576

Proxy-based Security Mechanism for Social ...

Proxies were invented to add structure and encapsulation to distributed systems. Today ... This paper proposes a concept of using cloud computing to construct ...

1MB Sizes 0 Downloads 128 Views

Recommend Documents

Istvan_Deisenhofer_2001_Structural Mechanism for Statin Inhibition ...
Istvan_Deisenhofer_2001_Structural Mechanism for Statin Inhibition of HMG-CoA Reductase.pdf. Istvan_Deisenhofer_2001_Structural Mechanism for Statin ...

social security law.pdf
Sign in. Loading… Page 1. Whoops! There was a problem loading more pages. social security law.pdf. social security law.pdf. Open. Extract. Open with. Sign In.

Social Security, Treasury target Americans for their ... -
Apr 11, 2014 - incurred by their parents, some dating back to more than a decade. This process has been ongoing since 2011, when a revision in the farm bill passed by Congress removed the 10-tear statute of limitations on debts owed to the United Sta

Extension education for social security of communities.pdf ...
Extension education for social security of communities.pdf. Extension education for social security of communities.pdf. Open. Extract. Open with. Sign In.

DO LATE-CAREER WAGES BOOST SOCIAL SECURITY MORE FOR ...
Nov 13, 2016 - Any worker who delays claiming Social Security receives a larger monthly benefit due to the actuarial adjustment. Some claimants – particularly women, who are more likely to take time out of the labor force early in their careers –

Special Benefits for World War II Veterans - Social Security
The email address is. [email protected]. .... may conduct your benefit review by mail. For both types of .... we offer many automated services by telephone, 24 ...

Ticket to Work Employment Resources for Veterans ... - Social Security
OJRV helps prepare service members, veterans, military spouses and ... our Veterans Employment and Transition Seminar, which is a free, week-long seminar that .... Learn more about Ticket to Work and visit socialsecurity.gov/work, call ...

Protection and Advocacy for Beneficiaries of Social Security (PABSS)
Forest, Greene, Huntingdon, Indiana, Jefferson, Lawrence, McKean,. Mercer, Somerset, Venango, Warren, Washington, Westmoreland. Central & Northeastern ...

Social Simulations for Border Security - Krasnow Institute - George ...
used open-source data on border security forces and smuggling organizations, replicating for 2009 the .... and buyers are; can share information with other gateway organizations, and is responsible for recruiting ... on a database of phone records of

Supplemental Security Income (SSI) in Vermont - Social Security
The most convenient way to contact us anytime, anywhere is to visit ... Call us toll-free at 1-800-772-1213 or at our TTY number, 1-800-325-0778, if you're deaf ...

Knowledge Delivery Mechanism for Autonomic Overlay Network ...
Jun 19, 2009 - KBN broker, termed the Trigger Broker. The Trigger Broker receives incoming subscriptions from the policy server. (dynamically derived from its policy set) and stores these in a local subscription table. When management state (event) m

Structural mechanism for ubiquitinated-cargo ...
Feb 15, 2005 - binding to their GAT [GGA and TOM (target of Myb)] domain. Here we report the crystal structure of the GAT domain of human GGA3 in a 1:1 ...

Steptacular: an incentive mechanism for ... - Stanford University
system, and an improvement in the average steps per user per day. The obvious hypothesis is the .... Cloud (EC2) as an extra large instance. It comprised of a.