The Role Of Social Media Enhancing Authentication

Published Date: 02 Nov 2017

Networking

Contents

Abstract:

Social media is becoming a truly major part of www (World Wide Web) and internet during the last couple of years. Globally, over 1 billion people are using its services like major corporations, charities, non-governmental organizations and millions of small businesses. Moreover, it is a basic platform for number of online groups. Along with its significance, security issues are also rapidly growing. Many numbers of hackers and intruders are continuously attacking the networking sites of social media for instance face book, twitter, etc. So, social networking sites are enhancing new authentication techniques. Our research paper mainly discuss about the role of social media in enhancing better authentication techniques in order to protect their data from hacking. The proposed face book authentication techniques is demonstrated and compared with various tests to know whether it is providing high security for the user accounts or not.

Introduction

Social media is playing a significant role in various fields using by using its internet and World Wide Web facilities. More than 1000 millions of people are accessing their data via internet or networking for organizational, personal, charities, etc use. So directly or in directly all the corporate industrial world is under the control of social media. It acts as a basic platform for many online social networking groups and it also helps many organizations to publish their products, goods etc. Therefore, it is nearly equal to a private website.

Due to the advancement of social networking sites, huge numbers of problems are rising day by day among them one of the foremost is problem is security. Many people are intruding the networks and hacking the useful data in a wrong way. So, it has become a very serious issue for most of the organizations and business who are well reputed. Due to the weak authentication facility companies are losing their reputation and valuable data. It is a similar to face book or Twitter accounts because if some mass account got hacked in Face book it would totally, genuine disaster as its social media pages are entirely based on online presence.

However, this problem got noticed by the people of Face book, Twitter, LinkedIn and many other major social platforms. Even these organizations started implementing enhanced authentication techniques in order to overcome the hacking and to provide safety and security to the user accounts seriously.

Background

More recently, Twitter was handling the famous Burger King fast food chain but it was hacked by the hackers as the major havoc was present on the Burger King feed. At the same of twitter and hamburger is spilling up with technical details. By using a single password details the intruders hacked and accessed the complete details of account simply by guessing it or by using the option called forgot my password system which twitter has set up.

In any of the ways the attacked access the profile by knowing the password details, so there is a need of having high authentication. As a result Twitter is looking for new specialized programmes in order to provide enhanced two factor authentication techniques to their systems. In this aspect, Face book and Google is its biggest competitors. To order to implement the enhanced authentication to its user accounts, Twitter has introduced two factors. First one is by sending the prearranged security code details to user mobile phones or any other devices. By this user can directly set his original password and change his password easily whenever they try to access the account. This kind of implementation process is already adopted by Face book using its users Google account details.

By the painful Incident of Burger King, Twitter has learned a lesson on the other side Google has already experienced with lot many security issues in 2011 and 2012.This incidents taught a value of a strong access protection. Some of these kinds of facts are widely used in Google products and services in order to deal with large spaces of large customer data storage needs and provide good security alerts.

Google has taken up two aspects of security authentication for better accessibility and relying majorly on mixed mobile phone based login. There are various key login sequences which are selected based on authentication keys available through service provided by yotube,gmail and other key networking media of Google. There are various key hacking aspects which help the giant more insistant to creating better options in addressing key deliverable model. By considering the changing aspects of social networking sites developing a better security options, which is mostly robust and help further in improving a better protection strength based on the voluntary options. There is an clear delivery model which will address things through better security protocols. The above factor shows up better key importance in addressing the issue of social media and enhance a better authentication for implementing hacking and other deliverables. There is a strong secure access of competing social networks makig upa better development of users.

Aims and objectives:

To identify the importance of social media in various fields.

To explore the various hacking treats affecting on social media.

To evaluate and formulate various advanced authentication techniques implemented by an organization.

Literature Review

The role of social media in enhancing better Authentication procedure overcoming Hacking communication. MySpace and Facebook are among the most popular sites, and many other sites operate in a similar manner. This section discusses the basic setup for Facebook and MySpace and the ways users interact through these sites.9On traditional websites, the site’s owner typically creates content and makes it available on the Web for others to view. On social networking sites, individual users create content inside a framework provided by the site’s owner. A user logs in to an account much like logging in to an e-mail account. Each user has a unique username and password that the user selects when setting up the account. 10Most social networking sites do not verify the identity of the person creating the account.

A unique feature of social networking sites is the individual profile page. 11 This profile page is a Web page that the user maintains. Typically, profiles contain personal details, such as the user’s name, birthday, gender, current city, interests, or other identifying information.12 A picture, commonly called a "profile picture," is usually attached to the profile. Sometimes users choose to use the social network pseudonymously and do not provide accurate information or their real name on the profile An attorney seeking to introduce evidence from social networking sites must overcome the hurdle of authentication.22 The proponent must provide foundational evidence to show that the evidence in question is what the proponent claims.23 Authentication of evidence involves a two-step process. First, the court makes a preliminary determination of authenticity.

Social networking sites differ from other types of electronic evidence because users create an individual profile page. Users often fill their profile pages with individualized and distinctive content. However, the trend in the courts is to require more evidence than just a distinctive profile page to authenticate a specific posting on the site. Often, the proponent must show that a specific person authored the writing, and not just that the writing came from that person’s account. This evidence could take the form of distinctive characteristics within the specific posting itself; testimony from a witness with knowledge of the posting; process testimony, such as forensic computer evidence; or a combination of these methods. A profile on a social networking site generally contains unique content connecting it to the person who created the page, even if the user posts under a false name.

Similarly, in Tienda v. State, Texas’ highest criminal court authenticated a MySpace page not only because it contained the defendant’s name, nicknames, city, and numerous photographs; but because it also contained references to the crime, arrest, and subsequent electronic monitoring.

The court found "ample circumstantial evidence—taken as a whole with all of the individual, particular details considered in combination—to support a finding that the MySpace pages belonged to the appellant and that he created and maintained them."Courts have not authenticated evidence from profile pages or posts when they contain only general information about a witness. The distinctive characteristics allowed the jury to infer that it was unlikely that anyone else created the social networking profile or post.55 In Griffin v. State, Maryland’s highest court held that a witness’s birthday, location, photograph, and use of a nickname did not provide a foundation to authenticate the profile.

Online social networks are currently one of the most popular Internet activities, recently even eclipsing email usage. More than two-thirds of the global on-line population visit and participate in social networks, confirming its worldwide popularity. Online social networking websites leading this trend are Facebook and MySpace, with Facebook presently leading the competitors with impressive usage statistics.

The percentage of worldwide Internet users that visit Facebook is reported to be a monthly average of 32%. That amounts to almost one third of all Internet users at a given point. In comparison, MySpace attracts only a monthly average of 3%. Based on these statistics, online social networking is without question, a global phenomenon. Together with such a fast spreading activity, various concerns and risks become evident. The establishment of trust and the protection of users becomes an ongoing challenge within the online social networking environment, with the threat of misuse and privacy intrusions by malicious users illustrating this challenge.

The identities encountered within these online environments are known as Virtual Persons. This Virtual Person serves as a mask for the real underlying identity, known as the subject. This subject can be real or fabricated, and can have multiple masks through which they interact. Due to this degree of anonymity, online social network providers are tasked with maintaining a connection between the multiple users in the environment and the true identity of the individual they represent. The ability to accurately authenticate these identities requires a form of control that can map multiple users to their singular entity. The introduction of Identity Management (IDM) procedures and systems to the online environment serves as this control. In order for a trusting relationship to be formed between the users and the social networking service providers, controls and authentication procedures must be implemented to limit the occurrence of these malicious attacks. Currently, these controls are weak and the IDM procedures in place to protect users are inconclusive.

As a result of this inability of online social network providers to manage identities within this environment, users develop a lack of trust for the system and the services it provides. A more serious concern for social networking service providers is that they are continually finding themselves as targeted platforms from which sexual offenders and various other individuals, intending to defame or harm users, launch their attacks. Numerous news and web articles highlight this problem and report on the thousands of offensive users being identified and removed yearly. The personal risk associated with these types of attacks includes kidnappings, child molestation, sexual abuse, defamation and other forms of harassment and indecency. Despite the relatively recent emergence of social media platforms, they have been the focus of several studies dealing with electoral campaigning. Wells (2010) in particular notes the importance of digital media, which encompasses social media, "digital media is one of the unprecedented opportunities for new forms of engagement and action" (p. 422).

Digital media is a particularly beneficial medium for communication with a large group of people because it is a cost-free way to engage with a very large and interested audience. Furthermore, with the combination of text, audio, and video, social media allows political parties to provide more information to their constituents at once, (Ward, 2011). Social media’s role in electoral campaigns has shown to be just as important as it is in traditional marketing and advertising campaigns, "…the social web is ripe with opportunities for candidates and office holders alike to connect with voters, foster transparency, and even spar with opponents in the same way they have been in the traditional media for hundreds of years" (Silverman, 2010). Ellison, Lampe and Steinfeld (2007) suggest that a candidate’s image on social media is probably authentic because the information on social media can be verified offline, expressing the assumption that candidate images in social media are authentic. Similarly, Reynolds (2011) advises politicians to "maintain transparency and authenticity" and to "make sure the posts are in the candidate’s voice." Facebook’s US Politics App page gives candidates the advice to be authentic, writing "in an ideal world, the candidate will from time to time post to Facebook himself or herself. Nothing beats having people hear directly from the candidate" (Liptak, 2011). As campaign experts and academics alike argue for the importance of authenticity in campaigns, it is of interest to discover how authenticity plays a role in electoral political campaigns. The issue is addressed in this research with the following research question:

Trust forms one of the most highly regarded human values and contributes to the basic pre-conditions when users adopt electronic based interactions. The principles of trust evident in user relationships within online social networks must be explored to understand and define the expectations and requirements of online users within this online environment. A. Trust and Online Social Networking Trust can be defined as the willingness of an individual to be vulnerable to the actions of another individual, based on the expectation that the other will perform a particular action. This acceptance of vulnerability and risk is irrespective of the ability to monitor or control the behaviour exhibited by the other party involved.

Another view defines trust as a mental phenomenon that occurs within social contexts and applies to both online and offline environments. Evidence that trust depends on previous experiences and not only on onetime interactions adds to the social context that trust develops gradually through interactions the user’s identity is static in all the transaction sessions, which may leak some information about that user and can create risk of ID-theft during the message transmission over an insecure channel. To overcome this risk, Das et al. proposed a dynamic IDbased remote user authentication scheme. Their scheme is novel, because dynamic identity for each transaction session can avoid the risk of id-theft or impersonation. Their scheme was based on one way hash functions and user can freely choose and change passwords without any hassle. Das et al. claimed that their scheme is secured against replay, forgery, guessing, insider, and stolen verifier attacks. Unfortunately, later on, some researchers revealed that their scheme is not as much secured as they claimed and has some drawbacks.

First, Awashti identified that Das et al.’s scheme is completely insecure and works like an open channel. Awashti also concluded that Das et al’s scheme does not full fill the basic needs of

authentication schemes. Later on, Chien and Chen pointed out that Das et al.’s scheme failed to protect the anonymity of a user and then proposed an improved remote authentication

scheme, which preserves user anonymity.

Liao et al. also analyzed the security of Das et al.’s scheme and showed that their scheme is vulnerable to guessing attack and does not provide mutual authentication. To overcome the security pitfalls of Das et al.’s scheme, Liao et al. proposed an enhancement to cope with the aforementioned security flaws. However, later on, Misbahuddin and Bindu identified that the security patch of Liao et al. is still not secure and their scheme cannot withstand impersonation attack, reflection attack and is completely insecure as a user can successfully log on to a remote system with a random password.

Afterward, Liao and Wang presented a dynamic ID-based remote user authentication scheme for multi-server environment. Their scheme attempts to preserve user’s anonymity and uses simple hash functions. Liao and Wang claimed that their scheme achieves mutual authentication and provides session key agreement. Later on, Hsiang and Shih identified that Liao and Wang’s scheme is vulnerable to insider’s attack, masquerade attack, server spoofing attack, registration center spoofing attack and is not reparable.

More recently, Wang et al. showed that Das et al.’s scheme is completely insecure for its independence of using passwords, does not provide mutual authentication, and cannot resist fakeserver attack. Wang et al. proved that Das et al.’s scheme performs only unilateral authentication (only client authentication) and remote user has no information about the authenticity of the remote authentication system, thus Das el al.’s scheme is susceptible to the server spoofing attack. Wang et al. then proposed a dynamic ID based remote user authentication scheme and claimed that their scheme is more efficient and secure than Das et al.’s scheme. However, in this paper, firstly, we show that Wang et al.’s scheme suffers from attacks and have some practical security pitfalls. Moreover, we discuss that their scheme has weaknesses and is insecure, inefficient, and infeasible for implementation in the real environment. To overcome the security flaws of Wang et al.’s scheme, we propose an improved dynamic ID-based remote user authentication scheme which provides the missing security provisions that are necessary for a practical and real-life smart card-based authentication scheme

Research Methodology

Today, many Web services are playing more significant role in various services in both privatize and government sectors. For instance, online social networks (OSN’s) were having a fastest growth on web services with a huge user base as well as attracting services for malicious attacks. Facebook is most successful social network around the world along with more than 900 million users during 2012. Facebook is facilitating various services to share more data in online with feasible and comfortable experience. Due to these reasons, OSN’s become a target for the internet miscreants, who are the credentials to attack in both technical and social-engineering.

Many studies are stated that underground traditional economics were reallocated their focus to steal the credit card numbers to social network profiles that which are compromised and having cost-effective. Recent research saying that the huge majority of malicious accounts are not a fake profiles that was created by hackers in social networking. In addition, Facebook is phishing the attacks by using of compromised profiles in order to steal personal information.

The standard procedure that is using to overcome attacks in various services such online banking, and recently Google services were adapted to the two-factor authentication method. In this method, the user can be classified into two separate parts to authenticate and is having very less risk from the attackers. Classically, the two factors are having something information from the users like passwords and something from user processes like hardware signs. This hardware signs are not convenient for users, because it is not always carry with them, more precious to deploy them.

In 2011, Facebook launched the Social Authentication (SA) which works based on second authentication factor on personal information of users. It can avoid the attacks from the hacker’s and cannot divulge the information of users. Another method, which is working based on password, Facebook deems to show the seven users of their friends and ask the question like "identify them". SA works as more user-friendly and practical, such:

(i) Facebook users must recognize the photos of people while login,

(ii) This research was identified that susceptible nature of SA and practical drawbacks are enabling to attackers to hack the Facebook’s SA.

To overcome this problem, users should have aware about their circle. Facebook won’t allow to the friends and family users because it can facilitate to hack easily. The main perception of this study is that any unknown person who can steal the information about the user’s password can get enough data to conquer the SA authentication method.

Analysis:

Here, we conducted various experiments to avoid the attacks to SA system while those having some information. The aim objective of this research is to design and implementation of automated, modular systems that can overcome Facebook’s SA procedures. The common principle approaches of this research is to allow to expand and allocated to any image based SA system. Primarily, we gathered victim’s friend’s photos from his Profile.

We chose to the victim who is in public accessible portion and social graph, and electively performing activities which helps to us to monitor friendship requests to the victim. Next process is to gather the photos by using face detection and an appropriate software that modelled in facial model. Then, hacker can get knowledge about the victim’s friends. However, we can defeat the challenges in SA by attaining accurate facial models of Victim’s friends. We also identified the described friends and given accurate answers while we started SA test. Initially, we found that attack was affected only for Facebook users that abscond from their friends list and distributed to the photos that can access in public portion.

As per Dey R (2012), the 47percent of Facebook users are using default settings to respond friend’s requests. But, hacker is always trying to make a friendship with the victims to collect their personal information. These actions may attain the 90% of success rate that the way, the group of susceptible users may achieve up to 84% of the population in the Facebook.

Our experiment states that the 71% of Facebook users are having one publicly-accessible photo albums. In the same way, hacker has more chances to access by using online friendship requests, and to profiles with private photo albums. For instance, User A photos are secured from public view and A does not accept friend requests from unknown persons, but B have an A’s photo. If B profile is in public portion then hackers can easily attain the A’s information. The major purpose of OSN’s such as Facebook, make it is very difficult to maintain their personal data and so there are many threats raised against SA.

We found that every user is losing at least 42percent of personal information from tagged friends who are the main credentials to build SA challenges. We also implemented SA breaker which is powered by face recognition module, solves 22percent of the real SA tests in Facebook and each test is taking less than 60 seconds. These module will provide a significant advantage to hacker it solves 70 percent of test. 55 percent token tests. Finally, we obtained this information in real-world conditions through the publicly portion information that can access by anyone i.e. nobody can send friend request to the victims or to their friends to attain the photos. Moreover, this demonstration has prepared within the exploited attack surface victims or one of the users from friends list, and accepting friend requests from the hackers, which is an accurate possibilities to attack. Many recent studies are providing a proper analysis of social authentication techniques against hacker around the victim’s online social circle. We already expanded that authentication method and practiced that can identify any attacks from hackers either inside or outside of victim circle. Finally, we strongly recommended that Facebook need to reconstruct their threats model and re-examine to their security method. The following are some key contributes of this study, such:

•We regulated and expanded to the previous work, as follows:

1. The probability of identifying to the people’s faces through Facebook photos,

2. This systematization can facilitates the conditions to determine an attack that can affected to Facebook’s SA mechanism, while maintaining the statement of their threat model.

• We recommended black-box security analysis of Facebook’s SA authentication process and noted that its weakness when it act as the second factor of existing two-factor authentication methods,

• We intended and implemented an automated, modular system that influences face detection and identified to break Facebook’s SA effectively. Hence, we evaluated that flexibility of such attacks in large scale.

• We demonstrated that face recognition services in publicly available users which can easily access and accurate alternative to structure face recognition system.

• We also exposed that how Facebook’s SA method can be modified while users can believe that as a second authentication factor.

Conclusion:

Social media is providing many facilities to the human kind in various ways in different situations. Due to its advancement some people are hacking and stealing the data in a wrong way. So, there is a necessity to adopt enhanced authentication techniques in order to safeguard the information of user’ account. This research paper has demonstrated some of the significant importance of social media and authentication techniques. Moreover it concludes that organization is adopting various authentication techniques in order to provide safe and secure information to the user’s account. To explain these criteria, a face book proposed security methods are taken and compared the given methods with tests and concluded that using this methods one can easily protect their data from intruding. Thus, finally concludes that social media is playing a significant role in enhancing an improved authentication technique in order to overcome the hacking.