Abstract Online social media networks have revolutionized the way information is shared across our societies and around the world. Information is now delivered for free to a large audience within a short period of time. Anyone can publish news and information and become a content creator over the internet. However, along with these benefits is the privacy issue that raises a serious concern due to incidences of privacy breaches in Online Social Networks (OSNs). Various projects have been developed to protect users’ privacy in OSNs. This paper discusses those projects and analysestheir pros and cons. Then it proposes a new cloud-based model to shield up OSNs users against unauthorized disclosure of their private data. The model supports both trusted (private) as well as untrusted (3rd party) clouds. An efficiency analysis is provided at the end to show that the proposed model offers a lot of improvements over existing ones.

References

[1] Albertini D. and Carminati B., “Relationship- Based Information Sharing in Cloud-Based Decentralized Social Networks,” in Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, Texas, pp. 297-304, 2014.

[2] APUZZO M., “What's the problem with PRISM?,” https://www.yahoo.com/news/whats-p roblem-prism-203441280.html, Last Visited, 2013.

[3] Auwal S., Faisal S., Yusuf I., Altun H., Kaiiali M., and Wazan A., “Cloud-Based Online Social Network,” in Proceedings of the International Conference on Electronics, Computer and Computation, Ankara, pp. 289-292, 2013.

[4] BBC Technology News, “Twitter: Hackers target 250,000 users,” http://www.bbc.co.uk/news/ technology-21304049, Last Visited, 2013.

[5] Boneh D., Gentry C., and Waters B., “Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys,” in Proceedings of Advances in Cryptology-CRYPTO, California, pp. 258-275, 2005.

[6] Delerablée C., “Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys,” in Proceedings of Advances in Cryptology-ASIACRYPT, Kuching, pp. 200-215, 2007.

[7] Douglas N., “Facebook Employees Know What Profiles you Look at,” GAWKER, http://gawker.com/315901/facebook-employees- know-what-profiles-you-look-at, Last Visited, 2007.

[8] Elgamal T., “A Public Key Cryptosystem and A Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory, vol. 31, no. 4, pp. 469-472, 1985.

[9] Gan D. and Jenkins L., “Social Networking Privacy-Who's Stalking You?,” Future Internet, vol. 7, no. 1, pp. 67-93, 2015.

[10] Gentry C. and Waters B., “Adaptive Security in Broadcast Encryption Systems,” Advances in Cryptology-EUROCRYPT, Cologne, pp. 171- 188, 2009.

[11] Guha S., Tang K., and Francis P., “NOYB: Privacy in Online Social Networks,” in Proceedings of the 1st workshop on Online Social Networks, ACM, Seattle, pp. 49-54, 2008.

[12] Hajli N. and Lin X., “Exploring the Security of Information Sharing on Social Networking Sites: The Role of Perceived Control of Information,” Journal of Business Ethics, vol. 133, no. 1, pp. 111-123, 2016.

[13] Jagatic T., Johnson N., Jakobsson M., and Menczer F., “Social Phishing,” Communications of the ACM, vol. 50, no. 10, pp. 94-100, 2007.

[14] Jansen W. and Grance T., “SP 800-144. Guidelines on Security and Privacy in Public Cloud Computing,” Technical Report, National Institute of Standards and Technology, 2011.

[15] Kleinman A., “Facebook Bug Exposed Email Addresses, Phone Numbers of 6 Million Users,” http://www.huffingtonpost.com/2013/06/21/faceb ook-bug_n_3480739.html, Last Visited, 2013.

[16] Lucas M. and Borisov N., “Flybynight: Mitigating the Privacy Risks of Social Networking,” in Proceedings of the 7th ACM workshop on Privacy in the Electronic Society, Virginia, pp. 1-8, 2008.

[17] Luo W., Xie Q., and Hengartner U., “FaceCloak: An Architecture for User Privacy on Social Networking Sites,” in Proceedings of the 12th International Conference on Computational Science and Engineering, Vancouver, pp. 26-33, 2009.

[18] Muhammad Y., Kaiiali M., Habbal A., Wazan A., and Ilyasu A., “A Secure Data Outsourcing Scheme Based on Asmuth-Bloom Secret Sharing,” Enterprise Information Systems, vol. 10, no. 9, pp. 1001-1023, 2016.

[19] Narendula R., Papaioannou T., and Aberer K., “My3: A Highly-Available P2P-Based Online Social Network,” in Proceedings of IEEE 888 The International Arab Journal of Information Technology, Vol. 16, No. 5, September 2019 International Conference on Peer-to-Peer Computing, Kyoto, pp. 166-167, 2011.

[20] Sakai R. and Furukawa J., “Identity-Based Broadcast Encryption,” IACR Cryptology ePrint Archive, pp. 217, 2007.

[21] Sakthivel A., “Enhancing Cloud Security Based 2Q *URXS 6LJQDWXUH´The International Arab Journal of Information Technology, vol. 14, no. 6, pp. 923-929, 2017.

[22] The Statistics Portal, “Most famous social QHWZRUN VLWHV ZRUOGZLGH´ https://www.statista.com/ statistics/272014/global-social-networks-ranked- by-number-of-users, Last Visited, 2017.

[23] Tsukayama H., “Facebook privacy: Users should check these settings as new changes roll out,” http://wapo.st/1gwtcqs, Last Visited, 2013.

[24] Vixie P., Thomson S., Rekhter Y., and Bound J., “Dynamic Updates in the Domain Name System (DNS UPDATE),” RFC 2136, April 1997, http://www.rfc-editor.org/info/rfc2136, Last Visited, 2017.

[25] Yuvaraj M., “Cloud Computing Software and Solutions for Libraries: A Comparative Study,” Journal of Electronic Resources in Medical Libraries, vol. 12, no. 1, pp. 25-41, 2015.

[26] Zafar K., kWS-Android Web Server, https://kamranzafar.org, Last Visited, 2017. Mustafa Kaiiali completed his B.E. degree in Computer Science at Aleppo University, Syria in 2003. Then he obtained his M.Tech and Ph.D. degrees from the Department of Computer and Information Sciences (DCIS), University of Hyderabad, India in 2008 and 2012, respectively. His areas of expertise are: Cloud Computing, Information Security, and Networking. He also passed the test of Cisco Certified Network Professional in Security in 2012. He has several publications in well-reputed journals and international conferences. Currently, he is with the Centre for Secure Information Technologies (CSIT), ECIT, Queen’s University Belfast (QUB), United Kingdom as a Research Fellow in Cloud Security. Recently, he has been elevated by IEEE as a Senior Member. Auwal Iliyasu is working as lecturer II in the Department of Computer Engineering, Kano State Polytechnic, Kano, Nigeria since 2010. He obtained his bachelor degree in Computer En-gineeering at Bayero University Kano Nigeria. After his under-graduate studies, he had his postgraduate studies (M.Sc) at Mevlana University, Konya, Turkey in the department of Com-puter Engineering. His research interest are Networking, Infor-mation Security, Cloud Computing and Internet of thing (IoT). Ahmad Wazan is an Assist. Prof. at Paul Sabatier University, Toulouse, France. His research topics include trust management, PKIs, Acess Control and recently security re- quirement engineering issues. His research group has pro-posed the extension of the X.509 trust model by adding a new entity called, Trust Broker. The proposition is now included in the 2016 edition of X.509. Adib Habbal (SM’15) is the head of InterNetWorks Research Platform at the School of Computing, Universiti Utara Malaysia (UUM). He also serves as Executive Council Member of Internet Society Malaysia Chapter. Dr. Habbal received his Ph.D. degree in Computer Science from UUM and he has more than ten years of experience in teaching and university lecturing. Dr. Habbal is the Internet Society (ISOC) Fellow alumni to the Inter-net Engineering Task Force (IETF). In 2013, he was selected as Asia-Pacific Advanced Network (APAN) Fellow to the APAN 35th and Techs in Paradise conference (TIP2013) held at the Uni-versity of Hawaii. In addition to being a speaker at a number of renowned research conferences and technical meetings, he also participates in various international fora such as IEEE meetings, ACM SIGCOMM meeting, the IETF, Internet2 Meeting, APNIC, and APAN. Dr. Habbal's current area of research focuses on Future Internet and 5G mobile networks. Yusuf Muhammad is working as an assistant lecturer in the department of Computer Science, SaadatuRimi College of Education, Kano, Nigeria since 2014. He has completed his undergraduate studies (B.Eng Computer) at Bayero University, Kano, Nigeria. After his bachelor degree he had his postgradu-ate studies (M.Sc. Computer) at the department of Computer Engineering, Mevlana University, Konya, Turkey. His area of expertise are: Cloud Computing, Networking, Information Secu-rity and Database Systems. His current research work focuses on Cloud Computing. He has publications in IEEE proceedings and Enterprise Information Systems.