See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/350459915

Social Netwoks and Digital Security

Conference Paper · July 2019

DOI: 10.1109/ICECCE47252.2019.8940808

CITATIONS READS
3 2,062

5 authors, including:

Habib Shah Akhtar Badshah

King Khalid University Ghulam Ishaq Khan Institute of Engineering Sciences and Technology
70 PUBLICATIONS   687 CITATIONS    8 PUBLICATIONS   16 CITATIONS   

SEE PROFILE SEE PROFILE

Sehrish Aqeel
King Khalid University
25 PUBLICATIONS   22 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Call for papers (Special Issue) , IJAEC Journal, IGI, USA View project

Tumor Detection in Brain MRI View project

All content following this page was uploaded by Sehrish Aqeel on 29 March 2021.

The user has requested enhancement of the downloaded file.

 Proc. of the 1st International Conference on Electrical, Communication and Computer Engineering (ICECCE)
24-25 July 2019, Swat, Pakistan

Social Netwoks and Digital Security

Sehrish Tabassam1, Dr. Habib Shah2, Kholoud Alghamdi2 Akhtar Badshah3
College of Computer Science Department of Software Engineering
King Khalid University University of Malakand
Saudi Arabia Pakistan
sehrishaqeel.kku@gmail.com,hurrahman@kku.edu.sa, akhtarbadshah@gmail.com
kalgamdi@kku.edu.sa

Abstract — Social networks are of utmost popularity activity socially using electronic medium. By
in current era. People from various age groups are definition, social media is used as a tool to convert
part of them as it attracts the user and totally engage your thought, idea, message or any other kind of
them. As most of the social networks are publically information to particular set of audience or broadly.
available for everyone, digital security is being In social networking, people do engage themselves
compromised due to careless use of it. There arises in some particular network like group, any site or in
number of vulnerabilities of threats which mostly the application and make a kind of network of people to
user is not aware of. These vulnerabilities could be communicate with each other and make relationships
addressed by possible counter measures. This paper is [2].
a comprehensive study on social networks, possible
attacks on digital data and various security measures Social Networking platforms:As it is stated,
that user should definitely adopt to protect his identity social media and social networking are interlinked,
and information on social networks. Answers to so this can be at various platforms with the usage of
general question of “What to share?”, “how much to applications or through simple websites. This is the
share” and “how is being shared?” are being discussed era of mobility. So there exists more than one way to
that will give necessary awareness to the non- approach any social networking tool or social media
professional user to be in social network smartly; in website. Like Facebook can be accessed through
secure and protected environment as before. website, through mobile application using any kind
of computing device such as laptop, desktop
Keywords —social media; digital security; social
computer, mobile, handheld device etc. Also they are
network; privacy; security; network being designed in such a friendly style that it doesn’t
I. INTRODUCTION require any kind of training to use it. It definitely
enhances its usage by all age groups and from diverse
Social networking has become need of today’s background. Following (Fig.2) is the data collected
life. It seems that a person can forget to breath but from www.statista.com representing number of
doesn’t forget to check notifications from various social media in billions from 2010 to 2021(Expected)
social media accounts. This is the way to connect [3] .
various people from different background, cultures,
nationalities, domains, age groups, gender and many
more which seems impossible if not have existence 2020
of social networking. This is giving chance to
socially be close with each other and also find much 2018
more of your interest under the common platform.
[1]. 2016
Users
2014

2012

2010
0 1 2 3 4
Fig.2. Number of Social media users worldwide

So from year 2010 to year 2018, no of social

media users have tremendously increased and same
trend is being followed from the very beginning of
social media intrusion in the open market for public
Fig.1: Connecting People through Social networking
and common users. This is stating its popularity.
Social Media: Social media and social
networking are used side by side to represent any

978-1-7281-3825-1/19/$31.00 ©2019 IEEE

 Proc. of the 1st International Conference on Electrical, Communication and Computer Engineering (ICECCE)
24-25 July 2019, Swat, Pakistan

TABLE 1: NUMBER OF SOCIAL MEDIA USERS WORLDWIDE

Year 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021

Users in billions 0.97 1.22 1.4 1.59 1.91 2.14 2.28 2.46 2.62 2.77 2.9 3.02

bottle neck too as sometimes complete unavailability

TABLE 2: ACTIVE USERS OF SOCIAL NETWORKING of the legitimate information of the user, as well.
Social Medium Active Users in millions Malware attacks:They are the most common
Facebook 2234 attacks that cause unauthorized access to the
legitimate user device. Attacker can send URL or any
YouTube 1900
image and text that contain malware. If user clicks on
WatsApp 1500 that link, malware will be installed on that particular
Facebook Messenger 1300 device. Malware could be virus or a worm which will
have propagating feature and will badly affect the
Wechat 1058 computer in terms of performance, and efficiency.
Instagram 1000
Sybil attacks:In Sybil attacks, fake profiles are
QQ 803 mostly used that can be used for spreading fake, junk
Qzone 548 or unauthentic information. Even messages
containing viruses or worms can also be spread with
TikTok 500
these attacks.
Sina Weibo 431
Phishing :Here, attacker targets sensitive
Twitter 335 information of the user through any source like fake
Reddit 330 website, but for user, that fake website or email
seems to be authentic. Like employee can receive
LinkedIn 303
any request data from another employee of the same
Baidu Tieba 300 organization, first employee doesn’t know second
Skype 300 employee but as used the fake information of the
organization, can open the information sent by him
Snapchat 291 and could become the victim of the attacker.
Viber 260
Impersonation:Attacker can target a particular
Pinterest 250 user and create fake profile to show him as authentic
Line 203 and real user. It is very common attack in social
media that not only affect the privacy of the user but
Telegram 200 also spoils contact list that the user have by sending
unethical messages, images etc.
Digital security : Digital security is the security Hijacking:Hijacking is a kind of adverse attack
of distal contents like text, pictures, video, audio and that enable attacker to take complete control on
many more [4]. Digital contents sharing over social user’s profile. This is mainly possible because of
networking sites has become the emerging trend of taking access to authentication details by any source.
today’s life [5, 6]. management of digital contents is Password could be guessed too if any particular user
really crucial as the user is relying on trustworthiness is targeted and attacker knows that person as
that the network provides and rely on their security normally we choose password that are not strong
claims too. So if anything is going to be public, it enough and based on some personal information. So
must remain secure enough not only authentically, there is more possibility of hijacking the account
but also resist attacks, vulnerabilities and threats to authorization details and become the victim of the
your digital contents too [7]. attack.
Attacks on Social Media : There can be variety of Fake Requests:User has the attack of fake
attacks on social media and social networking requests that are being sent by the attacker repeatedly
portals. Here a brief description of attacks is being with aim to screw the privacy of the user. If user
given. accepts the request, the attacker will have the chance
Identify Theft : It causes the attacker to control to view personal information, networks and
the victim’s profile and the n misuse it for his own sometimes other contacts too. So opening room, for
unauthorized use. further attacks, by fake requests and effect the
privacy and security of the users.
Spam attack :It makes attacker to capture
information of the user and then send spam messages Image Rerieval and analyis:This is advanced
or data. Aim is to build network congestion and to attack that enables the attacker to use various kinds
consume maximum bandwidth which can lead to of software for face recognition and image

978-1-7281-3825-1/19/$31.00 ©2019 IEEE

 Proc. of the 1st International Conference on Electrical, Communication and Computer Engineering (ICECCE)
24-25 July 2019, Swat, Pakistan

recognition, speech recognition and processing. number generation tempering. Replay messages can
Images could be collected from the target and then be generated. It can lead to spoofing, man in middle
use them for various unethical causes that badly and timing attack as well. DoS and sensor input data
affect the privacy of the user as well as poor impact is being targeted the most under MAC layer attack. It
on social circle too. causes bandwidth consumption too to produce
latency. Overall confidentiality, integrity,
Data of each usage of social media is directly
authenticity and network availability is being
related to the vulnerability of threat. That’s the
compromised as result of MAC layer attacks [11].
reason it is really important to know that what are
popular usage among social media and what I is trend Router is a device that works in layer 3 of OSI
in last years. This is represented in following Fig.3. model and its main job is routing. Attacks at routing
layer can affect routing by intrusion of wrong
information of paths and misguiding in packet
forwarding. Attacks at this layer can be denial of
service, denial of node, man in the middle to create
falsified information, spoofing, emerging spam
messages, and attack on reading of sensor input data,
jamming, malware, blackhole, greyhole, wormhole,
replay, timing, unauthorized access and change in
information of data [12]. It main targets at hardware,
software level by either by spoofing or by intrusion
of malicious entity either as a node or as outside
attacker to create wrong information about route,
drop any packet, act of malicious node like the
original node, replay to the old messages, controlling
the routing and effecting the network by any mean.
This can cause consumption of bandwidth,
congestion of data pockets and even could fail the
Fig.3. Data of social media usage (Data is collected from complete network as well as routing is one of the
Research Report 2017 of Com) basic functions of wireless networks [13].
Security is being implemented using three
II. BACKGROUND approaches; using security infrastructure, with
security architecture and with the help of security
Ali Dorri [8] has well-elaborated security of standards. All three measures complement each other
smart homes by taking one mechanism of BLOCK as infrastructure will help to design architecture and
chain that work in IoT. This is a continuation of architecture will have set of standards to implement.
previous work of the authors on Blockchain and IoT. [14] For security infrastructure, concept of PKI exists
For designing BC smart home, complete process is that work with certificate authority CA to implement
being explained in terms of initialization, handing of security. Based on PKI, many security architectures
transactions through miner and shared overlay Three are being adopted by various originations to deal
main demanding aspects of smart homes are with security issues within their scope. ETSI has
discussed; security, privacy and performance that we introduced security for ITS communication using
are also targeting in this paper and implementing it ETS architectural layers [15].
on Social media. For any system to secure it must NHTSA has introduced security architecture
accomplish confidentiality, integrity and availability using basic safety messages and security information
[9]. Block chain is one way to implement security to messages based on bootstrap functions and
secure digital data. In [10], focus is on security of IoT pseudonym functions. This architecture appears
and to implement it, concept of consumer security more secure as compared to others. Without
index is being introduced. This is the work of the standards and protocols, security cannot be
project where requirements have been gathered using implemented at all and more research is proceeding
Study approaches. Four Study methods have been in this area to come up with more secure algorithms,
conducted and for each Study, aim, used standards and practices for network [16]. Support of
methods/design, analysis are well elaborated. This cryptographic algorithm, routing protocol and
introduces new idea to implement any security certification authority together set the security of the
measure on digital data through study approaches, network along with other optional security measures
same as discussed in [10]. like data verification, detection rates, and
MAC layer attack can be at wireless interface, involvement of specific authority, formal group
hardware, software, on sensor input and on formation, and location, architecture and individual
infrastructure. Jamming attack is very common that access rights of a node within the network. So
can cause denial of service. Node targeted flooding whatever security approach is used, focus is to avoid
can happen. Data could be manipulated at sensor attack by targeting vulnerable threats available in the
input to mislead the readings. It can lead to random network and don’t leave any loop hole for the

978-1-7281-3825-1/19/$31.00 ©2019 IEEE

 Proc. of the 1st International Conference on Electrical, Communication and Computer Engineering (ICECCE)
24-25 July 2019, Swat, Pakistan

attacker to intrude in the network and harm it with sensor input and attack on infrastructure. Each attack
his malicious efforts, activities and actions [17]. has further subcategories and is targeting any
particular feature(s) depending upon the user’s
Attacks are categorized into four sections in [18]; vulnerability as mentioned in table below:
vulnerability of attack using wireless interface,
attacks because of hardware or software, attack on

TABLE 3:CATEGORIES OF ATTACKS WITH ATTACK TYPE AND DESCRIPTION

Category Attack Description

Location Tracking Attacker locates the location of the user.

Denial of Service Attacker attacks to make services unavailable for the user.

Distributed Denial of Service Attack like DoS but in distributed way; from different locations.

Using wireless Sybil Using same identity, multiple accounts will be created.
interface
Malware Attacker consumes network bandwidth by sending spam messages.

Spam Spam messages are sent in the network to consume bandwidth.

Man in Middle Middle malicious node has access to the communication in between two
devices.
Brute Force Attacker uses trial and error approach to get access to password, identity or
any protected data.

Spoofing & Forgery Injection of wrong emergency warning messages for the user.

GPS Spoofing Attacks to the GPS to mislead the network by wrong locations.

Message change Attacker either drops the packet or changes the contents of the packet.
Using hardware
or software Replay Reply to the old messages to mislead the network.

Message injection Attacker injects intentionally false information.

Tampering hardware Attacker tries to tamper the hardware.

Routing Attacker disturbs the routing by targeting network layer.

Timing Play with the time to delay the message so that should be received in the
network when it is no more required.

Attack to sensor Illusion Attack on the sensors to read wrong sensor readings.
input
Jamming Attacker attacks on radio frequencies to create jam.

Infrastructure unauthorized access Unauthorized access deals with malicious access to any node, service or
attacks network by any mean. During session hijack, attacker takes control of the
session after authentication and controls the session in its own way.
repudiation During Repudiation, event traceability is loosed that leads to denial of node
in the network.

978-1-7281-3825-1/19/$31.00 ©2019 IEEE

 Proc. of the 1st International Conference on Electrical, Communication and Computer Engineering (ICECCE)
24-25 July 2019, Swat, Pakistan

III. ANSLYSIS Digital signature:One can deny the signature on a

hard document but denying digital signature is
As per all the attacks discussed in section 2, here impossible. For any text to be digitally signed there
we will propose different security measures that we should be strong communication channel to share
need while using social media. Security can be private key as the text will be signed using private key
implemented on: of the sender. Then the same text could be decrypted
• Images using public key corresponding to the sender’s private
key. There is involvement of public key infrastructure
• Text too which ensures the successful completion of the
• Passwords process [25].
• Location
• General measures Passwords protection:Passwords should be secure
enough to implement user’s security on social media.
Image Security: First we will start with different Here this features lacks in social media websites as
options to secure images that we do share on social there is not any measure to make the password strong
media. Images can be misused, with or without editing. which will make efforts of the attacker harder to break
it. We strongly recommend implementing security
Watermarking: Digital watermarking is the most features on the password so that user should use
wide used approach to protect the image authorization, different combination of text, numbers and alphabets to
identity and integrity. [19] Image can be watermarked set the passwords. Also passwords should be long
as copyright or with user’s name or any other statement enough that it should resist brute force attack. Most of
that can prevent its modification by any other user. [20] us use easy to remember passwords that contain some
Digital watermarking fulfills robustness, resistance, personal or family information like name, age, phone
security, modification and imperceptibility. Also number etc. This should be strongly avoided.
multiple watermarks could be inserted to make the Passwords should not be easily guessable and we need
security stronger and complex so that any other to be really smart while choosing any password. Also
common user can’t break it [21, 22]. we should not use same password for all social media
Stangeography and watermark encoding: Images accounts. This also, opens door for the attacker, to
used for high secure communication uses easily guess the password.
stangeography and encryption techniques. These Location:Showing location every time to the public
techniques are not used by common man, but mainly is not suitable approach; each social media website has
by government and military agencies. Stangeography implementation of global positioning system to show
is used to hide any information under the image layers location of the user. This is beneficial if you have set
and with advanced image processing tools; it is really the privacy in your account or make your account
complex mechanism to break its security. Different private. It means you will share with only those people
filters, pixels, coordinates are modified using gray who you do trust. Being a public account, location
scale as well as on colored images using image sharing is not advisable for common user as it can lead
processing software like Matlab. This makes not only to hardware, software and wireless interface attacks on
the image secure but also ensures confidentiality of the the user application.
message hidden inside it [23].
General mesaures :As a general user, we need to be
Watermark can be encoded using same techniques careful while suing social media. First privacy is being
that we use for encoding text. If water mark is having set at account setting itself, so we need to restrict our
text along with digital signature attached to it, this is circle as much as possible to add only those people who
the most successful security implication on the image. are trustworthy. Password should be strong and should
That approach too should be used where high security not be publically informed to friends circle. Accounts
of images is required. Signature verification will assure should not be opened from different machines as they
that image has arrived from the same sender and is not will save the authorization details through cookies and
being altered too. It means integrity, confidentiality and could be used by attacker to misuse account details.
authorization are ensured [24]. Messages, mails and requests from unknown sender
Text security: Text security for simple user is to should not be opened. If any message contains
only follow official accounts, trust only the members attachment, it must go through security scan which is
he knows and don’ share private information with already being provided by social media websites.
anyone. For high security, messages can be encrypted These are small steps, but together implementing them
using cipher, with any key, with hash code, message can make you safe and secure in social media.
authentication code and signature. Digital signature is
the most secure method in all.

978-1-7281-3825-1/19/$31.00 ©2019 IEEE

 Proc. of the 1st International Conference on Electrical, Communication and Computer Engineering (ICECCE)
24-25 July 2019, Swat, Pakistan

REFERENCE

[1] A. Doha, N. Elnahla, and L. McShane, “Social commerce as

social networking,” J. Retail. Consum. Serv., vol. 47, pp. 307–
321, Mar. 2019.
[2] Weaver, A.C, Social Networking,., Computer (Long Beach,
Calif.) ISSN: 0018-9162 Date: 02/01/2008 Volume: 41, Issue:
2, Page: 97-100, DOI: 10.1109/MC.2008.61, IEEE Enterprise
[3] Z. Zhang and B. B. Gupta, “Social media security and
trustworthiness: Overview and new direction,” Futur. Gener.
Comput. Syst., vol. 86, pp. 914–925, Sep. 2018.
[4] W. F. Hsieh and P. Y. Lin, “Analyze the digital watermarking
security demands for the facebook website,” in Proceedings -
2012 6th International Conference on Genetic and
Evolutionary Computing, ICGEC 2012, 2012.
[5] R. Grimm, (2005). “A security analysis of business models for
Fig.4. Data of Social media attacks (Data obtained by Mcfee lab Digital products,” INDICARE. Retrieved from
2017) http://www.indicare.org/tiki-download_file.php?fileId=76,
October 22, 2011.
IV. DISCUSSION AND CONCLUSION
[6] S. H. Han, and Chu, C. H, “Content-based image
Social media is used by diverse age groups but it is authentication: Current status, issues, and challenges,”
more commonly used by adults and females. In social International Journal of Information Security, vol. 9, pp. 19-
networking, main concern is to protect user’s security 32, 2010.
and privacy. This can be achieved by awareness to the [7] P. Y. Lin, J. S. Lee, and C. C. Chang, “Dual digital
watermarking for internet media based on hybrid strategies,”
common user about privacy options, with use of Circuits and Systems for Video Technology, vol. 19, pp. 1169-
counter measures and adapting various security tools. 1177, 2009.
Also be aware of your circle of the network, user [8] Ali Dorri_, Salil S. Kanhere _, Raja Jurdaky and Praveen
should not trust every one and put his identity in Gauravaramz, Blockchain for IoT Security and Privacy: The
danger. User should be really careful about what he is Case Study of a Smart Home,, Conference Paper · March 2017
sharing. If anything needs to be labeled by his own DOI: 10.1109/PERCOMW.2017.7917634
name or identity, then various technologies like digital [9] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini,
“Security, privacy and trust in internet of things: The road
watermark and digital sign should be used with un- ahead,” Computer Networks, vol. 76, pp. 146–164, 2015.
editable format so that any attacker could not miss use
[10] J M Blythe*, SDJohnson*, The Consumer Security Index for
it. Being in a social network is making you socially IoT: A protocol for developing an index to improve consumer
connected. So this drives the privacy settings of each decision making and to incentivize greater security provision
network too that how information, passwords, in IoT devices, March 2018,
identities and profiles can be socially protected. For https://www.researchgate.net/publication/324088630.
passwords strength, still various social networks re not [11] R.Rajadurai, N.Jayalakshmi, “Vehicular network: properties,
having strong policies and we recommend that it structure, challenges, attacks, solution for improving
scalability and security”, International Journal of Advance
should be implemented to force the user to choose Research, IJOAR .org,Volume 1, Issue 3, March 2013.
stronger password that should not be easily guessed or [12] N.K. Chauley, “Security Analysis of Vehicular Ad Hoc
broken by brute force approach. Networks (VANETs): A Comprehensive Study”, International
Journal of Security and Its Applications vol.10, No.5 pp.261-
Strong passwords strengthen the security and could 274, 2016.
prevent many of the discussed attacks on social media. [13] H. Hasrouny, C. Bassil, A. Samhat, A. Laouiti, “Security Risk
Also user has to be careful about browser, device, Analysis of a Trust model fzor Secure Group Leader-based
network and interconnected devices. Strong anti- communication in VANET”, Second International Workshop
malware software could protect digital security by on Vehicular Adhoc Networks for Smart Cities, IWVSC'2016.
detecting the threat in social network. Still ultimate [14] R. Raiya, Sh. Gandhi, “Survey of Various Security Techniques
responsibility is of the user. This paper is contributing in VANET”, International Journal of Advanced Research in in
computer Science and Software Engineering, Volume 4, Issue
to make user aware about various security threats on 6, June 2014
digital data, and how they can be tackled by various [15] ETSI TS 102 867 V1.1.1- Security-Mapping for IEEE 1609.2
security measures. Users other than computer [16] P. Caballero-Gil, “Security issues in VANET”, available:
background too can be benefitted by the proposed http://cdn.intechopen.com/pdfs-wm/12879.pdf, 2011.
counter measures and implementing them as being an [17] A.M. Malla, R.K. Sahu, “A Review on Vehicle to Vehicle
active participant of the social network. Communication Protocols in VANETs”, International Journal
of Advanced Research in Computer Science and Software
ACKNOWLEDGMENT Engineering, Volume 3, Issue 2, February 2013.
The authors would like to thank King Khalid [18] H. Hasrouny, A. E. Samhat, C. Bassil, and A. Laouiti, “VANet
University of Saudi Arabia for supporting this research security challenges and solutions: A survey,” Veh. Commun.,
under the grant number R.G.P.2/7/38. vol. 7, pp. 7–20, Jan. 2017.

978-1-7281-3825-1/19/$31.00 ©2019 IEEE

 Proc. of the 1st International Conference on Electrical, Communication and Computer Engineering (ICECCE)
24-25 July 2019, Swat, Pakistan

[19] D. R. Nicholson and C. S. Librarian, “Digital rights

management and access to information: A developing
country’s perspective,” Library and Information Science
Research Electronic Journal, vol. 19, pp. 1-17, 2009.
[20] C. K. Ramaiah, S. Foo, and H. P. Choo, (2006). “Trends in
Electronic publishing.” In H. S. Ching, P. W. T. Poon, & C.
McNaught (Eds.), e-Learning and digital publishing, pp. 111-
131, Retrieved from SpringerLink database, October 18, 2011.
[21] X. Y. Wang and H. Zhao, “A novel synchronization invariant
Audio watermarking scheme based on DWT and DCT,” IEEE
Transactions on Signal Processing, vol. 54, pp. 4835-4840,
2006.
[22] Z. Zhang, Q. Pei, J. Ma and L. Yang, “Security and trust in
digital Rights management: A survey,” International Journal
of Network Security, vol. 9, pp. 247-263, 2009.
[23] Analyze the Digital Watermarking Security Demands for the
Facebook Website, Wei-Fan Hsieh, Pei-Yu Lin, 2012 Sixth
International Conference on Genetic and Evolutionary
Computing, 978-0-7695-4763-3/12 $26.00 © 2012 IEEE DOI
10.1109/ICGEC.2012.62, IEEE Computing Society
[24] M. A. Qadir and I. Ahmad, “Digital text watermarking: Secure
content delivery and data hiding in digital documents,” IEEE
Aerosp. Electron. Syst. Mag., 2006.
[25] Junling Zhang, A Study on Application of Digital Signature
Technology, 2010 International Conference on Networking
and Digital Society, 978-1-4244-5161-6 ©20 1 0 IEEE

978-1-7281-3825-1/19/$31.00 ©2019 IEEE

View publication stats