Skip to main content

EnhaNcing seCurity And privacy in the Social wEb: a user centered approach for the protection of minors

Periodic Reporting for period 1 - ENCASE (EnhaNcing seCurity And privacy in the Social wEb: a user centered approach for the protection of minors)

Reporting period: 2016-01-01 to 2017-12-31

ENCASE aims at leveraging the latest advances in usable security and privacy to design and implement a browser-based architecture for the protection of minors from malicious actors in online social networks (OSNs). The ENCASE user-centric architecture will consist of three distinct services, which can be combined to form an effective protective net against cyberbullying, sexually abusive acts and fake activity: a) a browser add-on with its corresponding intelligent web-proxy and scalable back-end software stack that collects the users’ online actions to unveil incidents of aggressive or distressed behavior; b) a browser add-on with its associated web-proxy and back-end software stack that analyses social web data to detect fraudulent and fake activity and alert the user; and c) a browser add-on that detects, together with the intelligent web-proxy, when a user is about to share sensitive content with inappropriate audiences and protects it.

The foundation of the research and innovation activities is a diligently planned inter-sectorial and interdisciplinary secondment program for Experienced Researchers (ER) and Early Stage Researchers (ESR) that fosters knowledge exchange. Our main focus is the empowerment of minors or their adult supervisors with parental control tools that unveil malicious social web information or online actors, and enable users to easily protect their sensitive content from unwarranted access by unscrupulous OSN users.

The main knowledge transfer & training objectives of the ENCASE project are: a) to foster industry-academia cooperation, aiming at creating a long-term inter-sectorial cooperation program in the area of security and privacy in OSNs with an emphasis on the protection of minors; b) to implement a dense program of exchanges of ERs and ESRs for the purpose of knowledge exchange and strengthening of collaboration among academia; and c) to conduct world-class interdisciplinary research in the intersection of user experience design, data mining and, and security and privacy.

The main research and innovation objectives of the ENCASE project are: a) to understand the security and privacy concerns of OSN; b) to research methods for performing user profiling, as well as sentiment and affective analysis in OSNs; c) to design algorithms and machine learning (ML) techniques that detect malicious behavior and fake activity in OSNs and warn the users or their custodians of when they are being or are about to be subjected to such online abuses; and d) to design effective content protection mechanisms by employing watermarking, steganography, and advanced encryption techniques.
During the first two years of the project, the management team described the internal management rules, technical organization and implementation, and the plan related to the management of the ENCASE Project.

A data management plan was prepared where we specified which data will be openly accessible to the public, with what means, and under which circumstances. In addition, we prepared a plan detailing the dissemination and communication strategy, the intellectual property protection policies, and the exploitation and business plan. Furthermore, we have delegated responsibilities to partners with a fine granularity according to the assigned funded effort.

In terms of software implementation, the consortium initiated the design process by eliciting requirements via an analysis of complementary use cases. The project finalized the system’s requirements, user stories and the software architecture. Four high-level use cases were considered: a) malicious behavior detection; b) false information dissemination and fake identity detection; c) sensitive content detection and protection; and d) educators’ awareness. In addition, the project studied all the existing security and privacy enhancing parental control tools and related work. We are currently collecting and analysing OSN data. By analysing such data we create and train ML algorithms in order to build classifiers to detect multiple types of suspicious behavior in OSNs. The consortium is deploying the back-end environment that is responsible for hosting those algorithms and also is currently developing the intelligent web-proxy, as well as the corresponding browser add-ons.

Lastly, based on our dissemination plan, we employed various channels to communicate the project’s goals and advantages to the outside world. ENCASE results have been featured in prestigious mainstream press, TV and radio channels. In terms of research output, we managed to publish several scientific papers in top-tier conferences, workshops, and journals. Our consortium organized one summer school in Cyprus, one Dagstuhl seminar and one seminar at UCL.
By the end of the project, the consortium will deliver the tangible results of the project (browser add-ons, the web-proxy and back-end) and will investigate their commercial exploitation. The ENCASE system aims to combine the key capabilities of state-of-the-art parental control tools, while maintaining a back-end that is constantly updating its ML algorithms via new data and feedback from users. The research performed to detect suspicious activity focuses on solutions that: a) respect human and societal aspects of security and privacy in the social web; b) can be realized in a practical setting; and c) can be commercially exploited.

ENCASE aims to have an impact on current parental control companies who do not use advanced ML techniques to detect suspicious activity in OSNs. In addition, we are in communication with other EU-funded projects in related calls in order to share knowledge.

Policy Makers and Standardization and Education Bodies: It is important to note that our research and innovation objectives are fully aligned with Action 37 of the European Digital Agenda [EDA], and in alignment with the European Council’s [COE07] Convention on the Protection of Children against Sexual Exploitation and Sexual Abuse. Additionally, to further spread awareness we are trying to involve numerous safe Internet initiatives like “Safe Internet”, “Better Internet for Kids”, “EU Kids Online”, UNISEF, etc. Finally, CUT participates in the Cypriot Cybersafety Strategy Task Force for Internet Safety and Security concerning children, teachers and parents. The task force is formed by the Cypriot Office of Electronic Communications & Postal Regulations and the Ministry of Education.

Law Enforcement Agencies: The consortium is in contact with the Cyprus Cybercrime Division, which together with the Cyprus Telecommunication Authority aim to employ automated content-based detection of inappropriate images of minors in real applications.

Exploitation and Business Plan: CUT will exploit the developed architecture and applications to pursue further research and create a spin-off in parental control tools. AUTH and UCL will leverage ENCASE’s results to pursue further research and innovation on techniques for the detection and prediction of malicious and fake online activity. ROMA3 will use ENCASE results in future research on steganography and watermarking. TID will use the results of ENCASE to make the Niji mobile web-proxy more secure and privacy-preserving. LST, CYR and SGX will introduce the project’s innovation outcomes into new or enhanced products for their customer base.
Overview of the ENCASE Architecture diagram
Cross interaction among Work Packages diagram