Online social networks (OSNs) such as Facebook and Google+ have transformed the way our society communicates. However, this success has come at the cost of user privacy; in today’s OSNs, users are not in control of their own data, and depend on OSN operators to enforce access control policies. A multitude of privacy breaches has spurred research into privacy-preserving alternatives for social net- working, exploring a number of techniques for storing, disseminating, and controlling access to data in a decentralized fashion.
We propose Cachet, an architecture that provides strong security and privacy guarantees while preserving the main functionality of online social networks. In particular, Cachet protects the confidentiality, integrity and availability of user content, as well as the privacy of user relationships. Cachet uses a distributed pool of nodes to store user data and ensure availability. Storage nodes in Cachet are untrusted; we leverage cryptographic techniques such as attribute-based encryption to protect the confidentiality of data. For efficient dissemination and retrieval of data, Cachet uses a hybrid structured-unstructured overlay paradigm in which a conventional distributed hash table is augmented with social links between users. Social contacts in our system act as caches to store recent updates in the social network, and help reduce the cryptographic as well as the communication overhead in the network.