authenticating users with the help of their friends has been shown to be a promising backup authentication mechanism. A user in this system is associated with a few trustees that were selected from the user’s friends. When the user wants to regain access to the account, the service provider sends different verification codes to user’s trustees. The user must obtain at least k reset his or her password. In this paper, we provide the first systematic study about the security of trustee based social authentications. In particular, we first introduce verification codes from the trustees before being directed to small framework of attacks, which attacks. In these attacks, an attacker initially obtains we call forest fire iteratively, attacks the rest of users by exploiting trustee-based social authentications. Then, we construct a probabilistic model to for attackers. Moreover, we introduce number of compromised users, and then the attacker a novel various defense formalize the threats of forest fire attacks and their costs strategies. Evaluate various concrete attack and defense our results have finally, we apply our framework to strategies using three real world social network datasets. Extensively strong implications for the design of more secure trustee-based social authentications.

S. M. Metev and V. P. Veiko, Laser Assisted Microtechnology, 2nd ed., R. M. Osgood, Jr., Ed. Berlin, Germany: Springer-Verlag, 1998.

G. Eason, B. Noble, and I. N. Sneddon, “On certain integrals of Lipschitz-Hankel type involving products of Bessel functions,” Phil. Trans. Roy. Soc. London, vol. A247, pp. 529–551, April 1955. (references)

L. A. Adamic and E. Adar, “Friends and neighbors on the web,” Social Netw., vol. 25, no. 3, pp. 211–230, 2003.

BadRank [Online]. Available: http://pr.efactory.de/epr0.shtml

J. Bonneau and S. Preibusch, “The password thicket: Technical and market failures in human authentication on the web,” in Proc. 9th Workshop Econ. Inform. Security (WEIS), 2010.

J. Brainard, A. Juels, R. Rivest, M. Szydlo, and M. Yung, “Fourth-factor authentication: Somebody you know,” in Proc. 13th ACM Conf. Comput.Commun. Security (CCS), 2006.

J. Podd, J. Bunnell, and R. Henderson, “Cost-effective computer security: Cognitive and associative passwords,” in Proc. 6th Australian Conf. Comput.-Human Interact., 1996.

D. Easley and J. Kleinberg, “Networks, Crowds, and Markets: Reasoning About a Highly Connected World”, Cambridge, U.K.: Cambridge Univ. Press, 2010.

Facebook‟s Trusted Contacts [Online]. Available: goo.gl/xHmVHA

Facebook‟s Trusted Friends [Online]. Available:goo.gl/KdyYXJ

H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Zhao, “Detecting and characterizing social spam campaigns,” in Proc. Internet Meas. Conf. (IMC), 2010.

E. Gilbert and K. Karahalios, “Predicting tie strength with social media,”in Proc. SIGCHI Conf. Human Factors Comput. Syst., 2009.

N. Z. Gong et al., “Evolution of social-attribute networks: Measurements,modeling, and implications using Google+,” in Proc. ACM Conf. Internet Meas. Conf. (IMC), 2012.

P. Jaccard, “Étude comparative de la distribution floraledansune portion des Alpes et des Jura,” Bulletin Soc. Vaudoise Sci. Naturelles, vol. 37,no. 1, pp. 547–579, 1901.

D. Kempe, J. Kleinberg, and E. Tardos, “Maximizing the spread of influence through a social network,” in Proc. 9th ACM SIGKDD Int.Conf. Knowl.Discovery Data Mining (KDD), 2003.

H. Kim, J. Tang, and R. Anderson, “Social authentication: Harder than it looks,” in Proc. Financial Cryptography (FC), 2012.

H. Kwak, C. Lee, H. Park, and S. Moon, “What is Twitter, a social network or a news media?” in Proc. 19th Int. Conf. World Wide Web(WWW), 2010.

D. Malkhi, Y. Mansour, and M. K. Reiter, “Diffusion without false rumors: On propagating updates in a Byzantine environment,” Theoret. Comput.Sci., vol. 299, no. 1, pp. 289–306, 2003.

A. Mislove, H. S. Koppula, K. P. Gummadi, P. Druschel, and B. Bhattacharjee, “Growth of the Flickr social network,” in Proc. 1st Workshop Online Social Netw. (WOSN), 2008.

Node Centrality [Online]. Available: https://en.wikipedia.org/wiki/Centrality

K. Okamoto, W. Chen, and X.-Y. Li, “Ranking of closeness centrality for large-scale social networks,” in Proc. 2nd Annu. Int. Workshop Frontiers Algorithmics, 2008.

I. Polakis et al., “All your faces are belong to us: Breaking facebook’s social authentication,” in Proc. Annu. Comput.Security Appl. Conf. (ACSAC), 2012.

A. Rice. (2011, Jan.).Facebook‟s Knowledge-Based Social Authentication [Online]. Available: http://blog.facebook.com/blog.php?post=486790652130

G. Sabidussi, “The centrality index of a graph,” Psychometrika, vol. 31, no. 4, pp. 581–603, 1966.

S. Schechter, A. J. B. Brush, and S. Egelman, “It’s no secret: Measuring the security and reliability of authentication via ‘secret’ questions,” in Proc. IEEE Symp. Security Privacy, May 2009, pp. 375–390.

S. Schechter, S. Egelman, and R. W. Reeder, “It’s not what you know, but who you know,” in Proc. Conf. Human Factors Comput. Syst. (CHI),2009.

Spam Messages [Online]. Available:http://en.wikipedia.org/wiki/Botnet

S. Yardi, N. Feamster, and A. Bruckman, “Photo-based authentication using social networks,” in Proc. 1st Workshop Online Social Netw.(WOSN), 2008.

M. Zviran and W. J. Haga, “User authentication by cognitive passwords: An empirical assessment,” in Proc. 5th Jerusalem Conf. Inform. Technol.(JCIT), 1990.