Delfina Malandrino, Andrea Petta, V. Scarano, Luigi Serra, Raffaele Spinelli, B. Krishnamurthy
The task of protecting users' privacy is made more difficult by their attitudes towards information disclosure without full awareness and the economics of the tracking and advertising industry. Even after numerous press reports and widespread disclosure of leakages on the Web and on popular Online Social Networks, many users appear not be fully aware of the fact that their information may be collected, aggregated and linked with ambient information for a variety of purposes. Past attempts at alleviating this problem have addressed individual aspects of the user's data collection. In this paper we move towards a comprehensive and efficient client-side tool that maximizes users' awareness of the extent of their information leakage. We show that such a customizable tool can help users to make informed decisions on controlling their privacy footprint.
{"title":"Privacy awareness about information leakage: who knows what about me?","authors":"Delfina Malandrino, Andrea Petta, V. Scarano, Luigi Serra, Raffaele Spinelli, B. Krishnamurthy","doi":"10.1145/2517840.2517868","DOIUrl":"https://doi.org/10.1145/2517840.2517868","url":null,"abstract":"The task of protecting users' privacy is made more difficult by their attitudes towards information disclosure without full awareness and the economics of the tracking and advertising industry. Even after numerous press reports and widespread disclosure of leakages on the Web and on popular Online Social Networks, many users appear not be fully aware of the fact that their information may be collected, aggregated and linked with ambient information for a variety of purposes. Past attempts at alleviating this problem have addressed individual aspects of the user's data collection. In this paper we move towards a comprehensive and efficient client-side tool that maximizes users' awareness of the extent of their information leakage. We show that such a customizable tool can help users to make informed decisions on controlling their privacy footprint.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124401777","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Each Internet user has, on average, 25 password-protected accounts, but only 6.5 distinct passwords[webhabits]. Despite the advice of security experts, users are obviously re-using passwords across multiple sites. So this paper asks the question: given that users are going to re-use passwords across multiple sites, how should they best allocate those passwords to sites so as to minimize their losses from accidental password disclosures? We provide both theoretical and practical results. First, we provide a mathematical formulation of the Password Allocation (PA) problem and show that it is NP-complete with a reduction via the 3-Partition problem. We then study several special cases and show that the optimal solution is often a contiguous allocation -- i.e., similar accounts share passwords. Next, we evaluate several human- and machine-computable heuristics that have very good performance and produce solutions that are reasonably close to optimal. We find that the human-computable heuristics do not perform nearly as well as the machine-computable heuristics, however, they provide a useful and easy to follow set of guidelines for re-using passwords.
{"title":"The password allocation problem: strategies for reusing passwords effectively","authors":"Rishab Nithyanand, Rob Johnson","doi":"10.1145/2517840.2517870","DOIUrl":"https://doi.org/10.1145/2517840.2517870","url":null,"abstract":"Each Internet user has, on average, 25 password-protected accounts, but only 6.5 distinct passwords[webhabits]. Despite the advice of security experts, users are obviously re-using passwords across multiple sites. So this paper asks the question: given that users are going to re-use passwords across multiple sites, how should they best allocate those passwords to sites so as to minimize their losses from accidental password disclosures? We provide both theoretical and practical results. First, we provide a mathematical formulation of the Password Allocation (PA) problem and show that it is NP-complete with a reduction via the 3-Partition problem. We then study several special cases and show that the optimal solution is often a contiguous allocation -- i.e., similar accounts share passwords. Next, we evaluate several human- and machine-computable heuristics that have very good performance and produce solutions that are reasonably close to optimal. We find that the human-computable heuristics do not perform nearly as well as the machine-computable heuristics, however, they provide a useful and easy to follow set of guidelines for re-using passwords.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116329656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This work intends to bring secure multi-party computation to the masses by designing and implementing a browser-based system that enables non-interactive secure computation. The system, denoted Canon-MPC for "CAsual NON-interactive secure Multi-Party Computation", is casual in the sense that participants do not need to install any software and do not need to agree on a time in which they all have to be online in order to run the computation. Rather, each participant can use a web browser to participate in the secure computation. The protocol is executed in a single pass between the participants. Each participant connects to a server once, without requiring other participants to be connected to the server at the same time. The system is appropriate for use by laypersons, since there is no need to install or configure any software except for a web browser. The system is based on a protocol of Halevi et al. (Crypto 2011) for secure computation of symmetric binary functions, that is secure against malicious adversaries. We optimized the protocol using a batching technique for zero-knowledge proofs that greatly reduces their overhead. We implemented a web site and client software for running the protocol, where the client was implemented using Native Client technology for running native code in a sandbox from within a web browser. We demonstrate that this technology is ideal for cryptographic applications. We describe experiments measuring the performance of the system. Lastly, we describe a variant of the protocol that can handle absentee parties, who were invited to participate in the protocol but did not show up.
{"title":"Canon-MPC, a system for casual non-interactive secure multi-party computation using native client","authors":"Ayman Jarrous, Benny Pinkas","doi":"10.1145/2517840.2517845","DOIUrl":"https://doi.org/10.1145/2517840.2517845","url":null,"abstract":"This work intends to bring secure multi-party computation to the masses by designing and implementing a browser-based system that enables non-interactive secure computation. The system, denoted Canon-MPC for \"CAsual NON-interactive secure Multi-Party Computation\", is casual in the sense that participants do not need to install any software and do not need to agree on a time in which they all have to be online in order to run the computation. Rather, each participant can use a web browser to participate in the secure computation. The protocol is executed in a single pass between the participants. Each participant connects to a server once, without requiring other participants to be connected to the server at the same time. The system is appropriate for use by laypersons, since there is no need to install or configure any software except for a web browser. The system is based on a protocol of Halevi et al. (Crypto 2011) for secure computation of symmetric binary functions, that is secure against malicious adversaries. We optimized the protocol using a batching technique for zero-knowledge proofs that greatly reduces their overhead. We implemented a web site and client software for running the protocol, where the client was implemented using Native Client technology for running native code in a sandbox from within a web browser. We demonstrate that this technology is ideal for cryptographic applications. We describe experiments measuring the performance of the system. Lastly, we describe a variant of the protocol that can handle absentee parties, who were invited to participate in the protocol but did not show up.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130099050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Rinku Dewri, Prasad Annadata, Wisam Eltarjaman, R. Thurimella
The collection of driving habits data is gaining momentum as vehicle telematics based solutions become popular in consumer markets such as auto-insurance and driver assistance services. These solutions rely on driving features such as time of travel, speed, and braking to assess accident risk and driver safety. Given the privacy issues surrounding the geographic tracking of individuals, many solutions explicitly claim that the customer's GPS coordinates are not recorded. Although revealing driving habits can give us access to a number of innovative products, we believe that the disclosure of this data only offers a false sense of privacy. Using speed and time data from real driving trips, we show that the destinations of trips may also be determined without having to record GPS coordinates. Based on this, we argue that customer privacy expectations in non-tracking telematics applications need to be reset, and new policies need to be implemented to inform customers of possible risks.
{"title":"Inferring trip destinations from driving habits data","authors":"Rinku Dewri, Prasad Annadata, Wisam Eltarjaman, R. Thurimella","doi":"10.1145/2517840.2517871","DOIUrl":"https://doi.org/10.1145/2517840.2517871","url":null,"abstract":"The collection of driving habits data is gaining momentum as vehicle telematics based solutions become popular in consumer markets such as auto-insurance and driver assistance services. These solutions rely on driving features such as time of travel, speed, and braking to assess accident risk and driver safety. Given the privacy issues surrounding the geographic tracking of individuals, many solutions explicitly claim that the customer's GPS coordinates are not recorded. Although revealing driving habits can give us access to a number of innovative products, we believe that the disclosure of this data only offers a false sense of privacy. Using speed and time data from real driving trips, we show that the destinations of trips may also be determined without having to record GPS coordinates. Based on this, we argue that customer privacy expectations in non-tracking telematics applications need to be reset, and new policies need to be implemented to inform customers of possible risks.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121303082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The upgrade of the electricity network to the ``smart grid'' has been intensified in the last years. The new automated devices being deployed gather large quantities of data that offer promises of a more resilient grid but also raise privacy concerns among customers and energy distributors. In this paper, we focus on the energy consumption traces that smart meters generate and especially on the risk of being able to identify individual customers given a large dataset of these traces. This is a question raised in the related literature and an important privacy research topic. We present an overview of the current research regarding privacy in the Advanced Metering Infrastructure. We make a formalization of the problem of de-anonymization by matching low-frequency and high-frequency smart metering datasets and we also build a threat model related to this problem. Finally, we investigate the characteristics of these datasets in order to make them more resilient to the de-anonymization process. Our methodology can be used by electricity companies to better understand the properties of their smart metering datasets and the conditions under which such datasets can be released to third parties.
{"title":"Analysis of the impact of data granularity on privacy for the smart grid","authors":"Valentin Tudor, M. Almgren, M. Papatriantafilou","doi":"10.1145/2517840.2517844","DOIUrl":"https://doi.org/10.1145/2517840.2517844","url":null,"abstract":"The upgrade of the electricity network to the ``smart grid'' has been intensified in the last years. The new automated devices being deployed gather large quantities of data that offer promises of a more resilient grid but also raise privacy concerns among customers and energy distributors. In this paper, we focus on the energy consumption traces that smart meters generate and especially on the risk of being able to identify individual customers given a large dataset of these traces. This is a question raised in the related literature and an important privacy research topic. We present an overview of the current research regarding privacy in the Advanced Metering Infrastructure. We make a formalization of the problem of de-anonymization by matching low-frequency and high-frequency smart metering datasets and we also build a threat model related to this problem. Finally, we investigate the characteristics of these datasets in order to make them more resilient to the de-anonymization process. Our methodology can be used by electricity companies to better understand the properties of their smart metering datasets and the conditions under which such datasets can be released to third parties.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124537657","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we propose new website fingerprinting techniques that achieve a higher classification accuracy on Tor than previous works. We describe our novel methodology for gathering data on Tor; this methodology is essential for accurate classifier comparison and analysis. We offer new ways to interpret the data by using the more fundamental Tor cells as a unit of data rather than TCP/IP packets. We demonstrate an experimental method to remove Tor SENDMEs, which are control cells that provide no useful data, in order to improve accuracy. We also propose a new set of metrics to describe the similarity between two traffic instances; they are derived from observations on how a site is loaded. Using our new metrics we achieve a higher success rate than previous authors. We conduct a thorough analysis and comparison between our new algorithms and the previous best algorithm. To identify the potential power of website fingerprinting on Tor, we perform open-world experiments; we achieve a recall rate over 95% and a false positive rate under 0.2% for several potentially monitored sites, which far exceeds previous reported recall rates. In the closed-world experiments, our accuracy is 91%, as compared to 86-87% from the best previous classifier on the same data.
{"title":"Improved website fingerprinting on Tor","authors":"Tao Wang, I. Goldberg","doi":"10.1145/2517840.2517851","DOIUrl":"https://doi.org/10.1145/2517840.2517851","url":null,"abstract":"In this paper, we propose new website fingerprinting techniques that achieve a higher classification accuracy on Tor than previous works. We describe our novel methodology for gathering data on Tor; this methodology is essential for accurate classifier comparison and analysis. We offer new ways to interpret the data by using the more fundamental Tor cells as a unit of data rather than TCP/IP packets. We demonstrate an experimental method to remove Tor SENDMEs, which are control cells that provide no useful data, in order to improve accuracy. We also propose a new set of metrics to describe the similarity between two traffic instances; they are derived from observations on how a site is loaded. Using our new metrics we achieve a higher success rate than previous authors. We conduct a thorough analysis and comparison between our new algorithms and the previous best algorithm. To identify the potential power of website fingerprinting on Tor, we perform open-world experiments; we achieve a recall rate over 95% and a false positive rate under 0.2% for several potentially monitored sites, which far exceeds previous reported recall rates. In the closed-world experiments, our accuracy is 91%, as compared to 86-87% from the best previous classifier on the same data.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127824266","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Users are encouraged to check in to commercial places in Geo-social networks (GSNs) by offering discounts on purchase. These promotions are commonly known as deals. When a user checks in, GSNs share the check-in record with the merchant. However, these applications, in most cases, do not explain how the merchants handle check-in histories nor do they take liability for any information misuse in this type of services. In practice, a dishonest merchant may share check-in histories with third parties or use them to track users' location. It may cause privacy breaches like robbery, discovery of sensitive information by combining check-in histories with other data, disclosure of visits to sensitive places, etc. In this work, we investigate privacy issues arising from the deal redemptions in GSNs. We propose a privacy framework, called Redeem with Privacy (RwP), to address the risks. RwP works by releasing only the minimum information necessary to carry out the commerce to the merchants. The framework is also equipped with a recommendation engine that helps users to redeem deals in such a way that their next visit will be less predictable to the merchants. Experimental results show that inference attacks will have low accuracy when users check in using the framework's recommendation.
{"title":"Redeem with privacy (RWP): privacy protecting framework for geo-social commerce","authors":"M. Moniruzzaman, K. Barker","doi":"10.1145/2517840.2517858","DOIUrl":"https://doi.org/10.1145/2517840.2517858","url":null,"abstract":"Users are encouraged to check in to commercial places in Geo-social networks (GSNs) by offering discounts on purchase. These promotions are commonly known as deals. When a user checks in, GSNs share the check-in record with the merchant. However, these applications, in most cases, do not explain how the merchants handle check-in histories nor do they take liability for any information misuse in this type of services. In practice, a dishonest merchant may share check-in histories with third parties or use them to track users' location. It may cause privacy breaches like robbery, discovery of sensitive information by combining check-in histories with other data, disclosure of visits to sensitive places, etc. In this work, we investigate privacy issues arising from the deal redemptions in GSNs. We propose a privacy framework, called Redeem with Privacy (RwP), to address the risks. RwP works by releasing only the minimum information necessary to carry out the commerce to the merchants. The framework is also equipped with a recommendation engine that helps users to redeem deals in such a way that their next visit will be less predictable to the merchants. Experimental results show that inference attacks will have low accuracy when users check in using the framework's recommendation.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"11 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129115361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a transparency-enhancing tool in the form of a cryptographic scheme that enables data processors to inform users about the actual data processing that takes place on their personal data. Our proposed solution can handle arbitrary processes while offloading storage and interactions with users to dedicated log servers. On top of strong integrity and confidentiality properties, our scheme takes users' privacy one step further by making it impossible to link multiple log entries for the same user or user identifiers across multiple data processors (for distributed processes). Our proposed solution has several applications, e.g., it can make access to electronic health records transparent to the patients to whom the records relate. Furthermore, we are the first to formalise the required security and privacy properties in this setting in a general manner (not specifically for our scheme) and prove that our scheme fulfils these. Finally, we show that our scheme is applicable in practice, providing performance results for a prototype implementation.
{"title":"Distributed privacy-preserving transparency logging","authors":"T. Pulls, R. Peeters, K. Wouters","doi":"10.1145/2517840.2517847","DOIUrl":"https://doi.org/10.1145/2517840.2517847","url":null,"abstract":"We present a transparency-enhancing tool in the form of a cryptographic scheme that enables data processors to inform users about the actual data processing that takes place on their personal data. Our proposed solution can handle arbitrary processes while offloading storage and interactions with users to dedicated log servers. On top of strong integrity and confidentiality properties, our scheme takes users' privacy one step further by making it impossible to link multiple log entries for the same user or user identifiers across multiple data processors (for distributed processes). Our proposed solution has several applications, e.g., it can make access to electronic health records transparent to the patients to whom the records relate. Furthermore, we are the first to formalise the required security and privacy properties in this setting in a general manner (not specifically for our scheme) and prove that our scheme fulfils these. Finally, we show that our scheme is applicable in practice, providing performance results for a prototype implementation.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133075168","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Access control based on anonymous credentials allows users to prove to a service provider in a privacy-friendly manner that they possess the credentials required to access a resource. To achieve optimal privacy, the information that service providers can learn from the access control protocol should in principle be just a single event, namely that a user is granted access. However, existing anonymous credential schemes reveal additional information to the service provider such as the identity of the credential issuer, the credential type, and constraints on the attributes of the credential that reveal more than the access decision itself. In addition, the efficiency of selective attribute disclosure is not optimal. Our contribution is both cryptographic and conceptual. First, we extend existing vector commitment schemes with efficient zero-knowledge protocols to prove correct generation of a new commitment, to prove that a secret value is committed at a secret position, and to prove that a secret position was updated to a new secret value. Second, we employ these protocols along with structure preserving signatures and conceptual techniques from logic-based access control to design a private access control protocol with efficient selective attribute disclosure that achieves our optimality criteria.
{"title":"Optimally private access control","authors":"Markulf Kohlweiss, A. Rial","doi":"10.1145/2517840.2517857","DOIUrl":"https://doi.org/10.1145/2517840.2517857","url":null,"abstract":"Access control based on anonymous credentials allows users to prove to a service provider in a privacy-friendly manner that they possess the credentials required to access a resource. To achieve optimal privacy, the information that service providers can learn from the access control protocol should in principle be just a single event, namely that a user is granted access. However, existing anonymous credential schemes reveal additional information to the service provider such as the identity of the credential issuer, the credential type, and constraints on the attributes of the credential that reveal more than the access decision itself. In addition, the efficiency of selective attribute disclosure is not optimal. Our contribution is both cryptographic and conceptual. First, we extend existing vector commitment schemes with efficient zero-knowledge protocols to prove correct generation of a new commitment, to prove that a secret value is committed at a secret position, and to prove that a secret position was updated to a new secret value. Second, we employ these protocols along with structure preserving signatures and conceptual techniques from logic-based access control to design a private access control protocol with efficient selective attribute disclosure that achieves our optimality criteria.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115264579","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
J. Camenisch, G. Karjoth, G. Neven, Franz-Stefan Preiss
Many Internet users today use an electronic social network service (SNS) to share data with their friends. Most SNSs let users restrict access to their shared data, e.g., to particular groups of friends, or to users satisfying other criteria based on their attributes or relationships. Usually, however, such access control restrictions can only be applied to resources hosted on the SNS itself. In this paper, we present protocols to enable SNS users to protect access to resources that are hosted on external service providers (SPs). Our mechanisms preserve the users' privacy in the sense that (1) the SP does not learn the SNS-identities of users that share or access the resource, nor does it learn anything about the access policy that protects it, (2) the SNS does not obtain any information about the resource, and in particular, does not obtain a link to it, and (3) the SP cannot change the policy set by the owner of the resource, or test the policy on users who never requested access to the resource. We give formal definitions of these security requirements and present a cryptographic protocol based on group signatures that provably fulfills them. We also discuss to what extent our requirements can be fulfilled using the standard OAuth authorization protocol while making only minor changes to the SNS infrastructure.
{"title":"Anonymously sharing Flickr pictures with facebook friends","authors":"J. Camenisch, G. Karjoth, G. Neven, Franz-Stefan Preiss","doi":"10.1145/2517840.2517861","DOIUrl":"https://doi.org/10.1145/2517840.2517861","url":null,"abstract":"Many Internet users today use an electronic social network service (SNS) to share data with their friends. Most SNSs let users restrict access to their shared data, e.g., to particular groups of friends, or to users satisfying other criteria based on their attributes or relationships. Usually, however, such access control restrictions can only be applied to resources hosted on the SNS itself. In this paper, we present protocols to enable SNS users to protect access to resources that are hosted on external service providers (SPs). Our mechanisms preserve the users' privacy in the sense that (1) the SP does not learn the SNS-identities of users that share or access the resource, nor does it learn anything about the access policy that protects it, (2) the SNS does not obtain any information about the resource, and in particular, does not obtain a link to it, and (3) the SP cannot change the policy set by the owner of the resource, or test the policy on users who never requested access to the resource. We give formal definitions of these security requirements and present a cryptographic protocol based on group signatures that provably fulfills them. We also discuss to what extent our requirements can be fulfilled using the standard OAuth authorization protocol while making only minor changes to the SNS infrastructure.","PeriodicalId":406846,"journal":{"name":"Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132215298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: