Free online tools such as search, email and mapping come with a cost. Web users obtain such services by making micropayments of personal and organizational information to the web service providers. Web companies use this information to create customized advertising and tailored user experiences. Individually, each transaction appears innocuous, but when aggregated, the result is often highly sensitive. The impact of AOL.s inadvertent disclosure of 20 million nominally anonymized search queries underscores the pressing need for increasing web privacy and raising user awareness of the problem. Rather than advocate extreme legal and policy measures to address the dilemma, this paper proposes an equitable self-monitoring solution. Self-monitoring allows individual users and large enterprises to regulate their web-based interactions intelligently and still allow online companies to innovate and flourish. The primary contributions of our work includes exploration of visualization techniques that support self-monitoring, a human-centric evaluation and the results of a user requirements survey.
{"title":"Self-monitoring of web-based information disclosure","authors":"K. Abdullah, G. Conti, E. Sobiesk","doi":"10.1145/1314333.1314343","DOIUrl":"https://doi.org/10.1145/1314333.1314343","url":null,"abstract":"Free online tools such as search, email and mapping come with a cost. Web users obtain such services by making micropayments of personal and organizational information to the web service providers. Web companies use this information to create customized advertising and tailored user experiences. Individually, each transaction appears innocuous, but when aggregated, the result is often highly sensitive. The impact of AOL.s inadvertent disclosure of 20 million nominally anonymized search queries underscores the pressing need for increasing web privacy and raising user awareness of the problem. Rather than advocate extreme legal and policy measures to address the dilemma, this paper proposes an equitable self-monitoring solution. Self-monitoring allows individual users and large enterprises to regulate their web-based interactions intelligently and still allow online companies to innovate and flourish. The primary contributions of our work includes exploration of visualization techniques that support self-monitoring, a human-centric evaluation and the results of a user requirements survey.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"64 1","pages":"56-59"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91032391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Felipe Saint-Jean, Aaron Johnson, D. Boneh, J. Feigenbaum
Web search is currently a source of growing concern about personal privacy. It is an essential and central part of most users' activity online and therefore one through which a significant amount of personal information may be revealed.To help users protect their privacy, we have designed and implemented Private WebSearch (PWS), a usable client-side tool that minimizes the information that users reveal to a search engine. Our tool protects users against attacks that involve active components and timing information, to which more general Web-browsing privacy tools (including the combination of FoxTor and Privoxy) are vulnerable. PWS is a Firefox plugin that functions as an HTTP proxy and as a client for the Tor anonymity network. It configures Firefox so that search queries executed from the PWS search box are routed through the HTTP proxy and Tor client, filtering potentially sensitive or identifying components of the request and response.
{"title":"Private web search","authors":"Felipe Saint-Jean, Aaron Johnson, D. Boneh, J. Feigenbaum","doi":"10.1145/1314333.1314351","DOIUrl":"https://doi.org/10.1145/1314333.1314351","url":null,"abstract":"Web search is currently a source of growing concern about personal privacy. It is an essential and central part of most users' activity online and therefore one through which a significant amount of personal information may be revealed.To help users protect their privacy, we have designed and implemented Private WebSearch (PWS), a usable client-side tool that minimizes the information that users reveal to a search engine. Our tool protects users against attacks that involve active components and timing information, to which more general Web-browsing privacy tools (including the combination of FoxTor and Privoxy) are vulnerable. PWS is a Firefox plugin that functions as an HTTP proxy and as a client for the Tor anonymity network. It configures Firefox so that search queries executed from the PWS search box are routed through the HTTP proxy and Tor client, filtering potentially sensitive or identifying components of the request and response.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"4 1","pages":"84-90"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84948234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In open systems, the verification of properties of subjects is crucial for authorization purposes. Very often access to resources is based on policies that express (possibly complex) requirements in terms of what are referred to variously as identity properties, attributes, or characteristics of the subject. In this paper we provide an approach that an entity called a verifier can use to evaluate queries about properties of a subject requesting resources that are relevent deciding whether the requested action is authorized. Specifically, we contribute techniques that enable reuse of previously computed query results. We consider issues related to temporal validity as well as issues related to confidentiality when one entity reuses query results computed by another entity. We employ constraint logic programming as the foundation of our policy rules and query evaluation. This provides a very general, flexible basis, and enable our work to be applied more or less directly to several existing policy frameworks. The process of evaluation of a query against a subject identity is traced through a structure, referred to as identity proof tree, that carries all information proving that a policy requirement is met.
{"title":"Information carrying identity proof trees","authors":"W. Winsborough, A. Squicciarini, E. Bertino","doi":"10.1145/1314333.1314348","DOIUrl":"https://doi.org/10.1145/1314333.1314348","url":null,"abstract":"In open systems, the verification of properties of subjects is crucial for authorization purposes. Very often access to resources is based on policies that express (possibly complex) requirements in terms of what are referred to variously as identity properties, attributes, or characteristics of the subject. In this paper we provide an approach that an entity called a verifier can use to evaluate queries about properties of a subject requesting resources that are relevent deciding whether the requested action is authorized. Specifically, we contribute techniques that enable reuse of previously computed query results. We consider issues related to temporal validity as well as issues related to confidentiality when one entity reuses query results computed by another entity. We employ constraint logic programming as the foundation of our policy rules and query evaluation. This provides a very general, flexible basis, and enable our work to be applied more or less directly to several existing policy frameworks. The process of evaluation of a query against a subject identity is traced through a structure, referred to as identity proof tree, that carries all information proving that a policy requirement is met.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"24 1","pages":"76-79"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77995131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The need for privacy in intrusion detection data, such as audit logs is widely recognized. The prevalent method for privacy protection in audit logs is pseudonymization (and suppression). There is a clear trade-off between the privacy of a pseudonymization technique and its utility for intrusion detection. E.g., for IP addresses a method for prefix preserving pseudonymization has been developed, that allows pseudonymized IP addresses to be still grouped into subnets. This paper describes a pseudonymization technique for timestamps that is distance preserving. I.e. given two pseudonymized timestamps one can compute the distance δ, if d is below or equal to an agreed threshold d and one cannot compute δif δ = 2d. We extend our technique for two dimensional spatial data, e.g. location of objects or persons. We also evaluate the privacy any such distance-preserving technique can provide for timestamps theoretically and on real-world log data.
{"title":"Distance-preserving pseudonymization for timestamps and spatial data","authors":"F. Kerschbaum","doi":"10.1145/1314333.1314346","DOIUrl":"https://doi.org/10.1145/1314333.1314346","url":null,"abstract":"The need for privacy in intrusion detection data, such as audit logs is widely recognized. The prevalent method for privacy protection in audit logs is pseudonymization (and suppression). There is a clear trade-off between the privacy of a pseudonymization technique and its utility for intrusion detection. E.g., for IP addresses a method for prefix preserving pseudonymization has been developed, that allows pseudonymized IP addresses to be still grouped into subnets. This paper describes a pseudonymization technique for timestamps that is distance preserving. I.e. given two pseudonymized timestamps one can compute the distance δ, if d is below or equal to an agreed threshold d and one cannot compute δif δ = 2d. We extend our technique for two dimensional spatial data, e.g. location of objects or persons. We also evaluate the privacy any such distance-preserving technique can provide for timestamps theoretically and on real-world log data.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"5 1","pages":"68-71"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85416009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Susana Alcalde Bagüés, A. Zeidler, C. Fernández-Valdivielso, I. Matías
The pervasive nature of future living environments, saturated with sensors and context-detecting services, pose a completely new challenge for computer science: the art of virtual disappearance. In many situations individuals do not want to be tracked by the environment and do not want their where abouts to be known publicly or even by their friends and relatives. Today's technology often allowsus to use white lies in such circumstances. The question we pose in this paper is: Can we achieve the same using pervasive computing technologies? In this paper we show how our User-centric Privacy Framework can be extended to allow users to pro-actively use white lies as a means to disguise their location or activity without sacrificing the use of context-services as a whole. As a result we are confident that also in the future we can perform some magic:disappearing for a while - when needed.
{"title":"Disappearing for a while - using white lies in pervasive computing","authors":"Susana Alcalde Bagüés, A. Zeidler, C. Fernández-Valdivielso, I. Matías","doi":"10.1145/1314333.1314349","DOIUrl":"https://doi.org/10.1145/1314333.1314349","url":null,"abstract":"The pervasive nature of future living environments, saturated with sensors and context-detecting services, pose a completely new challenge for computer science: the art of virtual disappearance. In many situations individuals do not want to be tracked by the environment and do not want their where abouts to be known publicly or even by their friends and relatives. Today's technology often allowsus to use white lies in such circumstances. The question we pose in this paper is: Can we achieve the same using pervasive computing technologies? In this paper we show how our User-centric Privacy Framework can be extended to allow users to pro-actively use white lies as a means to disguise their location or activity without sacrificing the use of context-services as a whole. As a result we are confident that also in the future we can perform some magic:disappearing for a while - when needed.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"90 1","pages":"80-83"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78970246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
User-privacy in existing identity management systems (IMS) can be improved.Indeed, private credential systems offer privacy enhancing capabilities not yet included in current IMS; e.g. proving claims such as age > 18, with age an attribute. This paper introduces privacy enhanced claim URIs which enable to request personal data in a privacy friendly way. We show how many private credential capabilities can be achieved in current IMS without using private credentials and continue by showing how these URIs allow integration of private credential systems in Microsoft Cardspace. Since our approach is very simple and widely applicable, it allows to enhance privacy friendliness of today's online transactions.
{"title":"Enhancing privacy in identity management systems","authors":"Steven Gevers, K. Verslype, B. Decker","doi":"10.1145/1314333.1314344","DOIUrl":"https://doi.org/10.1145/1314333.1314344","url":null,"abstract":"User-privacy in existing identity management systems (IMS) can be improved.Indeed, private credential systems offer privacy enhancing capabilities not yet included in current IMS; e.g. proving claims such as age > 18, with age an attribute. This paper introduces privacy enhanced claim URIs which enable to request personal data in a privacy friendly way. We show how many private credential capabilities can be achieved in current IMS without using private credentials and continue by showing how these URIs allow integration of private credential systems in Microsoft Cardspace. Since our approach is very simple and widely applicable, it allows to enhance privacy friendliness of today's online transactions.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"151 1","pages":"60-63"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81669924","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Instant Messaging software is now used in homes and businesses by a wide variety of people. Many of these users would benefit from additional privacy, but do not have enough specialized knowledge to use existing privacy-enhancing software. There is a need for privacy software to be easy to understand, with complicated cryptographic concepts hidden from the user. We look at improving the usability of Off-the-Record Messaging, a popular privacy plugin for instant messaging software. By using a solution to the Socialist Millionaires' Problem, we are able to provide the same level of privacy and authentication as in older versions of OTR, but we no longer require that the user understand any difficult concepts such as keys or fingerprints.
{"title":"Improved user authentication in off-the-record messaging","authors":"Chris Alexander, I. Goldberg","doi":"10.1145/1314333.1314340","DOIUrl":"https://doi.org/10.1145/1314333.1314340","url":null,"abstract":"Instant Messaging software is now used in homes and businesses by a wide variety of people. Many of these users would benefit from additional privacy, but do not have enough specialized knowledge to use existing privacy-enhancing software. There is a need for privacy software to be easy to understand, with complicated cryptographic concepts hidden from the user. We look at improving the usability of Off-the-Record Messaging, a popular privacy plugin for instant messaging software. By using a solution to the Socialist Millionaires' Problem, we are able to provide the same level of privacy and authentication as in older versions of OTR, but we no longer require that the user understand any difficult concepts such as keys or fingerprints.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"57 1","pages":"41-47"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84449698","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Digital identities are increasingly being used to facilitate the execution of transactions in various domains. When developing and analyzing digital identity technologies, it is important to consider the perceptions and responses of end users. Users are typically concerned about privacy and security, but do not necessarily understand how these issues are impacted by the use of digital identities. In this paper, we discuss preliminary results of a survey regarding authentication technologies used to generate digital identities. Most respondents were unfamiliar with a majority of the technologies in question (e.g. hand geometry scans), and expressed uncertainty about their use. Perceptions were more positive for the use of authentication technologies in the financial domain, and more negative for their use in the retail domain. The results may inform the design of future systems.
{"title":"Towards understanding user perceptions of authentication technologies","authors":"Laurie A. Jones, A. Antón, J. Earp","doi":"10.1145/1314333.1314352","DOIUrl":"https://doi.org/10.1145/1314333.1314352","url":null,"abstract":"Digital identities are increasingly being used to facilitate the execution of transactions in various domains. When developing and analyzing digital identity technologies, it is important to consider the perceptions and responses of end users. Users are typically concerned about privacy and security, but do not necessarily understand how these issues are impacted by the use of digital identities. In this paper, we discuss preliminary results of a survey regarding authentication technologies used to generate digital identities. Most respondents were unfamiliar with a majority of the technologies in question (e.g. hand geometry scans), and expressed uncertainty about their use. Perceptions were more positive for the use of authentication technologies in the financial domain, and more negative for their use in the retail domain. The results may inform the design of future systems.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"9 1","pages":"91-98"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81482287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We examine the implementation of the distributed proof system designed by Minami and Kotz [17]. We find that, although a high-level analysis shows that it preserves confidentiality, the implementation of the cryptographic primitives contains a covert channel that can leak information. Moreover, this channel is present with any traditional choice of public key encryption functions.� To remedy this problem, we use the Goldwasser-Micali cryptosystem to implement single-bit re-encryption and show how to make it free of covert channels. We then extend the primitive to support commutative encryption as well. Using this primitive, we design a variant of the Minami-Kotz algorithm that not only is free of covert channels, but also has additional proving power over the original design.
{"title":"Single-bit re-encryption with applications to distributed proof systems","authors":"N. Borisov, Kazuhiro Minami","doi":"10.1145/1314333.1314341","DOIUrl":"https://doi.org/10.1145/1314333.1314341","url":null,"abstract":"We examine the implementation of the distributed proof system designed by Minami and Kotz [17]. We find that, although a high-level analysis shows that it preserves confidentiality, the implementation of the cryptographic primitives contains a covert channel that can leak information. Moreover, this channel is present with any traditional choice of public key encryption functions.\u0000 To remedy this problem, we use the Goldwasser-Micali cryptosystem to implement single-bit re-encryption and show how to make it free of covert channels. We then extend the primitive to support commutative encryption as well. Using this primitive, we design a variant of the Minami-Kotz algorithm that not only is free of covert channels, but also has additional proving power over the original design.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"23 1","pages":"48-55"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79255298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kevin S. Bauer, Damon McCoy, D. Grunwald, Tadayoshi Kohno, D. Sicker
Tor has become one of the most popular overlay networks for anonymizing TCP traffic. Its popularity is due in part to its perceived strong anonymity properties and its relatively low latency service. Low latency is achieved through Torâ s ability to balance the traffic load by optimizing Tor router selection to probabilistically favor routers with highbandwidth capabilities.� We investigate how Torâ s routing optimizations impact its ability to provide strong anonymity. Through experiments conducted on PlanetLab, we show the extent to which routing performance optimizations have left the system vulnerable to end-to-end traffic analysis attacks from non-global adversaries with minimal resources. Further, we demonstrate that entry guards, added to mitigate path disruption attacks, are themselves vulnerable to attack. Finally, we explore solutions to improve Torâ s current routing algorithms and propose alternative routing strategies that prevent some of the routing attacks used in our experiments.
{"title":"Low-resource routing attacks against tor","authors":"Kevin S. Bauer, Damon McCoy, D. Grunwald, Tadayoshi Kohno, D. Sicker","doi":"10.1145/1314333.1314336","DOIUrl":"https://doi.org/10.1145/1314333.1314336","url":null,"abstract":"Tor has become one of the most popular overlay networks for anonymizing TCP traffic. Its popularity is due in part to its perceived strong anonymity properties and its relatively low latency service. Low latency is achieved through Torâ s ability to balance the traffic load by optimizing Tor router selection to probabilistically favor routers with highbandwidth capabilities.\u0000 We investigate how Torâ s routing optimizations impact its ability to provide strong anonymity. Through experiments conducted on PlanetLab, we show the extent to which routing performance optimizations have left the system vulnerable to end-to-end traffic analysis attacks from non-global adversaries with minimal resources. Further, we demonstrate that entry guards, added to mitigate path disruption attacks, are themselves vulnerable to attack. Finally, we explore solutions to improve Torâ s current routing algorithms and propose alternative routing strategies that prevent some of the routing attacks used in our experiments.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"176 1","pages":"11-20"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77480494","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: