首页 > 最新文献

Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium最新文献

英文 中文
Compact and Divisible E-Cash with Threshold Issuance 具有阈值发行的紧凑可分割电子现金
Alfredo Rial, Ania M. Piotrowska
Decentralized, offline, and privacy-preserving e-cash could fulfil the need for both scalable and byzantine fault-resistant payment systems. Existing offline anonymous e-cash schemes are unsuitable for distributed environments due to a central bank. We construct a distributed offline anonymous e-cash scheme, in which the role of the bank is performed by a quorum of authorities, and present its two instantiations. Our first scheme is compact, i.e. the cost of the issuance protocol and the size of a wallet are independent of the number of coins issued, but the cost of payment grows linearly with the number of coins spent. Our second scheme is divisible and thus the cost of payments is also independent of the number of coins spent, but the verification of deposits is more costly. We provide formal security proof of both schemes and compare the efficiency of their implementations.
分散、离线和保护隐私的电子现金可以满足可扩展和拜占庭式防故障支付系统的需求。由于中央银行的存在,现有的离线匿名电子现金方案不适合分布式环境。我们构造了一个分布式离线匿名电子现金方案,其中银行的角色由法定机构执行,并给出了它的两个实例。我们的第一个方案是紧凑的,即发行协议的成本和钱包的大小与发行的硬币数量无关,但支付成本随着花费的硬币数量线性增长。我们的第二种方案是可分割的,因此支付成本也与花费的硬币数量无关,但对存款的验证成本更高。我们提供了这两种方案的正式安全证明,并比较了它们的实现效率。
{"title":"Compact and Divisible E-Cash with Threshold Issuance","authors":"Alfredo Rial, Ania M. Piotrowska","doi":"10.56553/popets-2023-0116","DOIUrl":"https://doi.org/10.56553/popets-2023-0116","url":null,"abstract":"Decentralized, offline, and privacy-preserving e-cash could fulfil the need for both scalable and byzantine fault-resistant payment systems. Existing offline anonymous e-cash schemes are unsuitable for distributed environments due to a central bank. We construct a distributed offline anonymous e-cash scheme, in which the role of the bank is performed by a quorum of authorities, and present its two instantiations. Our first scheme is compact, i.e. the cost of the issuance protocol and the size of a wallet are independent of the number of coins issued, but the cost of payment grows linearly with the number of coins spent. Our second scheme is divisible and thus the cost of payments is also independent of the number of coins spent, but the verification of deposits is more costly. We provide formal security proof of both schemes and compare the efficiency of their implementations.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"147 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
On the Robustness of Topics API to a Re-Identification Attack 主题API对重新识别攻击的鲁棒性研究
Nikhil Jha, Martino Trevisan, Emilio Leonardi, Marco Mellia
Web tracking through third-party cookies is considered a threat to users' privacy and is supposed to be abandoned in the near future. Recently, Google proposed the Topics API framework as a privacy-friendly alternative for behavioural advertising. Using this approach, the browser builds a user profile based on navigation history, which advertisers can access. The Topics API has the possibility of becoming the new standard for behavioural advertising, thus it is necessary to fully understand its operation and find possible limitations. This paper evaluates the robustness of the Topics API to a re-identification attack where an attacker reconstructs the user profile by accumulating user's exposed topics over time to later re-identify the same user on a different website. Using real traffic traces and realistic population models, we find that the Topics API mitigates but cannot prevent re-identification to take place, as there is a sizeable chance that a user's profile is unique within a website's audience. Consequently, the probability of correct re-identification can reach 15-17%, considering a pool of 1,000 users. We offer the code and data we use in this work to stimulate further studies and the tuning of the Topic API parameters.
通过第三方cookie进行网络跟踪被认为是对用户隐私的威胁,应该在不久的将来被放弃。最近,谷歌提出了主题API框架,作为行为广告的隐私友好替代方案。使用这种方法,浏览器根据导航历史建立用户档案,广告商可以访问这些档案。topic API有可能成为行为广告的新标准,因此有必要充分了解其运作并找出可能存在的局限性。本文评估了主题API对重新识别攻击的鲁棒性,攻击者通过积累用户暴露的主题来重建用户配置文件,以便稍后在不同的网站上重新识别同一用户。使用真实的流量跟踪和现实的人口模型,我们发现主题API减轻了但不能阻止重新识别的发生,因为用户的个人资料在网站受众中是唯一的可能性很大。因此,考虑到1,000个用户池,正确重新识别的概率可以达到15-17%。我们提供了在这项工作中使用的代码和数据,以促进进一步的研究和Topic API参数的调优。
{"title":"On the Robustness of Topics API to a Re-Identification Attack","authors":"Nikhil Jha, Martino Trevisan, Emilio Leonardi, Marco Mellia","doi":"10.56553/popets-2023-0098","DOIUrl":"https://doi.org/10.56553/popets-2023-0098","url":null,"abstract":"Web tracking through third-party cookies is considered a threat to users' privacy and is supposed to be abandoned in the near future. Recently, Google proposed the Topics API framework as a privacy-friendly alternative for behavioural advertising. Using this approach, the browser builds a user profile based on navigation history, which advertisers can access. The Topics API has the possibility of becoming the new standard for behavioural advertising, thus it is necessary to fully understand its operation and find possible limitations. This paper evaluates the robustness of the Topics API to a re-identification attack where an attacker reconstructs the user profile by accumulating user's exposed topics over time to later re-identify the same user on a different website. Using real traffic traces and realistic population models, we find that the Topics API mitigates but cannot prevent re-identification to take place, as there is a sizeable chance that a user's profile is unique within a website's audience. Consequently, the probability of correct re-identification can reach 15-17%, considering a pool of 1,000 users. We offer the code and data we use in this work to stimulate further studies and the tuning of the Topic API parameters.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010612","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DP-SIPS: A simpler, more scalable mechanism for differentially private partition selection DP-SIPS:用于区分私有分区选择的更简单、更可扩展的机制
Marika Swanberg, Damien Desfontaines, Samuel Haney
Partition selection, or set union, is an important primitive in differentially private mechanism design: in a database where each user contributes a list of items, the goal is to publish as many of these items as possible under differential privacy. In this work, we present a novel mechanism for differentially private partition selection. This mechanism, which we call {DP-SIPS}, is very simple: it consists of iterating the naive algorithm over the data set multiple times, removing the released partitions from the data set while increasing the privacy budget at each step. This approach preserves the scalability benefits of the naive mechanism, yet its utility compares favorably to more complex approaches developed in prior work.
分区选择(或集合联合)是差异私有机制设计中的一个重要原语:在每个用户贡献一个项列表的数据库中,目标是在差异隐私下发布尽可能多的这些项。在这项工作中,我们提出了一种新的差分私有分区选择机制。这种机制,我们称之为{DP-SIPS},非常简单:它包括在数据集上多次迭代朴素算法,从数据集中删除释放的分区,同时在每一步增加隐私预算。这种方法保留了原始机制的可伸缩性优势,但它的实用性比以前工作中开发的更复杂的方法要好。
{"title":"DP-SIPS: A simpler, more scalable mechanism for differentially private partition selection","authors":"Marika Swanberg, Damien Desfontaines, Samuel Haney","doi":"10.56553/popets-2023-0109","DOIUrl":"https://doi.org/10.56553/popets-2023-0109","url":null,"abstract":"Partition selection, or set union, is an important primitive in differentially private mechanism design: in a database where each user contributes a list of items, the goal is to publish as many of these items as possible under differential privacy. In this work, we present a novel mechanism for differentially private partition selection. This mechanism, which we call {DP-SIPS}, is very simple: it consists of iterating the naive algorithm over the data set multiple times, removing the released partitions from the data set while increasing the privacy budget at each step. This approach preserves the scalability benefits of the naive mechanism, yet its utility compares favorably to more complex approaches developed in prior work.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010613","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Editors' Introduction 编辑的介绍
Michelle Mazurek, Micah Sherr
{"title":"Editors' Introduction","authors":"Michelle Mazurek, Micah Sherr","doi":"10.56553/popets-2023-0094","DOIUrl":"https://doi.org/10.56553/popets-2023-0094","url":null,"abstract":"","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Privacy-Preserving Federated Recurrent Neural Networks 隐私保护联邦递归神经网络
Sinem Sav, Abdulrahman Diaa, Apostolos Pyrgelis, Jean-Philippe Bossuat, Jean-Pierre Hubaux
We present RHODE, a novel system that enables privacy-preserving training of and prediction on Recurrent Neural Networks (RNNs) in a cross-silo federated learning setting by relying on multiparty homomorphic encryption. RHODE preserves the confidentiality of the training data, the model, and the prediction data; and it mitigates federated learning attacks that target the gradients under a passive-adversary threat model. We propose a packing scheme, multi-dimensional packing, for a better utilization of Single Instruction, Multiple Data (SIMD) operations under encryption. With multi-dimensional packing, RHODE enables the efficient processing, in parallel, of a batch of samples. To avoid the exploding gradients problem, RHODE provides several clipping approximations for performing gradient clipping under encryption. We experimentally show that the model performance with RHODE remains similar to non-secure solutions both for homogeneous and heterogeneous data distributions among the data holders. Our experimental evaluation shows that RHODE scales linearly with the number of data holders and the number of timesteps, sub-linearly and sub-quadratically with the number of features and the number of hidden units of RNNs, respectively. To the best of our knowledge, RHODE is the first system that provides the building blocks for the training of RNNs and its variants, under encryption in a federated learning setting.
我们提出了RHODE,这是一种新的系统,通过依赖多方同态加密,可以在跨竖井联邦学习设置中对循环神经网络(rnn)进行隐私保护训练和预测。RHODE对训练数据、模型和预测数据保密;它还减轻了在被动对手威胁模型下针对梯度的联合学习攻击。为了更好地利用加密下的单指令多数据(SIMD)操作,我们提出了一种多维打包方案。凭借多维包装,RHODE能够并行高效地处理一批样品。为了避免梯度爆炸问题,RHODE提供了几种在加密下执行梯度裁剪的裁剪近似。我们通过实验表明,对于数据持有者之间的同构和异构数据分布,使用RHODE的模型性能仍然类似于非安全解决方案。我们的实验评估表明,RHODE与数据持有者数量和时间步长数量呈线性关系,与rnn的特征数量和隐藏单元数量分别呈亚线性和亚二次关系。据我们所知,RHODE是第一个在联邦学习设置下加密为rnn及其变体的训练提供构建块的系统。
{"title":"Privacy-Preserving Federated Recurrent Neural Networks","authors":"Sinem Sav, Abdulrahman Diaa, Apostolos Pyrgelis, Jean-Philippe Bossuat, Jean-Pierre Hubaux","doi":"10.56553/popets-2023-0122","DOIUrl":"https://doi.org/10.56553/popets-2023-0122","url":null,"abstract":"We present RHODE, a novel system that enables privacy-preserving training of and prediction on Recurrent Neural Networks (RNNs) in a cross-silo federated learning setting by relying on multiparty homomorphic encryption. RHODE preserves the confidentiality of the training data, the model, and the prediction data; and it mitigates federated learning attacks that target the gradients under a passive-adversary threat model. We propose a packing scheme, multi-dimensional packing, for a better utilization of Single Instruction, Multiple Data (SIMD) operations under encryption. With multi-dimensional packing, RHODE enables the efficient processing, in parallel, of a batch of samples. To avoid the exploding gradients problem, RHODE provides several clipping approximations for performing gradient clipping under encryption. We experimentally show that the model performance with RHODE remains similar to non-secure solutions both for homogeneous and heterogeneous data distributions among the data holders. Our experimental evaluation shows that RHODE scales linearly with the number of data holders and the number of timesteps, sub-linearly and sub-quadratically with the number of features and the number of hidden units of RNNs, respectively. To the best of our knowledge, RHODE is the first system that provides the building blocks for the training of RNNs and its variants, under encryption in a federated learning setting.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135010614","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA) VCR修复课程:Android应用程序开发人员与加州消费者隐私法案(CCPA)的合规性
Nikita Samarin, Shayna Kothari, Zaina Siyed, Oscar Bjorkman, Reena Yuan, Primal Wijesekera, Noura Alomar, Jordan Fischer, Chris Hoofnagle, Serge Egelman
The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy notices and respond to "verifiable consumer requests" (VCRs) by disclosing personal information that they have collected, used, or shared about consumers for a business or commercial purpose. We compared the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies and the data contained in responses to "right to know" requests that we submitted to the app's developers. Of the 69 app developers who substantively replied to our requests, all but one provided specific pieces of personal data (as opposed to only categorical information). However, a significant percentage of apps collected information that was not disclosed, including identifiers (55 apps, 80%), geolocation data (21 apps, 30%), and sensory data (18 apps, 26%) among other categories. We discuss improvements to the CCPA that could help app developers comply with "right to know" requests and other related regulations.
《加州消费者隐私法》(CCPA)为加州居民提供了一系列增强的隐私保护和权利。我们的研究调查了Android应用程序开发人员遵守CCPA规定的程度,这些规定要求他们向消费者提供准确的隐私通知,并通过披露他们为商业或商业目的收集、使用或共享的消费者个人信息来响应“可验证的消费者请求”(vcr)。我们将109个我们认为必须遵守CCPA的应用程序的实际网络流量与应用程序在其隐私政策中声明收集的数据以及我们提交给应用程序开发人员的“知情权”请求的响应中包含的数据进行了比较。在69个回复我们请求的应用程序开发者中,除了一个之外,所有人都提供了具体的个人数据(而不是只提供分类信息)。然而,相当大比例的应用程序收集的信息没有公开,包括标识符(55个应用程序,80%)、地理位置数据(21个应用程序,30%)和其他类别的感官数据(18个应用程序,26%)。我们讨论了对CCPA的改进,以帮助应用程序开发人员遵守“知情权”要求和其他相关法规。
{"title":"Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)","authors":"Nikita Samarin, Shayna Kothari, Zaina Siyed, Oscar Bjorkman, Reena Yuan, Primal Wijesekera, Noura Alomar, Jordan Fischer, Chris Hoofnagle, Serge Egelman","doi":"10.56553/popets-2023-0072","DOIUrl":"https://doi.org/10.56553/popets-2023-0072","url":null,"abstract":"The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy notices and respond to \"verifiable consumer requests\" (VCRs) by disclosing personal information that they have collected, used, or shared about consumers for a business or commercial purpose. We compared the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies and the data contained in responses to \"right to know\" requests that we submitted to the app's developers. Of the 69 app developers who substantively replied to our requests, all but one provided specific pieces of personal data (as opposed to only categorical information). However, a significant percentage of apps collected information that was not disclosed, including identifiers (55 apps, 80%), geolocation data (21 apps, 30%), and sensory data (18 apps, 26%) among other categories. We discuss improvements to the CCPA that could help app developers comply with \"right to know\" requests and other related regulations.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135111117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Editors' Introduction 编辑的介绍
Michelle Mazurek, Micah Sherr
{"title":"Editors' Introduction","authors":"Michelle Mazurek, Micah Sherr","doi":"10.56553/popets-2023-0066","DOIUrl":"https://doi.org/10.56553/popets-2023-0066","url":null,"abstract":"","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135111119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Story Beyond the Eye: Glyph Positions Break PDF Text Redaction 超越眼睛的故事:字形位置打破PDF文本编校
Maxwell Bland, Anushya Iyer, Kirill Levchenko
In this work we find that many current redactions of PDF text are insecure due to non-redacted character positioning information. In particular, subpixel-sized horizontal shifts in redacted and non-redacted characters can be recovered and used to effectively deredact first and last names. Unfortunately these findings affect redactions where the text underneath the black box is removed from the PDF. We demonstrate these findings by performing a comprehensive vulnerability assessment of common PDF redaction types. We examine 11 popular PDF redaction tools, including Adobe Acrobat, and find that they leak information about redacted text. We also effectively deredact hundreds of real-world PDF redactions, including those found in OIG investigation reports and FOIA responses. To correct the problem, we have released open source algorithms to fix vulnerable redactions and reduce the amount of information leaked by nonexcising redactions (where the text underneath the redaction is copy-pastable). We have also notified the developers of the studied redaction tools. We have notified the Office of Inspector General, the Free Law Project, PACER, Adobe, Microsoft, and the US Department of Justice. We are working with several of these groups to prevent our discoveries from being used for malicious purposes.
在这项工作中,我们发现许多当前的PDF文本编校是不安全的,由于未编校字符定位信息。特别是,在编辑和未编辑的字符中,亚像素级大小的水平位移可以恢复并用于有效地删除名字和姓氏。不幸的是,这些发现影响了编辑,黑盒子下面的文本被从PDF中删除。我们通过对常见的PDF编校类型进行全面的漏洞评估来证明这些发现。我们检查了11种流行的PDF编校工具,包括Adobe Acrobat,并发现它们会泄露有关编校文本的信息。我们还有效地删除了数百份真实世界的PDF版本,包括OIG调查报告和《信息自由法》回应中发现的内容。为了纠正这个问题,我们发布了开源算法来修复易受攻击的编校,并减少非删节编校(其中编校下面的文本是可复制粘贴的)泄露的信息数量。我们还通知了所研究的编校工具的开发人员。我们已经通知了监察长办公室、自由法律项目、PACER、Adobe、微软和美国司法部。我们正在与其中几个组织合作,以防止我们的发现被用于恶意目的。
{"title":"Story Beyond the Eye: Glyph Positions Break PDF Text Redaction","authors":"Maxwell Bland, Anushya Iyer, Kirill Levchenko","doi":"10.56553/popets-2023-0069","DOIUrl":"https://doi.org/10.56553/popets-2023-0069","url":null,"abstract":"In this work we find that many current redactions of PDF text are insecure due to non-redacted character positioning information. In particular, subpixel-sized horizontal shifts in redacted and non-redacted characters can be recovered and used to effectively deredact first and last names. Unfortunately these findings affect redactions where the text underneath the black box is removed from the PDF. We demonstrate these findings by performing a comprehensive vulnerability assessment of common PDF redaction types. We examine 11 popular PDF redaction tools, including Adobe Acrobat, and find that they leak information about redacted text. We also effectively deredact hundreds of real-world PDF redactions, including those found in OIG investigation reports and FOIA responses. To correct the problem, we have released open source algorithms to fix vulnerable redactions and reduce the amount of information leaked by nonexcising redactions (where the text underneath the redaction is copy-pastable). We have also notified the developers of the studied redaction tools. We have notified the Office of Inspector General, the Free Law Project, PACER, Adobe, Microsoft, and the US Department of Justice. We are working with several of these groups to prevent our discoveries from being used for malicious purposes.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"95 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135960827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Blocking JavaScript Without Breaking the Web: An Empirical Investigation 在不破坏网络的情况下阻止JavaScript:一项实证调查
Abdul Haddi Amjad, Zubair Shafiq, Muhammad Ali Gulzar
Modern websites heavily rely on JavaScript (JS) to implement legitimate functionality as well as privacy-invasive advertising and tracking. Browser extensions such as NoScript block any script not loaded by a trusted list of endpoints, thus hoping to block privacy-invasive scripts while avoiding breaking legitimate website functionality. In this paper, we investigate whether blocking JS on the web is feasible without breaking legitimate functionality. To this end, we conduct a large-scale measurement study of JS blocking on 100K websites. We evaluate the effectiveness of different JS blocking strategies in tracking prevention and functionality breakage. Our evaluation relies on quantitative analysis of network requests and resource loads as well as manual qualitative analysis of visual breakage. First, we show that while blocking all scripts is quite effective at reducing tracking, it significantly degrades functionality on approximately two-thirds of the tested websites. Second, we show that selective blocking of a subset of scripts based on a curated list achieves a better trade-off. However, there remain approximately 15% “mixed” scripts, which essentially merge tracking and legitimate functionality and thus cannot be blocked without causing website breakage. Finally, we show that fine-grained blocking of a subset of JS methods, instead of scripts, reduces major breakage by 3.8× while providing the same level of tracking prevention. Our work highlights the promise and open challenges in fine-grained JS blocking for tracking prevention without breaking the web.
现代网站严重依赖JavaScript (JS)来实现合法功能以及侵犯隐私的广告和跟踪。像NoScript这样的浏览器扩展会阻止任何未被可信端点加载的脚本,从而希望阻止侵犯隐私的脚本,同时避免破坏合法的网站功能。在本文中,我们研究了在不破坏合法功能的情况下在web上阻止JS是否可行。为此,我们对10万个网站进行了JS屏蔽的大规模测量研究。我们评估了不同JS阻塞策略在跟踪、预防和功能破坏方面的有效性。我们的评估依赖于对网络请求和资源负载的定量分析,以及对视觉破坏的手工定性分析。首先,我们表明,虽然阻止所有脚本在减少跟踪方面非常有效,但它在大约三分之二的测试网站上显着降低了功能。其次,我们展示了基于策划列表的脚本子集的选择性阻塞实现了更好的权衡。然而,仍然有大约15%的“混合”脚本,基本上合并了跟踪和合法功能,因此无法在不导致网站崩溃的情况下阻止。最后,我们展示了JS方法子集的细粒度阻塞,而不是脚本,减少了3.8倍的主要中断,同时提供了相同级别的跟踪预防。我们的工作突出了细粒度JS阻塞在不破坏网络的情况下进行跟踪预防的希望和开放的挑战。
{"title":"Blocking JavaScript Without Breaking the Web: An Empirical Investigation","authors":"Abdul Haddi Amjad, Zubair Shafiq, Muhammad Ali Gulzar","doi":"10.56553/popets-2023-0087","DOIUrl":"https://doi.org/10.56553/popets-2023-0087","url":null,"abstract":"Modern websites heavily rely on JavaScript (JS) to implement legitimate functionality as well as privacy-invasive advertising and tracking. Browser extensions such as NoScript block any script not loaded by a trusted list of endpoints, thus hoping to block privacy-invasive scripts while avoiding breaking legitimate website functionality. In this paper, we investigate whether blocking JS on the web is feasible without breaking legitimate functionality. To this end, we conduct a large-scale measurement study of JS blocking on 100K websites. We evaluate the effectiveness of different JS blocking strategies in tracking prevention and functionality breakage. Our evaluation relies on quantitative analysis of network requests and resource loads as well as manual qualitative analysis of visual breakage. First, we show that while blocking all scripts is quite effective at reducing tracking, it significantly degrades functionality on approximately two-thirds of the tested websites. Second, we show that selective blocking of a subset of scripts based on a curated list achieves a better trade-off. However, there remain approximately 15% “mixed” scripts, which essentially merge tracking and legitimate functionality and thus cannot be blocked without causing website breakage. Finally, we show that fine-grained blocking of a subset of JS methods, instead of scripts, reduces major breakage by 3.8× while providing the same level of tracking prevention. Our work highlights the promise and open challenges in fine-grained JS blocking for tracking prevention without breaking the web.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135111118","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Robust Fingerprint of Location Trajectories Under Differential Privacy. 差异隐私下的位置轨迹鲁棒指纹。
Yuzhou Jiang, Emre Yilmaz, Erman Ayday

Location-based services have brought significant convenience to people in their daily lives, and the collected location data are also in high demand. However, directly releasing those data raises privacy and liability (e.g., due to unauthorized distribution of such datasets) concerns since location data contain users' sensitive information, e.g., regular moving patterns and favorite spots. To address this, we propose a novel fingerprinting scheme that simultaneously identifies unauthorized redistribution of location datasets and provides differential privacy guarantees for the shared data. Observing data utility degradation due to differentially-private mechanisms, we introduce a utility-focused post-processing scheme to regain spatiotemporal correlations between points in a location trajectory. We further integrate this post-processing scheme into our fingerprinting scheme as a sampling method. The proposed fingerprinting scheme alleviates the degradation in the utility of the shared dataset due to the noise introduced by differentially-private mechanisms (i.e., adds the fingerprint by preserving the publicly known statistics of the data). Meanwhile, it does not violate differential privacy throughout the entire process due to immunity to post-processing, a fundamental property of differential privacy. Our proposed fingerprinting scheme is robust against known and well-studied attacks against a fingerprinting scheme including random flipping attacks, correlation-based flipping attacks, and collusions among multiple parties, which makes it hard for the attackers to infer the fingerprint codes and avoid accusation. Via experiments on two real-life location datasets and two synthetic ones, we show that our scheme achieves high fingerprinting robustness and outperforms existing approaches. Besides, the proposed fingerprinting scheme increases data utility for differentially-private datasets, which is beneficial for data analyzers.

基于位置的服务为人们的日常生活带来了极大的便利,收集到的位置数据也备受青睐。然而,由于位置数据包含用户的敏感信息,如常规移动模式和最喜欢的地点,直接发布这些数据会引发隐私和责任(如未经授权分发此类数据集)方面的问题。为此,我们提出了一种新颖的指纹识别方案,它能同时识别未经授权的位置数据集再分发,并为共享数据提供不同的隐私保证。观察到不同隐私机制导致的数据效用下降,我们引入了一种以效用为中心的后处理方案,以重新获得位置轨迹中各点之间的时空相关性。我们进一步将这种后处理方案整合到指纹识别方案中,作为一种采样方法。所提出的指纹识别方案减轻了因不同隐私机制引入的噪声而导致的共享数据集效用下降的问题(即通过保留公开数据的已知统计信息来添加指纹)。同时,由于不受后处理的影响,它在整个过程中都不会违反差分隐私,这也是差分隐私的一个基本特性。我们提出的指纹识别方案具有很强的鲁棒性,可抵御针对指纹识别方案的已知和经过充分研究的攻击,包括随机翻转攻击、基于相关性的翻转攻击和多方串通攻击,这使得攻击者很难推断出指纹代码并避免指控。通过对两个真实位置数据集和两个合成数据集的实验,我们发现我们的方案实现了较高的指纹鲁棒性,优于现有方法。此外,所提出的指纹识别方案还提高了不同隐私数据集的数据效用,这对数据分析人员是有益的。
{"title":"Robust Fingerprint of Location Trajectories Under Differential Privacy.","authors":"Yuzhou Jiang, Emre Yilmaz, Erman Ayday","doi":"10.56553/popets-2023-0095","DOIUrl":"10.56553/popets-2023-0095","url":null,"abstract":"<p><p>Location-based services have brought significant convenience to people in their daily lives, and the collected location data are also in high demand. However, directly releasing those data raises privacy and liability (e.g., due to unauthorized distribution of such datasets) concerns since location data contain users' sensitive information, e.g., regular moving patterns and favorite spots. To address this, we propose a novel fingerprinting scheme that simultaneously identifies unauthorized redistribution of location datasets and provides differential privacy guarantees for the shared data. Observing data utility degradation due to differentially-private mechanisms, we introduce a utility-focused post-processing scheme to regain spatiotemporal correlations between points in a location trajectory. We further integrate this post-processing scheme into our fingerprinting scheme as a sampling method. The proposed fingerprinting scheme alleviates the degradation in the utility of the shared dataset due to the noise introduced by differentially-private mechanisms (i.e., adds the fingerprint by preserving the publicly known statistics of the data). Meanwhile, it does not violate differential privacy throughout the entire process due to immunity to post-processing, a fundamental property of differential privacy. Our proposed fingerprinting scheme is robust against known and well-studied attacks against a fingerprinting scheme including random flipping attacks, correlation-based flipping attacks, and collusions among multiple parties, which makes it hard for the attackers to infer the fingerprint codes and avoid accusation. Via experiments on two real-life location datasets and two synthetic ones, we show that our scheme achieves high fingerprinting robustness and outperforms existing approaches. Besides, the proposed fingerprinting scheme increases data utility for differentially-private datasets, which is beneficial for data analyzers.</p>","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"2023 4","pages":"5-20"},"PeriodicalIF":0.0,"publicationDate":"2023-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10449389/pdf/nihms-1902824.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"10477543","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
期刊
Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1