7,352 research outputs found
Enabling Social Applications via Decentralized Social Data Management
An unprecedented information wealth produced by online social networks,
further augmented by location/collocation data, is currently fragmented across
different proprietary services. Combined, it can accurately represent the
social world and enable novel socially-aware applications. We present
Prometheus, a socially-aware peer-to-peer service that collects social
information from multiple sources into a multigraph managed in a decentralized
fashion on user-contributed nodes, and exposes it through an interface
implementing non-trivial social inferences while complying with user-defined
access policies. Simulations and experiments on PlanetLab with emulated
application workloads show the system exhibits good end-to-end response time,
low communication overhead and resilience to malicious attacks.Comment: 27 pages, single ACM column, 9 figures, accepted in Special Issue of
Foundations of Social Computing, ACM Transactions on Internet Technolog
Email Babel: Does Language Affect Criminal Activity in Compromised Webmail Accounts?
We set out to understand the effects of differing language on the ability of
cybercriminals to navigate webmail accounts and locate sensitive information in
them. To this end, we configured thirty Gmail honeypot accounts with English,
Romanian, and Greek language settings. We populated the accounts with email
messages in those languages by subscribing them to selected online newsletters.
We hid email messages about fake bank accounts in fifteen of the accounts to
mimic real-world webmail users that sometimes store sensitive information in
their accounts. We then leaked credentials to the honey accounts via paste
sites on the Surface Web and the Dark Web, and collected data for fifteen days.
Our statistical analyses on the data show that cybercriminals are more likely
to discover sensitive information (bank account information) in the Greek
accounts than the remaining accounts, contrary to the expectation that Greek
ought to constitute a barrier to the understanding of non-Greek visitors to the
Greek accounts. We also extracted the important words among the emails that
cybercriminals accessed (as an approximation of the keywords that they searched
for within the honey accounts), and found that financial terms featured among
the top words. In summary, we show that language plays a significant role in
the ability of cybercriminals to access sensitive information hidden in
compromised webmail accounts
Verifiable Round-Robin Scheme for Smart Homes
Advances in sensing, networking, and actuation technologies have resulted in
the IoT wave that is expected to revolutionize all aspects of modern society.
This paper focuses on the new challenges of privacy that arise in IoT in the
context of smart homes. Specifically, the paper focuses on preventing the
user's privacy via inferences through channel and in-home device activities. We
propose a method for securely scheduling the devices while decoupling the
device and channels activities. The proposed solution avoids any attacks that
may reveal the coordinated schedule of the devices, and hence, also, assures
that inferences that may compromise individual's privacy are not leaked due to
device and channel level activities. Our experiments also validate the proposed
approach, and consequently, an adversary cannot infer device and channel
activities by just observing the network traffic.Comment: Accepted in ACM Conference on Data and Application Security and
Privacy (CODASPY), 2019. 12 page
The Crypto-democracy and the Trustworthy
In the current architecture of the Internet, there is a strong asymmetry in
terms of power between the entities that gather and process personal data
(e.g., major Internet companies, telecom operators, cloud providers, ...) and
the individuals from which this personal data is issued. In particular,
individuals have no choice but to blindly trust that these entities will
respect their privacy and protect their personal data. In this position paper,
we address this issue by proposing an utopian crypto-democracy model based on
existing scientific achievements from the field of cryptography. More
precisely, our main objective is to show that cryptographic primitives,
including in particular secure multiparty computation, offer a practical
solution to protect privacy while minimizing the trust assumptions. In the
crypto-democracy envisioned, individuals do not have to trust a single physical
entity with their personal data but rather their data is distributed among
several institutions. Together these institutions form a virtual entity called
the Trustworthy that is responsible for the storage of this data but which can
also compute on it (provided first that all the institutions agree on this).
Finally, we also propose a realistic proof-of-concept of the Trustworthy, in
which the roles of institutions are played by universities. This
proof-of-concept would have an important impact in demonstrating the
possibilities offered by the crypto-democracy paradigm.Comment: DPM 201
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
- âŠ