Privacy Threats in E-Shopping (Position Paper)

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-29883-2_14E-shopping has grown considerably in the last years, providing customers with convenience, merchants with increased sales, and financial entities with an additional source of income. However, it may also be the source of serious threats to privacy. In this paper, we review the e-shopping process, discussing attacks or threats that have been analyzed in the literature for each of its stages. By showing that there exist threats to privacy in each of them, we argue our following position: “It is not enough to protect a single independent stage, as is usually done in privacy respectful proposals in this context. Rather, a complete solution is necessary spanning the overall process, dealing also with the required interconnections between stages.” Our overview also reflects the diverse types of information that e-shopping manages, and the benefits (e.g., such as loyalty programs and fraud prevention) that system providers extract from them. This also endorses the need for solutions that, while privacy preserving, do not limit or remove these benefits, if we want prevent all the participating entities from rejecting it.This work was supported by project S2013/ICE-3095-CM (CIBERDINE) of the Comunidad de Madrid and MINECO TIN2010-19607, TIN2012-30883, TIN2014-54580-R. The work of Seung Geol Choi was supported in part by the Office of Naval Research under Grant Number N0001415WX01232. The work of Moti Yung was done in part while visiting the Simons Institute for Theory of Computing, UC Berkeley. The work of Jesus Diaz was done in part while visiting the Network Security Lab at Columbia University

Data Privacy Management, and Security Assurance. 10th International Workshop, DPM 2015, and 4th International Workshop, QASA 2015, Vienna, Austria, September 21–22, 2015. Revised Selected Papers

This book constitutes the revised selected papers of the 10th International Workshop on Data Privacy Management, DPM 2015, and the 4th International Workshop on Quantitative Aspects in Security Assurance, QASA 2015, held in Vienna, Austria, in September 2015, co-located with the 20th European Symposium on Research in Computer Security, ESORICS 2015. In the DPM 2015 workshop edition, 39 submissions were received. In the end, 8 full papers, accompanied by 6 short papers, 2 position papers and 1 keynote were presented in this volume. The QASA workshop series responds to the increasing demand for techniques to deal with quantitative aspects of security assurance at several levels of the development life-cycle of systems and services, from requirements elicitation to run-time operation and maintenance. QASA 2015 received 11 submissions, of which 4 papers are presented in this volume as well

Security by behavioural design: a rapid review

Security and Global AffairsCybersecurity en cybergovernanc

Fully Invisible Protean Signatures Schemes

Protean Signatures (PS), recently introduced by Krenn et al. (CANS \u2718), allow a semi-trusted third party, named the sanitizer, to modify a signed message in a controlled way. The sanitizer can edit signer-chosen parts to arbitrary bitstrings, while the sanitizer can also redact admissible parts, which are also chosen by the signer. Thus, PSs generalize both redactable signature (RSS) and sanitizable signature (SSS) into a single notion. However, the current definition of invisibility does not prohibit that an outsider can decide which parts of a message are redactable - only which parts can be edited are hidden. This negatively impacts on the privacy guarantees provided by the state-of-the-art definition. We extend PSs to be fully invisible. This strengthened notion guarantees that an outsider can neither decide which parts of a message can be edited nor which parts can be redacted. To achieve our goal, we introduce the new notions of Invisible RSSs and Invisible Non-Accountable SSSs (SSS\u27), along with a consolidated framework for aggregate signatures. Using those building blocks, our resulting construction is significantly more efficient than the original scheme by Krenn et al., which we demonstrate in a prototypical implementation

Policy-Based Sanitizable Signatures

Sanitizable signatures are a variant of signatures which allow a single, and signer-defined, sanitizer to modify signed messages in a controlled way without invalidating the respective signature. They turned out to be a versatile primitive, proven by different variants and extensions, e.g., allowing multiple sanitizers or adding new sanitizers one-by-one. However, existing constructions are very restricted regarding their flexibility in specifying potential sanitizers. We propose a different and more powerful approach: Instead of using sanitizers\u27 public keys directly, we assign attributes to them. Sanitizing is then based on policies, i.e., access structures defined over attributes. A sanitizer can sanitize, if, and only if, it holds a secret key to attributes satisfying the policy associated to a signature, while offering full-scale accountability

Attacking and Defending Android Browsers

Android permission is a system of safeguards designed to restrict access to potentially sensitive data and privileged components. While third-party applications are restricted from accessing privileged resources without appropriate permissions, mobile browsers are treated by Android OS differently. Android mobile browsers are the privileged applications that have access to sensitive data based on the permissions implicitly granted to them. In this research, we present a novel attack approach that allows a zero-permission app to access sensitive data and privileged resources using mobile browsers as a proxy with the aid of toast overlay. We demonstrate the effectiveness of our proxy attack on 8 mobile browsers across 12 Android devices ranging from Android 8.1 to Android 13. Our findings show that all current versions of Android mobile browsers are susceptible to this attack. Despite Android touch prevention mechanisms for external apps, internal apps and those sharing the same userID remain susceptible. Contrary to Android’s claims, devices continue to exhibit background toasts opening an opportunity window for these overlay attacks and posing a threat to browser apps and webview activities within the same app. We propose a detection approach that leverages a blend of static detection and activity behavior analysis. Our detection approach enhances Android device security by addressing overlay vulnerabilities and their potential impact on user privacy and data security. Overall, the findings of this study highlight the need for improved security measures in Android browsers to protect against privilege escalation and privacy leakag