Handling Confidential Data on the Untrusted Cloud: An Agent-based Approach

Cloud computing allows shared computer and storage facilities to be used by a multitude of clients. While cloud management is centralized, the information resides in the cloud and information sharing can be implemented via off-the-shelf techniques for multiuser databases. Users, however, are very diffident for not having full control over their sensitive data. Untrusted database-as-a-server techniques are neither readily extendable to the cloud environment nor easily understandable by non-technical users. To solve this problem, we present an approach where agents share reserved data in a secure manner by the use of simple grant-and-revoke permissions on shared data.Comment: 7 pages, 9 figures, Cloud Computing 201

Privacy Implications of Health Information Seeking on the Web

This article investigates privacy risks to those visiting health- related web pages. The population of pages analyzed is derived from the 50 top search results for 1,986 common diseases. This yielded a total population of 80,124 unique pages which were analyzed for the presence of third-party HTTP requests. 91% of pages were found to make requests to third parties. Investigation of URIs revealed that 70% of HTTP Referer strings contained information exposing specific conditions, treatments, and diseases. This presents a risk to users in the form of personal identification and blind discrimination. An examination of extant government and corporate policies reveals that users are insufficiently protected from such risks

A Novel Attack Methods For Inferring On Certain Url’s On Twitter

Twitter is a well-known online informal organization benefit for sharing short messages (tweets) among friends. Its clients regularly utilize URL shortening administrations that give (i) a short false name of a long URL for sharing it by means of tweets and (ii) open snap examination of shortened URLs. People in general snap examination is given in an amassed frame to save the protection of individual clients. In this, we propose functional assault systems construing who clicks which abbreviated URLs on Twitter utilizing the mix of open data: Twitter metadata and public click investigation. Not at all like the customary program history stealing attacks, have our attacks only demanded publicly available information given by Twitter and URL shortening services. Assessment comes about demonstrate that our assault can trade off Twitter clients' protection with high precision

Fast Keyword Search Assumption In The Random Oracle (RO) Model

This proposes searchable public key ciphertexts with hidden structures (SPCHS) for keyword seek as quickly as conceivable without giving up semantic security of the encoded keywords. In SPCHS, all keyword searchable ciphertexts are organized by concealed relations, and with the hunt trapdoor comparing to a keyword, the base data of the relations is unveiled to an search algorithm as the direction to locate all matching ciphertexts productively. We develop a SPCHS conspire without any preparation in which the ciphertexts have a concealed star-like structure. We end up being semantically secure in the random oracle(RO) model. The search many-sided quality of our plan is subject to the genuine number of the ciphertexts containing the questioned catchphrase, as opposed to the quantity of all ciphertexts. At last, we display a generic SPCHS development from unknown personality based encryption and impact free full-character pliable identity-based key encapsulation mechanism (IBKEM) with anonymity. We delineate two crash free full-character malleable IBKEM occasions, which are semantically secure and unknown, individually, in the RO and standard models

Behavioral Targeting: A Case Study of Consumer Tracking on Levis.com

Behavioral targeting is an online marketing method that collects data on the browsing activities of consumers, in order to ‘target’ more relevant online advertising. It places digital tags in the browsers of web site visitors, using these tags to track and aggregate consumer behavior. The vast majority of data is collected anonymously, i.e., not linked to a person’s name. However, behavioral targeting does create digital dossiers on consumers with the aim of connecting browsing activity to a tagged individual. This tagging is largely invisible to consumers, who are not asked to explicitly give consent for this practice. By using data collected clandestinely, behavioral targeting undermines the autonomy of consumers in their online shopping and purchase decisions. In order to illustrate the nature of consumer tracking, a case study was conducted that examined behavioral targeting within Levis.com, the e-commerce site for the Levis clothing line. The results show the Levis web site loads a total of nine tracking tags that link to eight third party companies, none of which are acknowledged in the Levis privacy policy. Behavioral targeting, by camouflaging the tracking of consumers, can damage the perceived trustworthiness of an e-commerce site or the actor it represents. The risks behavioral targeting presents to trust within ecommerce are discussed, leading to recommendations to reestablish consumer control over behavioral targeting methods

PerfWeb: How to Violate Web Privacy with Hardware Performance Events

The browser history reveals highly sensitive information about users, such as financial status, health conditions, or political views. Private browsing modes and anonymity networks are consequently important tools to preserve the privacy not only of regular users but in particular of whistleblowers and dissidents. Yet, in this work we show how a malicious application can infer opened websites from Google Chrome in Incognito mode and from Tor Browser by exploiting hardware performance events (HPEs). In particular, we analyze the browsers' microarchitectural footprint with the help of advanced Machine Learning techniques: k-th Nearest Neighbors, Decision Trees, Support Vector Machines, and in contrast to previous literature also Convolutional Neural Networks. We profile 40 different websites, 30 of the top Alexa sites and 10 whistleblowing portals, on two machines featuring an Intel and an ARM processor. By monitoring retired instructions, cache accesses, and bus cycles for at most 5 seconds, we manage to classify the selected websites with a success rate of up to 86.3%. The results show that hardware performance events can clearly undermine the privacy of web users. We therefore propose mitigation strategies that impede our attacks and still allow legitimate use of HPEs