Pretty Private Group Management

Group management is a fundamental building block of today's Internet applications. Mailing lists, chat systems, collaborative document edition but also online social networks such as Facebook and Twitter use group management systems. In many cases, group security is required in the sense that access to data is restricted to group members only. Some applications also require privacy by keeping group members anonymous and unlinkable. Group management systems routinely rely on a central authority that manages and controls the infrastructure and data of the system. Personal user data related to groups then becomes de facto accessible to the central authority. In this paper, we propose a completely distributed approach for group management based on distributed hash tables. As there is no enrollment to a central authority, the created groups can be leveraged by various applications. Following this paradigm we describe a protocol for such a system. We consider security and privacy issues inherently introduced by removing the central authority and provide a formal validation of security properties of the system using AVISPA. We demonstrate the feasibility of this protocol by implementing a prototype running on top of Vuze's DHT

On the Privacy Impacts of Publicly Leaked Password Databases

International audienceRegularly, hackers steal data sets containing user identifiers and passwords. Often these data sets become publicly available. The most prominent and important leaks use bad password protection mechanisms , e.g. rely on unsalted password hashes, despite longtime known recommendations. The accumulation of leaked password data sets allows the research community to study the problems of password strength estimation, password breaking and to conduct usability and usage studies. The impact of these leaks in terms of privacy has not been studied. In this paper, we consider attackers trying to break the privacy of users, while not breaking a single password. We consider attacks revealing that distinct identifiers are in fact used by the same physical person. We evaluate large scale linkability attacks based on properties and relations between identifiers and password information. With these attacks, stronger passwords lead to better predictions. Using a leaked and publicly available data set containing 130 × 10 6 encrypted passwords, we show that a privacy attacker is able to build a database containing the multiple identifiers of people, including their secret identifiers. We illustrate potential consequences by showing that a privacy attacker is capable of deanonymizing (potentially embarrassing) secret identifiers by intersecting several leaked password databases

A comparative privacy analysis of geosocial networks

International audienceGeosocial networks and applications, such as Foursquare, Gowalla and Facebook places, are designed to encourage their users to share their geolocated data. Among all the Personal Identi able Information (PII), learning the location of an individual is one of the greatest threat against his privacy. For instance, the spatio-temporal data of an individual can be used to infer the location of his home and workplace, to trace his movements and habits, to learn information about his center of interests or even to detect a change from his usual behaviour. In this paper, we provide a comparative privacy analysis of several existing geosocial networks. We first describe the main characteristics of geosocial networks and then we briefly review the systems on which we have focus in this study. Afterwards, we describe the privacy and security criteria that we have identified before evaluating and comparing the di erent geosocial networks in the light of these criteria. Finally, we fi nish with a discussion and some recommendations on how to enhance the protection of privacy in geosocial networks

A Security Protocol Animator Tool for AVISPA

Abstract. Avispa is now a commonly used verification tool for cryptographic protocols. The main advantage of this tool is the ability to use different verification techniques on the same protocol specification. In this paper, we present a protocol animator designed to help protocol developers in writing AVISPA specifications. This is the result of an ongoing joint experiment with Thomson R&D to use AVISPA at early stages of protocol development