发布求助
文献互助 智能选刊 最新文献

Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society最新文献

筛选
英文 中文
Plausible Deniability for Anonymous Communication 匿名通信的合理推诿
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485605
C. Kuhn, Maximilian Noppel, Christian Wressnegger, T. Strufe
{"title":"Plausible Deniability for Anonymous Communication","authors":"C. Kuhn, Maximilian Noppel, Christian Wressnegger, T. Strufe","doi":"10.1145/3463676.3485605","DOIUrl":"https://doi.org/10.1145/3463676.3485605","url":null,"abstract":"The rigorous analysis of anonymous communication protocols and formal privacy goals have proven to be difficult to get right. Formal privacy notions as in the current state of the art based on indistinguishability games simplify analysis. Achieving them, however can incur prohibitively high overhead in terms of latency. Definitions based on function views, albeit less investigated, might imply less overhead but aren't directly comparable to state of the art notions, due to differences in the model. In this paper, we bridge the worlds of indistinguishability game and function view based notions by introducing a new game: the \"Exists INDistinguishability\" (E-IND), a weak notion that corresponds to what is informally sometimes termed Plausible Deniability. By intuition, for every action in a system achieving plausible deniability there exists an equally plausible, alternative that results in observations that an adversary cannot tell apart. We show how this definition connects the early formalizations of privacy based on function views[13] to recent game-based definitions. This enables us to link, analyze, and compare existing efforts in the field.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125889264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Who Tracks the Trackers?: Circumventing Apple's Anti-Tracking Alerts in the Find My Network 谁在追踪追踪者?:在“查找我的网络”中绕过苹果的反跟踪警报
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485616
Travis Mayberry, Ellis Fenske, Dane Brown, Jeremy Martin, Christine Fossaceca, Erik C. Rye, Sam Teplov, Lucas Foppe
{"title":"Who Tracks the Trackers?: Circumventing Apple's Anti-Tracking Alerts in the Find My Network","authors":"Travis Mayberry, Ellis Fenske, Dane Brown, Jeremy Martin, Christine Fossaceca, Erik C. Rye, Sam Teplov, Lucas Foppe","doi":"10.1145/3463676.3485616","DOIUrl":"https://doi.org/10.1145/3463676.3485616","url":null,"abstract":"Apple's Find My protocol allows lost devices, such as AirTags, to relay their location to their owners via a network of over a billion active Apple devices. This convenient feature for device owners may also be a tool for malicious actors to cheaply and effectively track unknowing targets. Apple has introduced a featured known as \"item safety alerts'' to prevent AirTags from being used this way. We demonstrate that it is possible to create a custom device, with similar features to an AirTag in terms of cost, size, and battery life, which can participate in and be tracked by Apple's Find My network while not triggering any item safety alerts. This implies that Apple's protection mechanism is insufficient. We suggest natural mitigations for two of our malicious tracker techniques but note that the third would require substantially altering the Find My protocol to defend against.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115044567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
SIA: Smartwatch-Enabled Inference Attacks on Physical Keyboards Using Acoustic Signals SIA:基于声学信号的智能手表对物理键盘的推理攻击
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485607
Ülkü Meteriz-Yildiran, Necip Fazil Yildiran, David A. Mohaisen
{"title":"SIA: Smartwatch-Enabled Inference Attacks on Physical Keyboards Using Acoustic Signals","authors":"Ülkü Meteriz-Yildiran, Necip Fazil Yildiran, David A. Mohaisen","doi":"10.1145/3463676.3485607","DOIUrl":"https://doi.org/10.1145/3463676.3485607","url":null,"abstract":"The convergence of various technologies, such as smartwatches, smartphones, etc. has proven to be beneficial, although poses various security and privacy risks. In this paper, we explore one such risk where a smartwatch can be exploited to infer what a user is typing on a physical keyboard while wearing the smartwatch. We exploited the acoustic emanations of the keyboard as recorded by the smartwatch to perform the proposed attack-SIA. To address various environment-related challenges, SIA employs four stages: Noise Cancelling, Keystroke Detection, Key Identification, and Word Correction, where several digital signal processing, machine learning, and natural language processing techniques are utilized to produce the final inference. Our results show that an acoustic emanation of a physical keyboard captured by a smartwatch recovers up to 98% of the typed text. We also showed that utilizing the noise cancellation, SIA is robust to the changes in the attack environment, which further boosts the practicality of the attack. The findings are alarming and call for further investigation on methods to cope with inference attacks due to the convergence of those technologies.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121342297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
OUStralopithecus OUStralopithecus
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485604
Anna Harbluk Lorimer, Lindsey Tulloch, Cecylia Bocovich, I. Goldberg
{"title":"OUStralopithecus","authors":"Anna Harbluk Lorimer, Lindsey Tulloch, Cecylia Bocovich, I. Goldberg","doi":"10.1145/3463676.3485604","DOIUrl":"https://doi.org/10.1145/3463676.3485604","url":null,"abstract":"In many parts of the world, censors are continuously increasing their capacity to fingerprint, identify, and block censorship resistance tools to maintain control over what can and can not be accessed over the Internet. In response, traffic replacement, which involves co-opting a steady stream of uncensored overt traffic to serve as a perfect cover for censored covert content, has been developed in an effort to provide undetectable access to the open Internet for those in censored regions. Despite the promise of this technique, creating a suitable stream of uncensored overt traffic that is high throughput, fingerprint and identification resistant, and does not overburden the user to generate, is an underexplored area that is critical to traffic replacement's success. To address this, we propose OUStralopithecus (OUStral for short), a web-based Overt User Simulator (OUS) that browses the web as a human would in order to avoid being detected by a censor. We implement OUStral as a Python library that can be added to an existing traffic-replacement system. To evaluate OUStral we connect it to an existing traffic replacement system, Slitheen, that replaces media data such as images. Additionally, we implement WebM video replacement for Slitheen to demonstrate the high throughput that OUStral is able to provide. We show that OUStral evades being detected as a bot by state-of-the-art bot detection software while providing a high-throughput overt data channel for covert data replacement.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"2016 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121453030","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
MiXiM
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485613
Iness Ben Guirat, D. Gosain, C. Díaz
{"title":"MiXiM","authors":"Iness Ben Guirat, D. Gosain, C. Díaz","doi":"10.1145/3463676.3485613","DOIUrl":"https://doi.org/10.1145/3463676.3485613","url":null,"abstract":"In this paper we present MiXiM, a simulation framework for mixnets that allows researchers to evaluate different design options and their tradeoffs. This framework is flexible and allows to quickly run experiments to assess combinations of mixnet building blocks, such as mixing strategies and network topologies, as well as study the effect of different parameters related to each component. The framework provides results for a number of metrics including anonymity, end-to-end latency and traffic overhead.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115524035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Private Data Exfiltration from Cyber-Physical Systems Using Channel State Information 利用信道状态信息从网络物理系统中窃取私有数据
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485606
T. Burton, Kasper Bonne Rasmussen
{"title":"Private Data Exfiltration from Cyber-Physical Systems Using Channel State Information","authors":"T. Burton, Kasper Bonne Rasmussen","doi":"10.1145/3463676.3485606","DOIUrl":"https://doi.org/10.1145/3463676.3485606","url":null,"abstract":"Data exfiltration methods aim to extract data without authorization from a network or device without detection. In this paper, we present a novel data exfiltration method using Channel State Information (CSI) from ambient WiFi signals. Modulation is performed by modifying the environment by moving a physically actuated machine resulting in a change to the channel response that is measurable by a distant receiver capable of collecting CSI samples. An attacker can use this to exfiltrate data when transmission using conventional methods is impossible, yet the attacker controls a moving mechanism. We discuss the design of the covert channel in detail and produce a proof of concept implementation to evaluate the performance in terms of communication quality. We find that even a simple implementation provides robust communication in an office environment. Additionally, we present several countermeasures against an attack of this type.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124269793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
What a SHAME: Smart Assistant Voice Command Fingerprinting Utilizing Deep Learning 真可惜:利用深度学习的智能助手语音命令指纹识别
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485615
John F. Hyland, Conrad Schneggenburger, N. Lim, Jake Ruud, Nate Mathews, M. Wright
{"title":"What a SHAME: Smart Assistant Voice Command Fingerprinting Utilizing Deep Learning","authors":"John F. Hyland, Conrad Schneggenburger, N. Lim, Jake Ruud, Nate Mathews, M. Wright","doi":"10.1145/3463676.3485615","DOIUrl":"https://doi.org/10.1145/3463676.3485615","url":null,"abstract":"It is estimated that by the year 2024, the total number of systems equipped with voice assistant software will exceed 8.4 billion devices globally. While these devices provide convenience to consumers, they suffer from a myriad of security issues. This paper highlights the serious privacy threats exposed by information leakage in a smart assistant's encrypted network traffic metadata. To investigate this issue, we have collected a new dataset composed of dynamic and static commands posed to an Amazon Echo Dot using data collection and cleaning scripts we developed. Furthermore, we propose the Smart Home Assistant Malicious Ensemble model (SHAME) as the new state-of-the-art Voice Command Fingerprinting classifier. When evaluated against several datasets, our attack correctly classifies encrypted voice commands with up to 99.81% accuracy on Google Home traffic and 95.2% accuracy on Amazon Echo Dot traffic. These findings show that security measures must be taken to stop internet service providers, nation-states, and network eavesdroppers from monitoring our intimate conversations.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120934950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
From Secure to Military-Grade: Exploring the Effect of App Descriptions on User Perceptions of Secure Messaging 从安全到军事级:探索应用程序描述对用户安全消息感知的影响
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485602
Omer Akgul, Ruba Abu-Salma, Wei Bai, Elissa M. Redmiles, Michelle L. Mazurek, Blase Ur
{"title":"From Secure to Military-Grade: Exploring the Effect of App Descriptions on User Perceptions of Secure Messaging","authors":"Omer Akgul, Ruba Abu-Salma, Wei Bai, Elissa M. Redmiles, Michelle L. Mazurek, Blase Ur","doi":"10.1145/3463676.3485602","DOIUrl":"https://doi.org/10.1145/3463676.3485602","url":null,"abstract":"Although end-to-end encryption (E2EE) is more widely available than ever before, many users remain confused about its security properties. As a result, even users with access to E2EE tools turn to less secure alternatives for sending private information. To investigate these issues, we conducted a 357-participant online user study analyzing how explanations of security impact user perceptions. In a between-subjects design, we varied the terminology used to detail the security mechanism, whether encryption was on by default, and the prominence of security in an app-store-style description page. We collected participants' perceptions of the tool's utility for privacy, security against adversaries, and whether use of the tool would be seen as \"paranoid.'' Compared to \"secure,'' describing the tool as \"encrypted'' or \"military-grade encrypted'' increased perceptions that it was appropriate for privacy-sensitive tasks, whereas describing it more precisely as \"end-to-end encrypted'' did not. However, \"military-grade encrypted'' was also associated with a greater perception of tool use as paranoid. Overall, we find that --- compared to prior work from 2006 --- the social stigma associated with encrypted communication has largely disappeared.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130623045","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
ZXAD
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485609
A. Mani, I. Goldberg
{"title":"ZXAD","authors":"A. Mani, I. Goldberg","doi":"10.1145/3463676.3485609","DOIUrl":"https://doi.org/10.1145/3463676.3485609","url":null,"abstract":"The Tor anonymity network is often abused by attackers to (anonymously) convey attack traffic. These attacks abuse Tor exit relays (i.e., the relays through which traffic exits Tor) by making it appear the attack originates there; as a result, many website operators indiscriminately block all Tor traffic (by blacklisting all exit IPs), reducing the usefulness of Tor. Recent research shows that majority of these attacks are ones that generate high traffic volume (e.g., Denial-of-Service attacks). This suggests that a simple solution such as throttling traffic flow at the Tor exits may permit early detection of these attacks, improve overall reputation of exits, and eventually prevent blanket blocking of Tor exits. However, naively monitoring and throttling traffic at the Tor exits can endanger the privacy of the network's users. This paper introduces ZXAD (pronounced \"zed-zad\"), a zero-knowledge based private Tor exit abuse detection system that permits identification of otherwise unlinkable connections that are part of a high-volume attack. ZXAD does not reveal any information, apart from the fact that some user is conveying a high volume of traffic through Tor. We formally prove the correctness and security of ZXAD. We also measure two proof-of-concept implementations of our zero-knowledge proofs and show that ZXAD operates with low bandwidth and processing overheads.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"14 21","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120930522","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Empirical Analysis and Privacy Implications in OAuth-based Single Sign-On Systems 基于oauth的单点登录系统的实证分析和隐私影响
Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society Pub Date : 2021-11-15 DOI: 10.1145/3463676.3485600
Srivathsan G. Morkonda, S. Chiasson, P. V. Oorschot
{"title":"Empirical Analysis and Privacy Implications in OAuth-based Single Sign-On Systems","authors":"Srivathsan G. Morkonda, S. Chiasson, P. V. Oorschot","doi":"10.1145/3463676.3485600","DOIUrl":"https://doi.org/10.1145/3463676.3485600","url":null,"abstract":"Single sign-on authentication systems such as OAuth 2.0 are widely used in web services. They allow users to use accounts registered with major identity providers such as Google and Facebook to login to a wide variety of independent services (relying parties). These services can both identify users and access a subset of the user's data stored with the provider. We empirically investigate the end-user privacy implications of OAuth implementations by relying parties around the world. We collect data on the use of OAuth-based logins in the Alexa Top 500 sites per country for five countries. We categorize user data made available by four identity providers (Google, Facebook, Apple, and LinkedIn) and evaluate popular services accessing user data from the SSO platforms of these providers. Many services allow users to choose from multiple login options (with different identity providers). Our results reveal that services request different categories and amounts of personal data from different providers, often with at least one choice undeniably more privacy-intrusive. We find that privacy-friendly login choices tend to be listed last, suggesting a dark pattern favoring options that release more user data. These privacy choices (and their privacy implications) are highly invisible to users. Based on our analysis, we consider challenges (e.g., opposing goals of stakeholders) in addressing these concerns and discuss ideas for further exploration.","PeriodicalId":205601,"journal":{"name":"Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114454653","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信