Presentation is loading. Please wait.

Presentation is loading. Please wait.

Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.

Published byAsher Gaines Modified over 8 years ago

Similar presentations

Presentation on theme: "Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst."— Presentation transcript:

1 Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst

2 A Privacy Framework Your identity is composed of private details. –Some secured: password –Some protected: database inference (ppdm), RFID?? –Some mundane: name, phone, purchases, movements, contacts Your actions leave signatures –Distinguishing, repeated statistical features, not necessarily unique. A collection of details may –allow access to a valued resource (identity theft): name, address, account number is access to a credit card –Or allow identity profiling. Some details seem innocuous, but may be useful to others when linked together: Email address and recent book purchase is good for spammers Name and recent web sites visited is good for big brother.

3 Signatures One type of signature is a user signature –Characteristics that result from your behavior and are persistent over time. –The web sites you visit. –The content of the sites you visit. –The path or roads you take to work each day.

4 Visiting the Same Web site over time

5 A simple example: User Interest Signatures We took a 9-month collection of web browser traffic of 16 volunteers at UMass We represented each user as a statistical distribution of words, ignoring phrases, order, and semantics (a language model). We looked for words that differentiate users from the community model (using Kullback-Leibler divergence). We split the trace in half, and see if web pages retrieved in the second half can be matched to users from the first.

6 A simple experiment 625 to 12,548 retrievals per user in second half (avg 3,400) Graph shows the accuracy of the top 1000 or 100 pages for each user Some users are predictable, some are not (likely it is based on how much news they read.) Some difficulties but a promising approach…

7 Network Traffic Signatures Signatures of User Interest can be protected by an encrypted connection –protects what words you are reading. But, can I still guess the web site you are visiting without knowing the content? –SSL doesn’t multiplex requests: the size of each object is easily known! [Danezis]. –You can give each web size a signature based on object sizes. [Sun et al] What if we multiplex the streams? –Any VPNs and WEP-like protection will do this. –Pipelined HTTP 1.1 has a similar effect. –Can network timing characteristics leak a signature?

8 HTTP/SSL Signatures [Sun et al] tried identifying web sites by the object sizes. 85% identification rate! Each web “object” gets a separate SSL request All objects go through a tunnel.

9 Yahoo.com Time Cumulative Bytes received Google.com Time Cumulative Bytes received

10 Experiment Five months of a Mozilla browser visiting 100 sites (most popular from previous study) once each every 30 minutes. –We recorded the encrypted version of each request. –Data was broken up into two halves: training and testing. Two methods of characterization –The ordered packet sizes: We don’t care when they arrived –The ordered packet interarrival times: We don’t care about their size. Comparison by cross correlation.

11

12 Defenses Packet size: –Easiest to measure from any point in the Internet –But, this is easiest to fix at Access Point base station, or VPN endpoint: You can pad packets easily to thwart attackers. Do we need to pad acks? Does this kill perfomance? Interarrival times: –This is harder to fix, as there are many sources of delay. –We are experimenting with adding random noise at an 802.11 AP. –Performance question more relevant here

13 Extrapolating… Can we flip the attack on its head? –Capture traffic going to and from a user; does the traffic identify her later given a repeat in visited sites? Can we combine this technique with other signatures for a more robust attack: –There are other dependencies that can be brought into the probabilities –Each user has a collection of web sites they historically visit –Given that one web site has been identified, does that influence our next guess? –Given our location (a café), time of day, etc…, Personal mobile privacy firewalls as a solution?

14 Lalana’s Questions… What are technologies that lead to loss of privacy? Is the loss of privacy worth the advantages? Are there technologies that provide some level of privacy control to users? - Should we be concerned about the "second hand" privacy loss that can occur when my wearable computing system records my interactions with you with or without your consent? What is the best approach for pervasive computing systems: more personalization or greater privacy?

Download ppt "Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst."

Similar presentations

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.

Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.
Welcome to Florida International University Online J.O.B.S. Link Applicant Tutorial.

Welcome to Florida International University Online J.O.B.S. Link Applicant Tutorial.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.

UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,

Wi-Fi Security January 21, 2008 by Larry Finger. Wi-Fi Security Most laptops now come with built-in wireless capability, which can be very handy; however,
1 (Un)Trustworthy Wireless: What your wireless traffic says about you… Jeff Pang with Ben Greenstein, Ramki Gummadi, Tadayoshi Kohno, David Wetherall (UW/Intel.

1 (Un)Trustworthy Wireless: What your wireless traffic says about you… Jeff Pang with Ben Greenstein, Ramki Gummadi, Tadayoshi Kohno, David Wetherall (UW/Intel.
Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 WAN Traffic Measurements There have been several studies of wide area network traffic.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.

Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
Analysis of 802.11 Privacy Jim McCann & Daniel Kuo EECS 598.

Analysis of Privacy Jim McCann & Daniel Kuo EECS 598.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
School of Computer Science and Information Systems

School of Computer Science and Information Systems
Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.

Basics: Getting Started Uploading and Sharing Videos on YouTube. Basics: Getting Started Uploading and Sharing Videos on YouTube. 1.
1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.

1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Similar presentations

Ads by Google