Helei Cui,Yajin Zhou,Cong Wang,Xinyu Wang,Yuefeng Du,Qian Wang

DOI: https://doi.org/10.1109/tdsc.2019.2937783

2020-01-01

Abstract:Safe Browsing (SB) is an important security feature in modern web browsers to help detect new unsafe websites. Although useful, recent studies have pointed out that the widely adopted SB services, such as Google Safe Browsing and Microsoft SmartScreen, can raise privacy concerns since users' browsing history might be subject to unauthorized leakage to service providers. In this paper, we present a Privacy-Preserving Safe Browsing (PPSB) platform. It bridges the browser that uses the service and the third-party blacklist providers who provide unsafe URLs, with the guaranteed privacy of users and blacklist providers. Particularly, in PPSB, the actual URL to be checked, as well as its associated hashes or hash prefixes, never leave the browser in cleartext. This protects the user's browsing history from being directly leaked or indirectly inferred. Moreover, these lists of unsafe URLs, the most valuable asset for the blacklist providers, are always encrypted and kept private within our platform. Extensive evaluations using real datasets (with over 1 million unsafe URLs) demonstrate that our prototype can function as intended without sacrificing normal user experience, and block unsafe URLs at the millisecond level. All resources, including Chrome extension, Docker image, and source code, are available for public use.

Chengkun Wei,Qinchen Gu,Shouling Ji,Wenzhi Chen,Zonghui Wang,Raheem Beyah

DOI: https://doi.org/10.1109/tdsc.2019.2962440

2020-01-01

Abstract:Web search queries reveal extensive sensitive information about users' interests and preferences to the search engines and eavesdroppers. Obfuscation-based private web search solutions automatically generate dummy queries and send the obfuscated queries to the search engine to hide users' search intentions. Despite many obfuscation methods and tools have been developed, there is no practical system for evaluating their utility performance and the vulnerability against modern privacy attacks. In this article, we propose and develop OB-WSPES, a uniform evaluation system for obfuscation-based web search privacy, which allows researchers to conduct fair analysis and evaluation of existing or newly developed web search privacy protection/attack techniques. Leveraging OB-WSPES, we model the obfuscation activities and systematically implement and evaluate five obfuscation schemes and 10 modern web search attacks on the public AOL dataset. Our results demonstrate that, counter-intuitively, adding more fake queries to a user's real data does not necessarily yield better privacy. The query utility of obfuscated queries declines with the increasing amount of dummy queries, while the application utility does not. We discuss the experimental results and point out the four important factors that affect the web search privacy and utility. Further, we propose possible directions for future research.

Bin Zhao,Peng Liu

DOI: https://doi.org/10.1109/dsn.2015.18

2015-01-01

Abstract:Private Browsing Mode (PBM) is widely supported by all major commodity web browsers. However, browser extensions can greatly undermine PBM. In this paper, we propose an approach to comprehensively identify and stop privacy breaches under PBM caused by browser extensions. Our approach is primarily based on run-time behavior tracking. We combine dynamic analysis and symbolic execution to represent extensions' behavior to identify privacy breaches in PBM caused by extensions. Our analysis shows that many extensions have not fulfilled PBM's guidelines on handling private browsing data. To the best of our knowledge, our approach also provides the first work to stop privacy breaches through instrumentation. We implemented a prototype SoPB on top of Firefox and evaluated it with 1,912 extensions. The results show that our approach can effectively identify and stop privacy breaches under PBM caused by extensions, with almost negligible performance impact.

Kurt Thomas,Sarah Meiklejohn,Michael A. Specter,Xiang Wang,Xavier Llorà,Stephan Somogyi,David Kleidermacher

2023-04-06

Abstract:With the accelerated adoption of end-to-end encryption, there is an opportunity to re-architect security and anti-abuse primitives in a manner that preserves new privacy expectations. In this paper, we consider two novel protocols for on-device blocklisting that allow a client to determine whether an object (e.g., URL, document, image, etc.) is harmful based on threat information possessed by a so-called remote enforcer in a way that is both privacy-preserving and trustworthy. Our protocols leverage a unique combination of private set intersection to promote privacy, cryptographic hashes to ensure resilience to false positives, cryptographic signatures to improve transparency, and Merkle inclusion proofs to ensure consistency and auditability. We benchmark our protocols -- one that is time-efficient, and the other space-efficient -- to demonstrate their practical use for applications such as email, messaging, storage, and other applications. We also highlight remaining challenges, such as privacy and censorship tensions that exist with logging or reporting. We consider our work to be a critical first step towards enabling complex, multi-stakeholder discussions on how best to provide on-device protections.

Cryptography and Security

Ruba Abu-Salma,Benjamin Livshits

DOI: https://doi.org/10.48550/arXiv.1811.08460

2019-06-03

Abstract:Nowadays, all major web browsers have a private browsing mode. However, the mode's benefits and limitations are not particularly understood. Through the use of survey studies, prior work has found that most users are either unaware of private browsing or do not use it. Further, those who do use private browsing generally have misconceptions about what protection it provides. However, prior work has not investigated \emph{why} users misunderstand the benefits and limitations of private browsing. In this work, we do so by designing and conducting a three-part study: (1) an analytical approach combining cognitive walkthrough and heuristic evaluation to inspect the user interface of private mode in different browsers; (2) a qualitative, interview-based study to explore users' mental models of private browsing and its security goals; (3) a participatory design study to investigate why existing browser disclosures, the in-browser explanations of private browsing mode, do not communicate the security goals of private browsing to users. Participants critiqued the browser disclosures of three web browsers: Brave, Firefox, and Google Chrome, and then designed new ones. We find that the user interface of private mode in different web browsers violates several well-established design guidelines and heuristics. Further, most participants had incorrect mental models of private browsing, influencing their understanding and usage of private mode. Additionally, we find that existing browser disclosures are not only vague, but also misleading. None of the three studied browser disclosures communicates or explains the primary security goal of private browsing. Drawing from the results of our user study, we extract a set of design recommendations that we encourage browser designers to validate, in order to design more effective and informative browser disclosures related to private mode.

Human-Computer Interaction

Ghazaleh Beigi,Ruocheng Guo,Alexander Nou,Yanchao Zhang,Huan Liu

DOI: https://doi.org/10.48550/arXiv.1811.09340

2018-11-23

Abstract:The overturning of the Internet Privacy Rules by the Federal Communications Commissions (FCC) in late March 2017 allows Internet Service Providers (ISPs) to collect, share and sell their customers' Web browsing data without their consent. With third-party trackers embedded on Web pages, this new rule has put user privacy under more risk. The need arises for users on their own to protect their Web browsing history from any potential adversaries. Although some available solutions such as Tor, VPN, and HTTPS can help users conceal their online activities, their use can also significantly hamper personalized online services, i.e., degraded utility. In this paper, we design an effective Web browsing history anonymization scheme, PBooster, aiming to protect users' privacy while retaining the utility of their Web browsing history. The proposed model pollutes users' Web browsing history by automatically inferring how many and what links should be added to the history while addressing the utility-privacy trade-off challenge. We conduct experiments to validate the quality of the manipulated Web browsing history and examine the robustness of the proposed approach for user privacy protection.

Cryptography and Security,Social and Information Networks

Jingyuan Fan,Chaowen Guan,Kui Ren,Yong Cui,Chunming Qiao

DOI: https://doi.org/10.1109/tnet.2017.2753044

2017-01-01

IEEE/ACM Transactions on Networking

Abstract:Widely used over the Internet to encrypt traffic, HTTPS provides secure and private data communication between clients and servers. However, to cope with rapidly changing and sophisticated security attacks, network operators often deploy middleboxes to perform deep packet inspection (DPI) to detect attacks and potential security breaches, using techniques ranging from simple keyword matching to more advanced machine learning and data mining analysis. But this creates a problem: how can middleboxes, which employ DPI, work over HTTPS connections with encrypted traffic while preserving privacy? In this paper, we present SPABox, a middlebox-based system that supports both keyword-based and data analysis-based DPI functions over encrypted traffic. SPABox preserves privacy by using a novel protocol with a limited connection setup overhead. We implement SPABox on a standard server and show that SPABox is practical for both long-lived and short-lived connection. Compared with the state-of-the-art Blindbox system, SPABox is more than five orders of magnitude faster and requires seven orders of magnitude less bandwidth for connection setup while SPABox can achieve a higher security level.

Phu H. Phung,Huu-Danh Pham,Jack Armentrout,Panchakshari N. Hiremath,Quang Tran-Minh

DOI: https://doi.org/10.1007/s42979-020-00237-5

2020-06-30

SN Computer Science

Abstract:We introduce a novel approach to protecting the privacy of web users. We propose to monitor the behaviors of JavaScript code within a web origin based on the source of the code, i.e., code origin, to detect and prevent malicious actions that would compromise users' privacy. Our code-origin policy enforcement approach not only advances the conventional same-origin policy standard but also goes beyond the "all-or-nothing" contemporary ad-blockers and tracker-blockers. In particular, our monitoring mechanism does not rely on browsers' network request interception and blocking as in existing blockers. In contrast, we monitor the code that reads or sends user data sent out of the browser to enforce fine-grained and context-aware policies based on the origin of the code. We implement a proof-of-concept prototype and perform practical evaluations to demonstrate the effectiveness of our approach. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin. We show that our prototype is compatible with major browsers and popular real-world websites with promising runtime performance. Although implemented as a browser extension, our approach is browser-agnostic and can be integrated into the core of a browser as it is based on standard JavaScript.

Minjun Long,David Evans

2024-05-21

Abstract:While third-party cookies have been a key component of the digital marketing ecosystem for years, they allow users to be tracked across web sites in ways that raise serious privacy concerns. Google has proposed the Privacy Sandbox initiative to enable ad targeting without third-party cookies. While there have been several studies focused on other aspects of this initiative, there has been little analysis to date as to how well the system achieves the intended goal of preventing request linking. This work focuses on analyzing linkage privacy risks for the reporting mechanisms proposed in the Protected Audience (PrAu) proposal (previously known as FLEDGE), which is intended to enable online remarketing without using third-party cookies. We summarize the overall workflow of PrAu and highlight potential privacy risks associated with its proposed design, focusing on scenarios in which adversaries attempt to link requests to different sites to the same user. We show how a realistic adversary would be still able to use the privacy-protected reporting mechanisms to link user requests and conduct mass surveillance, even with correct implementations of all the currently proposed privacy mechanisms.

Cryptography and Security

Luca Melis,Apostolos Pyrgelis,Emiliano De Cristofaro

DOI: https://doi.org/10.48550/arXiv.1512.04114

2018-10-08

Abstract:(Withdrawn) Collaborative security initiatives are increasingly often advocated to improve timeliness and effectiveness of threat mitigation. Among these, collaborative predictive blacklisting (CPB) aims to forecast attack sources based on alerts contributed by multiple organizations that might be targeted in similar ways. Alas, CPB proposals thus far have only focused on improving hit counts, but overlooked the impact of collaboration on false positives and false negatives. Moreover, sharing threat intelligence often prompts important privacy, confidentiality, and liability issues. In this paper, we first provide a comprehensive measurement analysis of two state-of-the-art CPB systems: one that uses a trusted central party to collect alerts [Soldo et al., Infocom'10] and a peer-to-peer one relying on controlled data sharing [Freudiger et al., DIMVA'15], studying the impact of collaboration on both correct and incorrect predictions. Then, we present a novel privacy-friendly approach that significantly improves over previous work, achieving a better balance of true and false positive rates, while minimizing information disclosure. Finally, we present an extension that allows our system to scale to very large numbers of organizations.

Cryptography and Security,Artificial Intelligence

Changsha Ma,Zhisheng Yan,Chang Wen Chen

DOI: https://doi.org/10.1109/tmm.2019.2892300

IF: 7.3

2019-01-01

IEEE Transactions on Multimedia

Abstract:Privacy-aware location-based service (PA-LBS) preserves LBS users’ privacy but undesirably sacrifices service quality. In order to balance the two factors with satisfactory user experience, existing frameworks are faced with two barriers, that is, scalability and social-friendliness. First, existing schemes do not enable LBS users to flexibly scale their privacy level on service provision. Such a lack of scalability easily results in either unacceptable service-quality degradation or insufficient privacy protection and fails to meet dynamic user requirements. Second, existing schemes handle privacy protection by merely considering the trust relationship between users and servers but ignore the complex trust relationships among users. As a result, users cannot preserve privacy in location-based social services that involve user-to-user interactions. In this paper, we present the first scalable and social-friendly PA-LBS system. In particular, we propose a novel camouflage algorithm with a formal privacy guarantee that enables LBS users to expose their location information by scaling two privacy related factors, that is, camouflage range and place type. Furthermore, we apply the scalable ciphertext policy attribute-based encryption algorithm to enable LBS users to effectively control the access from other users to their location information. Moreover, we also demonstrated the operational efficiency of the proposed system through successful implementations on Android devices.

Hui Cai,Fan Ye,Yuanyuan Yang,Yanmin Zhu,Jie Li

DOI: https://doi.org/10.1145/3326285.3329060

2019-01-01

Abstract:The trading of social media data has attracted wide research interests over years. Especially the trading for web browsing histories probably produces tremendous economic value for data consumers when being applied to targeted advertising. However, the disclosure of entire browsing histories, even in form of anonymous datasets poses a huge threat to user privacy. Although some existing solutions have investigated privacy-preserving outsourcing of social media data, unfortunately, they neglected the impact on the data consumer's utility. In this paper, we propose PEATSE, a new Privacy-prEserving dAta Trading framework for web browSing historiEs. It takes users' diverse privacy preferences and the utility of their web browsing histories into consideration. PEATSE perturbs users' detailed browsing times on released browsing records to protect user privacy, while balancing the privacy-utility tradeoff. Through real-data based experiments, our analysis and evaluation results demonstrate PEATSE indeed achieves user privacy protection, the data consumer's accuracy requirement, and truthfulness, individual rationality as well as budget balance.

Libor Polčák,Marek Saloň,Giorgio Maone,Radek Hranický,Michael McMahon

DOI: https://doi.org/10.48550/arXiv.2204.01392

2022-04-04

Cryptography and Security

Abstract:The web is used daily by billions. Even so, users are not protected from many threats by default. This position paper builds on previous web privacy and security research and introduces JShelter, a webextension that fights to return the browser to users. Moreover, we introduce a library helping with common webextension development tasks and fixing loopholes misused by previous research. JShelter focuses on fingerprinting prevention, limitations of rich web APIs, prevention of attacks connected to timing, and learning information about the device, the browser, the user, and surrounding physical environment and location. We discovered a loophole in the sensor timestamps that lets any page observe the device boot time if sensor APIs are enabled in Chromium-based browsers. JShelter provides a fingerprinting report and other feedback that can be used by future security research and data protection authorities. Thousands of users around the world use the webextension every day.

Lidan Shou,He Bai,Ke Chen,Gang Chen

DOI: https://doi.org/10.1109/tkde.2012.201

IF: 9.235

2012-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Personalized web search (PWS) has demonstrated its effectiveness in improving the quality of various search services on the Internet. However, evidences show that users' reluctance to disclose their private information during search has become a major barrier for the wide proliferation of PWS. We study privacy protection in PWS applications that model user preferences as hierarchical user profiles. We propose a PWS framework called UPS that can adaptively generalize profiles by queries while respecting user-specified privacy requirements. Our runtime generalization aims at striking a balance between two predictive metrics that evaluate the utility of personalization and the privacy risk of exposing the generalized profile. We present two greedy algorithms, namely GreedyDP and GreedyIL, for runtime generalization. We also provide an online prediction mechanism for deciding whether personalizing a query is beneficial. Extensive experiments demonstrate the effectiveness of our framework. The experimental results also reveal that GreedyIL significantly outperforms GreedyDP in terms of efficiency.

Yuan Tian,Biao Song,Eui-nam Huh

DOI: https://doi.org/10.1007/978-3-642-10847-1_24

2009-01-01

Abstract:As the most often-cited criticism, privacy has been concerned by more and more users who need services Supply. In most cases, users can not expect the hazards caused by disclosed data for the lack of specialist knowledge, unless they know the potential threat previously. Besides, users also hope their data can be disclosed in a minimal way thus the potential threats to their data can be decreased as minimum as possible. To address this problem, in this paper, a threat-based model is presented for privacy data management. A key feature of our proposed model is it allows users to Customize the services on the basis of their consents to the potential threats. Furthermore, user can select a best service from a trustable company with reference to other users' feedback. To evaluate the proposed system, three simulations for selecting optimal services are performed in this research.

Ma Bo,Mu Dejun,Fan Wei,Hu Wei

DOI: https://doi.org/10.1109/waina.2013.81

2013-01-01

Abstract:Providing a safe computing condition to unknown user is a crucial task in the existing network computing, and usually we can use the sandbox technology to shield security issues, but the behavior of malicious-occupying the resource has not been well controlled in the sandbox. In this passage, permission rate to access the computational efficiency and accuracy can be available by improving the Linux Kernel Secure Computing Mode(Seccomp) System, furthermore using the system calls judgment technology to prevent its malicious acts from user code can protect the system. During the calculations procedure, specifically, the improved Perfect Bayesian Equilibrium (PBE) Algorithm can be used to determine user behavior in system-call process, utilize this algorithm to construct policy engine, and use the engine decision-making engine to decide existing users' behavior as a result to maximize the profits of both the user code operating and server system capacity. Moreover agent technology that works in achieving the interrupted determination and interrupted access separate the computing and operating systems simultaneously. After all, improving sandbox technology is to achieve the relative optimization between the user service efficiency and security guarantees. Finally, the experiments show that compared with the Sandboxie and Buffer Zone technology, the proposed algorithm optimizes the consumption of the system resources in the original Seccomp Sandbox, and its access determine in rate also speeds up in the certain degree. In particular, it can effectively prevent special system call from malicious code, which can protect the system mainly in large extent. Moreover, the testing speed and the performance of several regular system calls such as file access operation, write operation also are under the progressive improvement.

Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tvt.2006.877704

2005-01-01

Abstract:Privacy and security are two important but seemingly contradict objectives in pervasive computing environments (PCEs). On the one hand, service providers want to authenticate service users and make sure they are accessing only authorized services in a legitimate way. On the other hand, users want to maintain necessary privacy without being tracked down for wherever they are and whatever they are doing. In this paper we propose a novel privacy enhanced authentication and access control scheme to secure the interactions between mobile users and services in PCEs. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication between a user and a service, while allowing the user to anonymously interact with the service. Differentiated service access control is also enabled in the proposed scheme by classifying mobile users into different service groups.

Julian Todt,Simon Hanisch,Thorsten Strufe

2024-07-09

Abstract:Biometric data is pervasively captured and analyzed. Using modern machine learning approaches, identity and attribute inferences attacks have proven high accuracy. Anonymizations aim to mitigate such disclosures by modifying data in a way that prevents identification. However, the effectiveness of some anonymizations is unclear. Therefore, improvements of the corresponding evaluation methodology have been proposed recently. In this paper, we introduce SEBA, a framework for strong evaluation of biometric anonymizations. It combines and implements the state-of-the-art methodology in an easy-to-use and easy-to-expand software framework. This allows anonymization designers to easily test their techniques using a strong evaluation methodology. As part of this discourse, we introduce and discuss new metrics that allow for a more straightforward evaluation of the privacy-utility trade-off that is inherent to anonymization attempts. Finally, we report on a prototypical experiment to demonstrate SEBA's applicability.

Cryptography and Security,Computer Vision and Pattern Recognition

Soo Yee Lim,Tanya Prasad,Xueyuan Han,Thomas Pasquier

2024-09-11

Abstract:The eBPF framework enables execution of user-provided code in the Linux kernel. In the last few years, a large ecosystem of cloud services has leveraged eBPF to enhance container security, system observability, and network management. Meanwhile, incessant discoveries of memory safety vulnerabilities have left the systems community with no choice but to disallow unprivileged eBPF programs, which unfortunately limits eBPF use to only privileged users. To improve run-time safety of the framework, we introduce SafeBPF, a general design that isolates eBPF programs from the rest of the kernel to prevent memory safety vulnerabilities from being exploited. We present a pure software implementation using a Software-based Fault Isolation (SFI) approach and a hardware-assisted implementation that leverages ARM's Memory Tagging Extension (MTE). We show that SafeBPF incurs up to 4% overhead on macrobenchmarks while achieving desired security properties.

Cryptography and Security,Operating Systems

Lei Yang,Qingji Zheng,Xinxin Fan

DOI: https://doi.org/10.1109/infocom.2017.8056954

2017-05-01

Abstract:The integration of cloud computing and Internet of Things (IoT) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. This paradigm shift, while bringing numerous benefits and new opportunities to healthcare organizations, has raised a lot of security and privacy concerns. In this paper, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Our system is built upon a novel dynamic searchable symmetric encryption scheme with forward privacy and delegated verifiability for periodically generated healthcare data. While the forward privacy is achieved by maintaining an increasing counter for each keyword at an IoT gateway, the data owner delegated verifiability comes from the combination of the Bloom filter and aggregate message authentication code. Moreover, our system is able to support multiple HSPs through either data owner assistance or delegation. The detailed security analysis as well as the extensive simulations on a large data set with millions of records demonstrate the practical efficiency of the proposed system for real world healthcare applications.