5,972 Hits in 6.4 sec

A Passive Attack on the Privacy of Web Users Using Standard Log Information [chapter]

Thomas Demuth
2003 Lecture Notes in Computer Science  
The motivation for this attack is to show the capability of passive privacy attacks using Web server log files and to propagate the use of anonymising techniques for Web users.  ...  In this paper, a passive attack is presented that uses information of a different network layer in the first place.  ...  A successful attack on the privacy of a Web user can be performed as follows: Given a line of server log data not mandatory containing IP addresses and describing one access to a Web page by a person using  ... 
doi:10.1007/3-540-36467-6_14 fatcat:azmrq4rl75gbzb5v5n5lln2rni

A passive Digital footprint for Extranet environment

2018 Al-Qadisiyah Journal Of Pure Science  
The web logger, can log information's and track user's digital footprint passively around the sites, logged information include user access time and date, user IP address, username, user authentication  ...  Thus, propose or present an access log that can log many information that can be used with further studies as auditing or monitoring system in order to track the internal staff digital footprint and finally  ...  attacks where the attackers actions usually will be logged as permissible, standard action if they are logged in to the system.  ... 
doi:10.29350/jops.2018.23.1.727 fatcat:eswkjoxgwje63jvynr2iqv6bnq

Application Level Security in a Public Library: A Case Study

Richard Thomchick, Tonia San Nicolas-Rocca
2018 Information Technology and Libraries  
HTTPS has been used to protect sensitive information exchanges, but security exploits such as passive and active attacks have exposed the need to implement HTTPS in a more rigorous and pervasive manner  ...  Libraries have historically made great efforts to ensure the confidentiality of patron personally identifiable information (PII), but the rapid, widespread adoption of information technology and the internet  ...  During a passive attack, a hacker will attempt to listen in on communications over a network. Eavesdropping is an example of a passive attack. 28 Active attacks alter systems or data.  ... 
doi:10.6017/ital.v37i4.10405 fatcat:ppfcwpcymfapzdgmqbsyklh64m

Web Assessment of Libyan Government e-Government Services

Mohd Zamri Murah, Abdullah Ahmed
2018 International Journal of Advanced Computer Science and Applications  
The e-government initiative involves the use of websites to offer various services such as civil registration, financial transaction and private information handling.  ...  Therefore, in this paper, we did a web security assessment of 16 Libyan government websites. The main purpose of this study is to determine the security level of these websites.  ...  ACKNOWLEDGMENT The authors would like to thank Center for Cybersecurity at Universiti Kebangsaan Malaysia for their assistance.  ... 
doi:10.14569/ijacsa.2018.091282 fatcat:z3lzesqzaffj3ayreinicraqoy

Privacy-safe network trace sharing via secure queries

Jelena Mirkovic
2008 Proceedings of the 1st ACM workshop on Network data anonymization - NDA '08  
We discuss why secure queries provide higher privacy guarantees and higher research utility than sanitization, and present a design of the secure query language and a privacy policy.  ...  In this paradigm, a data owner publishes a query language and an online portal, allowing researchers to submit sets of queries to be run on data.  ...  Attack Classes A passive attacker can observe a publicly released trace and use some source of auxiliary information, such as published Web material [2] , to infer privacy-sensitive data.  ... 
doi:10.1145/1456441.1456445 dblp:conf/ccs/Mirkovic08 fatcat:5zhtfdfvobgevoeby2lvexauai

Analyzing the BrowserID SSO System with Primary Identity Providers Using an Expressive Model of the Web [chapter]

Daniel Fett, Ralf Küsters, Guido Schmitz
2015 Lecture Notes in Computer Science  
Interestingly, some of our attacks on privacy make use of a browser side channel that, to the best of our knowledge, has not gained a lot of attention so far.  ...  This constitutes the most complex formal analysis of a web application based on an expressive model of the web infrastructure so far.  ...  Informally, these properties can be stated as follows: (A) The attacker should not be able to use a service of RP as an honest user.  ... 
doi:10.1007/978-3-319-24174-6_3 fatcat:64rzpmkaijawhf2hwjwwrndxgi

Towards Measuring Anonymity [chapter]

Claudia Díaz, Stefaan Seys, Joris Claessens, Bart Preneel
2003 Lecture Notes in Computer Science  
The model is shown to be very useful for evaluating the level of privacy a system provides under various attack scenarios, for measuring the amount of information an attacker gets with a particular attack  ...  The degree is based on the probabilities an attacker, after observing the system, assigns to the different users of the system as being the originators of a message.  ...  This is a standard assumption for modeling the behavior of users making phone calls [5] .  ... 
doi:10.1007/3-540-36467-6_5 fatcat:nr35okzrenan7ikykwl3gkmlmq

Enforced Community Standards for Research on Users of the Tor Anonymity Network [chapter]

Christopher Soghoian
2012 Lecture Notes in Computer Science  
This paper proposes a set of four bright-line rules for researchers conducting privacy invading research on the Tor network.  ...  The author hopes that it will spark a debate, and hopefully lead to responsible program committees taking some action to embrace these, or similar rules. * The author hereby permits the use of this article  ...  For example, the researchers did not actively attack the accounts of their colleagues, they merely passively analyzed the network traces, whereas users of the Tor network had their accounts actively attacked  ... 
doi:10.1007/978-3-642-29889-9_13 fatcat:kmwd4xgrxbflxo22iwnxp3ldua

A lightweight framework for secure life-logging in smart environments

Nikolaos E. Petroulakis, Elias Z. Tragos, Alexandros G. Fragkiadakis, George Spanoudakis
2013 Information Security Technical Report  
In order to investigate the efficiency of the lightweight framework and the impact of the security attacks on energy consumption, an experimental test-bed was developed including two interconnected users  ...  life-logging on the Internet of Things (IoT) domain.  ...  The specifications of the users were defined in order to be able to mitigate eavesdropper's attacks of passive listeners and jamming attacks.  ... 
doi:10.1016/j.istr.2012.10.005 fatcat:b5rnljcnlrhprm2y7pptbl2rbi

On WPA2-Enterprise Privacy in High Education and Science

T. Perković, A. Dagelić, M. Bugarić, M. Čagalj
2020 Security and Communication Networks  
Considering the widespread use of Wi-Fi-enabled smartphones and rising concerns regarding users' privacy, we focus on the privacy aspects of WPA2-Enterprise vulnerabilities mainly on the widespread Eduroam  ...  Indeed, the analysis of the configuration profiles has been confirmed by performing the deanonymization attack on a large-scale international music festival in our country, where 70% of the devices have  ...  Conflicts of Interest  ... 
doi:10.1155/2020/3731529 fatcat:snleku2vfzdmnjgm4kdrgdbgl4

Privacy Preserving Architectures for Collaborative Intrusion Detection [article]

Sashank Dara, V.N. Muralidhara
2016 arXiv   pre-print
In order to benefit from such global context of attacks, privacy concerns continue to be of major hindrance.  ...  In this position paper we identify real world privacy problems as precise use cases, relevant cryptographic technologies and discuss privacy preserving architectures for collaborative intrusion detection  ...  Privacy Preserving Architectures for Collaborative Intrusion Detection Position Paper  ... 
arXiv:1602.02452v1 fatcat:jt7nbcguebb5lie5llq37i7pwq

Wherefore art thou r3579x?

Lars Backstrom, Cynthia Dwork, Jon Kleinberg
2007 Proceedings of the 16th international conference on World Wide Web - WWW '07  
In an effort to preserve privacy, the practice of anonymization replaces names with meaningless unique identifiers.  ...  We describe a family of attacks such that even from a single anonymized copy of a social network, it is possible for an adversary to learn whether edges exist or not between specific targeted pairs of  ...  to publish their information on the Web.  ... 
doi:10.1145/1242572.1242598 dblp:conf/www/BackstromDK07 fatcat:uprjrfwetrf3xaxwhz6wn4u6cm

Push Attack: Binding Virtual and Real Identities Using Mobile Push Notifications

2018 Future Internet  
The push notification attack bypasses the standard ways of protecting user privacy based on the network layer by operating at the application level.  ...  In an offline attack, a passive attacker correlates the social network activity of a user with the received push notification.  ...  The offline attack is suitable when the attacker has a log trace of the connections performed by several users on different hotspots.  ... 
doi:10.3390/fi10020013 fatcat:enkpvvaxujdjdlsdzigy65kiq4

Life-logging in smart environments: Challenges and security threats

Nikolaos E. Petroulakis, Ioannis G. Askoxylakis, Theo Tryfonas
2012 2012 IEEE International Conference on Communications (ICC)  
on the Internet of Things domain.  ...  security, privacy and trustworthy life-logging.  ...  If nodes have a MIC in the headers and payload, it is not possible to have an impersonation attack but it is possible to have passive listening or cause Denial of Service (DoS) attack.  ... 
doi:10.1109/icc.2012.6364934 dblp:conf/icc/PetroulakisAT12 fatcat:lb3qfopyczcpvaiquihjp2uqoy

Our fingerprints don't fade from the Apps we touch: Fingerprinting the Android WebView [article]

Abhishek Tiwari, Jyoti Prakash, Alimerdan Rahimov, Christian Hammer
2022 arXiv   pre-print
These apps expand the attack surface by employing two-way communication between native apps and the web. This paper studies the impact of browser fingerprinting on these embedded browsers.  ...  However, little is known about the effects of browser fingerprinting on Android hybrid apps -- where a stripped-down Chromium browser is integrated into an app.  ...  Finding 2: Hybrid apps are susceptible to passive fingerprinting and often violate standard privacy policies.  ... 
arXiv:2208.01968v1 fatcat:5lrkqjvn2ray3cn3ni75uvif4i
« Previous Showing results 1 — 15 out of 5,972 results