Filters








337 Hits in 6.6 sec

Domain Name Encryption Is Not Enough: Privacy Leakage via IP-based Website Fingerprinting [article]

Nguyen Phong Hoang, Arian Akhavan Niaki, Phillipa Gill, Michalis Polychronakis
2021 arXiv   pre-print
Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy  ...  In this paper, we show that this instability is not a roadblock (assuming a universal DoT/DoH and ECH deployment), by introducing an IP-based website fingerprinting technique that allows a network-level  ...  The opinions in this paper are those of the authors and do not necessarily reflect the opinions of the sponsor.  ... 
arXiv:2102.08332v2 fatcat:2y5prhskhbdeplm35hrb3xtl6y

Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting

Nguyen Phong Hoang, Arian Akhavan Niaki, Phillipa Gill, Michalis Polychronakis
2021 Proceedings on Privacy Enhancing Technologies  
Although the security benefits of domain name encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and Encrypted Client Hello (ECH) are clear, their positive impact on user privacy  ...  We conclude by discussing strategies for website owners and hosting providers towards hindering IP-based website fingerprinting and maximizing the privacy benefits offered by DoT/DoH and ECH.  ...  The opinions in this paper are those of the authors and do not necessarily reflect the opinions of the sponsor.  ... 
doi:10.2478/popets-2021-0078 fatcat:k6f6pkoltzdfdmudcdav2dqoqe

Assessing the Privacy Benefits of Domain Name Encryption [article]

Nguyen Phong Hoang, Arian Akhavan Niaki, Nikita Borisov, Phillipa Gill, Michalis Polychronakis
2019 arXiv   pre-print
However, even when encryption is enabled, users leak information about the domains they visit via their DNS queries and via the Server Name Indication (SNI) extension of TLS.  ...  We find that 20% of the domains studied will not gain any privacy benefit since they have a one-to-one mapping between their hostname and IP address.  ...  More specifically, while domain name information is encrypted, the IP address information is still visible to any on-path observers and can be used to infer the websites being visited.  ... 
arXiv:1911.00563v1 fatcat:yondgiommzeaxgidht6heguv6e

Summary of DNS Over HTTPS Abuse

Karel Hynek, Dmitrii Vekshin, Jan Luxemburk, Tomas Cejka, Armin Wasicek
2022 IEEE Access  
Last but not least, we identified several research challenges that we consider important for future security research.  ...  The Internet Engineering Task Force adopted the DNS over HTTPS protocol in 2018 to remediate privacy issues regarding the plain text transmission of the DNS protocol.  ...  Translating a domain name via DoH is not by itself abuse.  ... 
doi:10.1109/access.2022.3175497 fatcat:sxehblcsknbkvi5qhlipgbqrja

Expressive privacy control with pseudonyms

Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall
2013 Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM - SIGCOMM '13  
In the current Internet, the default assumption is that all behavior can be correlated using a variety of identifying information, not the least of which is a user's IP address.  ...  We provide this abstraction by associating each pseudonym with a unique, random address drawn from the IPv6 address space, which is large enough to provide each device with multiple globally-routable addresses  ...  The extension allocates/deallocates IPv6 addresses by communicating with the gateway. • Name resolution: Requests for web pages arrive at the gateway with domain names rather than IPs.  ... 
doi:10.1145/2486001.2486032 dblp:conf/sigcomm/HanLPPAKW13 fatcat:rtr7wbsvq5e7hjomkhoxu2pmhq

Expressive privacy control with pseudonyms

Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall
2013 Computer communication review  
In the current Internet, the default assumption is that all behavior can be correlated using a variety of identifying information, not the least of which is a user's IP address.  ...  We provide this abstraction by associating each pseudonym with a unique, random address drawn from the IPv6 address space, which is large enough to provide each device with multiple globally-routable addresses  ...  The extension allocates/deallocates IPv6 addresses by communicating with the gateway. • Name resolution: Requests for web pages arrive at the gateway with domain names rather than IPs.  ... 
doi:10.1145/2534169.2486032 fatcat:yvfeltda2zh5lak3nglwny3tmy

Tracking and Personalization [chapter]

Rahat Masood, Shlomo Berkovsky, Mohamed Ali Kaafar
2021 Modern Socio-Technical Perspectives on Privacy  
Privacy implications of personalization via online tracking, highlighted by organizations and researchers, are also illustrated.  ...  Lastly, this chapter discusses the ways to balance personalization benefits and privacy concerns.  ...  In addition, identifiers such as network names and IP addresses also help in host fingerprinting [75] .  ... 
doi:10.1007/978-3-030-82786-1_9 fatcat:au7bgwajqzeffb2cvtgn3ytasy

Shopping for privacy: Purchase details leaked to PayPal

Sören Preibusch, Thomas Peetz, Gunes Acar, Bettina Berendt
2016 Electronic Commerce Research and Applications  
Leakage to PayPal is commonplace across product categories and includes details of medication or sex toys. We provide recommendations for merchants.  ...  More than half of the sites we analysed shared product names and details with PayPal, allowing the payment provider to build up fine-grained and comprehensive consumption profiles about its clients across  ...  Unfortunately, PayPal's privacy policy is not as explicit about fingerprinting as it is for Flash cookies.  ... 
doi:10.1016/j.elerap.2015.11.004 fatcat:wmakmoosbfa7no2mnlg6swo6wy

A Case Study of Intra-library Privacy Issues on Android GPS Navigation Apps [chapter]

Stylianos Monogios, Konstantinos Limniotis, Nicholas Kolokotronis, Stavros Shiaeles
2019 Communications in Computer and Information Science  
Our results show that GPS navigation apps have access to several types of device data, while they may allow for personal data leakage towards third parties such as library providers or tracking services  ...  In this respect, this paper focuses on the geolocation data and analyses five GPS applications to identify the privacy risks if no appropriate safeguards are present.  ...  The difficulty in dealing with fingerprinting rests with the fact that fingerprints are not based on any client-based storage (such as the case of cookies) and thus sophisticated data protection by design  ... 
doi:10.1007/978-3-030-37545-4_3 fatcat:7ntomzzqbrfxtcoqq6ooe5zzae

Eavesdropping on Fine-Grained User Activities Within Smartphone Apps Over Encrypted Network Traffic

Brendan Saltaformaggio, Hongjun Choi, Kristen Johnson, Yonghwi Kwon, Qi Zhang, Xiangyu Zhang, Dongyan Xu, John Qian
2016 Workshop on Offensive Technologies  
Despite the widespread use of fully encrypted communication, our technique, called NetScope, is based on the intuition that the highly specific implementation of each app leaves a fingerprint on its traffic  ...  Android and iOS devices, based solely on inspecting IP headers.  ...  Any opinions, findings, and conclusions in this paper are those of the authors only and do not necessarily reflect the views of our sponsors.  ... 
dblp:conf/woot/SaltaformaggioC16 fatcat:gkgbvsxhz5bpxj2xdw2zjfrf6a

A Comprehensive Survey of Aadhar and Security Issues [article]

Isha Pali, Lisa Krishania, Divya Chadha, Asmita Kandar, Gaurav Varshney, Sneha Shukla
2020 arXiv   pre-print
To implement this, the Indian government created the authority UIDAI to distribute and generate user identities for every individual based on their demographic and biometric data.  ...  Our main aim is to cover all the security aspects related to Aadhaar to avoid possible security attacks. Also, we have included the current updates and news related to Aadhaar.  ...  The card generated via UIDAI then got named as Aadhaar card. The word "Aadhaar" is a Hindi word that refers to a 'base' that verifies your identity. A.  ... 
arXiv:2007.09409v1 fatcat:wvfuikzjsrerfm445kabru5xli

Mosaic

Ning Xia, Han Hee Song, Yong Liao, Marios Iliofotou, Antonio Nucci, Zhi-Li Zhang, Aleksandar Kuzmanovic
2013 Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM - SIGCOMM '13  
While prior studies have directly focused on OSN services, we call attention to the privacy leakage in mobile network data. This concern is motivated by two factors.  ...  By applying Tessellation on traffic from a cellular service provider (CSP), we show that up to 50% of the traffic can be attributed to the names of users.  ...  The information for each class/subclass is Privacy leakage as a function of breach duration and compromised IPs.  ... 
doi:10.1145/2486001.2486008 dblp:conf/sigcomm/XiaSLINZK13 fatcat:oc4q32agrzcwbjzqvmkq6vr6au

Mosaic

Ning Xia, Han Hee Song, Yong Liao, Marios Iliofotou, Antonio Nucci, Zhi-Li Zhang, Aleksandar Kuzmanovic
2013 Computer communication review  
While prior studies have directly focused on OSN services, we call attention to the privacy leakage in mobile network data. This concern is motivated by two factors.  ...  By applying Tessellation on traffic from a cellular service provider (CSP), we show that up to 50% of the traffic can be attributed to the names of users.  ...  The information for each class/subclass is Privacy leakage as a function of breach duration and compromised IPs.  ... 
doi:10.1145/2534169.2486008 fatcat:sip5i3jsmvec5dft7c6wb3s3ae

Towards Mining Latent Client Identifiers from Network Traffic

Sakshi Jain, Mobin Javed, Vern Paxson
2016 Proceedings on Privacy Enhancing Technologies  
Websites extensively track users via identifiers that uniquely map to client machines or user accounts.  ...  Although such tracking has desirable properties like enabling personalization and website analytics, it also raises serious concerns about online user privacy, and can potentially enable illicit surveillance  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors.  ... 
doi:10.1515/popets-2016-0007 dblp:journals/popets/JainJP16 fatcat:2osybpcf6za6zhgra73w6yuc6e

Oblivious DNS: Practical Privacy for DNS Queries

Paul Schmitt, Anne Edmundson, Allison Mankin, Nick Feamster
2019 Proceedings on Privacy Enhancing Technologies  
Operators of DNS recursive resolvers—the machines that receive a client's query for a domain name and resolve it to a corresponding IP address—can learn significant information about client activity.  ...  Virtually every Internet communication typically involves a Domain Name System (DNS) lookup for the destination server that the client wants to communicate with.  ...  Recent work has highlighted how onion domain name leakages are a source of privacy leakage as well [40] .  ... 
doi:10.2478/popets-2019-0028 dblp:journals/popets/SchmittEMF19 fatcat:zwmj24okyvhidmd6k5rstvkxfy
« Previous Showing results 1 — 15 out of 337 results