Skip to main content

Everything But the Kitchen Sink: Determining the Effect of Multiple Attacks on Privacy Preserving Technology Users

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7617)

Abstract

We investigate the degree to which privacy preserving technologies (PPT) are able to protect an organization against a variety of attacks aimed at undermining their privacy. We studied a PPT at a United States based organization and executed multiple attacks associated with network monitoring, phishing, and online social networks (OSNs). To begin, we received written authorization to conduct this study from the General Counsel of the case study organization and completed a formal application with the George Mason University Human Subject Review Board. Next, we surveyed 160 of the PPT users to get an idea of their background and security knowledge when it comes to privacy and anonymization on the Internet. We incorporated a network monitoring solution to monitor the websites and the actions performed by the users while on the PPT. The point of the phishing attack was to determine what additional information the users were willing to give up. We found that 92 of the 160 (58 percent) participants fell victim to our phishing campaign. The last attack phase shows the extent to which information made freely available on an online social network can negatively impact the anonymization offered by the PPT. We were able to determine the (Facebook) profiles of 34 of the 160 participants (21 percent). Upon completion of the attacks, we compiled the information and presented it to the users as security awareness training.

Keywords

  • Network Monitoring
  • Online Social Network
  • Privacy Concern
  • General Counsel
  • Threat Model

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   72.00
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Acquisti, A., Gross, R.: Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 36–58. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  2. Aycock, J., Buchanan, E., Dexter, S., Dittrich, D.: Human subjects, agents, or bots: Current issues in ethics and computer security research. In: Proceedings from 2nd Workshop on Ethics in Computer Security Research, St. Lucia (2011)

    Google Scholar 

  3. Clark, J.: Correlating a persona to a person. To appear in the 3rd International Workshop on Security and Privacy in Social Networks (2012)

    Google Scholar 

  4. Clark, J., Stavrou, A.: Breaching & protecting an anonymizing network system. In: 6th Annual Symposium on Information Assurance (ASIA 2011), p. 32 (2011)

    Google Scholar 

  5. Cranor, L.F.: Internet privacy. Communications of the ACM 42(2), 28–38 (1999)

    CrossRef  Google Scholar 

  6. Cutillo, L.A., Molva, R., Strufe, T.: Safebook: A privacy-preserving online social network leveraging on real-life trust. IEEE Communications Magazine 47(12), 94–101 (2009)

    CrossRef  Google Scholar 

  7. Debatin, B., Lovejoy, J.P., Horn, A.K., Hughes, B.N.: Facebook and online privacy: Attitudes, behaviors, and unintended consequences. Journal of Computer-Mediated Communication 15(1), 83–108 (2009)

    CrossRef  Google Scholar 

  8. Dhamija, R., Tygar, J.D., Hearst, M.: Why phishing works. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 581–590. ACM (2006)

    Google Scholar 

  9. Dodge, R., Coronges, K., Rovira, E.: Empirical benefits of training to phishing susceptibility. In: Information Security and Privacy Research, pp. 457–464 (2012)

    Google Scholar 

  10. http://www.sptoolkit.com

  11. Jagatic, T.N., Johnson, N.A., Jakobsson, M., Menczer, F.: Social phishing. Communications of the ACM 50(10), 94–100 (2007)

    CrossRef  Google Scholar 

  12. Jones, H., Soltren, J.: Facebook: Threats to privacy. In: Project MAC: MIT Project on Mathematics and Computing (2005)

    Google Scholar 

  13. Lamping, U., Warnicke, E.: Wireshark user’s guide. Interface 4, 6 (2004)

    Google Scholar 

  14. Lipford, H.R., Besmer, A., Watson, J.: Understanding privacy settings in facebook with an audience view. In: Proceedings of the 1st Conference on Usability, Psychology, and Security, pp. 1–8 (2008)

    Google Scholar 

  15. Luo, W., Xie, Q., Hengartner, U.: Facecloak: An architecture for user privacy on social networking sites. In: International Conference on Computational Science and Engineering, CSE 2009, vol. 3, pp. 26–33 (2009)

    Google Scholar 

  16. Makridakis, A., Athanasopoulos, E., Antonatos, S., Antoniades, D., Ioannidis, S., Markatos, E.P.: Designing malicious applications in social networks. In: IEEE Network Special Issue on Online Social Networks (2010)

    Google Scholar 

  17. Moody, G., Galletta, D., Walker, J., Dunn, B.: Which phish get caught? an exploratory study of individual susceptibility to phishing (2011)

    Google Scholar 

  18. Orebaugh, A., Ramirez, G., Burke, J.: Wireshark & Ethereal network protocol analyzer toolkit. Syngress Media Inc. (2007)

    Google Scholar 

  19. Serjantov, A., Murdoch, S.J.: Message Splitting Against the Partial Adversary. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 26–39. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  20. Singh, K., Bhola, S., Lee, W.: xbook: Redesigning privacy control in social networking platforms. In: Proceedings of the 18th Conference on USENIX Security Symposium, pp. 249–266. USENIX Association (2009)

    Google Scholar 

  21. Sirivianos, M., Kim, K., Yang, X.: Facetrust: Assessing the credibility of online personas via social networks. In: Proceedings of the 4th USENIX Conference on Hot Topics in Security, p. 2. USENIX Association (2009)

    Google Scholar 

  22. Warren, C., Laslett, B.: Privacy and secrecy: A conceptual comparison. Journal of Social Issues 33(3), 43–51 (1977)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Clark, J.W. (2012). Everything But the Kitchen Sink: Determining the Effect of Multiple Attacks on Privacy Preserving Technology Users. In: Jøsang, A., Carlsson, B. (eds) Secure IT Systems. NordSec 2012. Lecture Notes in Computer Science, vol 7617. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34210-3_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34210-3_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34209-7

  • Online ISBN: 978-3-642-34210-3

  • eBook Packages: Computer ScienceComputer Science (R0)