Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mosaic: Quantifying Privacy Leakage in Mobile Networks Aleksandar Kuzmanovic EECS Department Northwestern University

Published byRosalind Hardy Modified over 9 years ago

Similar presentations

Presentation on theme: "Mosaic: Quantifying Privacy Leakage in Mobile Networks Aleksandar Kuzmanovic EECS Department Northwestern University"— Presentation transcript:

1 Mosaic: Quantifying Privacy Leakage in Mobile Networks Aleksandar Kuzmanovic EECS Department Northwestern University http://networks.cs.northwestern.edu

2 Buy 1 Get 1 Free Mosaic –Joint work with Ning Xia (Northwestern University) Han Hee Song (Narus Inc.) Yong Liao (Narus Inc.) Marios Iliofotou (Narus Inc.) Antonio Nucci (Narus Inc.) Zhi-Li Zhang (University of Minnesota) Synthoid –Joint work with Marcel Flores (Northwestern University) 2

3 3 Scenario IP 1 ISP A …IP K IP 1 CSP B …IP K Different services Dynamic IP, CSP/ISP Different devices Different “footprints”

4 4 Problem Other research work We are here! TessellationMosaic IP 1 ISP A …IP K IP 1 CSP B …IP K Input packet traces How much private information can be obtained and expanded about end users by monitoring network traffic?

5 5 Motivation IP 1 ISP A …IP K IP 1 CSP B …IP K I will know everything about everyone! Agencies Bad guys Mobile Traffic: Relevant: more personal information Challenging: frequent IP changes

6 6 How to track users when they hop over different IPs? Challenges With Traffic Markers, it is possible to connect the users’ true identities to their sessions. Sessions: Flows(5-tuple) are grouped into sessions time IP3 time IP2 time IP1 Traffic Markers: Identifiers in the traffic that can be used to differentiate users

7 7 Datasets 3h-Dataset: main dataset for most experiments 9h-Dataset: for quantifying privacy leakage Ground Truth Dataset: for evaluation of session attribution RADIUS: provide session owners DatasetSourceDescription 3h-DatasetCSP-AComplete payload 9h-DatasetCSP-AOnly HTTP headers Ground Truth DatasetCSP-BPayload & RADUIS info.

8 Methodology Overview Tessellation IP 1 ISP A …IP K IP 1 CSP B …IP K Mosaic construction Network data analysis Public web crawling Mapping from sessions to users Traffic attribution Via traffic markers Via activity fingerprinting Combine information from both network data and OSN profiles to infer the user mosaic. 8

9 9 Traffic Attribution via Traffic Markers Traffic Markers: Identifiers in the traffic to differentiate users Key/value pairs from HTTP header User IDs, device IDs or sessions IDs DomainKeywordsCategorySource osn1.comc_user= OSN User IDCookies osn2.comoauth_token= -##OSN User IDHTTP header admob.comX-Admob-ISUAdvertisingHTTP header pandora.comuser_idUser IDCookies google.comsidSession IDCookies How can we select and evaluate traffic markers from network data?

10 10 Traffic Attribution via Traffic Markers OSN IDs as Anchors: The most popular user identifiers among all services Linked to user public profiles OSN IDs can be used as anchors, but their coverage on sessions is too small OSNSourceSession Coverage OSN1 IDHTTP URL and cookies1.3% OSN2 IDHTTP header1.0% Top 2 OSN providers from North America Only 2.3% sessions contain OSN IDs

11 Block Generation: Group Sessions into Blocks 11 Traffic Attribution via Traffic Markers 99K session blocks generated from the 12M sessions Session interval δ Depends on the CSP δ=60 seconds in our study Other sessions? OSN ID ≥δ IP 1 Block Session group on the same IP from the same user Traffic markers shared by the same block time IP 1 IP time IP Block

12 Culling the Traffic Markers: OSN IDs are not enough 12 Traffic Attribution via Traffic Markers Uniqueness: Can the traffic marker differentiate between users? Persistency: How long does a traffic marker remain the same? Traffic markers mobclix.com #uid OSN1 ID pandora.com #user_id mobclix.com #u mydas.mobi #mac-id google.com #sid craigslist.org #cl_b Persistency ~= 1 The value of Google.com#sid remains the same for the same user nearly all the observation duration Uniqueness = 1 No two users will share the same google.com#sid value We pick 625 traffic markers with uniqueness = 1, persistency > 0.9

13 Traffic Attribution: Connecting the Dots 13 Traffic Attribution via Traffic Markers IP 1 IP 2 IP 3 Same OSN ID Same traffic marker Traffic markers are the key in attributing sessions to the same user over different IP addresses Tessellation User T i ( )

14 14 Traffic Attribution via Activity Fingerprinting What if a session block has no traffic markers? Assumption (Activity Fingerprinting): Users can be identified from the DNS names of their favorite services DNS names: Extracted 54,000 distinct DNS names Classified into 21 classes Service classes Service providers Searchbing, google, yahoo Chatskype, mtalk.googl.com Datingplentyoffish, date E-commerceamazon, ebay Emailgoogle, hotmail, yahoo Newsmsnbc, ew, cnn PictureFlickr, picasa …… Activity Fingerprinting: Favorite (top-k) DNS names as the user’s “fingerprint”

15 15 Traffic Attribution via Activity Fingerprinting Y-axis: closer to 1, more distinct the fingerprint is Mobile users can be identified by the DNS names from their preferred services Normalized DNS names Fi : Top k DNS names from user as “activity fingerprint” : Uniqueness of the fingerprint X-axis: normalized by the total number of DNS names

16 16 Traffic Attribution Evaluation RiRi RADIUS user (Ground Truth) Session RiRi RjRj TiTi Correct (Not complete) TjTj Not correct Coverage = ----------------------- identified sessions/users total sessions/users = ------------------- correctly identified sessions/users total identified sessions/users Accuracy on Covered Set TiTi Tessellation user (Correct?)

17 17 Traffic Attribution Evaluation Evaluation Results

18 Mosaic of Real-World User Alice Example MOSAIC with 12 information classes(tesserae): Information (Education, affiliation and etc.) from OSN profiles Information (Locations, devices and etc.) from user sessions 18 Construction of User Mosaic Least gain Most gain Sub-classes: Residence, coordinates, city, state, and etc.

19 Leakage from OSN profiles vs. from Network Data 19 Information from OSN profiles and network data complement and corroborate each other Analysis on network data provides real-time activities and locations OSN profiles provide static user information (education, interests) Quantifying Privacy Leakage Information from both sides can corroborate to each other

20 Traffic markers (OSN IDs and etc.) should be limited and encrypted Preventing User Privacy Leakage 20 Protect traffic markers Restrict 3 rd parties Third party applications/developers should be strongly regulated

21 Beyond Traffic Encryption Trackers and Information Aggregators 21

22 Current Approaches (in the Advertising Domain) Block or disrupt ad interaction –May disrupt regular site operation Privacy preserving infrastructures –Requires participation of ad networks Do Not Track, Opt-out mechanisms –Requires trust in ad networks 22

23 Synthoid Endpoint User Profile Control –User explicitly defines who he wants to be online, i.e., his online profile –Synthoid imprints this profile into all possible trackers and information aggregators 23

24 Ad Network Synthoid 24

25 Synthoid Performance Volume of Synthoid traffic varied 1% -- 100% 25 It is possible to completely alter the user profile with small amount of artificial traffic

26 Prevalence in the use of OSNs leaves users’ true identities available in the network Significant portions of flows can be attributed to users, even without any direct identity leaks Ubiquitous encryption is not likely to take place, plus it does not solve the problem Our endpoint user profile control lets users explicitly define their online profiles Works for all possible trackers at once Requires no changes or consent from trackers Currently developing Synthoid for search, mobile, information aggregators, price discriminators, etc. 26 Conclusions

27 Thanks! Questions? 27 http://networks.cs.northwestern.edu

28 28

Download ppt "Mosaic: Quantifying Privacy Leakage in Mobile Networks Aleksandar Kuzmanovic EECS Department Northwestern University"

Similar presentations

The Internet.

The Internet.
Taming User-Generated Content in Mobile Networks via Drop Zones Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Taming User-Generated Content in Mobile Networks via Drop Zones Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.
Mosaic: Quantifying Privacy Leakage in Mobile Networks

Mosaic: Quantifying Privacy Leakage in Mobile Networks
Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.

Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
PHP Meetup - SEO 2/12/2009. Where to Focus? Ensuring the findability of content Ensuring content is well understood by search engines Maximizing the importance.

PHP Meetup - SEO 2/12/2009. Where to Focus? Ensuring the findability of content Ensuring content is well understood by search engines Maximizing the importance.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
Large-Scale Entity-Based Online Social Network Profile Linkage.

Large-Scale Entity-Based Online Social Network Profile Linkage.
Online Privacy and Codes of Conduct Peter Fleischer Global Privacy Counsel my personal blog:

Online Privacy and Codes of Conduct Peter Fleischer Global Privacy Counsel my personal blog:
A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.

A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.
FABIAN SCHNEIDER, SACHIN AGARWAL,TANSU ALPCAN, AND ANJA FELDMANN DEUTSCHE TELEKOM LABORATORIES/TECHNISCHE UNIVERSITAT BERLIN 10587 BERLIN, GERMANY ΣΗΜΑΝΤΗΡΑΚΗ.

FABIAN SCHNEIDER, SACHIN AGARWAL,TANSU ALPCAN, AND ANJA FELDMANN DEUTSCHE TELEKOM LABORATORIES/TECHNISCHE UNIVERSITAT BERLIN BERLIN, GERMANY ΣΗΜΑΝΤΗΡΑΚΗ.
Masoud Valafar †, Reza Rejaie †, Walter Willinger ‡ † University of Oregon ‡ AT&T Labs-Research WOSN’09 Barcelona, Spain Beyond Friendship Graphs: A Study.

Masoud Valafar †, Reza Rejaie †, Walter Willinger ‡ † University of Oregon ‡ AT&T Labs-Research WOSN’09 Barcelona, Spain Beyond Friendship Graphs: A Study.
802.11 User Fingerprinting Jeff Pang, Ben Greenstein, Ramki Gummadi, Srini Seshan, and David Wetherall Most slides borrowed from Ben.

User Fingerprinting Jeff Pang, Ben Greenstein, Ramki Gummadi, Srini Seshan, and David Wetherall Most slides borrowed from Ben.
Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.
1 Drafting Behind Akamai (Travelocity-Based Detouring) AoJan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante Department of Electrical.

1 Drafting Behind Akamai (Travelocity-Based Detouring) AoJan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante Department of Electrical.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Similar presentations

Ads by Google