An Efficient Web Traffic Defence Against Timing-Analysis Attacks

Feghhi, Saman; Leith, Douglas J.

doi:10.1109/tifs.2018.2855655

Cited by 8 publications

(1 citation statement)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Of course timing based attacks are not confined to recommender systems and there is, in particular, a growing literature on such attacks against HTTPS traffic and on defenses. Borrowing from this literature, when user traffic can be aggregated, for example by use of a shared VPN, then relatively low amounts of buffering and injection of dummy traffic are sufficient to provably disrupt timing-based attacks 33 and such approaches might usefully be adopted in the present context.…”

Section: Additional Linking Attacksmentioning

confidence: 99%

OpenNym: Privacy preserving recommending via pseudonymous group authentication

Checco

Bracciale

Leith

et al. 2021

Security and Privacy

Self Cite

View full text Add to dashboard Cite

A user accessing an online recommender system typically has two choices: either agree to be uniquely identified and in return receive a personalized and rich experience, or try to use the service anonymously but receive a degraded non-personalized service. In this paper, we offer a third option to this "all or nothing" paradigm, namely use a web service with a public group identity, that we refer to as an OpenNym identity, which provides users with a degree of anonymity while still allowing useful personalization of the web service. Our approach can be implemented as a browser shim that is backward compatible with existing services and as an example, we demonstrate operation with the Movielens online service. We exploit the fact that users can often be clustered into groups having similar preferences and in this way, increased privacy need not come at the cost of degraded service. Indeed use of the OpenNym approach with Movielens improves personalization performance.

show abstract

Section: Additional Linking Attacksmentioning

confidence: 99%

OpenNym: Privacy preserving recommending via pseudonymous group authentication

Checco

Bracciale

Leith

et al. 2021

Security and Privacy

Self Cite

View full text Add to dashboard Cite

show abstract

Web Browser Privacy: What Do Browsers Say When They Phone Home?

Leith

2021

IEEE Access

View full text Add to dashboard Cite

We measure the data sent to their back-end servers by five browsers: Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser and Microsoft Edge, during normal web browsing on both desktop and mobile devices. Our aim is to assess the privacy risks associated with this data exchange between a browser and its back-end servers. With regard to shared services, all of the browsers make use of a safe browsing service to mitigate phishing attacks and our measurements indicate that this raises few privacy concerns. Similarly, with regard to the Chrome extension update service accessed by Chromiumbase browsers (Chrome, Brave, Edge). Overall, we find that both the desktop and mobile versions of Brave do not use any identifiers allowing tracking of IP address over time, and do not share details of web pages visited with backend servers. In contrast, Chrome, Firefox, Safari and Edge all share details of web pages visited with backend servers. Additionally, Chrome, Firefox and Edge all share long-lived identifiers that can be used to link connections together and so potentially allow tracking over time. In the case of Edge these are device and hardware identifiers that are hard/impossible for users to change. On mobile devices, but not desktop devices, Firefox also shares device identifiers.

show abstract