How are PDF files published in the Scientific Community?

Adhatarao, Supriya; Lauradoux, Cédric

doi:10.1109/wifs53200.2021.9648374

Search citation statements

Order By: Relevance

Paper Sections

Select...

Threat Model and Known Attacks1

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2022

Publication Types

Select...

Other2

Relationship

Self Cite0

Independent2

Authors

Journals

Cited by 2 publications

(1 citation statement)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Denial of access. This situation corresponds to cases in which data controllers decline to provide data to data subjects; one alleged reason refers to scenarios wherein they are not in a position to verify the identity of subjects.It also occurs often with companies collecting and processing cookies [6,11], but also with those processing IP addresses [4]. Denial of access was also observed in [5,6,11,19].…”

Section: Threat Model and Known Attacksmentioning

confidence: 99%

Can Authoritative Governments Abuse the Right to Access?

Lauradoux¹

2022

Preprint

View full text Add to dashboard Cite

The right to access is a great tool provided by the GDPR to empower data subjects with their data. However, it needs to be implemented properly otherwise it could turn subject access requests against the subjects privacy. Indeed, recent works have shown that it is possible to abuse the right to access using impersonation attacks. We propose to extend those impersonation attacks by considering that the adversary has an access to governmental resources. In this case, the adversary can forge official documents or exploit copy of them. Our attack affects more people than one may expect. To defeat the attacks from this kind of adversary, several solutions are available like multi-factors or proof of aliveness. Our attacks highlight the need for strong procedures to authenticate subject access requests.

show abstract