SimAttack: private web search under fire

Petit, Albin; Cerqueus, Thomas; Boutet, Antoine; Mokhtar, Sonia Ben; Coquil, David; Brunie, Lionel; Kosch, Harald

doi:10.1186/s13174-016-0044-x

Cited by 20 publications

(24 citation statements)

References 21 publications

(26 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The exit node retrieves the query and sends it to the search engine on behalf of the user. Other protocols increasing the security of TOR (e.g., against relays acting selfishly) have been proposed in the literature (e.g., Dissent [17], RAC [5]) but we do not discuss these alternatives as their cost (mainly due to the use of all-to- Most importantly, all these protocols, including TOR (see Section VIII) are not resilient to re-identification attacks [6], [7]. These attacks work as follows: assuming a set of user profiles built from user past queries, user re-identification attacks try to link anonymous queries to a profile corresponding to their originating user.…”

Section: ) Enforcing Unlinkabilitymentioning

confidence: 99%

“…However, studies have shown that anonymously sending queries to the search engine is not sufficient to actually protect users' privacy [6], [7]. Indeed, a search engine that has prior knowledge about users (e.g., user profiles built from past user queries) can link back a large proportion of anonymous search queries to their originating user by running re-identification attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

CYCLOSA: Decentralizing Private Web Search through SGX-Based Browser Extensions

Goltzsche

Pires

Mokhtar

et al. 2018

2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS)

Self Cite

View full text Add to dashboard Cite

By regularly querying Web search engines, users (unconsciously) disclose large amounts of their personal data as part of their search queries, among which some might reveal sensitive information (e.g. health issues, sexual, political or religious preferences). Several solutions exist to allow users querying search engines while improving privacy protection. However, these solutions suffer from a number of limitations: some are subject to user re-identification attacks, while others lack scalability or are unable to provide accurate results.This paper presents CYCLOSA, a secure, scalable and accurate private Web search solution. CYCLOSA improves security by relying on trusted execution environments (TEEs) as provided by Intel SGX. Further, CYCLOSA proposes a novel adaptive privacy protection solution that reduces the risk of user reidentification. CYCLOSA sends fake queries to the search engine and dynamically adapts their count according to the sensitivity of the user query. In addition, CYCLOSA meets scalability as it is fully decentralized, spreading the load for distributing fake queries among other nodes. Finally, CYCLOSA achieves accuracy of Web search as it handles the real query and the fake queries separately, in contrast to other existing solutions that mix fake and real query results.

show abstract

Section: ) Enforcing Unlinkabilitymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

CYCLOSA: Decentralizing Private Web Search through SGX-Based Browser Extensions

Goltzsche

Pires

Mokhtar

et al. 2018

2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS)

Self Cite

View full text Add to dashboard Cite

show abstract

“…ese approaches generally operate by sending fake queries (also called dummy queries) on behalf of the user. It has been shown [31], however, that the external resources used for generating fake queries (e.g., RSS feeds, dictionaries) makes it possible for search engines to easily distinguish fake from real tra c. Combination of unlinkability and indistinguishability has also been proposed in the literature, yet the only existing solution that we are aware of (PEAS [32]) assumes a weak adversarial model of non-colluding proxy servers. e last category of solutions are those enabling private information retrieval (PIR), e.g., [24,28]).…”

Section: Introductionmentioning

confidence: 99%

X-search

Mokhtar

Boutet

Felber

et al. 2017

Proceedings of the 18th ACM/IFIP/USENIX Middleware Conference

Self Cite

View full text Add to dashboard Cite

e exploitation of user search queries by search engines is at the heart of their economic model. As consequence, o ering private Web search functionalities is essential to the users who care about their privacy. Nowadays, there exists no satisfactory approach to enable users to access search engines in a privacy-preserving way. Existing solutions are either too costly due to the heavy use of cryptographic mechanisms (e.g., private information retrieval protocols), subject to a acks (e.g., Tor, TrackMeNot, GooPIR) or rely on weak adversarial models (e.g., PEAS). is paper introduces X S , a novel private Web search mechanism building on the disruptive So ware Guard Extensions (SGX) proposed by Intel. We compare X S to its closest competitors, Tor and PEAS, using a dataset of real web search queries. Our evaluation shows that: (1) X S o ers stronger privacy guarantees than its competitors as it operates under a stronger adversarial model; (2) it be er resists state-of-the-art re-identi cation a acks; and (3) from the performance perspective, X S outperforms its competitors both in terms of latency and throughput by orders of magnitude.

show abstract

“…The quantity ψ D (w|a k ) in the expression for the PRI estimator, (32), is problematic when the adverts a k on page k do not contain any of the topic keywords in dictionary D i.e. when a k = ∅, indicating there is no detectable evidence of a particular topic.…”

Section: B Tuning the Pri Estimatormentioning

confidence: 99%

“…The importance of background information in user profiling is explored in [32]. Here a similarity metric measuring distance between known background information about a user, given by query history, and subsequent queries is shown to identify 45.3% of TrackMeNot and 51.6% of GooPIR queries.…”

Section: Related Workmentioning

confidence: 99%

Plausible Deniability in Web Search—From Detection to Assessment

Aonghusa

Leith

2018

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Abstract-Web personalisation uses what systems know about us to create content targeted at our interests. When unwanted personalisation suggests we are interested in sensitive or embarrassing topics a natural reaction is to deny interest. This is a practical response only if denial of our interest is credible or plausible. Adopting a definition of plausible deniability in the usual sense of "on the balance of probabilities", we develop a practical and scalable tool called PDE allowing a user to decide when their ability to plausibly deny interest in sensitive topics is compromised. We show that threats to plausible deniability are readily detectable for all topics tested in an extensive testing program. Of particular concern is observation of threats to deniability of interest in topics related to health and sexual preferences. We show this remains the case when attempting to disrupt search engine learning through noise query injection and click obfuscation. We design a defence technique exploiting uninteresting, proxy topics and show that it provides a more effective defence of plausible deniability in our experiments.

show abstract

SimAttack: private web search under fire

Cited by 20 publications

References 21 publications

CYCLOSA: Decentralizing Private Web Search through SGX-Based Browser Extensions

CYCLOSA: Decentralizing Private Web Search through SGX-Based Browser Extensions

X-search

Plausible Deniability in Web Search—From Detection to Assessment

Contact Info

Product

Resources

About