Private Information Disclosure from Web Searches. The case of Google Web History - Computer Science > Cryptography and SecurityReportar como inadecuado




Private Information Disclosure from Web Searches. The case of Google Web History - Computer Science > Cryptography and Security - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

Abstract: As the amount of personal information stored at remote service providersincreases, so does the danger of data theft. When connections to remoteservices are made in the clear and authenticated sessions are kept using HTTPcookies, data theft becomes extremely easy to achieve. In this paper, we studythe architecture of the world-s largest service provider, i.e., Google. First,with the exception of a few services that can only be accessed over HTTPSe.g., Gmail, we find that many Google services are still vulnerable to simplesession hijacking. Next, we present the Historiographer, a novel attack thatreconstructs the web search history of Google users, i.e., Google-s WebHistory, even though such a service is supposedly protected from sessionhijacking by a stricter access control policy. The Historiographer uses areconstruction technique inferring search history from the personalizedsuggestions fed by the Google search engine. We validate our technique throughexperiments conducted over real network traffic and discuss possiblecountermeasures. Our attacks are general and not only specific to Google, andhighlight privacy concerns of mixed architectures using both secure andinsecure connections.



Autor: Claude Castelluccia, Emiliano De Cristofaro, Daniele Perito

Fuente: https://arxiv.org/







Documentos relacionados