A practical attack to de-anonymize social network users

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2010, Pages 223-238

  Wondracek, Gilbert ^a   Holz, Thorsten ^a   Kirda, Engin ^b   Kruegel, Christopher ^c  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

^b EURECOM   (France)

^c UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANONYMIZATION; BUSINESS RELATIONSHIPS; EMPIRICAL MEASUREMENT; EXPONENTIAL GROWTH RATES; FACEBOOK; GROUP MEMBERSHIPS; SOCIAL NETWORKING; SOCIAL NETWORKING SITES; SOCIAL NETWORKS;

WORLD WIDE WEB;

SOCIAL NETWORKING (ONLINE);

EID: 77955214796     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2010.21     Document Type: Conference Paper

References (35)

1. Alexa, "Top 500 Global Sites," http://www.alexa.com/ topsites, 2009.
2. "Facebook," http://www.facebook.com, 2009.
3. L. Backstrom, C. Dwork, and J. Kleinberg, "Wherefore Art Thou R3579X?: Anonymized Social Networks, Hidden Patterns, and Structural Steganography," in 16th Conference on World Wide Web (WWW'07), 2007.
4. M. Chew, D. Balfanz, and B. Laurie, "(Under)mining Privacy in Social Networks," in Proceedings of Web 2.0 Security and Privacy Workshop (W2SP), 2008.
5. A. Narayanan and V. Shmatikov, "De-anonymizing social networks," in IEEE Symposium on Security and Privacy, 2009.
6. E. Zheleva and L. Getoor, "To Join or Not To Join: The Illusion of Privacy in Social Networks with Mixed Public and Private User Profiles," in 18th International Conference on World Wide Web (WWW), 2009.
7. EFF, "Panopticlick: How Unique - and Trackable - is Your Browser?" http://panopticlick.eff.org/, 2010.
8. C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell, "Protecting Browser State From Web Privacy Attacks," in 15th International Conference on World Wide Web (WWW), 2006.
9. M. Jakobsson and S. Stamm, "Invasive Browser Sniffing and Countermeasures," in 15th International World Wide Web Conference, 2006.
10. V. Griffith and M. Jakobsson, "Messin' with Texas, Deriving Mother's Maiden Names using Public Records," in Third Conference on Applied Cryptography and Network Security (ACNS), June 2005.
11. A. Narayanan and V. Shmatikov, "Robust De-anonymization of Large Sparse Datasets," in IEEE Symposium on Security and Privacy, 2008.
12. J. Ruderman, "CSS on a:visited can load an image and/or reveal if visitor been to a site," https://bugzilla.mozilla.org/ show-bug.cgi?id= 57351,2000.
13. D. Baron, ":visited support allows queries into global history," https://bugzilla.mozilla.org/show-bug.cgi7id-147777, 2002.
14. Z. Braniecki, "CSS allows to check history via : visited," https: //bugzilla.mozilla.org/show-bug.cgi?id=224954, 2003.
15. T. N. Jagatic, N. A. Johnson, M. Jakobsson, and F. Menczer, "Social phishing," Commun. ACM, vol. 50, no. 10, pp. 94-100, 2007.
16. R. Dingledine, N. Mathewson, and P. F. Syverson, "Tor: The Second-Generation Onion Router," in USENIX Security Symposium, 2004.
17. U.S. Census Bureau, "Frequently Occurring Names and Surnames," http://www.census.gov/genealogy/www, 2009.
18. M. Jakobsson, P. Finn, and N. Johnson, "Why and How to Perform Fraud Experiments," Security & Privacy, IEEE, vol. 6, no. 2, pp. 66-68, March-April 2008.
19. M. Jakobsson and J. Ratkiewicz, "Designing ethical phishing experiments: a study of (ROT13) rOnl query features," in 15th International Conference on World Wide Web (WWW), 2006.
20. "LinkedIn," http://www.linkedin.com, 2009.
21. Computational Crawling LP, "801egs," http://www.801egs. com, 2009.
22. M. Jakobsson and S. Stamm, "Web Camouflage: Protecting Your Clients from Browser-Sniffing Attacks," IEEE Security and Privacy, vol. 5, no. 6, 2007.
23. G. Maone, "NoScript," https://addons.mozilla.org/de/flrefox/ addon/722, 2009.
24. J. Mainusch, "De-De-Anonymizing in Four Days," http: //blog.xing.com/2010/02de-de-anonymizing- in- four- days/, 2010.
25. R. Pang, M. Allman, V. Paxson, and J. Lee, "The Devil and Packet Trace Anonymization," SIGCOMM Comput. Commun. Rev., vol. 36, no. 1, 2006.
26. S. Coulis, C. Wright, F. Monrose, M. Collins, and M. Reiter, "Playing Devil's Advocate: Inferring Sensitive Information from Anonymized Traces," in Symposium on Network and Distributed Systems Security (NDSS), 2007.
27. R. Heatherly, M. Kantarcioglu, and B. Thuraisingham, "Preventing Private Information Inference Attacks on Social Networks," University of Texas at Dallas, Tech. Rep. UTDCS03-09, 2009.
28. A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, and B. Bhattacharjee, "Measurement and Analysis of Online Social Networks," in 7th ACM SIGCOMM Internet Measurement Conference (IMC), 2007.
29. J. Bonneau and S. Preibusch, "The Privacy Jungle: On the Market for Privacy in Social Networks," in Eighth Workshop on the Economics of Information Security (WEIS), 2009.
30. G. Brown, T. Howe, M. Ihbe, A. Prakash, and K. Borders, "Social networks and context-aware spam," in ACM 2008 Conference on Computer Supported Cooperative Work (CSCW), 2008.
31. L. Bilge, T. Strafe, D. Balzarotti, and E. Kirda, "All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks," in 18th International Conference on World Wide Web (WWW), 2009.
32. B. E. Ur and V. Ganapathy, "Evaluating Attack Amplification in Online Social Networks," in Web 2.0 Securit and Privacy, 2009.
33. E. W. Felten and M. A. Schneider, "Timing Attacks on Web Privacy," in 7th ACM Conference on Computer and Communications Security (CCS), 2000.
34. A. Bortz and D. Boneh, "Exposing Private Information by Timing Web Applications," in 16th International Conference on World Wide Web (WWW), 2007.
35. C. Diaz, C. Troncoso, and A. Serjantov, "On the Impact of Social Network Profiling on Anonymity," in 8th International Symposium on Privacy Enhancing Technologies (PETS), 2008.