research-article

You cannot hide for long: de-anonymization of real-world dynamic behaviour

Authors:

George Danezis,

Carmela TroncosoAuthors Info & Claims

WPES '13: Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society

Pages 49 - 60

https://doi.org/10.1145/2517840.2517846

Published: 04 November 2013 Publication History

Abstract

Disclosure attacks against anonymization systems have traditionally assumed that users exhibit stable patterns of communications in the long term. We use datasets of real traffic to show that this assumption does not hold: usage patterns email, mailing lists, and location-based services are dynamic in nature. We introduce the sequential statistical disclosure technique, which explicitly takes into account the evolution of user behavior over time and outperforms traditional profiling techniques, both at detection and quantification of rates of actions. Our results demonstrate that despite the changing patterns of use: low sending rates to specific receivers are still detectable, surprisingly short periods of observation are sufficient to make inferences about users' behaviour, and the characteristics of real behaviour allows for inferences even in secure system configurations.

References

[1]

Dakshi Agrawal and Dogan Kesdogan. Measuring anonymity: The disclosure attack. IEEE Security & Privacy, 1(6):27--34, 2003.

Digital Library

[2]

Oliver Berthold, Andreas Pfitzmann, and Ronny Standtke. The disadvantages of free mix routes and how to overcome them. In Hannes Federrath, editor, Workshop on Design Issues in Anonymity and Unobservability, volume 2009 of Lecture Notes in Computer Science, pages 30--45. Springer, 2000.

Digital Library

[3]

Nikita Borisov and Ian Goldberg, editors. Privacy Enhancing Technologies, 8th International Symposium, PETS 2008, Leuven, Belgium, July 23--25, 2008, Proceedings, volume 5134 of Lecture Notes in Computer Science. Springer, 2008.

Digital Library

[4]

David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM, 24(2):84--88, 1981.

Digital Library

[5]

Peter Chien and Dan Boneh. Privately calculating location statistics. On-line at http://crypto. stanford.edu/locpriv/privstats/index.php, 2011.

[6]

George Danezis. Statistical disclosure attacks. In Dimitris Gritzalis, Sabrina De Capitani di Vimercati, Pierangela Samarati, and Sokratis K. Katsikas, editors, SEC, volume 250 of IFIP Conference Proceedings, pages 421--426. Kluwer, 2003.

[7]

George Danezis, Roger Dingledine, and Nick Mathewson. Mixminion: Design of a type iii anonymous remailer protocol. In IEEE Symposium on Security and Privacy, pages 2--15. IEEE Computer Society, 2003.

Digital Library

[8]

George Danezis and Carmela Troncoso. Vida: How to use bayesian inference to de-anonymize persistent communications. In Ian Goldberg and Mikhail J. Atallah, editors, Privacy Enhancing Technologies, volume 5672 of Lecture Notes in Computer Science, pages 56--72. Springer, 2009.

Digital Library

[9]

Claudia Diaz, Carmela Troncoso, and Andrei Serjantov. On the impact of social network profiling on anonymity. In Borisov and Goldberg {3}, pages 44--62.

Digital Library

[10]

Roger Dingledine, Nick Mathewson, and Paul F. Syverson. Tor: The second-generation onion router. In USENIX Security Symposium, pages 303--320. USENIX, 2004.

Digital Library

[11]

Morris Dworkin. Cryptographic protocols of the identity mixer library, v. 2.3.0. IBM research report RZ3730, IBM Research, 2010. http://domino.research.ibm.com/library/cyberdig.nsf/index.html.

[12]

David M. Goldschlag, Michael G. Reed, and Paul F. Syverson. Hiding routing information. In Ross J. Anderson, editor, Information Hiding, volume 1174 of Lecture Notes in Computer Science, pages 137--150. Springer, 1996.

Digital Library

[13]

Philippe Golle. Revisiting the uniqueness of simple demographics in the us population. In Proceedings of the 5th ACM workshop on Privacy in electronic society, pages 77--80. ACM, 2006.

Digital Library

[14]

Louis C. Guillou and Jean-Jacques Quisquater, editors. Advances in Cryptology - EUROCRYPT '95, International Conference on the Theory and Application of Cryptographic Techniques, Saint-Malo, France, May 21--25, 1995, Proceeding, volume 921 of Lecture Notes in Computer Science. Springer, 1995.

Digital Library

[15]

Dogan Kesdogan, Dakshi Agrawal, Dang Vinh Pham, and Dieter Rautenbach. Fundamental limits on the anonymity provided by the mix technique. In IEEE Symposium on Security and Privacy, pages 86--99. IEEE Computer Society, 2006.

Digital Library

[16]

Dogan Kesdogan and Lexi Pimenidis. The hitting set attack on anonymity protocols. In Jessica J. Fridrich, editor, Information Hiding, volume 3200 of Lecture Notes in Computer Science, pages 326--339. Springer, 2004.

Digital Library

[17]

Simon Maskell and Neil Gordon. A tutorial on particle filters for on-line nonlinear/non-gaussian bayesian tracking. In Target Tracking: Algorithms and Applications (Ref. No. 2001/174), IEE, pages 2--1. IET, 2001.

[18]

Nick Mathewson and Roger Dingledine. Practical traffic analysis: Extending and resisting statistical disclosure. In David Martin and Andrei Serjantov, editors, Privacy Enhancing Technologies, volume 3424 of Lecture Notes in Computer Science, pages 17--34. Springer, 2004.

Digital Library

[19]

Arvind Narayanan and Vitaly Shmatikov. Robust de-anonymization of large sparse datasets. In IEEE Symposium on Security and Privacy, pages 111--125. IEEE Computer Society, 2008.

Digital Library

[20]

Arvind Narayanan and Vitaly Shmatikov. De-anonymizing social networks. In IEEE Symposium on Security and Privacy, pages 173{187. IEEE Computer Society, 2009.

Digital Library

[21]

Fernando Perez-Gonzalez and Carmela Troncoso. Understanding statistical disclosure: A least squares approach. In Simone Fischer-Hubner and Matthew Wright, editors, Privacy Enhancing Technologies, volume 7384 of Lecture Notes in Computer Science, pages 38{57. Springer, 2012.

Digital Library

[22]

Dang Vinh Pham, Joss Wright, and Dogan Kesdogan. A practical complexity-theoretic analysis of mix systems. In Vijay Atluri and Claudia Diaz, editors, ESORICS, volume 6879 of Lecture Notes in Computer Science, pages 508{527. Springer, 2011.

Digital Library

[23]

Branko Ristic, Sanjeev Arulampalam, and Neil Gordon. Beyond the Kalman filter: Particle filters for tracking applications. Artech House Publishers, 2004.

[24]

Latanya Sweeney. Simple demographics often identify people uniquely. Health (San Francisco), pages 1--34, 2000.

[25]

The 23rd Raccoon. How i learned to stop ph34ring nsa and love the base rate fallacy. The Tor project email archive. URL: http://archives.seul.org/or/dev/Sep-2008/msg00016.html, September 28 2008.

[26]

Carmela Troncoso, Benedikt Gierlichs, Bart Preneel, and Ingrid Verbauwhede. Perfect matching disclosure attacks. In Borisov and Goldberg {3}, pages 2--23.

Digital Library

[27]

Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel. A practical attack to de-anonymize social network users. In IEEE Symposium on Security and Privacy, pages 223--238. IEEE Computer Society, 2010.

Digital Library

Cited By

Nunes VBrás JCarvalho ABarradas DGallagher KSantos N(2023)Enhancing the Unlinkability of Circuit-Based Anonymous Communications with k-FunnelsProceedings of the ACM on Networking10.1145/36291401:CoNEXT3(1-26)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3629140
Ohka TMatsumoto SIchino MYoshiura H(2020)Time-aware multi-resolutional approach to re-identifying location histories by using social networks2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)10.1109/QRS-C51114.2020.00038(176-183)Online publication date: Dec-2020
https://doi.org/10.1109/QRS-C51114.2020.00038
Hanley HSun YWagh SMittal P(2019)DPSelect: A Differential Privacy Based Guard Relay Selection Algorithm for TorProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00252019:2(166-186)Online publication date: 4-May-2019
https://doi.org/10.2478/popets-2019-0025
Show More Cited By

Index Terms

You cannot hide for long: de-anonymization of real-world dynamic behaviour
1. Social and professional topics
  1. Computing / technology policy

Recommendations

A Survey on Privacy Preserving Dynamic Data Publishing

Many organizations, especially small and medium business SMB enterprises require the collection and sharing of data containing personal information. The privacy of this data must be preserved before outsourcing to the commercial public. Privacy ...
IMR based Anonymization for Privacy Preservation in Data Mining
KMO '16: Proceedings of the The 11th International Knowledge Management in Organizations Conference on The changing face of Knowledge Management Impacting Society

Privacy Preserving Data Mining (PPDM) is a data mining research area that aims to protect individual's personal information from unsolicited or unauthorized disclosure. Privacy relates to personal information that a person would not wish others to know ...
Preservation of proximity privacy in publishing numerical sensitive data
SIGMOD '08: Proceedings of the 2008 ACM SIGMOD international conference on Management of data

We identify proximity breach as a privacy threat specific to numerical sensitive attributes in anonymized data publication. Such breach occurs when an adversary concludes with high confidence that the sensitive value of a victim individual must fall in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WPES '13: Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society

November 2013

306 pages

ISBN:9781450324854

DOI:10.1145/2517840

General Chair:
Ahmad-Reza Sadeghi
TU-Darmstadt & Fraunhofer SIT & Intel ICRI-SC, Germany
,
Program Chair:
Sara Foresti
Università degli Studi di Milano, Italy

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'13

Sponsor:

SIGSAC

CCS'13: 2013 ACM SIGSAC Conference on Computer and Communications Security

November 4, 2013

Berlin, Germany

Acceptance Rates

WPES '13 Paper Acceptance Rate 30 of 103 submissions, 29%;

Overall Acceptance Rate 106 of 355 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
290
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Nunes VBrás JCarvalho ABarradas DGallagher KSantos N(2023)Enhancing the Unlinkability of Circuit-Based Anonymous Communications with k-FunnelsProceedings of the ACM on Networking10.1145/36291401:CoNEXT3(1-26)Online publication date: 28-Nov-2023
https://dl.acm.org/doi/10.1145/3629140
Ohka TMatsumoto SIchino MYoshiura H(2020)Time-aware multi-resolutional approach to re-identifying location histories by using social networks2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)10.1109/QRS-C51114.2020.00038(176-183)Online publication date: Dec-2020
https://doi.org/10.1109/QRS-C51114.2020.00038
Hanley HSun YWagh SMittal P(2019)DPSelect: A Differential Privacy Based Guard Relay Selection Algorithm for TorProceedings on Privacy Enhancing Technologies10.2478/popets-2019-00252019:2(166-186)Online publication date: 4-May-2019
https://doi.org/10.2478/popets-2019-0025
hashimoto EIchino MYoshiura H(2019)A Re-Identification Strategy Using Machine Learning that Exploits Better Side Data2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST)10.1109/ICAwST.2019.8923378(1-8)Online publication date: Oct-2019
https://doi.org/10.1109/ICAwST.2019.8923378
Yoshiura H(2019)Re-identifying people from anonymous histories of their activities2019 IEEE 10th International Conference on Awareness Science and Technology (iCAST)10.1109/ICAwST.2019.8923333(1-5)Online publication date: Oct-2019
https://doi.org/10.1109/ICAwST.2019.8923333
Wails RSun YJohnson AChiang MMittal P(2018)Tempest: Temporal Dynamics in Anonymity SystemsProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00192018:3(22-42)Online publication date: 28-Apr-2018
https://doi.org/10.1515/popets-2018-0019
Jung THan JLi X(2018)PDA: Semantically Secure Time-Series Data Analytics with Dynamic User GroupsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2016.257703415:2(260-274)Online publication date: 1-Mar-2018
https://doi.org/10.1109/TDSC.2016.2577034
Grube TDaubert JMuhlhauser M(2018)Asymmetric DCnets for Effective and Efficient Sender Anonymity2018 IEEE Global Communications Conference (GLOBECOM)10.1109/GLOCOM.2018.8647607(1-7)Online publication date: Dec-2018
https://doi.org/10.1109/GLOCOM.2018.8647607
Al-Azizy DMillard DSymeonidis IO’Hara KShadbolt N(2016)A Literature Survey and Classifications on Data DeanonymisationRisks and Security of Internet and Systems10.1007/978-3-319-31811-0_3(36-51)Online publication date: 2-Apr-2016
https://doi.org/10.1007/978-3-319-31811-0_3
Jung TLi X(2015)Enabling privacy-preserving auctions in big data2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFCOMW.2015.7179380(173-178)Online publication date: Apr-2015
https://doi.org/10.1109/INFCOMW.2015.7179380
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents