Project 1: A Framework for Web Privacy
Internet users reasonably expect their online identities and web browsing activities to remain private. Unfortunately, this is far from the case in practice; in reality, users are constantly tracked on the internet. As web tracking technologies become more sophisticated and pervasive, there is an urgent need to understand and quantify web users' privacy risks. In this project we address this problem by considering online fingerprinting attacks as well as offline social network de-anonymization (graph matching attacks).
Offline Social Network De-anonymization Attacks
Online Fingerprinting Attacks
In this project, we develop a new mathematical formulation for the problem of de-anonymizing internet users by actively querying their membership in social network groups. In social network de-anonymization, it is assumed that an anonymous victim visits an attacker’s website, and the attacker uses the victim’s browser history to query her social media activity to find the victim's real-world identity. The objective is to use the minimum number of queries possible to de-anonymize the user. In our stochastic model of the problem, the attacker has partial prior knowledge of the group membership graph and receives noisy responses to its queries. A new information theoretic framework for the design and analysis of de-anonymization algorithms is developed and several new attack strategies are proposed which operate under different de-anonymization scenarios. It is shown that the new strategies achieve optimal performance under certain statistical models.