A Survey of Alerting Websites: Risks and Solutions

Amrit Kumar 1 Cédric Lauradoux 1
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : In the recent years an incredible amount of data has been leaked from major websites such as Adobe, Snapchat and LinkedIn. There are hundreds of millions of usernames, email addresses, passwords, telephone numbers and credit card details in the wild. The aftermath of these breaches is the rise of alerting websites such as haveibeenpwned.com, which let users verify if their accounts have been compromised. Unfortunately, these seemingly innocuous websites can be easily turned into phishing tools. In this work, we provide a comprehensive study of the most popular ones. Our study exposes the associated privacy risks and evaluates existing solutions towards designing privacy-friendly alerting websites. In particular, we study three solutions: private set intersection, private set intersection cardinality and private information retrieval adapted to membership testing. Finally, we investigate the practicality of these solutions with respect to real world database leakages.
Type de document :
Communication dans un congrès
IFIP SEC, May 2015, Hamburg, Germany. IFIP SEC, 455, pp.126-141, 2015, Chapter ICT Systems Security and Privacy Protection of the series IFIP Advances in Information and Communication Technology. 〈10.1007/978-3-319-18467-8_9〉
Liste complète des métadonnées

Littérature citée [29 références]  Voir  Masquer  Télécharger

https://hal.archives-ouvertes.fr/hal-01199703
Contributeur : Amrit Kumar <>
Soumis le : mardi 15 septembre 2015 - 20:14:26
Dernière modification le : mercredi 13 juillet 2016 - 14:33:07
Document(s) archivé(s) le : mardi 29 décembre 2015 - 07:23:40

Fichier

ifipsec15.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Amrit Kumar, Cédric Lauradoux. A Survey of Alerting Websites: Risks and Solutions. IFIP SEC, May 2015, Hamburg, Germany. IFIP SEC, 455, pp.126-141, 2015, Chapter ICT Systems Security and Privacy Protection of the series IFIP Advances in Information and Communication Technology. 〈10.1007/978-3-319-18467-8_9〉. 〈hal-01199703〉

Partager

Métriques

Consultations de
la notice

257

Téléchargements du document

224