A Survey of Alerting Websites: Risks and Solutions

Amrit Kumar 1 Cédric Lauradoux 1
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : In the recent years an incredible amount of data has been leaked from major websites such as Adobe, Snapchat and LinkedIn. There are hundreds of millions of usernames, email addresses, passwords, telephone numbers and credit card details in the wild. The aftermath of these breaches is the rise of alerting websites such as haveibeenpwned.com, which let users verify if their accounts have been compromised. Unfortunately, these seemingly innocuous websites can be easily turned into phishing tools. In this work, we provide a comprehensive study of the most popular ones. Our study exposes the associated privacy risks and evaluates existing solutions towards designing privacy-friendly alerting websites. In particular, we study three solutions: private set intersection, private set intersection cardinality and private information retrieval adapted to membership testing. Finally, we investigate the practicality of these solutions with respect to real world database leakages.
Document type :
Conference papers
Complete list of metadatas

Cited literature [29 references]  Display  Hide  Download

https://hal.archives-ouvertes.fr/hal-01199703
Contributor : Amrit Kumar <>
Submitted on : Tuesday, September 15, 2015 - 8:14:26 PM
Last modification on : Wednesday, November 20, 2019 - 7:53:35 AM
Long-term archiving on: Tuesday, December 29, 2015 - 7:23:40 AM

File

ifipsec15.pdf
Files produced by the author(s)

Identifiers

Citation

Amrit Kumar, Cédric Lauradoux. A Survey of Alerting Websites: Risks and Solutions. IFIP SEC, May 2015, Hamburg, Germany. pp.126-141, ⟨10.1007/978-3-319-18467-8_9⟩. ⟨hal-01199703⟩

Share

Metrics

Record views

399

Files downloads

516