research-article

Free access

Mosaic: quantifying privacy leakage in mobile networks

Authors:

Marios Iliofotou,

Aleksandar KuzmanovicAuthors Info & Claims

SIGCOMM '13: Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM

Pages 279 - 290

https://doi.org/10.1145/2486001.2486008

Published: 27 August 2013 Publication History

Abstract

With the proliferation of online social networking (OSN) and mobile devices, preserving user privacy has become a great challenge. While prior studies have directly focused on OSN services, we call attention to the privacy leakage in mobile network data. This concern is motivated by two factors. First, the prevalence of OSN usage leaves identifiable digital footprints that can be traced back to users in the real-world. Second, the association between users and their mobile devices makes it easier to associate traffic to its owners. These pose a serious threat to user privacy as they enable an adversary to attribute significant portions of data traffic including the ones with NO identity leaks to network users' true identities. To demonstrate its feasibility, we develop the Tessellation methodology. By applying Tessellation on traffic from a cellular service provider (CSP), we show that up to 50% of the traffic can be attributed to the names of users. In addition to revealing the user identity, the reconstructed profile, dubbed as "mosaic," associates personal information such as political views, browsing habits, and favorite apps to the users. We conclude by discussing approaches for preventing and mitigating the alarming leakage of sensitive user information.

References

[1]

L. Backstrom, C. Dwork, and J. Kleinberg. Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In World Wide Web (WWW), May 2007.

Digital Library

[2]

R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online social network with user-defined privacy. In SIGCOMM, Aug 2009.

Digital Library

[3]

M. Balakrishnan, I. Mohomed, and V. Ramasubramanian. Where's that phone?: geolocating ip addresses on 3g networks. In IMC, Nov 2009.

Digital Library

[4]

S. M. Bellovin. A technique for counting natted hosts. In ACM SIGCOMM Workshop on Internet measurment, Nov 2002.

Digital Library

[5]

E. D. Hardt. The oauth 2.0 authorization framework, ietf rfc 6749, 2012. http://tools.ietf.org/html/rfc6749.

[6]

Ericsson. Traffic and market data report, Nov 2011. http://www.ericsson.com/res/investors/docs/2011/cmd/traffic\_and\_market\_data\\\_report\_111107.pdf.

[7]

H. Falaki, D. Lymberopoulos, R. Mahajan, S. Kandula, and D. Estrin. A first look at traffic on smartphones. In IMC, Nov 2010.

Digital Library

[8]

L. Fang and K. LeFevre. Privacy wizards for social networking sites. In World Wide Web (WWW), Apr 2010.

Digital Library

[9]

S. Guha, K. Tang, and P. Francis. NOYB: Privacy in Online Social Networks. In WOSN, Jun 2008.

Digital Library

[10]

K. M. Hendrik Schulze. Internet study 2008/2009, ipoque. http://www.ipoque.com/sites/default/files/mediafiles/documents/internet-study-2008--2009.pdf.

[11]

D. Irani, S. Webb, K. Li, and C. Pu. Modeling unintended personal-information leakage from multiple online social networks. IEEE Internet Computing, pages 13--19, 2011.

Digital Library

[12]

R. Keralapura, A. Nucci, Z. Zhang, and L. Gao. Profiling users in a 3g network using hourglass co-clustering. In MOBICOM, Sep 2010.

Digital Library

[13]

B. Krishnamurthy, K. Naryshkin, and C. Wills. Privacy leakage vs. Protection measures: the growing disconnect. In W2SP, May 2011.

[14]

B. Krishnamurthy and C. Wills. Characterizing privacy in online social networks. In WOSN, Jun 2008.

Digital Library

[15]

B. Krishnamurthy and C. Wills. On the leakage of personally identifiable information via online social networks. In WOSN, Aug 2009.

Digital Library

[16]

B. Krishnamurthy and C. Wills. Privacy diffusion on the web: a longitudinal perspective. In World Wide Web (WWW), Apr 2009.

Digital Library

[17]

F. Lardinois. PleaseRobMe and the Dangers of Location-Based Social Networks. ReadWriteWeb, Feb 2011.

[18]

Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A. Mislove. Analyzing facebook privacy settings: user expectations vs. reality. In IMC, Nov 2011.

Digital Library

[19]

S. Mudhakar and M. Hicks. Deanonymizing mobility traces: Using social networks as a side-channel. In CCS, Oct 2012.

[20]

C. Mulliner. Privacy leaks in mobile phone internet access. In Intelligence in Next Generation Networks (ICIN), Oct 2010.

[21]

A. Narayanan and V. Shmatikov. De-anonymizing Social Networks. In IEEE Security and Privacy (S&P), 2009.

Digital Library

[22]

Netresec. Publicly available PCAP files. http://www.netresec.com/?page=PcapFiles.

[23]

K. Nohl. Wideband GSM sniffing. In The 27th Chaos Communication Congress, Dec 2010.

[24]

K. Nohl. Defending mobile phones. In The 28th Chaos Communication Congress, Dec 2011.

[25]

OpenID Foundation. Openid authentication 2.0, Dec 2007. http://openid.net/specs/openid-authentication-2\_0.html.

[26]

C. Riederer, V. Erramilli, A. Chaintreau, and P. Rodriguez. For sale: Your Data By: You. In ACM HotNets, Nov 2011.

Digital Library

[27]

C. Rigney. Remote authentication dial in user service (radius), ietf rfc 2866, 2000.

[28]

C. Rigney, S. Willens, A. Rubens, and W. Simpson. Radius accounting, ietf rfc 2865, 2000.

[29]

I. Trestian, S. Ranjan, A. Kuzmanovic, and A. Nucci. Googling the internet: Profiling internet endpoints via the world wide web. IEEE/ACM Transactions on Networking (TON), 18(2):666--679, 2010.

Digital Library

[30]

Y. Xie, F. Yu, and M. Abadi. De-anonymizing the Internet Using Unreliable IDs. In SIGCOMM, Aug 2009.

Digital Library

[31]

Q. Xu, J. Erman, A. Gerber, Z. Mao, J. Pang, and S. Venkataraman. Identifying Diverse Usage Behaviors of Smartphone Apps. In IMC, Nov 2011.

Digital Library

Cited By

Xiao YZhao YLin SKuzmanovic A(2024)Snatch: Online Streaming Analytics at the Network EdgeProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3629577(349-369)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3629577
Maddikunta PPham QNguyen DHuynh-The TAouedi OYenduri GBhattacharya SGadekallu T(2022)Incentive techniques for the Internet of ThingsJournal of Network and Computer Applications10.1016/j.jnca.2022.103464206:COnline publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1016/j.jnca.2022.103464
Yan HFu HLi YLin TWang GZheng HJin DZhao B(2021)On Migratory Behavior in Video ConsumptionIEEE Transactions on Network and Service Management10.1109/TNSM.2020.304346718:2(1775-1788)Online publication date: Jun-2021
https://doi.org/10.1109/TNSM.2020.3043467
Show More Cited By

Index Terms

Mosaic: quantifying privacy leakage in mobile networks
1. Security and privacy
  1. Network security

Recommendations

Mosaic: quantifying privacy leakage in mobile networks

With the proliferation of online social networking (OSN) and mobile devices, preserving user privacy has become a great challenge. While prior studies have directly focused on OSN services, we call attention to the privacy leakage in mobile network data...
Leveraging Social Feedback to Verify Online Identity Claims

Anonymity is one of the main virtues of the Internet, as it protects privacy and enables users to express opinions more freely. However, anonymity hinders the assessment of the veracity of assertions that online users make about their identity ...
Anti-cloning protocol suitable to EPCglobal Class-1 Generation-2 RFID systems

Radio frequency Identification (RFID) systems are used to identify remote objects equipped with RFID tags by wireless scanning without manual intervention. Recently, EPCglobal proposed the Electronic Product Code (EPC) that is a coding scheme considered ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGCOMM '13: Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM

August 2013

580 pages

ISBN:9781450320566

DOI:10.1145/2486001

General Chairs:
Dah Ming Chiu
Chinese University of Hong Kong, China
,
Jia Wang
AT&T Labs - Research, USA
,
Program Chairs:
Paul Barford
University of Wisconsin, USA
,
Srinivasan Seshan
Carnegie Mellon University, USA

ACM SIGCOMM Computer Communication Review Volume 43, Issue 4
October 2013
595 pages
ISSN:0146-4833
DOI:10.1145/2534169
Issue’s Table of Contents

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 August 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGCOMM'13

Sponsor:

SIGCOMM

SIGCOMM'13: ACM SIGCOMM 2013 Conference

August 12 - 16, 2013

Hong Kong, China

Acceptance Rates

SIGCOMM '13 Paper Acceptance Rate 38 of 246 submissions, 15%;

Overall Acceptance Rate 462 of 3,389 submissions, 14%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

44
Total Citations
View Citations
1,219
Total Downloads

Downloads (Last 12 months)229
Downloads (Last 6 weeks)47

Reflects downloads up to 14 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Xiao YZhao YLin SKuzmanovic A(2024)Snatch: Online Streaming Analytics at the Network EdgeProceedings of the Nineteenth European Conference on Computer Systems10.1145/3627703.3629577(349-369)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3627703.3629577
Maddikunta PPham QNguyen DHuynh-The TAouedi OYenduri GBhattacharya SGadekallu T(2022)Incentive techniques for the Internet of ThingsJournal of Network and Computer Applications10.1016/j.jnca.2022.103464206:COnline publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1016/j.jnca.2022.103464
Yan HFu HLi YLin TWang GZheng HJin DZhao B(2021)On Migratory Behavior in Video ConsumptionIEEE Transactions on Network and Service Management10.1109/TNSM.2020.304346718:2(1775-1788)Online publication date: Jun-2021
https://doi.org/10.1109/TNSM.2020.3043467
Wang HGao CLi YZhang ZJin D(2020)Revealing Physical World Privacy Leakage by Cyberspace Cookie LogsIEEE Transactions on Network and Service Management10.1109/TNSM.2020.301333517:4(2550-2566)Online publication date: Dec-2020
https://doi.org/10.1109/TNSM.2020.3013335
Mohajeri Moghaddam HAcar GBurgess BMathur AHuang DFeamster NFelten EMittal PNarayanan ACavallaro LKinder JWang XKatz J(2019)Watching You WatchProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3354198(131-147)Online publication date: 6-Nov-2019
https://dl.acm.org/doi/10.1145/3319535.3354198
Chen SZhao SHan BWang X(2019)Investigating and Revealing Privacy Leaks in Mobile Application Traffic2019 Wireless Days (WD)10.1109/WD.2019.8734246(1-4)Online publication date: Apr-2019
https://doi.org/10.1109/WD.2019.8734246
Ma YWu YGe JLi J(2018)An Architecture for Accountable Anonymous Access in the Internet-of-Things NetworkIEEE Access10.1109/ACCESS.2018.28064836(14451-14461)Online publication date: 2018
https://doi.org/10.1109/ACCESS.2018.2806483
Wang HGao CLi YZhang ZJin DLim EWinslett MSanderson MFu ASun JCulpepper SLo EHo JDonato DAgrawal RZheng YCastillo CSun ATseng VLi C(2017)From Fingerprint to FootprintProceedings of the 2017 ACM on Conference on Information and Knowledge Management10.1145/3132847.3132998(1209-1218)Online publication date: 6-Nov-2017
https://dl.acm.org/doi/10.1145/3132847.3132998
Yan HLin TWang GLi YZheng HJin DZhao BLim EWinslett MSanderson MFu ASun JCulpepper SLo EHo JDonato DAgrawal RZheng YCastillo CSun ATseng VLi C(2017)On Migratory Behavior in Video ConsumptionProceedings of the 2017 ACM on Conference on Information and Knowledge Management10.1145/3132847.3132884(1109-1118)Online publication date: 6-Nov-2017
https://dl.acm.org/doi/10.1145/3132847.3132884
Vanrykel EAcar GHerrmann MDiaz C(2017)Leaky Birds: Exploiting Mobile Application Traffic for SurveillanceFinancial Cryptography and Data Security10.1007/978-3-662-54970-4_22(367-384)Online publication date: 17-May-2017
https://doi.org/10.1007/978-3-662-54970-4_22
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents