research-article

Automated parsing and interpretation of identity leaks

Authors:

Hendrik Graupner,

David Jaeger,

Feng Cheng,

Christoph MeinelAuthors Info & Claims

CF '16: Proceedings of the ACM International Conference on Computing Frontiers

Pages 127 - 134

https://doi.org/10.1145/2903150.2903156

Published: 16 May 2016 Publication History

Get Access

Abstract

The relevance of identity data leaks on the Internet is more present than ever. Almost every month we read about leakage of databases with more than a million users in the news. Smaller but not less dangerous leaks happen even multiple times a day. The public availability of such leaked data is a major threat to the victims, but also creates the opportunity to learn not only about security of service providers but also the behavior of users when choosing passwords. Our goal is to analyze this data and generate knowledge that can be used to increase security awareness and security, respectively. This paper presents a novel approach to automatic analysis of a vast majority of bigger and smaller leaks. Our contribution is the concept and a prototype implementation of a parser, composed of a syntactic and a semantic module, and a data analyzer for identity leaks. In this context, we deal with the two major challenges of a huge amount of different formats and the recognition of leaks' unknown data types. Based on the data collected, this paper reveals how easy it is for criminals to collect lots of passwords, which are plain text or only weakly hashed.

References

[1]

Symantec Corporation. Internet Security Threat Report. 2015.

Google Scholar

[2]

David Jaeger, Hendrik Graupner, et al. "Gathering and Analyzing Identity Leaks for Security Awareness". In: Proceedings of the 7th International Conference on PASSWORDS. 2014.

Google Scholar

[3]

Brian Krebs. Was the Ashley Madison Database Leaked? http://krebsonsecurity.com/2015/08/was - the - ashley - madison - database-leaked/. 2015. (Visited on 09/10/2015).

Google Scholar

[4]

Joseph Bonneau. "The science of guessing: analyzing an anonymized corpus of 70 million passwords". In: Proceedings of the 33rd IEEE Symposium on Security and Privacy. IEEE Computer Society, 2012.

Digital Library

Google Scholar

[5]

Jens Steube. "Introducing the PRINCE attack-mode". In: Proceedings of the 7th International Conference on PASSWORDS. 2014.

Google Scholar

[6]

Mat Honan. What is Doxing? Mar. 2014. url: http://www.wired.com/2014/03/doxing/ (visited on 09/10/2015).

Google Scholar

[7]

Yakov Shafranovich. Common Format and MIME Type for Comma-Separated Values (CSV) Files. RFC 4180 (Informational). Internet Engineering Task Force, Oct. 2005. url: http://www.ietf.org/rfc/rfc4180.txt.

Google Scholar

[8]

eSecurity Planet. 3,867,997 Adult FriendFinder Account Details Released. May 2015. URL: http://www.esecurityplanet.com / hackers / 3867997 - adult - friendfinder - account - details - released.html (visited on 09/10/2015).

Google Scholar

[9]

Xiaoyun Wang and Hongbo Yu. "How to break MD5 and other hash functions". In: Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques. 2005.

Digital Library

Google Scholar

[10]

Ludger Hemme and Lars Hoffmann. "Differential Fault Analysis on the SHA1 Compression Function". In: Proceedings of the 8th International Workshop on Fault Diagnosis and Tolerance in Cryptography. 2011.

Digital Library

Google Scholar

[11]

SANS Insitute. Password Construction Guidelines. 2014.

Google Scholar

[12]

Luyi Xing, Xiaolong Bai, et al. "Unauthorized Cross-App Resource Access on MAC OS X and iOS". 2015.

Google Scholar

Cited By

View all

Pöhn DSeeber SHanauer TZiegler JSchmitz D(2021)Towards Improving Identity and Access Management with the IdMSecMan Process FrameworkProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470055(1-10)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3470055
Malderle TWübbeling MKnauer SMeier M(2019)Warning of Affected Users About an Identity LeakProceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018)10.1007/978-3-030-17065-3_28(278-287)Online publication date: 10-Apr-2019
https://doi.org/10.1007/978-3-030-17065-3_28
Malderle TWübbeling MKnauer SSykosch AMeier MKaeli DPericàs M(2018)Gathering and analyzing identity leaks for a proactive warning of affected usersProceedings of the 15th ACM International Conference on Computing Frontiers10.1145/3203217.3203269(208-211)Online publication date: 8-May-2018
https://dl.acm.org/doi/10.1145/3203217.3203269
Show More Cited By

Index Terms

Automated parsing and interpretation of identity leaks
1. Security and privacy
  1. Cryptography
    1. Symmetric cryptography and hash functions
      1. Hash functions and message authentication codes
  2. Software and application security
    1. Web application security

Recommendations

Gathering and analyzing identity leaks for a proactive warning of affected users
CF '18: Proceedings of the 15th ACM International Conference on Computing Frontiers

Identity theft is a common consequence of successful cyber-attacks. Criminals steal identity data in order to either (mis)use the data themselves or sell entire identity collections of such data to other parties. Warning the victims of identity theft is ...
Fast Automated Processing and Evaluation of Identity Leaks

The relevance of identity data leaks on the Internet is more present than ever. Almost every week we read about leakage of databases with more than a million users in the news. Smaller but not less dangerous leaks happen even multiple times a day. The ...
Data security: data breaches
InfoSec '15: Proceedings of the 2015 Information Security Curriculum Development Conference

This paper focuses on recent data breaches of two differing entities, Target (2013) and the U.S. Office of Personnel Management (2015). The number of accounts and people, as well as the personally identifiable financial information (PIFI) and personally ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CF '16: Proceedings of the ACM International Conference on Computing Frontiers

May 2016

487 pages

ISBN:9781450341288

DOI:10.1145/2903150

General Chairs:
Gianluca Palermo
Politecnico di Milano, IT
,
John Feo
Pacific Northwest National Laboratory and Northwest Institute for Advanced Computing
,
Program Chairs:
Antonino Tumeo
Pacific Northwest National Laboratory, USA
,
Hubertus Franke
New York University and IBM Research, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CF'16

Sponsor:

Micron Foundation
ACM
Politecnico di Milano
SIGMICRO
IBM

CF'16: Computing Frontiers Conference

May 16 - 19, 2016

Como, Italy

Acceptance Rates

Overall Acceptance Rate 24 of 66 submissions, 36%

Upcoming Conference

CF '25

Sponsor:
sigmicro

22nd ACM International Conference on Computing Frontiers

May 28 - 30, 2025

Cagliari , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
227
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)5

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Pöhn DSeeber SHanauer TZiegler JSchmitz D(2021)Towards Improving Identity and Access Management with the IdMSecMan Process FrameworkProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470055(1-10)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3470055
Malderle TWübbeling MKnauer SMeier M(2019)Warning of Affected Users About an Identity LeakProceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018)10.1007/978-3-030-17065-3_28(278-287)Online publication date: 10-Apr-2019
https://doi.org/10.1007/978-3-030-17065-3_28
Malderle TWübbeling MKnauer SSykosch AMeier MKaeli DPericàs M(2018)Gathering and analyzing identity leaks for a proactive warning of affected usersProceedings of the 15th ACM International Conference on Computing Frontiers10.1145/3203217.3203269(208-211)Online publication date: 8-May-2018
https://dl.acm.org/doi/10.1145/3203217.3203269
Blue JFurey E(2018)A Novel Approach for Protecting Legacy Authentication Databases in Consideration of GDPR2018 International Symposium on Networks, Computers and Communications (ISNCC)10.1109/ISNCC.2018.8531022(1-6)Online publication date: Jun-2018
https://doi.org/10.1109/ISNCC.2018.8531022
Blue JFurey ECondell J(2017)A novel approach for secure identity authentication in legacy database systems2017 28th Irish Signals and Systems Conference (ISSC)10.1109/ISSC.2017.7983624(1-6)Online publication date: Jun-2017
https://doi.org/10.1109/ISSC.2017.7983624

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Gathering and analyzing identity leaks for a proactive warning of affected users

Fast Automated Processing and Evaluation of Identity Leaks

Data security: data breaches