Stefano Ortolani

Events privacy in WSNs: A new model and its application

A novel issue resource constrained Wireless Sensor Networks (WSNs) are affected by is context privacy. Indeed, while a few solutions do exist to provide data privacy to WSNs (i.e. to protect message confidentiality), providing context privacy (e.g. preventing an adversary to locate the source of a message) is still an open research problem. This paper attacks the issue providing several contributions. First, a formal model to reason about event privacy in WSNs is introduced. This model also captures dynamic events. Second, we introduce a new realistic class of mobile events a WSN can experience. These events become the target of our privacy preserving efforts. Third, we propose a privacy enforcing solution for the above class of events: the Unobservable Handoff Trajectory (UHT) Protocol. UHT is scalable and distributed. The analysis shows that it is both effective and efficient in terms of the induced overhead. It also minimizes the delay to notify the event sources location to the base station, while preserving the intended degree of privacy. Finally, extensive simulations confirm our findings.

Anonymous opinion exchange over untrusted social networks

Social networks are the fastest growing Internet applications. They offer the possibility to get in touch with current friends, discover where the old ones are, and make new ones. While these applications are a great enabler for our social life, they are also well known to fall short on privacy. The lack of adequate privacy enhancing technology is particularly important in these applications due to the nature of information they deal with, and the fact that many users are underage. This paper provides a contribution in this direction by presenting a protocol, tailored for social network applications, that allows users to ask and/or submit personal opinions while preserving their anonymity.

Bait your hook: a novel detection technique for keyloggers

Software keyloggers are a fast growing class of malware often used to harvest confidential information. One of the main reasons for this rapid growth is the possibility for unprivileged programs running in user space to eavesdrop and record all the keystrokes of the users of the system. Such an ability to run in unprivileged mode facilitates their implementation and distribution, but, at the same time, allows to understand and model their behavior in detail. Leveraging this property, we propose a new detection technique that simulates carefully crafted keystroke sequences (the bait) in input and observes the behavior of the keylogger in output to univocally identify it among all the running processes. We have prototyped and evaluated this technique with some of the most common free keyloggers. Experimental results are encouraging and confirm the viability of our approach in practical scenarios.

Event handoff unobservability in WSN

The open nature of communications in Wireless Sensor Networks (WSNs) makes it easy for an adversary to trace all the communications within the network. If techniques such as encryption may be employed to protect data privacy (i.e. the content of a message), countermeasures to deceive context privacy (e.g. the source of a message) are much less straightforward. In recent years, the research community addressed the problem of context privacy. Some work aimed to hide the position of the collecting node. Other work investigated on hiding the position of an event--sensed by the WSN. However, the solutions proposed for events hiding either: (i) considered only static events; (ii) are not efficient. In this work, we describe open issues that we identified in the current research. In particular, we consider the problem of efficiently hiding mobile events.

Memoirs of a browser: a cross-browser detection model for privacy-breaching extensions

Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible architecture, modern browsers are also an appealing platforms for third-party software developers, who can easily publish new extensions to extend any standard web browser functionality. Extendability is a crucial feature that makes web browsers a very attractive service platform. From a security perspective, however, extensions opened up new opportunities for attacks. Most extensions do not require any special privilege to be installed, despite their ability to access all the user private data. Delegating the decision about extensions security to trusted parties is not a conclusive solution, given that privacy-breaching behavior has been found even in store-approved extensions [1].

KLIMAX: profiling memory write patterns to detect keystroke-harvesting malware

Privacy-breaching malware is an ever-growing class of malicious applications that attempt to steal confidential data and leak them to third parties. One of the most prominent activities to acquire private user information is to eavesdrop and harvest user-issued keystrokes. Despite the serious threat involved, keylogging activities are challenging to detect in the general case. From an operating system perspective, their general behavior is no different than that of legitimate applications used to implement common end-user features like custom shortcut handling and keyboard remapping. As a result, existing detection techniques that attempt to model malware behavior based on system or library calls are largely ineffective. To address these concerns, we introduce a novel detection technique based on fine-grained profiling of memory write patterns. The intuition behind our model lies in data harvesting being a good predictor for sensitive information leakage. To demonstrate the viability of our approach, we have designed and implemented KLIMAX: a Kernel-Level Infrastructure for Memory and eXecution profiling. Our system supports proactive and reactive detection and can be transparently deployed online on a running Windows platform. Experimental results with real-world malware confirm the effectiveness of our approach.

Unprivileged Black-Box Detection of User-Space Keyloggers

Software keyloggers are a fast growing class of invasive software often used to harvest confidential information. One of the main reasons for this rapid growth is the possibility for unprivileged programs running in user space to eavesdrop and record all the keystrokes typed by the users of a system. The ability to run in unprivileged mode facilitates their implementation and distribution, but, at the same time, allows one to understand and model their behavior in detail. Leveraging this characteristic, we propose a new detection technique that simulates carefully crafted keystroke sequences in input and observes the behavior of the keylogger in output to unambiguously identify it among all the running processes. We have prototyped our technique as an unprivileged application, hence matching the same ease of deployment of a keylogger executing in unprivileged mode. We have successfully evaluated the underlying technique against the most common free keyloggers. This confirms the viability of our approach in practical scenarios. We have also devised potential evasion techniques that may be adopted to circumvent our approach and proposed a heuristic to strengthen the effectiveness of our solution against more elaborated attacks. Extensive experimental results confirm that our technique is robust to both false positives and false negatives in realistic settings.

Censorship-Resilient Communications through Information Scattering

The aim of this paper is to present a new idea on censorship-resilient communication Internet services, like blogs or web publishing. The motivation of this idea comes from the fact that in many situations guaranteeing this property is even matter of personal freedom. Our idea leverages: i) to split the actual content of a message and to scatter it through different points of retrieval; ii) to hide the content of a splitted message in a way that is clearly unidentifiable—hence involving encryption and steganography; iii) to allow the intended message recipient to correctly retrieve the original message. A further extension on this idea allows the recipient of the message to retrieve the message even if: i) some of the retrieval point are not available; ii) some retrieved data have been tampered with—their integrity has been violated.