This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-04-25 Creation time: 23-40-55 --- Number of references 4 inproceedings 2021_mitseva_sequences 2021 11 17 2411-2413 Website fingerprinting (WFP) is a special case of traffic analysis, where a passive attacker infers information about the content of encrypted and anonymized connections by observing patterns of data flows. Although modern WFP attacks pose a serious threat to online privacy of users, including Tor users, they usually aim to detect single pages only. By ignoring the browsing behavior of users, the attacker excludes valuable information: users visit multiple pages of a single website consecutively, e.g., by following links. In this paper, we propose two novel methods that can take advantage of the consecutive visits of multiple pages to detect websites. We show that two up to three clicks within a site allow attackers to boost the accuracy by more than 20% and to dramatically increase the threat to users' privacy. We argue that WFP defenses have to consider this new dimension of the attack surface. Traffic Analysis; Website Fingerprinting; Web Privacy https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-mitseva-fingerprinting-sequences.pdf ACM Proceedings of the 28th ACM SIGSAC Conference on Computer and Communications Security (CCS '21), November 15-19, 2021, Seoul, Korea Seoul, Korea November 15-19, 2021 978-1-4503-8454-4/21/11 10.1145/3460120.3485347 1 AsyaMitseva JanPennekamp JohannesLohmöller TorstenZiemann CarlHoerchner KlausWehrle AndriyPanchenko article 2021_schomakers_insights Computer Law Review International 2021 2 15 22 1 8-15 Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to "special categories" of data. This article assesses the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as "potentially sensitive." The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. The key findings here suggest the GDPR adequately protecting users' privacy but for small adjustments. Information Sensitivity, Privacy, European Data Protection Law 1610-7608 10.9785/cri-2021-220103 1 Eva-MariaSchomakers ChantalLidynia DirkMüllmann RomanMatzutt KlausWehrle IndraSpiecker gen. Döhmann MartinaZiefle inproceedings 2019_rut_schomakers_privacy 2021 1 27 857-870 Social media, cloud computing, and the Internet of Things connect people around the globe, offering manifold benefits. However, the technological advances and increased user participation generate novel challenges for users' privacy. From the users' perspective, the consequences of data disclosure depend on the perceived sensitivity of that data. But in light of the new technological opportunities to process and combine data, it is questionable whether users can adequately evaluate risks of data disclosures. As mediating authority, data protection laws such as the European General Data Protection Regulation try to protect user data, granting enhanced protection to "special categories" of data. In this paper, we assess the legal, technological, and users' perspectives on information sensitivity and their interplay. Technologically, all data can be referred to as "potentially sensitive." The legal and users' perspective on information sensitivity deviate from this standpoint, as some data types are granted special protection by law but are not perceived as very sensitive by users and vice versa. Our key findings still suggest the GDPR adequately protecting users' privacy but for small adjustments. Information Sensitivity,Privacy,European Data Protection Law mynedata https://www.comsys.rwth-aachen.de/fileadmin/papers/2021/2021-schomakers-3perspectives.pdf https://dl.gi.de/handle/20.500.12116/34788 https://arxiv.org/abs/1911.06569 Gesellschaft für Informatik

Bonn

INFORMATIK 2020 Karlsruhe, Germany INFORMATIK 2020 2020-09-28 to 2020-10-01 English 10.18420/inf2020_76 1 Eva-MariaSchomakers ChantalLidynia DirkMüllmann RomanMatzutt KlausWehrle IndraSpiecker gen. Döhmann MartinaZiefle article 2021-wehrle-energy Energy Technology 2021 9 2 10.1002/ente.202000937 1 FriedirchWiegel EdoardoDe Din AntonelloMonti KlausWehrle MarcHiller MartinaZitterbart VeitHagenmeyer