Mosaic: quantifying privacy leakage in mobile networks

With the proliferation of online social networking (OSN) and mobile devices, preserving user privacy has become a great challenge. While prior studies have directly focused on OSN services, we call attention to the privacy leakage in mobile network data. This concern is motivated by two factors. First, the prevalence of OSN usage leaves identifiable digital footprints that can be traced back to users in the real-world. Second, the association between users and their mobile devices makes it easier to associate traffic to its owners. These pose a serious threat to user privacy as they enable an adversary to attribute significant portions of data traffic including the ones with NO identity leaks to network users' true identities. To demonstrate its feasibility, we develop the Tessellation methodology. By applying Tessellation on traffic from a cellular service provider (CSP), we show that up to 50% of the traffic can be attributed to the names of users. In addition to revealing the user identity, the reconstructed profile, dubbed as "mosaic," associates personal information such as political views, browsing habits, and favorite apps to the users. We conclude by discussing approaches for preventing and mitigating the alarming leakage of sensitive user information.

[1]  Aleksandar Kuzmanovic,et al.  Googling the Internet: Profiling Internet Endpoints via the World Wide Web , 2010, IEEE/ACM Transactions on Networking.

[2]  Cynthia Dwork,et al.  Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography , 2007, WWW '07.

[3]  Deborah Estrin,et al.  A first look at traffic on smartphones , 2010, IMC '10.

[4]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[5]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[6]  Lixin Gao,et al.  Profiling users in a 3g network using hourglass co-clustering , 2010, MobiCom.

[7]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[8]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[9]  Balachander Krishnamurthy,et al.  Characterizing privacy in online social networks , 2008, WOSN '08.

[10]  Saikat Guha,et al.  NOYB: privacy in online social networks , 2008, WOSN '08.

[11]  Calton Pu,et al.  Modeling Unintended Personal-Information Leakage from Multiple Online Social Networks , 2011, IEEE Internet Computing.

[12]  Qiang Xu,et al.  Identifying diverse usage behaviors of smartphone apps , 2011, IMC '11.

[13]  Balachander Krishnamurthy,et al.  WWW 2009 MADRID! Track: Security and Privacy / Session: Web Privacy Privacy Diffusion on the Web: A Longitudinal Perspective , 2022 .

[14]  Carl Rigney,et al.  RADIUS Accounting , 1997, RFC.

[15]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[16]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[17]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[18]  Martín Abadi,et al.  De-anonymizing the internet using unreliable IDs , 2009, SIGCOMM '09.

[19]  Balachander Krishnamurthy,et al.  For sale : your data: by : you , 2011, HotNets-X.

[20]  Michael Hicks,et al.  Deanonymizing mobility traces: using social network as a side-channel , 2012, CCS.

[21]  Balachander Krishnamurthy,et al.  Privacy leakage vs . Protection measures : the growing disconnect , 2011 .

[22]  Steven M. Bellovin,et al.  A technique for counting natted hosts , 2002, IMW '02.

[23]  Collin Mulliner Privacy leaks in mobile phone internet access , 2010, 2010 14th International Conference on Intelligence in Next Generation Networks.

[24]  Balachander Krishnamurthy,et al.  On the leakage of personally identifiable information via online social networks , 2009, CCRV.

[25]  Mahesh Balakrishnan,et al.  Where's that phone?: geolocating IP addresses on 3G networks , 2009, IMC '09.