Date: Friday, December, 13th, 2013 at 11:00AM
Room: IXXI
Summary:
In this talk, I will present two contributions and an ongoing
project on the social aspects of privacy. More specifically, (1) I will
present the results of a comparative study on the inference of social
ties in pervasive networks (from the stand points of two different
adversaries) and (2) I will present a case where users’ actions
compromise the location privacy of other users.
The first contribution is motivated by the wide deployment of WiFi base
stations in both public spaces and private companies, which poses a
significant threat to the privacy of connected users. Although prior
studies have provided evidence that it is possible to infer the social
ties of users from their location and co-location traces, they lack one
important component: the comparison of the inference accuracy between an
internal attacker (e.g., a curious application running on a mobile
device) and a realistic external eavesdropper in the same field trial.
In this work, we experimentally show that such an eavesdropper is able
to infer the type of social relationships between mobile users better
than an internal attacker. Moreover, our results indicate that by
exploiting the underlying social community structure of mobile users,
the accuracy of the inference attacks doubles.
The second contribution is a study of a concrete and widespread example
of a situation in which users compromise each other’s privacy,
specifically the location-privacy threat created by access points (e.g.,
public hotspots) using Network Address Translation (NAT). Indeed,
because users connected to the same hotspot share a unique public IP
address, a single user making a location-based request is enough to
enable a service provider to map the IP address of the hotspot to its
geographic coordinates, thus compromising the location privacy of all
the other connected users. When successful, the service provider can
locate users within a few hundreds of meters, thus improving over
existing IP-location databases.
Bio:
Kévin Huguenin is a Post-Doctoral Researcher at Ecole Polytechnique
Fédérale de Lausanne (EPFL), Switzerland, in the Laboratory for
Communications and Applications. He received his B.Sc. in computer
science from Ecole Normale Supérieure (ENS) de Cachan — Antenne de
Bretagne and the Université de Rennes I in 2005 and his M.Sc. from the
Université de Nice — Sophia Antipolis in 2007. He obtained a Ph.D. from
the Université of Rennes I in 2010 for his research on misbehavior
detection in large-scale distributed systems (mainly P2P) conducted in
the ASAP Team at IRISA/INRIA Rennes, under the supervision of Anne-Marie
Kemarrec. He has been working at the Vrije Universiteit Amsterdam and
Telefonica Research Barcelona as an intern in 2008 and 2009
respectively, and at McGill University as a post-doctoral researcher in
2011. His research interests include security and privacy in distributed
systems and (mobile) networks.
