Security & Privacy
Security and Privacy issues arise in nearly all stages in the digitalisation of our society. Examples include the smart home or smart car that need to be secured against unauthorised access or malicious remote control. Consequently, the right to privacy becomes ever more important with the growing integration of digital technologies into our daily lives. For instance, think about maintaining data privacy of our electronic health records to prevent abuse and discrimination or the problem of browser/device fingerprinting and the creation of unique digital footprints with our every move online.
In this track, we deal with the multidisciplinary challenges around security and privacy in the digital society, discuss current and upcoming problems as well as mitigation strategies in order to pave the road for a secure and privacy-preserving future! The track covers (among others) the following topics: (embedded) systems security, software security, physical attacks, privacy enhancing technologies, network security, machine learning in security and privacy, and (applied) cryptography. In addition to the broad coverage of the topics mentioned, this year’s track will have a special focus on research valorization in security and privacy.
Veelasha Moonsamy (RU)
Andreas Peter (UTwente)
Bio Nataliia Bielova
Abstract Title: Detecting online tracking and GDPR violations in Web applications
In this talk, I will present recent results on detecting Web trackers and analyzing compliance of websites with GDPR and ePrivacy directive. We first develop a tracking detection methodology based on invisible pixels. By analyzing the third-party resource loading on 80K webpages, we uncover hidden collaborations between third parties and find that 68% of websites synchronize harmless firs-party cookies with privacy-invasive third-party cookies. We show that filter lists, used in the research community as a de facto approach to detect trackers, miss between 25% and 30% of cookie-based tracking we detect. Finally, we demonstrate that privacy-protecting browser extensions, such as Ghostery, Disconnect or Privacy Badger together miss 24% of tracking requests we detect.
To measure legal compliance of websites, we analyse cookie banners that are implemented by Consent Management Providers (CMPs), who respect the IAB Europe's Transparency and Consent Framework (TCF). Via cookie banners, CMPs collect and disseminate user consent to third parties. We systematically study IAB Europe's TCF and analyze consent stored behind the user interface of TCF cookie banners. We analyze the GDPR and the ePrivacy Directive to identify legal violations in implementations of cookie banners based on the storage of consent and detect such violations by crawling 23K European websites, and further analyzing 560 websites that rely on TCF. As a result, we find violations in 54% of them: 175 (12.3%) websites register positive consent even if the user has not made their choice; 236 (46.5%) websites nudge the users towards accepting consent by pre-selecting options; and 39 (7.7%) websites store a positive consent even if the user has explicitly opted out. Finally, we provide a browser extension, Cookie glasses, to facilitate manual detection of violations for regular users and Data Protection Authorities.
Security & Privacy Track Program
|10:45 – 11:30||Detecting online tracking and GDPR violations in Web applications Nataliia Bielova (invited speaker) Inria Sophia Antipolis|
|11:30 – 11:35||short break|
|11:35 – 11:55||Digging the Dark Web: Unravelling operational security attributes used by hidden service actors Hugo Bijmans TNO|
|11:55 – 12:05||IRMAseal: encryption for e-mail using IBE and IRMA Wouter Geraedts RU|
|12:05 – 13:40||Lunch break + posters/demos|
|13:40 – 14:40||dcypher best cybersecurity research paper award (DCSRP)|
|14:40 – 14:45||short break|
|14:45 – 15:05||Counterfighting Counterfeit: detecting and taking down fraudulent webshops at the .nl ccTLD Thymen Wabeke SIDN Labs|
|15:05 – 15:15||The art of being (un)connected Jako Jellema RUG|
|15:15 – 15:25||Coffee break|
|15:25 – 16:10||The Rowhammer Problem: Past, Present, Future Kaveh Razavi (invited speaker) VU Amsterdam|
|16:10 – 16:15||short break|
|16:15 – 16:45||Panel on "Valorization in security & privacy" moderated by Andreas Peter (UTwente); Panel members:
Nataliia Bielova (Inria)
Kaveh Razavi (VU)
Jan Piet Barthel (dcypher)
ICT.OPEN2020Registration website for ICT.OPEN2020
Marloes van den Heuvelictopen2020@nwo.nl
Marloes van den Heuvelictopen2020@nwo.nl
MartiniPlazaMartiniPlazaLeonard Springerlaan 2 9727 KB Groningen Netherlands