skip to main content
research-article

Mosaic: quantifying privacy leakage in mobile networks

Published: 27 August 2013 Publication History

Abstract

With the proliferation of online social networking (OSN) and mobile devices, preserving user privacy has become a great challenge. While prior studies have directly focused on OSN services, we call attention to the privacy leakage in mobile network data. This concern is motivated by two factors. First, the prevalence of OSN usage leaves identifiable digital footprints that can be traced back to users in the real-world. Second, the association between users and their mobile devices makes it easier to associate traffic to its owners. These pose a serious threat to user privacy as they enable an adversary to attribute significant portions of data traffic including the ones with NO identity leaks to network users' true identities. To demonstrate its feasibility, we develop the Tessellation methodology. By applying Tessellation on traffic from a cellular service provider (CSP), we show that up to 50% of the traffic can be attributed to the names of users. In addition to revealing the user identity, the reconstructed profile, dubbed as "mosaic," associates personal information such as political views, browsing habits, and favorite apps to the users. We conclude by discussing approaches for preventing and mitigating the alarming leakage of sensitive user information.

References

[1]
L. Backstrom, C. Dwork, and J. Kleinberg. Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In World Wide Web (WWW), May 2007.
[2]
R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online social network with user-defined privacy. In SIGCOMM, Aug 2009.
[3]
M. Balakrishnan, I. Mohomed, and V. Ramasubramanian. Where's that phone?: geolocating ip addresses on 3g networks. In IMC, Nov 2009.
[4]
S. M. Bellovin. A technique for counting natted hosts. In ACM SIGCOMM Workshop on Internet measurment, Nov 2002.
[5]
E. D. Hardt. The oauth 2.0 authorization framework, ietf rfc 6749, 2012. http://tools.ietf.org/html/rfc6749.
[6]
Ericsson. Traffic and market data report, Nov 2011. http://www.ericsson.com/res/investors/docs/2011/cmd/traffic\_and\_market\_data\\\_report\_111107.pdf.
[7]
H. Falaki, D. Lymberopoulos, R. Mahajan, S. Kandula, and D. Estrin. A first look at traffic on smartphones. In IMC, Nov 2010.
[8]
L. Fang and K. LeFevre. Privacy wizards for social networking sites. In World Wide Web (WWW), Apr 2010.
[9]
S. Guha, K. Tang, and P. Francis. NOYB: Privacy in Online Social Networks. In WOSN, Jun 2008.
[10]
K. M. Hendrik Schulze. Internet study 2008/2009, ipoque. http://www.ipoque.com/sites/default/files/mediafiles/documents/internet-study-2008--2009.pdf.
[11]
D. Irani, S. Webb, K. Li, and C. Pu. Modeling unintended personal-information leakage from multiple online social networks. IEEE Internet Computing, pages 13--19, 2011.
[12]
R. Keralapura, A. Nucci, Z. Zhang, and L. Gao. Profiling users in a 3g network using hourglass co-clustering. In MOBICOM, Sep 2010.
[13]
B. Krishnamurthy, K. Naryshkin, and C. Wills. Privacy leakage vs. Protection measures: the growing disconnect. In W2SP, May 2011.
[14]
B. Krishnamurthy and C. Wills. Characterizing privacy in online social networks. In WOSN, Jun 2008.
[15]
B. Krishnamurthy and C. Wills. On the leakage of personally identifiable information via online social networks. In WOSN, Aug 2009.
[16]
B. Krishnamurthy and C. Wills. Privacy diffusion on the web: a longitudinal perspective. In World Wide Web (WWW), Apr 2009.
[17]
F. Lardinois. PleaseRobMe and the Dangers of Location-Based Social Networks. ReadWriteWeb, Feb 2011.
[18]
Y. Liu, K. P. Gummadi, B. Krishnamurthy, and A. Mislove. Analyzing facebook privacy settings: user expectations vs. reality. In IMC, Nov 2011.
[19]
S. Mudhakar and M. Hicks. Deanonymizing mobility traces: Using social networks as a side-channel. In CCS, Oct 2012.
[20]
C. Mulliner. Privacy leaks in mobile phone internet access. In Intelligence in Next Generation Networks (ICIN), Oct 2010.
[21]
A. Narayanan and V. Shmatikov. De-anonymizing Social Networks. In IEEE Security and Privacy (S&P), 2009.
[22]
Netresec. Publicly available PCAP files. http://www.netresec.com/?page=PcapFiles.
[23]
K. Nohl. Wideband GSM sniffing. In The 27th Chaos Communication Congress, Dec 2010.
[24]
K. Nohl. Defending mobile phones. In The 28th Chaos Communication Congress, Dec 2011.
[25]
OpenID Foundation. Openid authentication 2.0, Dec 2007. http://openid.net/specs/openid-authentication-2\_0.html.
[26]
C. Riederer, V. Erramilli, A. Chaintreau, and P. Rodriguez. For sale: Your Data By: You. In ACM HotNets, Nov 2011.
[27]
C. Rigney. Remote authentication dial in user service (radius), ietf rfc 2866, 2000.
[28]
C. Rigney, S. Willens, A. Rubens, and W. Simpson. Radius accounting, ietf rfc 2865, 2000.
[29]
I. Trestian, S. Ranjan, A. Kuzmanovic, and A. Nucci. Googling the internet: Profiling internet endpoints via the world wide web. IEEE/ACM Transactions on Networking (TON), 18(2):666--679, 2010.
[30]
Y. Xie, F. Yu, and M. Abadi. De-anonymizing the Internet Using Unreliable IDs. In SIGCOMM, Aug 2009.
[31]
Q. Xu, J. Erman, A. Gerber, Z. Mao, J. Pang, and S. Venkataraman. Identifying Diverse Usage Behaviors of Smartphone Apps. In IMC, Nov 2011.

Cited By

View all
  • (2022)Revealing Cumulative Risks in Online Personal Information: A Data Narrative StudyProceedings of the ACM on Human-Computer Interaction10.1145/35552146:CSCW2(1-25)Online publication date: 11-Nov-2022
  • (2022)Literature Review of Security in Smart Home NetworkSecurity in Smart Home Networks10.1007/978-3-031-24185-7_2(21-35)Online publication date: 1-Dec-2022
  • (2021)Utilizing Web Trackers for Sybil DefenseACM Transactions on the Web10.1145/345044415:2(1-19)Online publication date: 22-Apr-2021
  • Show More Cited By

Index Terms

  1. Mosaic: quantifying privacy leakage in mobile networks

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM SIGCOMM Computer Communication Review
    ACM SIGCOMM Computer Communication Review  Volume 43, Issue 4
    October 2013
    595 pages
    ISSN:0146-4833
    DOI:10.1145/2534169
    Issue’s Table of Contents
    • cover image ACM Conferences
      SIGCOMM '13: Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
      August 2013
      580 pages
      ISBN:9781450320566
      DOI:10.1145/2486001
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 27 August 2013
    Published in SIGCOMM-CCR Volume 43, Issue 4

    Check for updates

    Author Tags

    1. mobile network
    2. online social network
    3. privacy
    4. security
    5. user profile

    Qualifiers

    • Research-article

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)282
    • Downloads (Last 6 weeks)37
    Reflects downloads up to 20 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2022)Revealing Cumulative Risks in Online Personal Information: A Data Narrative StudyProceedings of the ACM on Human-Computer Interaction10.1145/35552146:CSCW2(1-25)Online publication date: 11-Nov-2022
    • (2022)Literature Review of Security in Smart Home NetworkSecurity in Smart Home Networks10.1007/978-3-031-24185-7_2(21-35)Online publication date: 1-Dec-2022
    • (2021)Utilizing Web Trackers for Sybil DefenseACM Transactions on the Web10.1145/345044415:2(1-19)Online publication date: 22-Apr-2021
    • (2021)Systematically Quantifying IoT Privacy Leakage in Mobile NetworksIEEE Internet of Things Journal10.1109/JIOT.2020.30386398:9(7115-7125)Online publication date: 1-May-2021
    • (2021)Towards Identifying, Understanding and Controlling Cumulative Revelations in Social MediaProceedings of the Association for Information Science and Technology10.1002/pra2.56658:1(798-800)Online publication date: 13-Oct-2021
    • (2020)Argus: Traffic Behavior Based Prediction of Internet User Demographics through Hierarchical Neural NetworkElectronics10.3390/electronics90202719:2(271)Online publication date: 5-Feb-2020
    • (2020)Revealing Your Mobile Password via WiFi Signals: Attacks and CountermeasuresIEEE Transactions on Mobile Computing10.1109/TMC.2019.289333819:2(432-449)Online publication date: 1-Feb-2020
    • (2020)Traffic-Behavioral Anomaly Detection of Endhosts Based on Community DiscoveryArtificial Intelligence and Security10.1007/978-3-030-57884-8_66(751-762)Online publication date: 17-Jul-2020
    • (2019)A survey on traffic-behavioral profiling of network end-targetProceedings of the ACM Turing Celebration Conference - China10.1145/3321408.3326653(1-7)Online publication date: 17-May-2019
    • (2019)TPII: tracking personally identifiable information via user behaviors in HTTP trafficFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-018-7451-z14:3Online publication date: 19-Dec-2019
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media