Information leakage in encrypted IP video traffic

Wampler, Christopher

07 January 2016

We show that information leakage occurs in video over IP traffic, including for encrypted payloads. It is possible to detect events occurring in the field of view of a camera streaming live video through analysis of network traffic metadata including arrival time between packets, packets sizes, and video stream bandwidth. Event detection through metadata analysis is possible even when common encryption techniques are applied to the video stream such as SSL or AES. We have observed information leakage across multiple codes and cameras. Through timestamps added to the x264 codec, we establish a basis for detectability of events via packet timing. Laboratory experiments confirm that this event detection is possible in practice and repeatable. By collecting network traffic captures from over 100 Skype video calls we are able to see the impact of this information leakage under a variety of conditions.

Information leakage

Video

Encoding

A Multi-Agent Architecture for Information Leakage Detection in Distributed Systems

Bishop, Stephen

01 December 2009

Covert channel attacks utilize shared resources to indirectly transmit sensitive information to unauthorized parties. Many current operating systems, such as SELinux, rely on generating labels based on a file's security classification and system-wide security policies and then binding these labels to all such files in the filesystem. Enforcement of security policies in such systems occurs at the time of access to a file or resource. Such mechanisms are flawed, however, in that they do not adequately protect against information laundering by means of covert channels. One recent development, Colored Linux, serves as an extension to SELinux and utilizes watermarking algorithms to "color" the contents of files with their respective security classification in order to enhance resistance to information laundering attacks. In this thesis, a mobile agent-based approach to implementing Colored Linux is proposed to automate the process of detecting and coloring receptive hosts' filesystems and to provide monitoring of the colored filesystem for instances of potential information leakage. Implementation details and execution results are included to illustrate the merits of the proposed approach. An evaluation of the performance of this agent-based system is conducted over a single host as well as a local network of machines and detailed here as well. Finally, third-party analysis of the agent system using formal methods is discussed.

Digital Watermarking

Information Leakage

Multi-Agent Systems

Corporate governance, firm performance, and information leakage : an empirical analysis of the Chinese stock market

Zhang, Hui

January 2012

The purpose of this thesis is to analyse the effect of corporate governance on firm performance and information leakage in the Chinese securities market. As one of the major emerging markets in the world, the results of this thesis are valuable not only to the Chinese market, but also to other emerging markets. To achieve this purpose, data is collected from most of the non-financial listed companies in the two Chinese stock exchanges, which are the Shanghai Stock Exchange and the Shenzhen Stock exchange. The data sample covers the period from 2004 to 2008, since there was a series of new reforms in the Chinese stock market at that time. These reforms include new legislation and the reduction of non-tradable shares. Then this thesis employs the panel technique and the pooled OLS to estimate the effect of corporate governance on firm performance and information leakage in Chinese listed companies. Firstly the relationship between corporate governance and firm performance in Chinese companies is empirically evaluated. The empirical results of this thesis find that the ownership structure of Chinese companies will affect their firm performance. In this thesis, proxies of ownership structure include the proportion of institutional ownership, the proportion of the state ownership, the proportion of shareholdings of the largest shareholder, and the proportion of tradable shares in Chinese companies. A greater proportion of institutional ownership has positive effects on firm performance in Chinese companies. Board subcommittees also help Chinese companies to increase firm performance. The market reforms of 2006 also help Chinese companies to increase their firm performance. However, the board of directors and board of supervisors do not affect firm performance in Chinese companies. Secondly, information leakage in the Chinese Stock Market is empirically assessed. If investors receive corporate material information before the public disclosure, this phenomenon is known as information leakage. The thesis finds that information leakage in the Chinese market is widespread. Finally, the thesis empirically examines the effects of corporate governance on information leakage in Chinese companies. Board subcommittees have negative effects on information leakage in Chinese companies. Other variables of corporate governance do not affect information leakage in Chinese companies. Additionally, the thesis finds that market reform promotes more information leakage in Chinese market. On the basis of the empirical results, the thesis provides the following recommendations. First, the Chinese Stock Market needs to reform the relevant legislation. Second, Chinese companies need to reform their ownership structure. These suggestions may strengthen the internal governance of Chinese listed companies, thereby, increasing firm performance and decrease information leakage.

332.64251

Securing open multi-agent systems governed by electronic institutions

Bijani, Shahriar

January 2013

One way to build large-scale autonomous systems is to develop an open multi-agent system using peer-to-peer architectures in which agents are not pre-engineered to work together and in which agents themselves determine the social norms that govern collective behaviour. The social norms and the agent interaction models can be described by Electronic Institutions such as those expressed in the Lightweight Coordination Calculus (LCC), a compact executable specification language based on logic programming and pi-calculus. Open multi-agent systems have experienced growing popularity in the multi-agent community and are expected to have many applications in the near future as large scale distributed systems become more widespread, e.g. in emergency response, electronic commerce and cloud computing. A major practical limitation to such systems is security, because the very openness of such systems opens the doors to adversaries for exploit existing vulnerabilities. This thesis addresses the security of open multi-agent systems governed by electronic institutions. First, the main forms of attack on open multi-agent systems are introduced and classified in the proposed attack taxonomy. Then, various security techniques from the literature are surveyed and analysed. These techniques are categorised as either prevention or detection approaches. Appropriate countermeasures to each class of attack are also suggested. A fundamental limitation of conventional security mechanisms (e.g. access control and encryption) is the inability to prevent information from being propagated. Focusing on information leakage in choreography systems using LCC, we then suggest two frameworks to detect insecure information flows: conceptual modeling of interaction models and language-based information flow analysis. A novel security-typed LCC language is proposed to address the latter approach. Both static (design-time) and dynamic (run-time) security type checking are employed to guarantee no information leakage can occur in annotated LCC interaction models. The proposed security type system is then formally evaluated by proving its properties. A limitation of both conceptual modeling and language-based frameworks is difficulty of formalising realistic policies using annotations. Finally, the proposed security-typed LCC is applied to a cloud computing configuration case study, in which virtual machine migration is managed. The secrecy of LCC interaction models for virtual machine management is analysed and information leaks are discussed.

Information leakage and sharing in decentralized systems

LUO, Huajiang

01 January 2018

This thesis presents two essays that explore firms’ incentive to share information in a multi-period decentralized supply chain and between competing firms. In the first essay, we consider a two-period supply chain in which one manufacturer supplies to a retailer. The retailer possesses some private demand information about the uncertain demand and decides whether to share the information with manufacturer. If an information sharing agreement is achieved, the retailer will share the observed demand information truthfully to the manufacturer. Then the selling season with two periods starts. In each period, the manufacturer decides on a wholesale price, which the retailer considers when deciding on the retail price. The manufacturer can observe the retailer's period-1 decision and the realized period-1 demand, and use this information when making the period-2 wholesale price decision. Thus, without information sharing, the two firms play a two-period signaling game. We find that voluntary information sharing is not possible because it benefits the manufacturer but hurts the retailer. However, different from one-period model, in which no information sharing can be achieved even with side payment, the manufacturer can make a side payment to the retailer to induce information sharing when the demand range is small. Both firms benefit from more accurate information regardless whether the retailer shares information. We also extend the two-period model to three-period model and infinite-period model, we find that the above results are robust. The second essay studies the incentives for information sharing between two competing firms with different production timing strategies. Each firm is planning to produce a new (upgraded) product. One firm adopts routine timing, whereby her production time is fixed according to her tradition of similar or previous models of the product. The other firm uses strategic timing, whereby his production time can be strategically chosen: be it before, simultaneously with, and after the routine firm. The two firms simultaneously choose whether or not to disclose their private demand information, make their quantity decisions based on any demand information available, and then compete in the market. We find that when the demand uncertainty is not high, both firms sharing information is the unique equilibrium outcome. Exactly one firm (the routine firm) sharing information can arise in equilibrium when the demand uncertainty is intermediate. These results are in stark contrast to extant literature which has shown that, for Cournot competitors with substitutable goods, no firm is willing to share demand information. Production timing is thus identified as a key driving force for horizontal information sharing, which might have been overlooked before. Surprisingly, when the competition becomes more intense, firms are more willing to share information. It is the information asymmetry that fundamentally change the strategic firm’s timing. We highlight the impact of signaling demand information for an early-production firm on the timing strategies, under different information sharing arrangements.

Information Sharing

Information Leakage

Signaling

Inference Effect

First-mover Advantage

Production Timing

Business

Online Social Networks : Is it the end of Privacy ? / Etude des menaces contre la vie privée sur les réseaux sociaux : quantification et possibles solutions

Chaabane, Abdelberi

22 May 2014

Les réseaux sociaux en ligne (OSNs) recueillent une masse de données à caractère privé. Le recueil de ces données ainsi que leur utilisation relèvent de nouveaux enjeux économiques et évoquent plusieurs questionnements notamment ceux relatifs à la protection de la vie privée. Notre thèse propose certaines réponses.Dans le premier chapitre nous analysons l'impact du partage des données personnelles de l'utilisateur sur sa vie privée. Tout d'abord, nous montrons comment les intérêts d'un utilisateur -- à titre d'exemple ses préférences musicales -- peuvent être à l'origine de fuite d'informations sensibles. Pour ce faire, nous inférons les attributs non divulgués du profil de l'utilisateur en exploitant d'autres profils partageant les même ''goûts musicaux''. Notre approche extrait la sémantique des intérêts en utilisant Wikipedia, les partitionne sémantiquement et enfin regroupe les utilisateurs ayant des intérêts semblables. Nos expérimentations réalisées sur plus de 104 milles profils publics collectés sur Facebook et plus de 2000 profils privés de bénévoles, montrent que notre technique d'inférence prédit efficacement les attributs qui sont très souvent cachés par les utilisateurs.Dans un deuxième temps, nous exposons les conséquences désastreuses du partage des données privées sur la sécurité. Nous nous focalisons sur les informations recueillies à partir de profils publics et comment celles-ci peuvent être exploitées pour accélérer le craquage des mots de passe. Premièrement, nous proposons un nouveau « craqueur » de mot de passe basé sur les chaînes de Markov permettant le cassage de plus de 80% des mots de passe, dépassant ainsi toutes les autres méthodes de l'état de l'art. Deuxièmement, et afin de mesurer l'impact sur la vie privée, nous proposons une méthodologie qui intègre les informations personnelles d'un utilisateur afin d'accélérer le cassage de ses mots de passe.Nos résultats mettent en évidence la nécessité de créer de nouvelles méthodes d'estimation des fuites d'informations personnelles, ce que nous proposons : il s'agit d'une méthode formelle pour estimer l'unicité de chaque profil en étudiant la quantité d'information portée par chaque attribut public.Notre travail se base sur la plate-forme publicitaire d'estimationd'utilisateurs de Facebook pour calculer l'entropie de chaque attribut public. Ce calcul permet d'évoluer l'impact du partage de ces informations publiquement. Nos résultats, basées sur un échantillon de plus de 400 mille profils publics Facebook, montrent que la combinaison de sexe, ville de résidence et age permet d'identifier d'une manière unique environ 18% des utilisateurs.Dans la deuxième section de notre thèse nous analysons les interactions entre la plate-forme du réseau social et des tiers et son impact sur à la vie privée des utilisateurs.Dans une première étude, nous explorons les capacités de « tracking » des réseaux sociaux Facebook, Google+ et Twitter. Nous étudions les mécanismes qui permettent à ces services de suivre d'une façon persistante l'activité web des utilisateurs ainsi que d'évaluer sa couverture. Nos résultats indiquent que le « tracking » utilisé par les OSNs couvre la quasi-totalité des catégories Web, indépendamment du contenu et de l'auditoire.Finalement, nous développons une plate-forme de mesure pour étudier l'interaction entre les plates-formes OSNs, les applications sociales et les « tierces parties » (e.g., fournisseurs de publicité). Nous démontrons que plusieurs applications tierces laissent filtrer des informations relatives aux utilisateurs à des tiers non autorisés. Ce comportement affecte à la fois Facebook et RenRen avec une sévérité variable :22 % des applications Facebook testées transmettent au moins un attribut à une entité externe. Quant à, RenRen, nous démontrons qu'il souffre d'une faille majeure causée par la fuite du jeton d'accès dans 69 % des cas. / Sharing information between users constitutes the cornerstone of the Web 2.0. Online Social Networks (OSN), with their billions of users, are a core component of this new generation of the web. In fact, OSNs offer innovative services allowing users to share their self-generated content (e.g., status, photos etc.) for free. However, this free access is usually synonymous with a subtle counterpart: the collection and usage of users' personal information in targeted advertisement. To achieve this goal, OSN providers are collecting a tremendous amount of personal, and usually sensitive, information about their users. This raises concerns as this data can be exploited by several entities to breach user privacy. The primary research goals of this thesis are directed toward understanding the privacy impact of OSNs.Our first contribution consists in demonstrating the privacy threats behind releasing personal information publicly. Two attacks are constructed to show that a malicious attacker (i.e., any external attacker with access to the public profile) can breach user privacy and even threaten his online security.Our first attack shows how seemingly harmless interests (e.g., music interests) can leak privacy-sensitive information about users. In particular, we infer their undisclosed (private) attributes using the public attributes of other users sharing similar interests. Leveraging semantic knowledge from Wikipedia and a statistical learning method, we demonstrated through experiments ---based on more than 104K Facebook profiles--- that our inference technique efficiently predicts attributes that are very often hidden by users.Our second attack is at the intersection of computer security and privacy. In fact, we show the disastrous consequence of privacy breach on security by exploiting user personal information ---gathered from his public profile--- to improve the password cracking process.First, we propose a Markov chain password cracker and show through extensive experiments that it outperforms all probabilistic password crackers we compared against. In a second step, we systematically analyze the idea that additional personal information about a user helps in speeding up password guessing. We propose a methodology that exploits this information in the cracking process and demonstrate that the gain can go up to 30%.These studies clearly indicate that publicly disclosing personal information harms privacy, which calls for a method to estimate this loss. Our second contribution tries to answer this question by providing a quantitative measure of privacy. We propose a practical, yet formally proved, method to estimate the uniqueness of each profile by studying the amount of information carried by public profile attributes. To achieve our goal, we leverage Ads Audience Estimation platform and an unbiased sample of more than 400K Facebook public profiles. Our measurement results show that the combination of gender, current city and age can identify close to 55% of users to within a group of 20 and uniquely identify around 18% of them.In the second part of this thesis, we investigate the privacy threats resulting from the interactions between the OSN platform and external entities. First, we explore the tracking capabilities of the three major OSNs (i.e., Facebook, Google+ and Twitter) and show that ``share-buttons'' enable them to persistently and accurately track users' web activity. Our findings indicate that OSN tracking is diffused among almost all website categories which allows OSNs to reconstruct a significant portion of users' web profile and browsing history.Finally, we develop a measurement platform to study the interaction between OSN applications --- of Facebook and RenRen --- and fourth parties. We show that several third party applications are leaking user information to ``fourth'' party entities such as trackers and advertisers. This behavior affects both Facebook and RenRen with varying severity.

Vie privée

Fuite d'information

Réseaux sociaux

Privacy

Information leakage

Social Network

004

Informationsläckage : Orsaker, hantering och påverkan av informationsläckage enligt enskilda individer på organisationer inom den privata samt offentliga sektorn.

Gajek, Arneo, Bard Forsberg, Amanda

January 2015

Idag är information en av de viktigaste resurser som en organisation kan ha. På grund av den stora mängden information som flödar inom organisationen har det blivit en allt svårare resurs att skydda. Informationsläckage av hemligstämplad information blir därmed ett vanligt problem och kan leda till förödande konsekvenser för organisationer. Informationsläckage kan hanteras samt påverka organisationer på olika sätt och i denna studie undersöker vi huruvida det finns någon skillnad på hur de organisationer vi intervjuat inom den offentliga samt privata sektorn hantera samt påverkas av informationsläckage. Undersökningen inkluderar även vad enskilda individer, som på något sätt är kopplade till informationssäkerheten, inom organisationerna anser är anledningen till att någon väljer att bryta mot informationssäkerheten och läcka information.  En kvalitativ studie har gjorts på sex olika organisationer i Ljungby kommun där vi alltså intervjuat 11 personer med någon anknytning till informationssäkerhet med inriktning mot sekretessavtal. Enligt resultatet framgår det att samtliga informanter är medvetna om problemet informationsläckage och till stor del eniga om hur organisationerna de arbetar på skulle påverkas vid ett informationsläckage samt hur detta skulle hanteras. De informanter som kunde svara på hur de upplevde att organisationerna skulle kunna påverkas menade att organisationernas anseende och förtroende skulle kunna skadas på sikt. Enligt informanterna finns det även likheter i hur organisationerna hanterar informationsläckage, där fem av sex individer i organisationer inom den privata sektorn samt tre av fem informanter i organisationer inom den offentliga sektorn, arbetar med någon typ av avtal/handlingsplan. 10 av 11 informanter tror att det är ett omedvetet val till att läcka information och att det oftast sker till följd av misstag och obetänksamhet. / Information is one of the most important resources of an organization in today’s society. Because of the large amount of information that flows within the organization, information has become an increasingly difficult resource to protect. Information leakage of classified information has become a common problem and can lead to devastating consequences for organizations if it is not handled with care. Information leakage can be managed and affect organizations differently. In this paper we aim to further examine whether there are any differences between how organizations in the public and the private sectors are managing and being affected by information leakage. This paper also aims to examine what the individuals of each organization believe is the reason to why an employee would leak information. A qualitative study has been made on six different organizations in the municipality of Ljungby, where 11 people were interviewed with association to information security with focus on confidentiality agreements. According to our results it appears that all informants are aware of information leakage and agree upon how information leakage should be handled in their organizations and how it would affect them. The informants who could answer on how they believe the organization would be affected said that the organization’s reputation and trust could be affected over time. There are also similarities in how the organizations manage information leakage according to our informants, were five of six informants within the private sector and three of six informants within the public sector, work with some type of contract/action plan. 10 of 11 informants believe it’s an unconscious choice to leak information and that is mostly happens because of mistakes and recklessness.

Information leakage

information security

Informationsläckage

informationssäkerhet

Computer and Information Sciences

Data- och informationsvetenskap

Quantifying Information Leakage via Adversarial Loss Functions: Theory and Practice

January 2020

abstract: Modern digital applications have significantly increased the leakage of private and sensitive personal data. While worst-case measures of leakage such as Differential Privacy (DP) provide the strongest guarantees, when utility matters, average-case information-theoretic measures can be more relevant. However, most such information-theoretic measures do not have clear operational meanings. This dissertation addresses this challenge. This work introduces a tunable leakage measure called maximal $\alpha$-leakage which quantifies the maximal gain of an adversary in inferring any function of a data set. The inferential capability of the adversary is modeled by a class of loss functions, namely, $\alpha$-loss. The choice of $\alpha$ determines specific adversarial actions ranging from refining a belief for $\alpha =1$ to guessing the best posterior for $\alpha = \infty$, and for the two specific values maximal $\alpha$-leakage simplifies to mutual information and maximal leakage, respectively. Maximal $\alpha$-leakage is proved to have a composition property and be robust to side information. There is a fundamental disjoint between theoretical measures of information leakages and their applications in practice. This issue is addressed in the second part of this dissertation by proposing a data-driven framework for learning Censored and Fair Universal Representations (CFUR) of data. This framework is formulated as a constrained minimax optimization of the expected $\alpha$-loss where the constraint ensures a measure of the usefulness of the representation. The performance of the CFUR framework with $\alpha=1$ is evaluated on publicly accessible data sets; it is shown that multiple sensitive features can be effectively censored to achieve group fairness via demographic parity while ensuring accuracy for several \textit{a priori} unknown downstream tasks. Finally, focusing on worst-case measures, novel information-theoretic tools are used to refine the existing relationship between two such measures, $(\epsilon,\delta)$-DP and R\'enyi-DP. Applying these tools to the moments accountant framework, one can track the privacy guarantee achieved by adding Gaussian noise to Stochastic Gradient Descent (SGD) algorithms. Relative to state-of-the-art, for the same privacy budget, this method allows about 100 more SGD rounds for training deep learning models. / Dissertation/Thesis / Doctoral Dissertation Electrical Engineering 2020

Electrical engineering

Differential Privacy

Fairness

Generative adversarial models

Information leakage measure

Loss function

Privacy/Censoring

Information leakage and Stackelberg leadership in Cournot competition

LUO, Huajiang

25 August 2015

In duopoly Cournot competition with sequential moves, it is well known that each player prefers Stackelberg leadership without demand uncertainty. We study the same game when the demand is uncertain, and firms possess some private information about the uncertain demand. There are two effects of private information in this game. First, when the Stackelberg leader moves first, its private information is leaked to, or inferred by the Stackelberg follower via the output quantity. Hence, the Stackelberg follower makes decision based on more accurate information than the leader. Second, the leader incurs a cost to signal its information to the follower, which hurts the leader. Both effects hurt the Stackelberg leader, then the follower may earn more ex ante profit than the leader. When the demand is continuous, Gal-or (1987) assumes that firms follow linear decision rules and reports that the follower always sets a higher output quantity than the leader and earns more profit than the leader. However, our study finds that it is true if and only if the demand is unboundedly distributed. Otherwise, the Stackelberg leader's Pareto-optimal output quantity is not linear in its private information unless it observes the highest signal, and the follower does not always earn more ex ante profit than the leader. When the demand is discretely distributed, we study how the number of demand states influences the effect of cost of signaling. With more demand states, the effect of cost of signaling on the leader becomes more significant, and the follower may earn more ex ante profit than the leader.

Information leakage

The First-mover advantage

Cournot competition

Signaling

Management Information Systems

共通番号(マイナンバー)制度の民間サービス利用時における個人情報漏洩のリスク評価に関する研究 / キョウツウ バンゴウ(マイ ナンバー)セイド ノ ミンカン サービス リヨウジ ニオケル コジン ジョウホウ ロウエイ ノ リスク ヒョウカ ニカンスル ケンキュウ / 共通番号マイナンバー制度の民間サービス利用時における個人情報漏洩のリスク評価に関する研究

新山 剛司, Takeshi Niiyama

31 March 2016

2016年1月施行予定の共通番号（マイナンバー）制度によって日本に居住する外国人を含む全住民に付与されるマイナンバーの漏洩防止は、個人情報の保護という点だけでなく今後の我が国の情報通信産業の競争力強化という観点からも重要な課題である。本研究の目的はマイナンバーを民間利用する場合のリスク評価を行い、そのリスクに対する対策立案を行うことである。 / 博士(技術・革新的経営) / Doctor of Philosophy in Technology and Innovative Management / 同志社大学 / Doshisha University

セキュリティ

マイナンバー

情報漏洩

Security

Called My Number

Information Leakage