1 / 27

The High School Profiling Attack: How Privacy Laws Can Increase Minors’ Risk

The High School Profiling Attack: How Privacy Laws Can Increase Minors’ Risk. Ratan Dey, Yuan Ding, Keith W. Ross Dept. of Computer Science and Engineering. Third-Party Profiling of Children. Question:

meriel
Télécharger la présentation

The High School Profiling Attack: How Privacy Laws Can Increase Minors’ Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The High School Profiling Attack: How Privacy Laws Can Increase Minors’ Risk Ratan Dey, Yuan Ding, Keith W. Ross Dept. of Computer Science and Engineering

  2. Third-Party Profiling of Children Question: Is it possible to automatically build detailed profiles of most of the teenagers (ages 12-17) in a target high school? Profiles might include: • Full name, gender, birth year, current school name, school year • Home street address, photo of home • SkypeID, email address • Names and profiles of family members; names and profiles of school friends • Interests, wall postings, hundreds of photos

  3. The Danger Data brokers: • sell profiles to advertisers, spammers, malware distributors, employment agencies, college admission offices. • teen market surpasses $200B in US Pedophiles: • many already luring victims with Facebook Spear-phishing attacks: • Large-scale, automated and highly personalized

  4. Natural Approach: Begin w/ Facebook • Find a child on FB, download his information. • Visit his friends’ pages. • Repeat with friends. • Then try to enhance profiles with other sources.

  5. What a stranger sees about a minor:

  6. What a stranger sees about an adult

  7. Default and Worst-Case Information Available to Strangersin Facebook

  8. Challenge • For a given high school, how do we find the students in Facebook and build profiles??? • Minors are not searchable by school in FB • Only name, profile photo, cover photo album, and gender available for minor.

  9. Attack Ingredients • COPPA, a law designed to protect the privacy of children, indirectly facilitates the attack. • “Reverse Friend Lookup,” an attacker can infer a user’s friends even if the user’s friend list is private. • High-school students tend to have a relatively large number of friends from the same high school in the same graduating class year.

  10. Children’s Online Privacy Protection Act Some children lie about their ages

  11. High-School Profiling Attack • Pick target HS • Search FB by HS • Mostly get adults (alumni) • But get some lying minors w/ future grad year: “core users” • Collect all friends of core users: “candidates” • Identify candidates with many friends in core set

  12. Identify candidates w/ many core friends candidate students core users

  13. Honest minors are vulnerable Lying minors in 10thgrade in Springfield HS Honest minor: name and pic • Harry likely: • lives in Springfield • goes to Springfield High • 10th grade • 16 years old • friends with Lisa, Etienne

  14. Data sets – One private & two public high schools

  15. Estimating the crawling efforts

  16. High-School #1 • 362 students; found FB pages for 325 • Attack:18 core users; 6,282 candidates Top 300 has 75% w/ 22% false negatives

  17. High-School #2,3

  18. Profile for honest minor: • Full name, gender, profile picture • City, school name, school year, birth year • Friends in same school; their profiles • Home street address, photo of home • Names of parents • SkypeID • Facebook pages of parents • ……

  19. What if no COPPA ?

  20. Counter-measure: remove Harry from others’ friend lists

  21. Take away • Component of COPPA law actually facilitates privacy leakages to third parties. • OSNs can take additional measures to significantly protect children’s privacy. • Remove minors from public friend lists • Detect lying minors

  22. Some Current/Future Research • Defenses • Government polices, OSN measures • Quantify privacy leakage • City attack • Attempt to find and profile all middle-school and high-school children • Active attack: “friend” minors, get more info • Information from photos • Big data approach

  23. IMDB Database

  24. Poly Students

  25. Component graphs for students Component # 1 Component # 2

  26. Obtaining relative height estimates • Use openCV for face detection • Use midpoints of boxes to determine height differences in pixels = pij • Determine average box size in pixels = b • Determine height differences wrt box height 5. e.g., S = 15 cm

  27. CDF for School Database

More Related