The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots that sense, think and act cooperatively in social settings just like human beings. In the wrong hands, these bots can be used to infiltrate online communities, build up trust over time and then send personalized messages to elicit information, sway opinions and call to action. In this position paper, we observe that defending against such malicious bots raises a set of unique challenges that relate to web automation, online-offline identity binding and usable security.
Key Challenges in Defending Against Malicious Socialbots
↧
↧
Key Challenges in Defending Against Malicious Socialbots
The ease with which we adopt online personas and relationships has created a soft spot that cyber criminals are willing to exploit. Advances in artificial intelligence make it feasible to design bots that sense, think and act cooperatively in social settings just like human beings. In the wrong hands, these bots can be used to infiltrate online communities, build up trust over time and then send personalized messages to elicit information, sway opinions and call to action. In this position paper, we observe that defending against such malicious bots raises a set of unique challenges that relate to web automation, online-offline identity binding and usable security.
↧
Design and Analysis of a Social Botnet
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, spread misinformation, and even influence algorithmic trading. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect with a large number of users in the targeted OSN. In this article, we evaluate how vulnerable OSNs are to a large-scale infiltration campaign run by socialbots: bots that control OSN accounts and mimic the actions of real users. We adopted the design of a traditional web-based botnet and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for eight weeks, and collected data about user behavior in response to a large-scale infiltration campaign. Our results show that (1) by exploiting known social behaviors of users, OSNs such as Facebook can be infiltrated with a success rate of up to 80%, (2) subject to user profile privacy settings, a successful infiltration can result in privacy breaches where even more private user data are exposed, (3) given the economics of today's underground markets, running a large-scale infiltration campaign might be profitable but is still not particularly attractive as a sustainable and independent business, (4) the security of socially-aware systems that use or integrate OSN platforms can be at risk, given the infiltration capability of an adversary in OSNs, and (5) defending against malicious socialbots raises a set of challenges that relate to web automation, online-offline identity binding, and usable security.
↧
Augur: Aiding Malware Detection Using Large-Scale Machine Learning
We present Augur: a large-scale machine learning system that uses malware static and dynamic analyses to predict the maliciousness of new files. Unlike other machine learning-based malware detection systems, Augur utilizes existing knowledge engineering performed by analysts and uses static and dynamic file properties (called Genes and Phenoms, respectively) as prominent predictive features. Augur can be deployed along side existing detection systems (e.g., an expert system) in order to achieve faster reactions to suspicious files at the endpoint, and to automatically generate effective signatures of new, unseen before malware.
↧
The Devil is in the (Implementation) Details: An Empirical Analysis of OAuth SSO Systems
Millions of web users today employ their Facebook accounts to sign into more than one million relying party (RP) websites. This web-based single sign-on (SSO) scheme is enabled by OAuth 2.0, a web resource authorization protocol that has been adopted by major service providers. The OAuth 2.0 protocol has proven secure by several formal methods, but whether it is indeed secure in practice remains an open question. We examine the implementations of three major OAuth identity providers (IdP) (Facebook, Microsoft, and Google) and 96 popular RP websites that support the use of Facebook accounts for login. Our results uncover several critical vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph, and impersonate the victim on the RP website. Closer examination reveals that these vulnerabilities are caused by a set of design decisions that trade security for implementation simplicity. To improve the security of OAuth 2.0 SSO systems in real-world settings, we suggest simple and practical improvements to the design and implementation of IdPs and RPs that can be adopted gradually by individual sites.
↧
↧
Speculative Authorization
We present Speculative Authorization (SPAN), a prediction technique that reduces authorization latency in enterprise systems. SPAN predicts requests that a system client might make in the near future, based on its past behavior. SPAN allows authorization decisions for the predicted requests to be made before the requests are issued, thus virtually reducing the authorization latency to zero. We developed SPAN algorithms, implemented a prototype, and evaluated it using two real-world data traces and one synthetic data trace. The results of our evaluation suggest that systems employing SPAN are able to achieve zero authorization latency for almost 60% of the requests. We analyze the tradeoffs between the hit rate and the precision of SPAN predictions, which directly affect the corresponding computational overhead. We also compare the benefits of deploying both caching and SPAN together, and find that SPAN can effectively improve the performance of those systems which have caches of a smaller size.
↧
Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection
Password meters tell users whether their passwords are "weak" or "strong." We performed a laboratory experiment to examine whether these meters influenced users' password selections when they were forced to change their real passwords, and when they were not told that their passwords were the subject of a study. We observed that the presence of meters yielded significantly stronger passwords. We performed a followup field experiment to test a different scenario: creating a password for an unimportant account. In this scenario, we found that the meters made no observable difference: participants simply reused weak passwords that they used to protect similar low-risk accounts. We conclude that meters result in stronger passwords when users are forced to change existing passwords on "important" accounts and that individual meter design decisions likely have a marginal impact.
↧
Graph-based Sybil Detection in Social and Information Systems
Sybil attacks in social and information systems have serious security implications. Out of many defence schemes, Graph-based Sybil Detection (GSD) had the greatest attention by both academia and industry. Even though many GSD algorithms exist, there is no analytical framework to reason about their design, especially as they make different assumptions about the used adversary and graph models. In this paper, we bridge this knowledge gap and present a unified framework for systematic evaluation of GSD algorithms. We used this framework to show that GSD algorithms should be designed to find local community structures around known non-Sybil identities, while incrementally tracking changes in the graph as it evolves over time.
↧
Investigating Users' Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
OpenID and OAuth are open and simple web single sign-on (SSO) protocols that have been adopted by major service providers, and millions of supporting websites. However, the average user's perception of web SSO is still poorly understood. Through several user studies, this work investigates users' perceptions and concerns when using web SSO for authentication. We found several misconceptions and concerns that hinder our participants' adoption intentions, from their inadequate mental models of web SSO, to their concerns of personal data exposure, and a reduction in their perceived web SSO value due to the employment of password management practices. Informed by our findings, we offer a web SSO technology acceptance model, and suggest design improvements.
↧
↧
Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders
Smartphones store large amounts of sensitive data, such as SMS messages, photos, or email. In this paper, we report the results of a study investigating users’ concerns about unauthorized data access on their smartphones (22 interviewed and 724 surveyed subjects). We found that users are generally concerned about insiders (e.g., friends) accessing their data on smartphones. Furthermore, we present the first evidence that the insider threat is a real problem impacting smartphone users. In particular, 12% of subjects reported a negative experience with unauthorized access. We also found that younger users are at higher risk of experiencing unauthorized access. Based on our results, we propose a stronger adversarial model that incorporates the insider threat. To better reflect users’ concerns and risks, a stronger adversarial model must be considered during the design and evaluation of data protection systems and authentication methods for smartphones.
↧
Heuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. In this paper, we explore how domain specific heuristics are created by examining prior research in the area of heuristic and guideline creation. We then describe our approach of creating usability heuristics for ITSM tools, which is based on guidelines for ITSM tools that are interpreted and abstracted with activity theory. With a between-subjects study, we compared the employment of the ITSM and Nielsen's heuristics for evaluation of a commercial identity management system. Participants who used the ITSM set found more problems categorized as severe than those who used Nielsen's. We analyzed several aspects of our heuristics including the performance of individual participants using the heuristic, the performance of individual heuristics, the similarity of our heuristics to Nielsen's, and the participants' opinion about the use of heuristics for evaluation of IT security tools. We then discuss the implications of our results on the use of ITSM and Nielsen's heuristics for usability evaluation of ITSM tools.
↧
Privacy Aspects of Health Related Information Sharing in Online Social Networks
Online social networks (OSNs) have formed virtual social networks where people meet and share information. Among all shared information, health related information (HRI) has received considerable attention from researchers and individual users. While considered beneficial, sharing HRI, which is personal in nature, comes with its privacy drawback. Privacy is a process of boundary regulation that is related to the individual and her perception of the surrounding environment. As a result, the subjective privacy risk perceptions associated with sharing HRI in OSN have driven people to adopt different types of behaviour, both in terms of HRI sharing and privacy risk mitigation. Through an online survey, we examined factors that affect users' perceived privacy risks along with their risk-mitigating behaviour, when it comes to sharing HRI in OSNs. The results suggest that the majority (over 95%) of participants share some HRI, with the "type'' and the "recipient'' of the shared HRI being the key factors that affect the perceived privacy risk and the risk-mitigating behavioural responses.
↧
Security and Privacy in Online Social Networks
Facebook has more monthly active users than almost any nation in the world. Whether one likes it or not, these users spend about 30 minutes daily browsing, posting, messaging, and otherwise socializing with others via OSNs and other social media. It's not surprising that social media has been taken to use by a wide range of individuals and organizations, from US President Obama who raised $690M in his reelection campaign of 2012, to the activists of Arab Spring in 2011, to numerous (legitimate and no so) organizations promoting their products and services, to law enforcement agencies. With so many different stakeholders, security and privacy in OSNs became an important, intriguing, and controversial subject. This talk will overview current research in OSN security and privacy and discuss, in a language accessible to wide audience, a snapshot of developments and discoveries published in last 5 years.
↧
↧
Towards Improving the Usability and Security of Web Single Sign-On Systems
OpenID and OAuth are open and lightweight web single sign-on (SSO) protocols that have been adopted by high-profile identity providers (IdPs), such as Facebook, Google, Microsoft, and Yahoo, and millions of relying party (RP) websites. However, the average users' perceptions of web SSO and the systems' security guarantees are still poorly understood. Aimed at filling these knowledge gaps, we conducted several studies to further the understanding and improvements of the usability and security of these two mainstream web SSO solutions. First, through several in-lab user studies, we investigated users' perceptions and concerns when using web SSO for authentication. We found that our participants had several misconceptions and concerns that impeded their adoption. This ranged from their inadequate mental models of web SSO, to their concerns about personal data exposure, and a reduction in their perceived web SSO value due to the employment of password management practices. Informed by our findings, we offered a web SSO technology acceptance model, and suggested design improvements. Second, we performed a systematic analysis of the OpenID 2.0 protocol using both formal model checking and an empirical evaluation of 132 popular RP websites. The formal analysis identified three weaknesses in the protocol, and based on the attack traces from the model checking engine, six exploits and a semiautomated vulnerability assessment tool were designed to evaluate how prevalent those weaknesses are in the real-world implementations. Two practical countermeasures were proposed and evaluated to strengthen the uncovered weaknesses in the protocol. Third, we examined the OAuth 2.0 implementations of three major IdPs and 96 popular RP websites. By analyzing browser-relayed messages during SSO, our study uncovered several vulnerabilities that allow an attacker to gain unauthorized access to the victim user's profile and social graph on IdPs, and impersonate the victim on RP websites. We investigated the fundamental causes of these vulnerabilities, and proposed several simple and practical design improvements that can be adopted gradually by individual sites. In addition, we proposed and evaluated an approach for websites to prevent SQL injection attacks, and a user-centric access-control scheme that leverages the OpenID and OAuth protocols.
↧
Finding Influential Neighbors to Maximize Information Diffusion in Twitter
The problem of spreading information is a topic of considerable recent interest, but the traditional influence maximization problem is inadequate for a typical viral marketer who cannot access the entire network topology. To fix this flawed assumption that the marketer can control any arbitrary k nodes in a network, we have developed a decentralized version of the influential maximization problem by influencing k neighbours rather than arbitrary users in the entire network. We present several reasonable neighbour selection schemes and evaluate their performance with a real dataset collected from Twitter. Unlike previous studies using net- work topology alone or synthetic parameters, we use real propagation rate for each node calculated from the Twitter messages during the 2010 UK election campaign. Our experimental results show that information can be efficiently propagated in online social networks using neighbours with a high propagation rate rather than those with a high number of neighbours.
↧
Thwarting fake accounts by predicting their victims
Traditional fake account detection systems employed by today's online social networks rely on either features extracted from user activities, or ranks computed from the underlying social graph. We herein present a system that integrates both approaches to deliver a more resilient defense mechanism that is both efficient and effective. We present a two-phase, iterative technique to achieve this integration. First, we leverage the insight that harmful fake accounts connect with other users (i.e., victims) before mounting subsequent attacks. We therefore train a classifier to predict these victims using features extracted from the activities of known, non-fake accounts. Second, we observe that actual victims are located at the borderline between two subgraphs, effectively separating harmful fake accounts from other accounts in the social graph. We take advantage of this observation by using the predicted victims as "deflection points" for a short random walk that starts from a known, non-fake account that is not a victim. By ranking accounts based on their landing probability, we guarantee that most of the fake accounts have a strictly lower rank than non-fake accounts. The results of our experiments show that our technique can help in reducing the number of victims while providing a more robust ranking for fake accounts detection.
↧
Access Review Survey Report
To further understand the state of the practice in access review, and collect quantitative results on how companies perform access review, we conducted a survey of security practitioners. This report analyzes the results of the survey.
↧
↧
To Befriend Or Not? A Model of Friend Request Acceptance on Facebook
Accepting friend requests from strangers in Facebook-like online social networks is known to be a risky behavior. Still, empirical evidence suggests that Facebook users often accept such requests with high rate. As a first step towards technology support of users in their decisions about friend requests for, we investigate why users accept such requests. We conducted two studies of users' befriending behavior on Facebook. Based on 20 interviews with active Facebook users, we developed a friend request acceptance model that explains how various factors influence user acceptance behavior. To test and refine our model, we also conducted a confirmatory study with 397 participants using Amazon Mechanical Turk. We found that four factors significantly impact the receiver's decision, namely, knowing the requester's in real world, having common hobbies or interests, having mutual friends, and the closeness of mutual friends. Based on our findings, we offer design guidelines for improving the usability of the corresponding user interfaces.
↧
To authorize or not authorize: helping users review access policies in organizations
This work addresses the problem of reviewing complex access policies in an organizational context using two studies. In the first study, we used semi-structured interviews to explore the access review activity and identify its challenges. The interviews revealed that access review involves challenges such as scale, technical complexity, the frequency of reviews, human errors, and exceptional cases. We also modeled access review in the activity theory framework. The model shows that access review requires an understanding of the activity context including information about the users, their job, their access rights, and the history of access policy. We then used activity theory guidelines to design a new user interface named AuthzMap. We conducted an exploratory user study with 340 participants to compare the use of AuthzMap with two existing commercial systems for access review. The results show that AuthzMap improved the efficiency of access review in 5 of the 7 tested scenarios, compared to the existing systems. AuthzMap also improved accuracy of actions in one of the 7 tasks, and only negatively affected accuracy in one of the tasks.
↧
Integro: Leveraging Victim Prediction for Robust Fake Account Detection in OSNs
Detecting fake accounts in online social networks (OSNs) protects OSN operators and their users from various malicious activities. Most detection mechanisms attempt to predict and classify user accounts as real (i.e., benign, honest) or fake (i.e., malicious, Sybil) by analyzing user-level activities or graph-level structures. These mechanisms, however, are not robust against adversarial attacks in which fake accounts cloak their operation with patterns resembling real user behavior. We herein observe that victims, benign users who control real accounts and have befriended fakes, form a distinct classification category that is useful for designing robust detection mechanisms. As attackers have no control over victim accounts and cannot alter their activities, a victim account classifier which relies on user-level activities is relatively hard to circumvent. Moreover, as fakes are directly connected to victims, a fake account detection mechanism that integrates victim prediction into graph-level structures can be more robust against manipulations of the graph. To validate this idea, we designed Integro, a scalable defense system that helps OSNs detect automated fake accounts using a robust user ranking scheme. Integro starts by predicting victim accounts from user-level activities. After that, it integrates these predictions into the graph as weights such that edges incident to predicted victims have lower weights than others. Finally, Integro ranks user accounts based on a modified random walk that starts from a known real account. Integro guarantees that most real accounts rank higher than fakes so that OSN operators can take actions against low-ranking fake accounts. We implemented Integro using widely-used, open-source parallel computing platforms in which it scaled nearly linearly. We evaluated Integro against SybilRank, the state-of-the-art in fake account detection, using real-world datasets and a large-scale deployment at Tuenti, the largest OSN in Spain. In particular, we show that Integro significantly outperforms SybilRank in user ranking quality, with the only requirement that the used victim classifier is better than random. Moreover, the deployment of Integro at Tuenti resulted in an order of magnitude higher fake account detection precision, as compared to SybilRank.
↧
More Pages to Explore .....
