Datenschutz und Datensicherheit - DuD

, Volume 35, Issue 11, pp 791–796 | Cite as

Verhaltensbasierte Verkettung von Internetsitzungen

  • Hannes Federrath
  • Christoph Gerber
  • Dominik Herrmann
Aufsätze
  • 99 Downloads

Zusammenfassung

Die Analyse der Aktivitäten eines Internet-Nutzers ist über längere Zeit in der Regel nur mit Kenntnis der bei vielen Internet-Zugangsprovidern mindestens einmal täglich wechselnden IP-Adressen möglich. Verwendet der Nutzer zudem einen Anonymisierungsdienst, sollte eine Verkettung der Nutzer-Aktivitäten auch für den Zugangsprovider unmöglich sein. Der Beitrag zeigt, dass eine verhaltensbasierte Verkettung dennoch möglich ist und verbreitete Anonymisierungslösungen in der Praxis einen deutlich geringeren Schutz vor Beobachtung bieten, als bisher angenommen.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. [1]
    Michael Barbaroand, Tom Zeller: A Face is Exposed for AOL Searcher No. 4417749. The New York Times, August 9, 2006.Google Scholar
  2. [2]
    T. Narten, R. Draves: Privacy Extensions for Stateless Address Autoconfiguration in IPv6. RFC 3041, 2001.Google Scholar
  3. [3]
    Justin Brickell, Vitaly Shmatikov: The Cost of Privacy: Destruction of Data-mining Utility in Anonymized Data Publishing. In: Proceeding of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining (KDD’ 08), ACM, New York, NY, USA, 2008, 70–78.Google Scholar
  4. [4]
    Peter Eckersley: How Unique Is Your Web Browser? In: Proceedings of the 10th International Symposium on Privacy Enhancing Technologies (PETS 2010), LNCS 6205, Springer, Heidelberg, Berlin, 2010, 1–18.CrossRefGoogle Scholar
  5. [5]
    Dimitris Koukis, Spyros Antonatos, Kostas G. Anagnostakis: On the Privacy Risks of Publishing Anonymized IP Network Traces. In: Proceedings of the 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia Security, LNCS 4237, Springer, Heidelberg, Berlin, 2006, 22–32.Google Scholar
  6. [6]
    Bradley Malin, Edoardo Airoldi: The Effects of Location Access Behavior on Re-identification Risk in a Distributed Environment. In: Proceedings of the 6th International Workshop on Privacy Enhancing Technologies, LNCS 4258, Springer, Heidelberg, Berlin, 2006, 413–429.CrossRefGoogle Scholar
  7. [7]
    Arvind Narayanan, Vitaly Shmatikov: Robust De-anonymization of Large Sparse Datasets. In: 2008 IEEE Symposium on Security and Privacy (S&P 2008), IEEE Computer Society, 2008, 111–125.Google Scholar
  8. [8]
    Gilbert Wondracek, Thorsten Holz, Engin Kirda, and Christopher Kruegel: A Practical Attack to De-anonymize Social Network Users. In: 31st IEEE Symposium on Security and Privacy, S&P 2010, IEEE Computer Society, 2010, 223–238.Google Scholar
  9. [9]
    Jeffrey Pang, Ben Greenstein, Ramakrishna Gummadi, Srinivasan Seshan, David Wetherall: 802.11 User Fingerprinting. In: Proceedings of the 13th annual ACM International Conference on Mobile Computing and Networking (MobiCom’ 07), ACM, New York, NY, USA, 2007, 99–110.Google Scholar
  10. [10]
    Balaji Padmanabhan, Yinghui Yang: Clickprints on the Web: Are there Signatures in Web Browsing Data? Working Paper Series, 2007. Available at http://ssrn.com/abstract=931057
  11. [11]
    Yinghui Yang, Balaji Padmanabhan: Toward User Patterns for Online Security: Observation Time and Online User Identification. Decision Support Systems 48 (2010) 548–558.CrossRefGoogle Scholar
  12. [12]
    Yinghui Yang: Web User Behavioral Profiling for User Identification. Decision Support Systems 49 (2010) 261–271.CrossRefGoogle Scholar
  13. [13]
    Marek Kumpošt: Data Preparation for User Profiling from Traffic Log. In: Proceedings of the International Conference on Emerging Security Information, Systems, and Technologies (SECUWARE 2007), 2007, 89–94.Google Scholar
  14. [14]
    Marek Kumpošt: Context Information and User Profiling. PhD thesis, Faculty of Informatics, Masaryk University, Czeck Republic, 2009.Google Scholar
  15. [15]
    Marek Kumpošt, Vašek Matyáš: User Profiling and Re-identification: Case of University-Wide Network Analysis. In: Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus’ 09), Springer-Verlag, Berlin, Heidelberg, 2009, 1–10.Google Scholar
  16. [16]
    Ian H. Witten, Eibe Frank: Data Mining: Practical Machine Learning Tools and Techniques. Elsevier, San Francisco, 2005.MATHGoogle Scholar
  17. [17]
    Christopher D. Manning, Prabhakar Raghavan, Hinrich Schütze: Introduction to Information Retrieval. Cambridge University Press, Cambridge, UK, 2008.CrossRefGoogle Scholar
  18. [18]
    George Kingsley Zipf: The Psycho-biology of Language — An Introduction to Dynamic Philology, 2nd edition, M.I.T. Press, Cambridge/Mass., 1968.Google Scholar
  19. [19]
    Lada Adamic, Bernardo Huberman: Zipf’s Law and the Internet. Glottometrics 3/1 (2002) 143–150.Google Scholar
  20. [20]
    Mark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, Ian H. Witten: The WEKA Data Mining Software: An Update. SIGKDD Explorations 11/1 (2009) 10–18.MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2011

Authors and Affiliations

  • Hannes Federrath
  • Christoph Gerber
  • Dominik Herrmann

There are no affiliations available

Personalised recommendations