notice
November 11, 2016: Invited Speaker Seminar: ReCon: Identifying and Controlling Privacy Leaks From Mobile Devices
Dr. David Choffnes
Northeastern University
Friday, November 11, 2016 at 4:00 pm
Room EV003.309
Abstract
Mobile systems have become increasingly popular thanks in part to their rich sensors and ubiquitous Internet access; however, recent studies demonstrate that software running on these systems extensively tracks and leaks users’ personally identifiable information (PII). I argue that these privacy leaks persist in large part because mobile users have little visibility into PII leaked through the network traffic generated by their devices, and have poor control over how, when, and where that traffic is sent and handled by third parties.
In this talk, I describe ReCon, a cross-platform system that reveals PII leaks and gives users control over them without requiring any special privileges or custom OSes. Specifically, our key observation is that PII leaks must occur over the network, so we implement our system in the network using a software middlebox. We then use a machine learning approach to efficiently and accurately detect users’ PII without knowing a priori the content that is PII. Further, we develop techniques to block, obfuscate, or ignore the PII leak, by displaying leaks via a visualization tool and letting the user decide how the sysem should act on transmitted PII. I discuss the design and implementation of the system and evaluate its methodology with measurements from controlled experiments and flows from a user study with 300 volunteer participants worldwide.
Last, I present results from our experience with the system, including how we found (and helped fix) plaintext password exposure vulnerabilities, passwords being sent to unauthorized third parties, surprising levels of user tracking, and unexpected differences between information gathering across platforms for the same online service. Through responsible disclosure and public outreach, we are trying to help users by exposing today’s privacy problems and giving them tools to protect their personal information going forward.
Biography
David Choffnes is an assistant professor in the College of Computer and Information Science at Northeastern University. His research is primarily in the areas of distributed systems and networking, focusing on mobile systems and privacy. Much of his work entails crowdsourcing measurement analysis and performance evaluation of Internet systems by deploying software to users at the scale of tens or hundreds of thousands of users. He earned his Ph.D. from Northwestern (not in the northwest), and completed a postdoc at the University of Washington (in the northwest), prior to joining Northeaster (both in the northeast and northwest). He sees no reason why this should at all be confusing. He is a co-author of three textbooks, and his research has been supported by the NSF, Google, the Data Transparency Lab, M-Lab, and a Computing Innovations Fellowship.
Contact
For additional information, please contact:
Dr. Jeremy Clark
514-848-2424 ext. 5381
j.clark@concordia.ca