Analysis and design of secure and privacy preserving systems

Download files
Access & Terms of Use
open access
Copyright: Ikram, Muhammad
CC BY-NC-ND 3.0
Altmetric
Abstract
Millions of users employ secure and privacy preserving systems to prevent privacy-intrusive and malicious activities and either to circumvent censorship or access geo-blocked content. Most, if not all, such proposals use predefined filter-lists and various encryption protocols. In practice, however, users have little if any guarantees about the security and privacy features of these systems, and perhaps no practical knowledge about the entities accessing their online traffic. In this thesis, first we analysis geographical spread and temporal behavior of malicious activities from 2007 to 2017. We categorize malicious activities and characterize their prevalence and recurrence. We reveal the most frequent and emergent actors such as hosting-infrastructures and geolocations. We then study the security and privacy features of two prominent categories of secure and privacy preserving systems: Virtual Private Networks (VPN) apps and Ad-Blocking apps/plugins. Our analysis reveals several instances of VPN apps that expose users to serious privacy and security vulnerabilities. We identify VPN apps using week security protocols and manipulating users' traffic. Our results show that--in spite of their privacy and security promises--millions of users are unawarely subject to poor security guarantees and malicious activities often inflicted by these systems. Our findings confirm the paradoxical presence of third-party tracking libraries and malware codes in these systems. We argue, through large-scale experiments, that Ad-Blocking for the Web are ineffective in preventing privacy-intrusive advertisements and tracking services and validate that they often affect the functionalities of webpages. One major contribution of this thesis is therefore to classify privacy-intrusive components, namely JavaScript programs (JSes). We, first examine the two classes of JSes and hypothesize that tracking JSes share syntactic and semantic similarities that can be used to differentiate them from functional JSes. Then we propose one-class machine-learning classifiers using syntactic and semantic features extracted from JSes. We show the effectiveness of our method and determine that our approach enhances user Web experience by correctly classifying more functional JSes and also discovers previously unknown tracking services.
Persistent link to this record
http://hdl.handle.net/1959.4/60197
DOI
https://doi.org/10.26190/unsworks/20535
Link to Publisher Version
Link to Open Access Version
Additional Link
Author(s)
Ikram, Muhammad
Supervisor(s)
Seneviratne, Aruna
Kaafar, Mohamed Ali
Creator(s)
Editor(s)
Translator(s)
Curator(s)
Designer(s)
Arranger(s)
Composer(s)
Recordist(s)
Conference Proceedings Editor(s)
Other Contributor(s)
Corporate/Industry Contributor(s)
Publication Year
2018
Resource Type
Thesis
Degree Type
PhD Doctorate
UNSW Faculty
Files
download public version.pdf 16.32 MB Adobe Portable Document Format
Related dataset(s)
View full record Show statistics