ACM Transactions on

Privacy and Security (TOPS)

Latest Articles

Resilient Privacy Protection for Location-Based Services through Decentralization

Location-Based Services (LBSs) provide valuable services, with convenient features for mobile users. However, the location and other information... (more)

Malicious Overtones: Hunting Data Theft in the Frequency Domain with One-class Learning

A method for detecting electronic data theft from computer networks is described, capable of recognizing patterns of remote exfiltration occurring over days to weeks. Normal traffic flow data, in the form of a host’s ingress and egress bytes over time, is used to train an ensemble of one-class learners. The detection ensemble is modular,... (more)

Will They Use It or Not? Investigating Software Developers’ Intention to Follow Privacy Engineering Methodologies

With the increasing concerns over privacy in software systems, there is a growing enthusiasm to... (more)


About TOPS

ACM TOPS publishes high-quality research results in the fields of information and system security and privacy.  Studies addressing all aspects of these fields are welcomed, ranging from technologies, to systems and applications, to the crafting of policies.

Read more

Forthcoming Articles
A Multi-server ORAM Framework with Constant Client Bandwidth Blowup

Oblivious Random Access Machine (ORAM) allows a client to hide the access pattern when accessing sensitive data on a remote server. It is known that there exists a logarithmic communication lower bound on any passive ORAM construction, where the server only acts as the storage service. This overhead was shown too costly for some applications. Several active ORAM schemes with server computation have been proposed to overcome this limitation. However, they mostly rely on costly homomorphic encryptions, whose performance is worse than passive ORAM. In this article, we propose S3ORAM, a new multi-server ORAM framework, which features O(1) client bandwidth blowup and low client storage without relying on costly cryptographic primitives. Our key idea is to harness Shamir Secret Sharing and a multi-party multiplication protocol on applicable binary tree-ORAM paradigms. This strategy allows the client to instruct the server(s) to perform secure and efficient computation on his/her behalf with a low intervention thereby, achieving a constant client bandwidth blowup and low server computational overhead. Our framework can also work atop a general ?-ary tree ORAM structure (??2). We fully implemented our framework, and strictly evaluated its performance on commodity cloud architecture (Amazon EC2). Our comprehensive experiments confirmed the efficiency of S3ORAM framework, where it is approximately 10× faster than the most efficient passive ORAM (i.e., Path-ORAM) for a moderate network bandwidth, while being three orders of magnitude faster than active ORAM with O(1) bandwidth blowup (i.e., Onion-ORAM). We have outsourced the implementation of our framework for public testing and adaptation

The Dilemma of User Engagement in Privacy Notices...

Privacy notices and consent forms are the means of conveying privacy policy information to users. In Europe, a valid consent needs to be confirmed by a clear affirmative action. Despite previous research, it is not yet clear whether user engagement with consent forms via different types of interactions for confirming consent may play a significant role in effectively drawing user attention to the content, even after repeated exposure. We investigate, in a laboratory study, how different types of interactions which engage users with consent forms differ in terms of their effectiveness, efficiency, and user satisfaction. In addition, we examine if and how habituation affects user attention and satisfaction, and the time they spend on giving their consent. We conducted a controlled experiment with 80 participants in four different groups where people either were engaged actively with the policy content via Drag and Drop (DAD), Swipe, or Checkboxes, or were not actively engaged with the content (as the control condition) in a first-exposure phase and in a habituation phase. We measured user attention to consent forms along multiple dimensions, including direct, objective measurements and indirect, self-reporting measures. Our results show that the different types of interactions may affect user attention to certain parts of policy information. In particular, the DAD action results in significantly more user attention to the data items compared to other groups. However, with repeated exposures to consent forms, the difference disappears. We conclude that user engagement with policy content needs to be designed with care...

Skype & Type: Keyboard Eavesdropping in Voice-over-IP

Voice-over-IP (VoIP) software are increasingly widespread, counting millions of monthly users. However, we argue that people ignore the drawbacks of transmitting information along with their voice, such as keystroke sounds -- as such sounds can reveal what someone is typing on a keyboard. In this paper, we present a new keyboard acoustic eavesdropping attack that involves VoIP, called Skype & Type (S&T). Unlike previous attacks, S&T assumes a weak adversary model that is practical in many real-world settings. Indeed, S&T is very feasible, as it does not require: (i) the attacker to be physically close to the victim; (ii) precise profiling of the victim's typing style and keyboard. Moreover, it can work with a very small amount of leaked keystrokes -- and leakage of keystrokes during a VoIP call is likely, as people often simultaneously "multi-task". As expected, VoIP software acquires and faithfully transmits all sounds, including keystrokes, which can include passwords and other sensitive information. We show that one very popular VoIP software (Skype) conveys enough audio information to reconstruct the victim's input: S&T can attain up to top-5 accuracy of 91.7% in guessing a random key pressed by the victim. This work extends previous results on S&T, demonstrating that our attack is effective with different recording devices (such as laptop and headset microphones, and smartphones close to the target keyboard), typing styles, and speed, and is particularly threatening when the victim is typing in a known language.

Mimicry Attacks on Smartphone Keystroke Authentication

Keystroke behaviour-based authentication employs the unique typing behaviour of users to authenticate them. Recent such proposals for virtual keyboards on smartphones employ diverse temporal, contact, and spatial features to achieve over 95% accuracy. Consequently, they have been suggested as a second line of defense with text-based password authentication. We show that a state-of-the-art keystroke behaviour-based authentication scheme is highly vulnerable against mimicry attacks. While previous research used training interfaces to attack physical keyboards, we show that this approach has limited effectiveness against virtual keyboards. This is mainly due to the large number of diverse features that the attacker needs to mimic for virtual keyboards. We address this challenge by developing an augmented reality-based app that resides on the attacker's smartphone and leverages computer vision and keystroke data to provide real-time guidance during password entry on the victim's phone. In addition, we propose an audiovisual attack in which the attacker overlays transparent film printed with spatial pointers on the victim's device, and uses audio cues to match the temporal behaviour of the victim. Both attacks require neither tampering or installing software on the victim's device nor specialized hardware. We conduct experiments with 30 users to mount over 400 mimicry attacks. We show that our methods enable an attacker to mimic keystroke behaviour on virtual keyboards with little effort. Furthermore, since our augmented reality-based method provides the attacker with real-time guidance on how to submit touch input on smartphones, it can be extended to attack other touch input behaviour-based systems for smartphones.

All ACM Journals | See Full Journal Index

Search TOPS
enter search term and/or author name