Sciweavers

PET
2010
Springer

Private Information Disclosure from Web Searches

14 years 4 months ago
Private Information Disclosure from Web Searches
As the amount of personal information stored at remote service providers increases, so does the danger of data theft. When connections to remote services are made in the clear and authenticated sessions are kept using HTTP cookies, data theft becomes extremely easy to achieve. In this paper, we study the architecture of the world’s largest service provider, i.e., Google. First, with the exception of a few services that can only be accessed over HTTPS (e.g., Gmail), we find that many Google services are still vulnerable to simple session hijacking. Next, we present the Historiographer, a novel attack that reconstructs the web search history of Google users, i.e., Google’s Web History, even though such a service is supposedly protected from session hijacking by a stricter access control policy. The Historiographer uses a reconstruction technique inferring search history from the personalized suggestions fed by the Google search engine. We validate our technique through experiments c...
Claude Castelluccia, Emiliano De Cristofaro, Danie
Added 14 Aug 2010
Updated 14 Aug 2010
Type Conference
Year 2010
Where PET
Authors Claude Castelluccia, Emiliano De Cristofaro, Daniele Perito
Comments (0)