PoPETs Proceedings — Volume 2020

Volume 2020

Issue 1

Editors’ Introduction
Kostas Chatzikokolakis (University of Athens), Aaron Johnson (U.S. Naval Research Laboratory)
Computation on Encrypted Data using Dataflow Authentication [PDF]
Andreas Fischer (SAP Security Research, Karlsruhe, Germany), Benny Fuhry (SAP Security Research, Karlsruhe, Germany), Florian Kerschbaum (School of Computer Science, University of Waterloo, Canada), Eric Bodden (Heinz Nixdorf Institute, University of Paderborn, Germany:)
Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols [PDF]
Guillaume Celosia (Univ Lyon, INSA Lyon, Inria, CITI, F-69621 Villeurbanne, France), Mathieu Cunche (Univ Lyon, INSA Lyon, Inria, CITI, F-69621 Villeurbanne, France)
The Privacy Policy Landscape After the GDPR [PDF] [Artifact]
Thomas Linden (University of Wisconsin), Rishabh Khandelwal (University of Wisconsin), Hamza Harkous (École Polytechnique Fédérale de Lausanne), Kassem Fawaz (University of Wisconsin)
Inferring Tracker-Advertiser Relationships in the Online Advertising Ecosystem using Header Bidding [PDF]
John Cook (The University of Iowa), Rishab Nithyanand (The University of Iowa), Zubair Shafiq (The University of Iowa)
Emotional and Practical Considerations Towards the Adoption and Abandonment of VPNs as a Privacy-Enhancing Technology [PDF]
Moses Namara (Clemson University), Daricia Wilkinson (Clemson University), Kelly Caine (Clemson University), Bart P. Knijnenburg (Clemson University)
Not All Attributes are Created Equal: dX -Private Mechanisms for Linear Queries [PDF]
Parameswaran Kamalaruban (École Polytechnique Fédérale de Lausanne (work done while Kamalaruban was a Postgraduate Researcher at Data61, CSIRO)), Victor Perrier (ISAE-SUPAERO & Data61, CSIRO), Hassan Jameel Asghar (Macquarie University & Data61, CSIRO), Mohamed Ali Kaafar (Macquarie University & Data61, CSIRO)
Protecting the 4G and 5G Cellular Paging Protocols against Security and Privacy Attacks [PDF]
Ankush Singla (Purdue University), Syed Rafiul Hussain (Purdue University), Omar Chowdhury (The University of Iowa), Elisa Bertino (Purdue University), Ninghui Li (Purdue University)
Pets without PETs: on pet owners’ under-estimation of privacy concerns in pet wearables [PDF]
Dirk van der Linden (Bristol Cyber Security Group, University of Bristol), Matthew Edwards (Bristol Cyber Security Group, University of Bristol), Irit Hadar (Department of Information Systems, University of Haifa), Anna Zamansky (Department of Information Systems, University of Haifa)
Black-Box Wallets: Fast Anonymous Two-Way Payments for Constrained Devices [PDF]
Max Hoffmann (Ruhr-University Bochum), Michael Klooß (Karlsruhe Institute of Technology), Markus Raiber (Karlsruhe Institute of Technology), Andy Rupp (Karlsruhe Institute of Technology)
The Best of Both Worlds: Mitigating Trade-offs Between Accuracy and User Burden in Capturing Mobile App Privacy Preferences [PDF]
Daniel Smullen (Carnegie Mellon University), Yuanyuan Feng (Carnegie Mellon University), Shikun (Aerin) Zhang (Carnegie Mellon University), Norman Sadeh (Carnegie Mellon University)
SqORAM: Read-Optimized Sequential Write-Only Oblivious RAM [PDF]
Anrin Chakraborti (Stony Brook University), Radu Sion (Stony Brook University)
Website Fingerprinting with Website Oracles [PDF] [Artifact]
Tobias Pulls (Karlstad University), Rasmus Dahlberg (Karlstad University)

Issue 2

Editors’ Introduction
Kostas Chatzikokolakis (University of Athens), Aaron Johnson (U.S. Naval Research Laboratory)
Illuminating the Dark or how to recover what should not be seen in FE-based classifiers [PDF]
Sergiu Carpov (CEA, LIST, Point Courrier 172, 91191 Gif-sur-Yvette Cedex, France), Caroline Fontaine (LSV, CNRS, ENS Paris-Saclay, Université Paris-Saclay, France), Damien Ligier (Wallix, 250bis rue du Faubourg SaintHonoré, 75008 Paris, France), Renaud Sirdey (CEA, LIST, Point Courrier 172, 91191 Gifsur-Yvette, France)
A Comparative Measurement Study of Web Tracking on Mobile and Desktop Environments [PDF] [Artifact]
Zhiju Yang (Colorado School of Mines), Chuan Yue (Colorado School of Mines)
NoMoATS: Towards Automatic Detection of Mobile Tracking [PDF] [Artifact]
Anastasia Shuba (Broadcom Inc. (the author was a student at the University of California, Irvine at the time the work was conducted)), Athina Markopoulou (University of California, Irvine)
Privacy-Preserving Payment Splitting [PDF]
Saba Eskandarian (Stanford University), Mihai Christodorescu (Visa Research), Payman Mohassel (Facebook (work done while at Visa Research) 1 Some popular payment splitting apps: Splitwise, Receipt Ninja, BillPin, SpotMe, Conmigo, and Settle Up.)
Protecting against Website Fingerprinting with Multihoming [PDF] [Artifact]
Sébastien Henri (Cisco Meraki, USA.), Gines Garcia-Aviles (University Carlos III of Madrid, Spain.), Pablo Serrano (University Carlos III of Madrid, Spain.), Albert Banchs (IMDEA Networks Institute & University Carlos III of Madrid, Spain.), Patrick Thiran (EPFL, Switzerland.)
Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym [PDF] [Artifact]
David Harborth (Goethe University Frankfurt, Germany), Sebastian Pape (Goethe University Frankfurt, Germany), Kai Rannenberg (Goethe University Frankfurt, Germany)
The TV is Smart and Full of Trackers: Measuring Smart TV Advertising and Tracking [PDF] [Artifact]
Janus Varmarken† (University of California, Irvine), Hieu Le† (University of California, Irvine), Anastasia Shuba (Broadcom Inc. (The author was a student at the University of California, Irvine at the time the work was conducted)), Athina Markopoulou (University of California, Irvine), Zubair Shafiq (University of Iowa)
SPy: Car Steering Reveals Your Trip Route! [PDF]
Mert D. Pesé (The University of Michigan - Ann Arbor), Xiaoying Pu (The University of Michigan - Ann Arbor), Kang G. Shin (The University of Michigan - Ann Arbor)
A Framework of Metrics for Differential Privacy from Local Sensitivity [PDF] [Artifact]
Peeter Laud (Cybernetica AS), Alisa Pankova (Cybernetica AS), Martin Pettai (Cybernetica AS)
Secure and Scalable Document Similarity on Distributed Databases: Differential Privacy to the Rescue [PDF] [Artifact]
Phillipp Schoppmann (Humboldt-Universität zu Berlin and Alexander von Humboldt Institute for Internet and Society, Berlin, Germany), Lennart Vogelsang (Humboldt-Universität zu Berlin and Alexander von Humboldt Institute for Internet and Society, Berlin, Germany), Adrià Gascón (Work done while at the Alan Turing Institute, London, UK. Now at Google, London, UK.), Borja Balle (Work done at Amazon Research, Cambridge, UK. Now at DeepMind, London, UK.)
Differentially Private SQL with Bounded User Contribution [PDF] [Artifact]
Royce J Wilson (Google), Celia Yuxin Zhang (Google), William Lam (Google), Damien Desfontaines (Google / ETH Zurich), Daniel Simmons-Marengo (Google), Bryant Gipson (Google)
Listen Only When Spoken To: Interpersonal Communication Cues as Smart Speaker Privacy Controls [PDF]
Abraham Mhaidli (University of Michigan School of Information), Manikandan Kandadai Venkatesh (University of Michigan School of Information), Yixin Zou (University of Michigan School of Information), Florian Schaub (University of Michigan School of Information)
Enhanced Performance and Privacy for TLS over TCP Fast Open [PDF]
Erik Sy (University of Hamburg), Tobias Mueller (University of Hamburg), Christian Burkert (University of Hamburg), Hannes Federrath (University of Hamburg), Mathias Fischer (University of Hamburg)
SoK: Differential privacies [PDF]
Damien Desfontaines (ETH Zürich / Google), Balázs Pejó (CrySyS Lab, Dept. of Networked Systems and Services, Budapest University of Technology and Economics)
Angel or Devil? A Privacy Study of Mobile Parental Control Apps [PDF]
Álvaro Feal (IMDEA Networks Institute / Universidad Carlos III de Madrid), Paolo Calciati (IMDEA Software Institute / Universidad Politécnica de Madrid), Narseo Vallina-Rodriguez (IMDEA Networks Institute / ICSI), Carmela Troncoso (Spring Lab EPFL), Alessandra Gorla (IMDEA Software Institute)
T0RTT: Non-Interactive Immediate ForwardSecret Single-Pass Circuit Construction [PDF]
Sebastian Lauer (Ruhr University Bochum, Bochum, Germany), Kai Gellert (Bergische Universität Wuppertal, Wuppertal, Germany), Robert Merget (Ruhr University Bochum, Bochum, Germany), Tobias Handirk (Paderborn University, Paderborn, Germany), Jörg Schwenk (Ruhr University Bochum, Bochum, Germany)
Averaging Attacks on Bounded Noise-based Disclosure Control Algorithms [PDF]
Hassan Jameel Asghar (Macquarie University, Australia), Dali Kaafar (Macquarie University, Australia)
Impact of Frequency of Location Reports on the Privacy Level of Geo-indistinguishability [PDF]
Ricardo Mendes (CISUC, Department of Informatics Engineering, University of Coimbra), Mariana Cunha (CISUC, Department of Informatics Engineering, University of Coimbra), João P. Vilela (CISUC, Department of Informatics Engineering, University of Coimbra)
Mind the Gap: Ceremonies for Applied Secret Sharing [PDF] [Artifact]
Bailey Kacsmar (University of Waterloo), Chelsea H. Komlo (University of Waterloo), Florian Kerschbaum (University of Waterloo), Ian Goldberg (University of Waterloo)
Privacy at a Glance: The User-Centric Design of Glanceable Data Exposure Visualizations [PDF]
Daricia Wilkinson (Clemson University), Paritosh Bahirat (Clemson University), Moses Namara (Clemson University), Jing Lyu (Clemson University), Arwa Alsubhi (Clemson University), Jessica Qiu (Clemson University), Pamela Wisniewski (University of Central Florida), Bart P. Knijnenburg (Clemson University)
Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts [PDF]
Shrirang Mare (University of Washington and Indiana University), Franziska Roesner (University of Washington), Tadayoshi Kohno (University of Washington)
FLASH: Fast and Robust Framework for Privacy-preserving Machine Learning [PDF]
Megha Byali (Indian Institute of Science), Harsh Chaudhari (Indian Institute of Science), Arpita Patra (Indian Institute of Science. This author is supported by SERB Women Excellence Award 2017 (DSTO 1706).), Ajith Suresh (Indian Institute of Science, This author is supported by Google Phd Fellowship 2019.)
Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR [PDF]
Dominique Machuletz (Independet), Rainer Böhme (University of Innsbruck, Austria)
Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels [PDF]
Imane fouad, Nataliia Bielova, Arnaud Legout, Natasa Sarafijanovic-Djukic
A Tale of Two Trees: One Writes, and Other Reads [PDF] [Artifact]
Duc V. Le (Purdue University), Lizzy Tengana Hurtado (National University of Colombia), Adil Ahmad (Purdue University), Mohsen Minaei (Purdue University), Byoungyoung Lee (Seoul National University), Aniket Kate (Purdue University)
Identifying Influential Spreaders in a Social Network (While Preserving Privacy) [PDF]
Varsha Bhat Kukkala (Indian Institute of Technology Ropar), S.R.S Iyengar (Indian Institute of Technology Ropar)
Long-Term Observation on Browser Fingerprinting: Users’ Trackability and Perspective [PDF]
Gaston Pugliese (FriedrichAlexander University Erlangen-Nürnberg), Christian Riess (Friedrich-Alexander University ErlangenNürnberg), Freya Gassmann (Saarland University), Zinaida Benenson (Friedrich-Alexander University ErlangenNürnberg)

Issue 3

Editors’ Introduction
Kostas Chatzikokolakis (University of Athens), Aaron Johnson (U.S. Naval Research Laboratory)
Tik-Tok: The Utility of Packet Timing in Website Fingerprinting Attacks [PDF] [Artifact]
Mohammad Saidur Rahman (Global Cybersecurity Institute, RIT), Payap Sirinam (Navaminda Kasatriyadhiraj Royal Air Force Academy), Nate Mathews (Global Cybersecurity Institute, RIT), Kantha Girish Gangadhara (Global Cybersecurity Institute, RIT), Matthew Wright (Global Cybersecurity Institute, RIT)
Multi-χ: Identifying Multiple Authors from Source Code Files [PDF]
Mohammed Abuhamad (University of Central Florida), Tamer Abuhmed (Sungkyunkwan University), DaeHun Nyang (Ewha Womans University), David Mohaisen (University of Central Florida)
Secure k-ish Nearest Neighbors Classifier [PDF]
Hayim Shaul (MIT), Dan Feldman (University of Haifa), Daniela Rus (MIT)
P4TC—Provably-Secure yet Practical Privacy-Preserving Toll Collection [PDF]
Valerie Fetzer (Karlsruhe Institute of Technology), Max Hoffmann (Ruhr University Bochum), Matthias Nagel (Karlsruhe Institute of Technology), Andy Rupp (University of Luxembourg), Rebecca Schwerdt (Karlsruhe Institute of Technology)
Differentially-Private Multi-Party Sketching for Large-Scale Statistics [PDF]
Seung Geol Choi (United States Naval Academy.), Dana Dachman-soled (University of Maryland, Colleage Park.), Mukul Kulkarni (University of Massachusetts Amherst.), Arkady Yerukhimovich (George Washington University.)
Scaling Up Anonymous Communication with Efficient Nanopayment Channels [PDF]
Thien-Nam Dinh (Sandia National labs), Florentin Rochet (UCLouvain Crypto Group), Olivier Pereira (UCLouvain Crypto Group), Dan S. Wallach (Rice University)
Mitigator: Privacy policy compliance using trusted hardware [PDF] [Artifact]
Miti Mazmudar (University of Waterloo), Ian Goldberg (University of Waterloo)
The Price is (Not) Right: Comparing Privacy in Free and Paid Apps [PDF]
Catherine Han (University of California, Berkeley), Irwin Reyes (Two Six Labs / International Computer Science Institute), Álvaro Feal (IMDEA Networks Institute / Universidad Carlos III de Madrid), Joel Reardon (University of Calgary / AppCensus, Inc.), Primal Wijesekera (International Computer Science Institute / University of California, Berkeley), Narseo Vallina-Rodriguez (IMDEA Networks Institute / International Computer Science Institute / AppCensus, Inc.), Amit Elazari (University of California, Berkeley), Kenneth A. Bamberger (University of California, Berkeley), Serge Egelman (International Computer Science Institute / University of California, Berkeley / AppCensus, Inc.)
SiegeBreaker: An SDN Based Practical Decoy Routing System [PDF]
Piyush Kumar Sharma (Indraprastha Institute of Information Technology (IIIT) Delhi, India), Devashish Gosain (IIIT Delhi, India), Himanshu Sagar (IIIT Delhi, India), Chaitanya Kumar (IBM Research, Singapore), Aneesh Dogra (IIIT Delhi, India), Vinayak Naik (BITS Pilani, Goa, India), H.B. Acharya (RIT, USA), Sambuddho Chakravarty (IIIT Delhi, India)
Exposing Private User Behaviors of Collaborative Filtering via Model Inversion Techniques [PDF]
Seira Hidano (KDDI Research, Inc.), Takao Murakami (National Institute of Advanced Industrial Science and Technology (AIST)), Shuichi Katsumata (National Institute of Advanced Industrial Science and Technology (AIST)), Shinsaku Kiyomoto (KDDI Research, Inc.), Goichiro Hanaoka (National Institute of Advanced Industrial Science and Technology (AIST))
Protecting Private Inputs: Bounded Distortion Guarantees With Randomised Approximations [PDF] [Artifact]
Patrick Ah-Fat (Imperial College London), Michael Huth (Imperial College London)
dPHI: An improved high-speed network-layer anonymity protocol [PDF] [Artifact]
Alexander Bajic (Digital Society Institute, ESMT Berlin), Georg T. Becker (Digital Society Institute, ESMT Berlin)
Tandem: Securing Keys by Using a Central Server While Preserving Privacy [PDF] [Artifact]
Wouter Lueks (SPRING Lab, EPFL), Brinda Hampiholi (Philips Research, all work done while a PhD student at Radboud University), Greg Alpár (Open University of the Netherlands, and Radboud University), Carmela Troncoso (SPRING Lab, EPFL)
Comprehensive Anonymity Trilemma: User Coordination is not enough [PDF]
Debajyoti Das (Purdue University), Sebastian Meiser (Visa Research), Esfandiar Mohammadi (Universitaet zu Luebeck), Aniket Kate (Purdue University)
A Privacy-Focused Systematic Analysis of Online Status Indicators [PDF]
Camille Cobb (Carnegie Mellon University), Lucy Simko (University of Washington), Tadayoshi Kohno (University of Washington), Alexis Hiniker (University of Washington)
MoneyMorph: Censorship Resistant Rendezvous using Permissionless Cryptocurrencies [PDF]
Mohsen Minaei (Purdue University), Pedro Moreno-Sanchez (TU Wien), Aniket Kate (Purdue University)

Issue 4

Editors’ Introduction
Kostas Chatzikokolakis (University of Athens), Aaron Johnson (U.S. Naval Research Laboratory)
Automatic Discovery of Privacy–Utility Pareto Fronts [PDF] [Artifact]
Brendan Avent (University of Southern California†), Javier González (Now at Microsoft Research†), Tom Diethe (Amazon Research Cambridge), Andrei Paleyes (Now at University of Cambridge†), Borja Balle (Now at DeepMind†)
PriFi: Low-Latency Anonymity for Organizational Networks [PDF] [Artifact]
Ludovic Barman (EPFL), Italo Dacosta (UBS), Mahdi Zamani (Visa Research), Ennan Zhai (Alibaba Group), Apostolos Pyrgelis (EPFL), Bryan Ford (EPFL), Joan Feigenbaum (Yale University), Jean-Pierre Hubaux (EPFL)
The Power of the Hybrid Model for Mean Estimation [PDF]
Brendan Avent (University of Southern California), Yatharth Dubey (Georgia Institute of Technology†), Aleksandra Korolova (University of Southern California)
The Road Not Taken: Re-thinking the Feasibility of Voice Calling Over Tor [PDF]
Piyush Kumar Sharma (Indraprastha Institute of Information Technology (IIIT) Delhi, India), Shashwat Chaudhary† (IIIT Delhi, India), Nikhil Hassija† (IIIT Delhi, India), Mukulika Maity (IIIT Delhi, India), Sambuddho Chakravarty (IIIT Delhi, India)
An Analysis of the Current State of the Consumer Credit Reporting System in China [PDF]
Mo Chen (Technical University of Munich), Jens Grossklags (Technical University of Munich)
Privacy Preserving Detection of Path Bias Attacks in Tor [PDF]
Lauren Watson (U. of Edinburgh), Anupam Mediratta (U. of Edinburgh), Tariq Elahi (U. of Edinburgh), Rik Sarkar (U. of Edinburgh)
Publishing Community-Preserving Attributed Social Graphs with a Differential Privacy Guarantee [PDF]
Xihui Chen (SnT, University of Luxembourg, Esch-surAlzette, Luxembourg), Sjouke Mauw (DCS, University of Luxembourg, Esch-surAlzette, Luxembourg), Yunior Ramírez-Cruz (SnT, University of Luxembourg, Esch-sur-Alzette, Luxembourg)
SoK: Anatomy of Data Breaches [PDF]
Hamza Saleem (University of Southern California), Muhammad Naveed (University of Southern California)
Effective writing style transfer via combinatorial paraphrasing [PDF] [Artifact]
Tommi Gröndahl (Aalto University, Konemiehentie 2, 02150 Espoo, Finland), N. Asokan (University of Waterloo, 200 University Ave W, Waterloo, ON N2L 3G1, Canada)
Anonymous, Attribute Based, Decentralized, Secure, and Fair e-Donation [PDF]
Osman Biçer (Koç University), Alptekin Küpçü (Koç University)
No boundaries: data exfiltration by third parties embedded on web pages [PDF]
Gunes Acar (imec-COSIC KU Leuven), Steven Englehardt (Mozilla), Arvind Narayanan (Princeton University)
INFUSE: Invisible plausibly-deniable file system for NAND flash [PDF]
Chen Chen (Stony Brook University), Anrin Chakraborti (Stony Brook University), Radu Sion (Stony Brook University)
When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers [PDF] [Artifact]
Daniel J. Dubois (Northeastern University), Roman Kolcun (Imperial College London), Anna Maria Mandalari (Imperial College London), Muhammad Talha Paracha (Northeastern University), David Choffnes (Northeastern University), Hamed Haddadi (Imperial College London)
VideoDP: A Flexible Platform for Video Analytics with Differential Privacy [PDF]
Han Wang (Illinois Institute of Technology), Shangyu Xie (Illinois Institute of Technology), Yuan Hong (Illinois Institute of Technology)
Reputable List Curation from Decentralized Voting [PDF]
Elizabeth C. Crites (University College London), Mary Maller (Ethereum Foundation), Sarah Meiklejohn (University College London and IC3), Rebekah Mercer (O(1) Labs)
Running Refraction Networking for Real [PDF]
Benjamin VanderSloot (University of Michigan), Sergey Frolov (University of Colorado Boulder), Jack Wampler (University of Colorado Boulder), Sze Chuen Tan (University of Illinois, Urbana-Champaign), Irv Simpson (Psiphon), Michalis Kallitsis (Merit Network), J. Alex Halderman (University of Michigan), Nikita Borisov (University of Illinois, Urbana-Champaign), Eric Wustrow (University of Colorado Boulder)
CanaryTrap: Detecting Data Misuse by Third-Party Apps on Online Social Networks [PDF]
Shehroze Farooqi (The University of Iowa), Maaz Musa (The University of Iowa/Lahore University of Management and Sciences), Zubair Shafiq (The University of Iowa), Fareed Zaffar (Lahore University of Management and Sciences)
Secure Evaluation of Quantized Neural Networks [PDF] [Artifact]
Anders Dalskov (Aarhus University), Daniel Escudero (Aarhus University), Marcel Keller (CSIRO’s Data61)
Energy-Efficient Dummy Traffic Generation for Home Automation Systems [PDF]
Frederik Möllers (Saarland University)
In-Depth Evaluation of Redirect Tracking and Link Usage [PDF]
Martin Koop (Universität Passau), Erik Tews (University of Twente), Stefan Katzenbeisser (Universität Passau)
Practical Privacy-Preserving K-means Clustering [PDF]
Payman Mohassel (Facebook), Mike Rosulek (Oregon State University), Ni Trieu (University of California, Berkeley)
Self-Processing Private Sensor Data via Garbled Encryption [PDF]
Nathan Manohar (UCLA), Abhishek Jain (John Hopkins University), Amit Sahai (UCLA)
Reimagining Secret Sharing: Creating a Safer and More Versatile Primitive by Adding Authenticity, Correcting Errors, and Reducing Randomness Requirements [PDF]
Mihir Bellare (University of California, San Diego, USA.), Wei Dai (University of California, San Diego, USA.), Phillip Rogaway (University of California, Davis, USA.)
How private is your period?: A systematic analysis of menstrual app privacy policies [PDF]
Laura Shipp (Information Security Group, Royal Holloway, University of London), Jorge Blasco (Information Security Group, Royal Holloway, University of London)