%0 Conference Proceedings
%T A Survey of Alerting Websites: Risks and Solutions
%+ Privacy Models, Architectures and Tools for the Information Society (PRIVATICS)
%A Kumar, Amrit
%A Lauradoux, Cédric
%< avec comité de lecture
%( IFIP SEC
%B IFIP SEC
%C Hamburg, Germany
%3 Chapter ICT Systems Security and Privacy Protection of the series IFIP Advances in Information and Communication Technology
%V 455
%P 126-141
%8 2015-05-26
%D 2015
%R 10.1007/978-3-319-18467-8_9
%K Data leakages
%K Phishing
%K Private Set Intersection
%K Private Information Retrieval
%K Bloom filter
%Z Cognitive science/Computer scienceConference papers
%X In the recent years an incredible amount of data has been leaked from major websites such as Adobe, Snapchat and LinkedIn. There are hundreds of millions of usernames, email addresses, passwords, telephone numbers and credit card details in the wild. The aftermath of these breaches is the rise of alerting websites such as haveibeenpwned.com, which let users verify if their accounts have been compromised. Unfortunately, these seemingly innocuous websites can be easily turned into phishing tools. In this work, we provide a comprehensive study of the most popular ones. Our study exposes the associated privacy risks and evaluates existing solutions towards designing privacy-friendly alerting websites. In particular, we study three solutions: private set intersection, private set intersection cardinality and private information retrieval adapted to membership testing. Finally, we investigate the practicality of these solutions with respect to real world database leakages.
%G English
%2 https://hal.science/hal-01199703/document
%2 https://hal.science/hal-01199703/file/ifipsec15.pdf
%L hal-01199703
%U https://hal.science/hal-01199703
%~ INRIA
%~ INSA-LYON
%~ INRIA-RHA
%~ INRIA_TEST
%~ TESTALAIN1
%~ PERSYVAL-LAB
%~ IFIP
%~ IFIP-AICT
%~ INRIA2
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-AICT-455
%~ IFIP-SEC
%~ INRIA-RENGRE
%~ INSA-GROUPE
%~ UDL
%~ ANR
%~ INRIA-LYS