210 likes | 527 Views
Enriching Privacy in Personalized Search By Matthew Ruston October 16, 2006. Overview. What is Personalized Search? Why do we need it? Privacy Concerns Problem Overview Methods to Enrich Personalized Search Privacy Experiment: Testing the Basic Privacy ofa Personalized Search Provider.
E N D
Enriching Privacy in Personalized SearchBy Matthew RustonOctober 16, 2006
Overview What is Personalized Search? Why do we need it? Privacy Concerns Problem Overview Methods to Enrich Personalized Search Privacy Experiment: Testing the Basic Privacy ofa Personalized Search Provider
What is Personalized Search? Tailored and customized search results for a specific user. Personalized results. Personalized advertisements. Based on personal/unique information sent to or generated by a personalized search provider.
Why Personalized Search? Search engines can have a difficult time with ambiguous search queries. Query: “Rockets” OR
Current Personalized Search Providers Google Web History http://www.google.com/psearch Yahoo! Search Builder http://builder.search.yahoo.com
Privacy Concerns Users need to trust their search providers. Potentially sensitive and private information contained. Previous search histories. Age, Name, Location Interests, Activities, Career Top priority of a personalized search provider: To enrich the privacy and security surrounding their users’ data.
Problem Overview How can search providers optimize the privacy of their users’ data? What are some methodologies a search provider could follow in order to promote data privacy? How secure is a well known personalized search provider?
Securing Personalized Search Methods Two vulnerable areas. Transmissions of personal user data Storage of personal user data User data should be encrypted during transmissions and while in storage. Use a public-key encryption system.
Public-Key Encryption Method For Securing the transportation and storage of user profile data. User encrypts their data using a public-key provided by the Personalized Search Provider. User then transports encrypted user profile to the search provider. Search provider stores personal information in encrypted format. When user profile information is required, Personalized Search provider unwraps the information using their private key.
Testing the Privacy of a Personalized Search Provider Target: Google Web History Records and tracks a user’s search query’s and the pages that were selected from the search results. Experiment: How strong is Google Web History’s user privacy? Method: Packet Capture analysis of a user browsing their Google Web History account.
Testing the Privacy of a Personalized Search Provider Google Web History Current Security HTTPS authentication AES-256 bit encryption No HTTPS or visible security once through the authentication. Exploitable weakness? Can user privacy be effected?
Testing the Privacy of a Personalized Search Provider Packet Capture Tool Wireshark freely available network analysis tool Settings: Interface: Broadcom 802.11b/g WLAN (wireless packet capture) Promiscuous Mode: true Capture Filter: tcp port http Environment Wireshark capturing packets on client machine Client then directed to go browse their Google Web History
Testing the Privacy of a Personalized Search Provider Results Wireshark was able to capture 25 packets and reassemble the TCP packets. From the reassembled packets, a single plaintext HTML page containing the web history for the client was able to be extracted.
<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google - Web History</title><link rel="alternate" type="application/rss+xml" title="Google Search History for Sep 23" href="http://www.google.com/history/lookup?month=9&day=23&yr=2007&max=1190606400000000&hl=en&zx=c5i6Sm_qpew&output=rss" /><link rel="stylesheet" type="text/css" href="/history/history.css"><script src="history.js"></script><script type="text/javascript"><!-- function hError(msg, url, ln) {return true;}window.onerror = hError;function onld() { _ac_install();var sTZ = 240;var cTZ = (new Date()).getTimezoneOffset();if (sTZ != cTZ) {document.location.href =String("/history/lookup?month\x3d9\x26day\x3d23\x26yr\x3d2007\x26max\x3d1190606400000000\x26hl\x3den\x26zx\x3dc5i6Sm_qpew\x26ctz\x3d").concat(cTZ);}document.forms.smhf.q.focus();}var labelList = ['Calendars'];var labelStoreBase = _setup_ac(labelList);var labelStore = labelStoreBase;var msgConfirmStar = "This bookmark has labels or notes.\n" +"Are you sure you want to delete it?";var msgConfirmEdit = "Changes to a bookmark have not been saved. Discard changes?";var msgConfirmDelete = "You are deleting a bookmarked search result. \nThe bookmark will also be deleted.";var msgLabelDefault = "e.g., News, To do, summer vacation";var tbIF = false;var isPopupWin = false;var lsep = ", ";var ei = "PXoBR7uUL8yykwGp1_CxDQ";var html_lang = "en";var msgPause = "Pause";var msgResume = "Resume";var urlPause = "./unsubscribe?q=&max=1190606400000000&month=9&day=23&yr=2007&hl=en&zx=bN8nAbUxhVs&sig=hJKK0J-ZBXz3dBxYVATOLA";var urlResume = "./subscribe?q=&max=1190606400000000&month=9&day=23&yr=2007&hl=en&zx=bN8nAbUxhVs&sig=1ga_Ot_X5QnKpe2OBjhZGA";var urlModLabel = "/bookmarks/mark?op=modlabel&sig=tmfgxXbImhKWKp1kIb2KXQ";var msgErrSaveLbl = "Sorry, we weren\x27t able to save your changes. Please try again.";var msgErrNameLbl = 'You have entered an invalid label. Labels cannot contain \x22,\x22.';var msgConfirmDeleteLbl = "Delete label: ";var msgConfirmDeleteLbl2 = "Remove the label \"${label}\" from all bookmarks and delete the label?";var msgNoBkmkName = "Please enter a name for this bookmark.";var msgNoBkmkLocation = "Please enter a location for this bookmark.";var msgEG = "e.g., ${labels}"; // --> </script><style type="text/css"><!-- .scripthide { display:none; }.noscripthide { display:inline; } --></style><noscript><style type="text/css"><!-- .scripthide { display:inline; }.noscripthide { display:none; } --></style></noscript></head><body dir="LTR" alink=#ff0000 bgcolor=#ffffff link=#0000cc text=#000000 vlink=#551a8b topmargin=3 marginheight=3 onLoad="onld();"><table border=0 cellpadding=0 cellspacing=0 width=100%><tr><td valign=top><table border=0 cellspacing=0 cellpadding=0 width=100%><tr><td width=100%></td><td nowrap><font size=-1><b>artanis0@gmail.com</b></font></td><td nowrap><font size=-1> | </font></td><td nowrap><font size=-1><a href="http://www.google.com/"><nobr>Google Home</nobr></a></font></td><td nowrap><font size=-1> | </font></td><td nowrap><font size=-1><a href="https://www.google.com/accounts/ManageAccount?service=hist&hl=en"><nobr>My Account</nobr></a></font></td><td nowrap><font size=-1> | </font></td><td nowrap><font size=-1><a href="https://www.google.com/accounts/Logout?continue=http://www.google.com/&hl=en"><nobr>Sign out</nobr></a></font></td></tr><tr height=4><td><img alt="" width=1 height=1></td></tr></table><table border=0 cellpadding=0 cellspacing=0 width=100%><tr><td valign=top width=3><a href=/><img src=images/logo_sm.gif alt="Go to Google Home" border=0 height=55 width=150 vspace=12></a></td><td width=3> </td><td class="valign"><div><img src="http://www.google.com/images/cleardot.gif" width="1" height="22" alt="spacer"/></div><table><tr><td valign=middle><form style="margin-bottom: 0em;" name=smhf method=GET action=./find><input type=hidden name=day value=23><input type=hidden name=month value=9><input type=hidden name=yr value=2007><input type=hidden name=hl value="en"> <input type=hidden name=zx value="bN8nAbUxhVs"> <input name=q type=text value="" size=25> <input type=submit name=btnSMH value="Search History"> <input type=submit name=btnWeb value="Search the Web"></form></td></tr></table><div>
[1] Google Web History. http://www.google.com/psearch [2] Yahoo! Search Builder, http://builder.search.yahoo.com [3] Xeuhua Shen, Bin tan, ChenXiang Zhai, Department of Computer Science University of Illinois, “Privacy Protection in Personalized Search”, ACM SIGIR Forum Vol.41 No.1, June 2007. [4] Yabo Xu, Benyu Zhang, Zheng Chen, Ke Wang; Simon Fraser University and Microsoft Research Asia, “Privacy-Enhancing Personalized Web Search”, International World Wide Web Conference archive proceedings of the 16th international conference on World Wide Web, 2007.