Regularly, hackers steal data sets containing user identifiers and passwords. Often these data sets become publicly available. The most prominent and important leaks use bad password protection mechanisms, e.g. rely on unsalted password hashes, despite longtime known recommendations. The accumulation of leaked password data sets allows the research community to study the problems of password strength estimation, password breaking and to conduct usability and usage studies. The impact of these leaks in terms of privacy has not been studied. In this paper, we consider attackers trying to break the privacy of users, while not breaking a single password. We consider attacks revealing that distinct identifiers are in fact used by the same physical person. We evaluate large scale linkability attacks based on properties and relations between identifiers and password information. With these attacks, stronger passwords lead to better predictions. Using a leaked and publicly available data set containing 130 x 106 encrypted passwords, we show that a privacy attacker is able to build a database containing the multiple identifiers of people, including their secret identifiers. We illustrate potential consequences by showing that a privacy attacker is capable of deanonymizing (potentially embarrassing) secret identifiers by intersecting several leaked password databases.
展开▼
机译:通常,黑客会窃取包含用户标识符和密码的数据集。这些数据集通常可以公开获得。最突出和最重要的漏洞使用了错误的密码保护机制,例如尽管有长期的建议,但仍依赖于未加盐的密码哈希。泄漏的密码数据集的累积使研究人员能够研究密码强度估计,密码破坏以及进行可用性和使用情况研究的问题。这些泄漏对隐私的影响尚未得到研究。在本文中,我们考虑攻击者试图破坏用户的隐私,而不破坏单个密码。我们认为攻击表明实际上同一个人使用了不同的标识符。我们根据标识符和密码信息之间的属性和关系评估大规模可链接性攻击。通过这些攻击,更强的密码可以带来更好的预测。使用包含130 x 106个加密密码的公开泄露的数据集,我们表明,隐私攻击者能够建立一个包含多个人识别码(包括其秘密识别码)的数据库。我们通过显示隐私攻击者能够通过与多个泄漏的密码数据库相交来使匿名标识符匿名(可能使人尴尬)来说明潜在的后果。
展开▼
