Speakers

Prof. Guido Caldarelli

IMT Lucca, IT

Talk title: Financial Networks

Abstract: The recent economic downturn has made clear that some substantial features of the present financial markets have not been properly considered. Regulators and academics pointed out the role played by complexity in the little understanding of the crisis, and in particular the lack of a quantitative assessment for the level of interconnectedness. It has been increasingly recognised that the main and simplest way to quantitatively account for the degree of interconnectedness and complexity of financial markets is given by the theoretical framework of complex networks. By representing financial institutions as vertices of a graph we can identify the systemically important ones with the most central vertices. We introduce the main results obtained by considering the Italian Interbank market, by considering impact quantities as the Debtrank and by showing how the topology of connections may drive the system towards instability.

Prof. Elena Ferrari

Insubria, IT

Talk title: Access control in the era of Social Networks

Abstract: With the increasing popularity of On-line Social Networks (OSNs), protection of personal information has gained attention in the research community. This has resulted in many proposals, ranging from access control models to tools for privacy settings suggestion. However, none of the research proposals appeared so far nor the privacy settings currently offered by commercial OSNs provides a comprehensive solution to the fundamental issue of unintended information disclosure to a public that can reach up to millions of users. One of the key reasons is that the social web vision requires to deeply rethink access control and privacy enhancing technologies both in terms of models and architectural solutions for their enforcement. In this talk, after an introduction to the problem of data protection in OSNs, we will discuss the most challenging research questions and issues and report preliminary research results.

Prof. Alan Mislove

Northeastern University, USA

Talk title: Mitigating Sybil Attacks in Online Services

Abstract: Today, popular services like Facebook, Twitter, Yelp, and eBay have dramatically changed how users connect, communicate, share content, and exchange goods and services. Unfortunately, all of these services share a common weakness: user accounts are created behind "weak identities", meaning not much more than an email address is required to create an account. As a result, all of these systems suffer from multiple identity (Sybil) attacks, where a single attacker creates a large number of identities with the goal of obtaining additional privileges or subverting the system.

In this series of talks, I will provide an overview of my group's work that tries to mitigate Sybil attacks. I begin with an analysis of social network graph-theoretic approaches, and demonstrate that they all leverage a single insight: that users in the local community can be trusted more than those far away. This result indicates that while they may be useful to whitelisting trusted close users, these approaches face serious challenges when trying to distinguish between non-close users and attackers.

I then present two alternative approaches to addressing Sybil attacks in real-world systems. First, I focus on using PCA to identify whether a given individual identity is malicious (e.g., Sybil) by leveraging its activity history without using any a priori information about the attackerís strategy. However, it becomes fundamentally hard to detect whether an identity is malicious if it has very limited past activity in the system. Second, I present Stamper, an approach that can detect whether a group of identities participating in a ìcrowd computationî (e.g., a group of users rating a business on Yelp) are malicious. By reasoning about a group of identities, Stamper gains strength in numbers: we propose statistical analysis techniques that can determine if a large crowd computation has been manipulated by malicious identities, even when it is fundamentally hard to infer which of the participating identities are malicious.

Finally, I describe our work building Sybil-tolerant systems, or systems where the attacker is allowed to have as many accounts as he wishes. We design these systems so that having multiple accounts by itself does not enable the attacker to gain additional privileges, thereby mitigating Sybil attacks. I describe Ostra (a system to minimize spam in a messaging service), Bazaar (a system to minimize fraud in online marketplaces), and Iolaus (a system to prevent users from voting multiple times in online content rating services). Taken together, these systems provide an alternative approach to the current cat-and-mouse games that service providers are forced to play today.

Prof. N. Asokan

Aalto University and University of Helsinki, Finland

Talk title: How Far Are You? Finding Path Length Between Two People On a Social Network

Abstract: Imagine if there is a privacy-preserving mechanism for two mobile devices to determine if their owners have common friends. It can be useful for access control in applications like ride-sharing, sharing Internet access or even just a simple "people radar" app for showing nearby friends and friends-of-friends. Current mechanisms for doing this come at the cost of revealing these interactions and the users' locations to central servers.

In this talk, I will first describe our work, presented at ACSAC 2013, which allows efficient discovery of mutual friends while (a) protecting the privacy of non-mutual friends and (b) guaranteeing authenticity of claimed friendship relations. More importantly, unlike the current mechanisms, our approach does not force users to reveal their interactions or location to any servers. We have implemented "Common Friends" as a software framework that app developers can easily integrate into their applications, e.g., to enforce access control based on users' social proximity in a privacy-preserving manner. As an example, we have prototyped two applications that use the "Common Friends" framework. One, SpotShare is for sharing (tethered) Internet access, where users can choose to share access depending on the existence of common friends. The second, nearbyPeople, is a "people radar" application which shows people nearby and allows users to identify those with whom they share common friends.

I will then describe "Social PaL", presented at WiSec 2015, which extends "Common Friends" in a number of ways. Social PaL allows two people to exactly determine the path length between them in a social graph. It retains the privacy guarantees of "Common Friends". "Social PaL" supported two social networks, Facebook and LinkedIn. For more information about this work, see https://se-sy.org/projects/pet/

Prof. Walter Quattrociocchi

IMT Lucca, IT

Talk title: How (mis)information spreads online

Abstract: The increasing growth of knowledge, fostered by the Internet and the unprecedented acceleration of scientific and technological progress, has exposed society to escalating levels of complexity of information to explain reality and its phenomena. Meanwhile, a shift of paradigm in the production and fruition of contents occurred, a shift away from somewhat centralized production and where now users themselves have increasing control on and over the flow of information. On the Web people can produce and access a variety of information actively participating in the creation and diffusion of narratives. But what about the quality of information on which such narratives are grounded? Is more information, by definition, always better? In 2013 the World Economic Forum listed massive digital misinformation as one of the main risks for the functioning of modern society. This phenomenon presents a very interesting ground for interdisciplinary research as it involves the cognitive dimension of users when are faced with the massive amount of information online and can be investigated by means of data science tools. Trough a thorough massive quantitative analysis we provided tight insights about the pivotal role of confirmation bias in the emergence of echo chambers.We find that, although consumers of scientific and conspiracy stories present similar consumption patterns with respect to content, cascade dynamics differ. Selective exposure to content is the primary driver of content diffusion and generates the formation of homogeneous clusters, i.e., "echo chambers."

Prof. Ahmad Sadeghi

TU Darmstadt, Germany

Talk title: TBA

Abstract: TBA

Prof. Giuseppe Sartori

University of Padova, Italy

Talk title: FROM COGNITION TO SECURITY: HOW LIE DETECTION PARADIGMS CAN IMPROVE SECURITY SYSTEMS

Abstract: The deception production is a complex psychological process in which cognition plays an important role. Deception is cognitively more complex than truth telling and this higher complexity reflects itself in a lengthening of the reaction times during a response. Based on these cognitive mechanisms, tools for detecting deception have been proposed with several applications in forensic fields, such as security. In particular, in recent studies lie detection techniques have been applied to the identity verification. These methods exploit reaction times to infer the authenticity of the declared identity by a suspect. Experimental results showed that these techniques are able to detect fake identities with an accuracy higher than 90%. In addition to a high sensitivity, these methodologies exceed the limits of the classic biometric measures currently used for identity verification. Thanks to the many advantages offered, their application looks promising especially in field of global security as anti-terrorist measure and in on-line authentication contests.

Prof. Thorsten Strufe

TU Dresden, Germany

Talk title: TBA

Abstract: TBA

Prof. Gene Tsudik

University of California, USA

Talk title: Secure and Private Proximity-Based Discovery of Common Factors in Social Networks

Abstract: The recent decade has witnessed a rapid increase in popularity of mobile personal devices (notably, smartphones) that function as all-purpose personal communication portals. Concurrently, On-line Social Networks (OSNs) have continued their impressive proliferation. Meanwhile, the notion of "OSN privacy" remains elusive and even self-contradictory. Centralized nature of prominent OSNs is unlikely to change, which does not bode well for OSN users' privacy. However, some user privacy can be gained from making certain OSN functionality available off-line, such as discovering common contacts and other features, as well as establishing affinity-based connections. OSNs stand to gain from this, since users could avail themselves of OSN functionality in scenarios where none currently exists, e.g., whenever Internet connectivity is unavailable, expensive or insufficient. At the same time, OSN users benefit from increased privacy because off-line interactions are invisible to OSN providers.

This talk will explore off-line private proximity-based use of OSNs and will present a working system (called UnLinked) that is grafted atop a popular OSN -- LinkedIn. One key challenge is how to ensure integrity, authenticity and privacy of users' profile information when they engage in off-line interactions. This can be addressed via specialized privacy-agile cryptographic protocols. This talk will overview the design, architecture and functionality of UnLinked and will highlight important outstanding issues.

Prof. Gene Tsudik

University of California, USA

Talk title: Privacy in Community Reviewing

Abstract: Large numbers of people all over the world read and contribute to various review sites. Many contributors are understandably concerned about privacy in general and, specifically, about linkability of their reviews (and accounts) across multiple review sites. We study linkability of community-based reviewing and try to answer the question: to what extent are "anonymous" reviews linkable, i.e., highly likely authored by the same contributor?Based on a very large set of reviews from one very popular site (Yelp), we show that a high percentage of ostensibly anonymous reviews can be linked with very high confidence.

This is despite the fact that we use very simple models and equally simple features set. Our study suggests that contributors reliably expose their identities in reviews. This has important implications for cross-referencing accounts between different review sites. Also, techniques used in our study could be adopted by review sites to give contributors feedback about privacy of their reviews.

Prof. Gene Tsudik

University of California, USA

Talk title: Are 140 Characters Enough? Exploring Stylometric Linkability of Tweets

Abstract: Microblogging is a very popular Internet activity that informs and entertains great multitudes of people world-wide via quickly and scalably disseminated terse messages containing all kinds of news-worthy utterances. Even though microblogging is neither designed nor meant to emphasize privacy, numerous contributors hide behind pseudonyms and compartmentalize their different incarnations via multiple accounts within the same, or across multiple, site(s).

Prior work has shown that stylometric analysis is a very powerful tool capable of linking authors of scientific articles, referee reports as well as product or service reviews. In this work, we explore stylometric linkability of tweets -- 140-character messages that form the basis for Twitter, currently the most popular and successful microblogging service. Our results, based on a very large corpus of tweets, clearly demonstrate that, at least for relatively active tweeters, linkability of multiple accounts is easily attained. This has some obvious privacy implications, both positive and negative.

Prof. Gene Tsudik

University of California, USA

Talk title: Fighting Authorship Linkability with Crowdsourcing

Abstract: Massive amounts of contributed content -- including traditional literature, blogs, music, videos, reviews and tweets -- are available on the Internet today, with authors numbering in many millions. Textual information, such as product or service reviews, is an important and increasingly popular type of content that is being used as a foundation of many trendy community-based reviewing sites, such as TripAdvisor and Yelp. Some recent results have shown that, due partly to their specialized/topical nature, sets of reviews authored by the same person are readily linkable based on simple stylometric features. In practice, this means that individuals who author more than a few reviews under different accounts (whether within one site or across multiple sites) can be linked, which represents a significant loss of privacy.

In this work, we start by showing that the problem is actually worse than previously believed. We then explore ways to mitigate authorship linkability in community-based reviewing. We first attempt to harness the global power of crowdsourcing by engaging random strangers into the process of re-writing reviews. As our empirical results (obtained from Amazon Mechanical Turk) clearly demonstrate, crowdsourcing yields impressively sensible reviews that reflect sufficiently different stylometric characteristics such that prior stylometric linkability techniques become largely ineffective. We also consider using machine translation to automatically re-write reviews. Contrary to what was previously believed, our results show that translation decreases authorship linkability as the number of intermediate languages grows. Finally, we explore the combination of crowdsourcing and machine translation and report on results.