Collaborative Research: SaTC: CORE: Medium: Understanding and Combatting Impersonation Attacks and Data Leakage in Online Advertising

协作研究：SaTC：核心：媒介：理解和打击在线广告中的冒充攻击和数据泄露

• 批准号: 2247516
• 负责人: Damon McCoy
• 金额: $ 40万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247516&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Online advertising networks track which websites people visit and what they do on those websites. Ad networks perform such tracking to develop a comprehensive understanding of people's activity across their devices in order to sell advertisements related to those activities. Unfortunately, the way ad networks combine information from different devices into a singular understanding of a given person is insecure and can allow a malicious party on the Internet to learn sensitive information about the user such as what websites they visit, what products they purchased, or what hotels they visited. This project's novel contributions are the identification of this new kind of threat to user privacy, ways of identifying when ad networks track users across their devices, and developing tools to help people understand what information ad networks know and retain about them. The project's broader significance and importance are how it will help protect people's privacy while also educating them on the pervasiveness and specificity of online tracking, allowing them to make more informed decisions about their online activities.Identifying and combating ad network privacy threats requires an investigation of ad networks, web browsers, and measurement methods. This project will improve user privacy via three interconnected investigations. The project will: 1) Define and enumerate a new class of privacy threat stemming from ad networks' efforts to correlate user activity across devices, including systematizing an understanding of this threat's full attack surface and impact on user privacy across the Internet. 2) Develop a suite of robust statistical methods to detect when ad networks link devices together based on observed advertising behaviors that will enable understanding how ad networks track users independent of environment or computing platform. 3) Create a set of tools that will educate and empower users to understand what data and inferences ad networks have made, and if ad networks are respecting data deletion requests.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在线广告网络跟踪人们访问的网站及其在这些网站上的工作。广告网络执行此类跟踪，以对人们在其设备中的活动进行全面了解，以便出售与这些活动相关的广告。 不幸的是，广告网络将来自不同设备的信息结合到对给定人的单一理解的方式是不安全的，并且可以允许互联网上的恶意聚会学习有关用户的敏感信息，例如他们访问的网站，他们购买的产品或访问了哪些酒店。该项目的新颖贡献是识别这种对用户隐私的新型威胁，识别广告网络何时跟踪用户跨设备的方式的方式，以及开发工具，以帮助人们了解信息广告网络对它们的了解和保留。 该项目的更广泛的意义和重要性是如何帮助保护人们的隐私，同时还教育他们有关在线跟踪的普遍性和特殊性，使他们能够对其在线活动做出更明智的决定。识别和打击广告网络隐私威胁需要对广告网络，网络浏览器，网络浏览器和测量方法进行调查。该项目将通过三个互连调查来改善用户隐私。该项目将：1）定义并列举了广告网络跨设备的用户活动的努力，包括对该威胁的完整攻击表面的理解以及对整个Internet的用户隐私的影响，源于广告网络将用户活动相关联。 2）开发一套可靠的统计方法，以根据观察到的广告行为来检测AD网络何时将设备链接在一起，这将使AD Networks如何独立于环境或计算平台跟踪用户。 3）创建一组工具，可以教育并授权用户了解广告网络已经制定的数据和推断，以及是否尊重数据删除请求。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛的影响审查标准通过评估来进行评估的。