UMBC Cyber Defense Lab presents
Anonymized Data Can Still Tell Tales:
2024 UMBC SFS Research Study
2024 UMBC SFS Research Study
Christian Badolato, CSEE PhD Student
12-1pm ET Fri, 9 Feb. 2024 via WebEx
Joint work with a student team in the
2024 UMBC SFS Research Study
2024 UMBC SFS Research Study
We present results from the 2024 UMBC Scholarship for Service (SFS) Research Study, which analyzed the effectiveness of the anonymization method UMBC's Division of Information Technology (DoIT) uses to protect user privacy when releasing campus network data in support of UMBC research projects. DoIT applies a pseudonymization technique, which replaces unique identifiers (e.g., IP addresses) with unrelated pseudonyms. We demonstrate a chosen-plaintext attack that completely re-identifies the anonymized dataset. First, using a Scapy Python library, we craft custom packets containing identifiable tags within the header data, and we transmit these packets to every node on the UMBC network. Second, we observe the resulting anonymized data produced by DoIT. With knowledge of the intended packet destinations, we generate a one-to-one mapping from our crafted packets into the anonymized captured network traffic. We offer technical and policy-based recommendations for improving DoIT's anonymization method.
Christian Badolato (cbad1@umbc.edu) is a PhD student focusing on data privacy and IoT at UMBC working with Roberto Yus. Badolato earned his BS in mathematics and computer science, and his MS in computer science, from UMBC. For several years he worked as a software architect and a certified cybersecurity professional.
Host: Alan T. Sherman, sherman@umbc.edu. Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL meetings: February 23, Mario Yaksetig, GotCHA: CAPTCHAs for an AI Era, March 8, Cyrus Bonyadi, Metametaphysical Ontologies for Consensus, March 29, Maksim Eren, Tensor Decomposition Methods for Cybersecurity April 12, Anupam Joshi, April 26, Dan Ragsdale, National Cybersecurity Policy May 10, Enis Golaszewski, Automatically Binding Cryptographic Context to Messages Using Formal Methods