{"links":{},"id":208847,"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00208847","sets":["581:10023:10035"]},"path":["10035"],"owner":"44499","recid":"208847","title":["Addressing the Privacy Threat to Identify Existence of a Target's Account on Sensitive Services"],"pubdate":{"attribute_name":"公開日","attribute_value":"2020-12-15"},"_buckets":{"deposit":"676b3f25-f9e2-4396-8603-e68faece49a7"},"_deposit":{"id":"208847","pid":{"type":"depid","value":"208847","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Addressing the Privacy Threat to Identify Existence of a Target's Account on Sensitive Services","author_link":["525060","525064","525065","525067","525066","525063","525061","525062","525058","525059"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Addressing the Privacy Threat to Identify Existence of a Target's Account on Sensitive Services"},{"subitem_title":"Addressing the Privacy Threat to Identify Existence of a Target's Account on Sensitive Services","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集：ユーザブルセキュリティ] usable security, account security, privacy, insider attack, login","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2020-12-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"NTT Secure Platform Laboratories"},{"subitem_text_value":"NTT Secure Platform Laboratories"},{"subitem_text_value":"NTT Secure Platform Laboratories"},{"subitem_text_value":"NTT Secure Platform Laboratories"},{"subitem_text_value":"Waseda University／NICT／RIKEN AIP"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"Waseda University / NICT / RIKEN AIP","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"eng"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/208847/files/IPSJ-JNL6112037.pdf","label":"IPSJ-JNL6112037.pdf"},"date":[{"dateType":"Available","dateValue":"2022-12-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6112037.pdf","filesize":[{"value":"756.7 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"5"},{"tax":["include_tax"],"price":"0","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"40605717-103a-4a4e-9ee0-69dd6365a2b4","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2020 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Ayako, Akiyama Hasegawa"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takuya, Watanabe"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Eitaro, Shioji"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mitsuaki, Akiyama"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tatsuya, Mori"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Ayako, Akiyama Hasegawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Takuya, Watanabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Eitaro, Shioji","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mitsuaki, Akiyama","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tatsuya, Mori","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Online service providers exert tremendous effort to protect users' accounts against sensitive data breaches. Although threats from complete outsiders, such as account hijacking for monetization, still occur, recent studies have shed light on threats to privacy from insiders. In this study, we focus on these latter threats. Specifically, we present the first comprehensive study of an attack from insiders that identifies the existence of a target's account by using the target's email address and the insecure login-related messages that are displayed. Such a threat may violate intimates' or acquaintances' privacy because the kinds of service accounts a user has implies his/her personal preferences or situation. We conducted surveys regarding user expectations and behaviors on online services and an extensive measurement study of login-related messages on online services that are considered sensitive. We found that over 80% of participants answered that they have sensitive services and that almost all services were vulnerable to our attack. Moreover, about half the participants who have sensitive services were insecurely registered on them, thus could be potential victims. Finally, we recommend ways for online service providers to improve login-related messages and for users to take appropriate defensive actions. We also report our responsible disclosure process.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.28(2020) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.28.1030\n------------------------------","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Online service providers exert tremendous effort to protect users' accounts against sensitive data breaches. Although threats from complete outsiders, such as account hijacking for monetization, still occur, recent studies have shed light on threats to privacy from insiders. In this study, we focus on these latter threats. Specifically, we present the first comprehensive study of an attack from insiders that identifies the existence of a target's account by using the target's email address and the insecure login-related messages that are displayed. Such a threat may violate intimates' or acquaintances' privacy because the kinds of service accounts a user has implies his/her personal preferences or situation. We conducted surveys regarding user expectations and behaviors on online services and an extensive measurement study of login-related messages on online services that are considered sensitive. We found that over 80% of participants answered that they have sensitive services and that almost all services were vulnerable to our attack. Moreover, about half the participants who have sensitive services were insecurely registered on them, thus could be potential victims. Finally, we recommend ways for online service providers to improve login-related messages and for users to take appropriate defensive actions. We also report our responsible disclosure process.\n------------------------------\nThis is a preprint of an article intended for publication Journal of\nInformation Processing(JIP). This preprint should not be cited. This\narticle should be cited as: Journal of Information Processing Vol.28(2020) (online)\nDOI　http://dx.doi.org/10.2197/ipsjjip.28.1030\n------------------------------","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicIssueDates":{"bibliographicIssueDate":"2020-12-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"12","bibliographicVolumeNumber":"61"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:10:12.968190+00:00","updated":"2025-01-19T18:41:56.761846+00:00"}