Anonymized Data Can Still Tell Tales: 2024 UMBC SFS Research Study

Christian Badolato
CSEE Dept., UMBC

12 pm – 1 pm
Friday, February 9, 2024
Remotely via WebEx: https://umbc.webex.com/meet/sherman

Recording of Meeting

Abstract:

We present results from the 2024 UMBC Scholarship for Service (SFS) Research Study, which analyzed the effectiveness of the anonymization method UMBC’s Division of Information Technology (DoIT) uses to protect user privacy when releasing campus network data in support of UMBC research projects.  DoIT applies a pseudonymization technique, which replaces unique identifiers (e.g., IP addresses) with unrelated pseudonyms. We demonstrate a chosen-plaintext attack that completely re-identifies the anonymized dataset.  First, using a Scapy python library, we craft custom packets containing identifiable tags within the header data, and we transmit these packets to every node on the UMBC network. Second, we observe the resulting anonymized data produced by DoIT. With knowledge of the intended packet destinations, we generate a one-to-one mapping from our crafted packets into the anonymized captured network traffic. We offer technical and policy-based recommendations for improving DoIT’s anonymization method.

About the Speaker:

Christian Badolato (cbad1@umbc.edu) is a PhD student focusing on data privacy and IoT at UMBC working with Roberto Yus. Badolato earned his BS in mathematics and computer science, and his MS in computer science, from UMBC. For several years he worked as a software architect and a certified cybersecurity professional.

Host:

Alan T. Sherman, sherman@umbc.edu

Upcoming CDL Meetings:

  • February 23, Mario Yaksetig, GotCHA: CAPTCHAs for an AI Era
  • March 8, Cyrus Bonyadi, Metametaphysical Ontologies for Consensus
  • (March 18-22, spring break)
  • March 29, Maksim Eren, Tensor Decomposition Methods for Cybersecurity
  • April 12, Anupam Joshi
  • April 26, Dan Ragsdale, National Cybersecurity Policy
  • (May 3, CSEE Research Day)
  • May 10, Enis Golaszewski, Automatically Binding Cryptographic Context to Messages Using Formal Methods

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.

The UMBC Cyber Defense Lab meets biweekly Fridays 12-1 pm. All meetings are open to the public.