Thumbnail Image
Publication

Understanding and protecting user security and privacy on the web

Yang, Zhiju
Citations
Altmetric:
Advisor
Yue, Chuan
Editor
Date
Date Issued
2021
Date Submitted
Keywords
measurement
 privacy
 security
 web
Collections
2021 - Mines Theses & Dissertations
Show all metadata
Files
Thumbnail Image
Yang_mines_0052E_12283.pdf
Adobe PDF2.73 MB
Research Projects
Organizational Units
Journal Issue
URI
https://hdl.handle.net/11124/14262
Embargo Expires
2023-04-14
Abstract
Over the past decades, the web on both mobile and desktop environments has rapidly developed and significantly revolutionized our daily life. It has been integrated into our daily lives in every sector such as commerce, education, government, entertainment, health, and social communication, etc. Along with our ever-increasing reliance on the web, more personal and valuable data is being stored and processed online, portable devices such as smartphones and laptops are increasingly playing important rules in every aspect of our lives, sophisticated web applications and services are developed in an agile manner to meet our needs, and third-party relationships are the norm as our information is being widely connected and frequently shared. These factors create new and significant vulnerabilities to our security and privacy on the web. In this dissertation, we have the same ultimate goal as that of many users, developers, lawmakers, and researchers: towards a secure and privacy-preserving web. We conduct four projects to explore and investigate user security and privacy on the web for both mobile and desktop environments. Specifically, we (1) propose a novel user fingerprinting attack that identities individual users based on their behavioral biometrics derived from the motion sensor data, and provide defense solutions against the user fingerprinting attack by performing data perturbation, (2) conduct an in-depth analysis and comparison of web tracking on the mobile and desktop environments using our measurement framework, (3) investigate and reveal the security and privacy risks of visiting three types of news webpages based on 18 metrics in categories of insecure practice and insufficient protection, and (4) design and implement a web tracking and advertising detection framework, namely WtaGraph, based on Graph Neural Networks, which can accurately detect web tracking and advertising in different application settings. By presenting the detailed design, implementation, evaluation, and discussion of each project in this dissertation, we expect to advance the state of web security and privacy research, increase users’ awareness of security and privacy risks on the web, and strengthen the security and privacy protection on the web.
Associated Publications
Rights
Copyright of the original work is retained by the author.
Embedded videos