Data Protection and Security Issues with Network Error Logging

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F23%3APU149379" target="_blank" >RIV/00216305:26230/23:PU149379 - isvavai.cz</a>

Výsledek na webu

<a href="https://arxiv.org/abs/2305.05343" target="_blank" >https://arxiv.org/abs/2305.05343</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.5220/0012078100003555" target="_blank" >10.5220/0012078100003555</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Data Protection and Security Issues with Network Error Logging

Popis výsledku v původním jazyce

Network Error Logging helps web server operators detect operational problems in real-time to provide fast and reliable services. This paper analyses Network Error Logging from two angles. Firstly, this paper overviews Network Error Logging from the data protection view. The ePrivacy Directive requires consent for non-essential access to the end devices. Nevertheless, the Network Error Logging design does not allow limiting the tracking to consenting users. Other issues lay in GDPR requirements for transparency and the obligations in the contract between controllers and processors of personal data. Secondly, this paper explains Network Error Logging exploitations to deploy long-time trackers to the victim devices. Even though users should be able to disable Network Error Logging, it is not clear how to do so. Web server operators can mitigate the attack by configuring servers to preventively remove policies that adversaries might have added.

Název v anglickém jazyce

Data Protection and Security Issues with Network Error Logging

Popis výsledku anglicky

Network Error Logging helps web server operators detect operational problems in real-time to provide fast and reliable services. This paper analyses Network Error Logging from two angles. Firstly, this paper overviews Network Error Logging from the data protection view. The ePrivacy Directive requires consent for non-essential access to the end devices. Nevertheless, the Network Error Logging design does not allow limiting the tracking to consenting users. Other issues lay in GDPR requirements for transparency and the obligations in the contract between controllers and processors of personal data. Secondly, this paper explains Network Error Logging exploitations to deploy long-time trackers to the victim devices. Even though users should be able to disable Network Error Logging, it is not clear how to do so. Web server operators can mitigate the attack by configuring servers to preventively remove policies that adversaries might have added.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 20th International Conference on Security and Cryptography

ISBN

978-989-758-666-8

ISSN

—

e-ISSN

—

Počet stran výsledku

8

Strana od-do

683-690

Název nakladatele

SciTePress - Science and Technology Publications

Místo vydání

Řím

Místo konání akce

Rome

Datum konání akce

10. 7. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001072829100066