Dual-Technique Privacy & Security Analysis for E-Commerce Websites Through Automated and Manual Implementation

• URL: http://arxiv.org/abs/2410.14960v1
• Date: Sat, 19 Oct 2024 03:25:48 GMT
• Title: Dual-Technique Privacy & Security Analysis for E-Commerce Websites Through Automated and Manual Implementation
• Authors: Urvashi Kishnani, Sanchari Das,
• Abstract summary: 38.5% of the websites deployed over 50 cookies per session, many of which were categorized as unnecessary or unclear in function. Our manual assessment uncovered critical gaps in standard security practices, including the absence of mandatory multi-factor authentication and breach notification protocols. Based on these findings, we recommend targeted improvements to privacy policies, enhanced transparency in cookie usage, and the implementation of stronger authentication protocols.
• Score: 2.7039386580759666
• License:
• Abstract: As e-commerce continues to expand, the urgency for stronger privacy and security measures becomes increasingly critical, particularly on platforms frequented by younger users who are often less aware of potential risks. In our analysis of 90 US-based e-commerce websites, we employed a dual-technique approach, combining automated tools with manual evaluations. Tools like CookieServe and PrivacyCheck revealed that 38.5% of the websites deployed over 50 cookies per session, many of which were categorized as unnecessary or unclear in function, posing significant risks to users' Personally Identifiable Information (PII). Our manual assessment further uncovered critical gaps in standard security practices, including the absence of mandatory multi-factor authentication (MFA) and breach notification protocols. Additionally, we observed inadequate input validation, which compromises the integrity of user data and transactions. Based on these findings, we recommend targeted improvements to privacy policies, enhanced transparency in cookie usage, and the implementation of stronger authentication protocols. These measures are essential for ensuring compliance with CCPA and COPPA, thereby fostering more secure online environments, particularly for younger users.

Related papers

• Privacy-Enhanced Adaptive Authentication: User Profiling with Privacy Guarantees [0.6554326244334866]
  This paper introduces a novel privacy-enhanced adaptive authentication protocol. It dynamically adjusts authentication requirements based on real-time risk assessments. By adhering to data protection regulations such as CCPA, our protocol not only enhances security but also fosters user trust.
  arXiv  Detail & Related papers  (2024-10-27T19:11:33Z)
• Uncovering Attacks and Defenses in Secure Aggregation for Federated Deep Learning [17.45950557331482]
  Federated learning enables the collaborative learning of a global model on diverse data, preserving data locality and eliminating the need to transfer user data to a central server. Secure aggregation protocols are designed to mask/encrypt user updates and enable a central server to aggregate the masked information. MicroSecAgg (PoPETS 2024) proposes a single server secure aggregation protocol that aims to mitigate the high communication complexity of the existing approaches.
  arXiv  Detail & Related papers  (2024-10-13T00:06:03Z)
• Excavating Vulnerabilities Lurking in Multi-Factor Authentication Protocols: A Systematic Security Analysis [2.729532849571912]
  Single-factor authentication (SFA) protocols are often bypassed by side-channel and other attack techniques. To alleviate this problem, multi-factor authentication (MFA) protocols have been widely adopted recently.
  arXiv  Detail & Related papers  (2024-07-29T23:37:38Z)
• PriRoAgg: Achieving Robust Model Aggregation with Minimum Privacy Leakage for Federated Learning [49.916365792036636]
  Federated learning (FL) has recently gained significant momentum due to its potential to leverage large-scale distributed user data. The transmitted model updates can potentially leak sensitive user information, and the lack of central control of the local training process leaves the global model susceptible to malicious manipulations on model updates. We develop a general framework PriRoAgg, utilizing Lagrange coded computing and distributed zero-knowledge proof, to execute a wide range of robust aggregation algorithms while satisfying aggregated privacy.
  arXiv  Detail & Related papers  (2024-07-12T03:18:08Z)
• Collection, usage and privacy of mobility data in the enterprise and public administrations [55.2480439325792]
  Security measures such as anonymization are needed to protect individuals' privacy. Within our study, we conducted expert interviews to gain insights into practices in the field. We survey privacy-enhancing methods in use, which generally do not comply with state-of-the-art standards of differential privacy.
  arXiv  Detail & Related papers  (2024-07-04T08:29:27Z)
• Secure Aggregation is Not Private Against Membership Inference Attacks [66.59892736942953]
  We investigate the privacy implications of SecAgg in federated learning. We show that SecAgg offers weak privacy against membership inference attacks even in a single training round. Our findings underscore the imperative for additional privacy-enhancing mechanisms, such as noise injection.
  arXiv  Detail & Related papers  (2024-03-26T15:07:58Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
  We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
  arXiv  Detail & Related papers  (2023-04-06T05:20:16Z)
• Do Software Security Practices Yield Fewer Vulnerabilities? [6.6840472845873276]
  The goal of this study is to assist practitioners and researchers making informed decisions on which security practices to adopt. Four security practices were the most important practices influencing vulnerability count. The number of reported vulnerabilities increased rather than reduced as the aggregate security score of the packages increased.
  arXiv  Detail & Related papers  (2022-10-20T20:04:02Z)
• mPSAuth: Privacy-Preserving and Scalable Authentication for Mobile Web Applications [0.0]
  mPSAuth is an approach for continuously tracking various data sources reflecting user behavior and estimating the likelihood of the current user being legitimate. We show that mPSAuth can provide high accuracy with low encryption and communication overhead, while the effort for the inference is increased to a tolerable extent.
  arXiv  Detail & Related papers  (2022-10-07T12:49:34Z)
• Secure Byzantine-Robust Machine Learning [61.03711813598128]
  We propose a secure two-server protocol that offers both input privacy and Byzantine-robustness. In addition, this protocol is communication-efficient, fault-tolerant and enjoys local differential privacy.
  arXiv  Detail & Related papers  (2020-06-08T16:55:15Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.