お知らせ

ACM SAC 2024 に当研究所研究員の論文が採択されました

デロイト トーマツ サイバーセキュリティ先端研究所(DT-ARLCS)

2024年4月8日から4月12日までにかけて開催される予定の The 39th ACM/SIGAPP Symposium On Applied Computing (SAC) 2024 に、当研究所の研究員である 伊藤 大貴 が筆頭著者となる以下の論文がフルペーパーとして採択されました。

採択された論文

2023年11月

Account Discovery: Identifying Web3 SNS Accounts at Risk of De-anonymization

学会・研究会:The 39th ACM/SIGAPP Symposium On Applied Computing (SAC) 2024
著者:Daiki Ito, Yuta Takata, Keika Mori, Ryoya Furukawa, Hiroshi Kumagai, and Masaki Kamizono (DTCY)
https://www.sigapp.org/sac/sac2024(外部サイト)

論文概要

Web services that use a blockchain and crypto-assets (Web3 services) improve user privacy by anonymous logins using wallet addresses. However, since many users list their account identities (IDs) on social networking service (SNS) profile pages and reuse their account IDs for self-branding and curation purposes, which increases the risk of de-anonymization on Web3 services by linking these accounts. If such high-risk SNS accounts hold large amounts of crypto-assets, they are subject to account hijacking and spoofing attacks for financial gain. In this study, we proposed a method to discover highly relevant SNS accounts from a seed account on Web2 and Web3 SNSs and estimate their account ownership. We applied our method to 480 seed accounts of 9 different SNSs and discovered 1,233 new accounts. We found that SNSs with multiple URL input forms on their profile setting pages linked more accounts and revealed that 207 out of 253 (81.8%) users reused their IDs across different SNSs. We identified 26 accounts linked to personal and crypto-asset information that are at risk of de-anonymization. Our user study using crowdsourcing services showed that as many as 232 (40.8%) out of 568 respondents do not understand the traceability of blockchain transaction histories. We examined the security and privacy risks caused by account listing and ID reuse, and made recommendations for service providers and users based on our findings. 

お役に立ちましたか?