By Grace Stanley
A new system developed by Cornell Tech researchers helps users detect when their online accounts have been compromised — without exposing their personal devices to invasive tracking by web services. The researchers presented the system, called Client-Side Encrypted Access Logging (CSAL), at the USENIX Security Symposium on Aug. 15 in Seattle. Its “privacy-first” method verifies whether a login came from a user’s own device, addressing a flaw in how major platforms like Google and Facebook currently log account access.
The new system could be especially useful for users at heightened risk of targeted cyberattacks, such as journalists, activists and public figures, who need to verify account activity, the researchers said. The study was motivated by the authors’ work with survivors of intimate partner violence at Cornell Tech’s Clinic to End Tech Abuse (CETA); the safety of survivors often relies on knowing if and when their partners have been accessing their accounts.
The research was led by Carolina Ortega Pérez and Alaa Daffalla, both Ph.D. candidates in computer science, and Thomas Ristenpart, professor at Cornell Tech and the Cornell Ann S. Bowers College of Computing and Information Science.
Read more at the Cornell Chronicle.
Grace Stanley is the staff writer-editor for Cornell Tech.