Digital persona portrayal: identifying pluridentity vulnerabilities in digital life

Olivero M. A., Bertolino A., Dominguez-Mayo F. J., Escalona M. J., Matteucci I.

Privacy  Pluridentity  Portrayal  Digital persona  Risk  Software  Computer Networks and Communications  Safety  Security  Reliability and Quality  System of systems 

The increasing use of the Internet for social purposes enriches the data available online about all of us and promotes the concept of the Digital Persona. Actually, most of us are represented online by more than one identity, what we define here as a Pluridentity. This trend brings increased risks: it is well known that the security of a Digital Persona can be exploited if its data and security are not effectively managed. In this paper, we focus specifically on a new type of digital attack that can be perpetrated by combining pieces of data belonging to one same Pluridentity in order to profile their target. Some victims can be so accurately depicted when looking at their Pluridentity that by using the gathered information attackers can execute very personalized social engineering attacks, or even bypass otherwise safe security mechanisms. We characterize these Pluridentity attacks as a security issue of a virtual System of Systems, whose constituent systems are the individual identities and the humans themselves. We present a strategy to identify vulnerabilities caused by overexposure due to the combination of data from the constituent identities of a Pluridentity. To this end we introduce the Digital Persona Portrayal Metamodel, and the related Digital Pluridentity Persona Portrayal Analysis process that supports the architecting of data from different identities: such model and process can be used to identify the vulnerabilities of a Pluridentity due to its exploitation as a System of Systems. The approach has been validated on the Pluridentities of seventeen candidates selected from a data leak, by retrieving the data of their Digital Personae, and matching them against the security mechanisms of their Pluridentities. After analyzing the results for some of the analyzed subjects we could detect several vulnerabilities.

Source: Journal of Information Security and Applications 52 (2020). doi:10.1016/j.jisa.2020.102492

Publisher: Elsevier

Metrics