Deliverable #3

Develop a test suite of statistical attacks against query and discussion board statistics

Statistical attack is a method of deriving sensitive data from non-sensitive data. For this deliverable, following test suite of statistical attacks against query and discussion board statistics were created.

1. Finding out the user who has viewed a certain thread: When a user belongs to a certain group and there are only two members in that group, then one user can easily figure out whether or not the other user has recently viewed any thread belonging to that certain group. The total number of views of any thread is always visible. This can be accessed via Group Feed page. Lets say the current view of a thread is 100 and after refreshing it, it goes up to 101, then its obvious that another user has just viewed that thread.
2. Finding out the user who has posted in a groups thread: Lets say any user can post to any thread of a group as an anonymous. But if there are only 2 users belonging to a certain group, even though a user posts as an anonymous, this user is revealed to another user.
3. We can find out user id of a user who has posted any comments on any group discussion board. For example:
   • Click on any group (say TestGroup1). This shows list of current posts under that group.
   • Below each post, you can see Last Post: <DD/MM/YYYY> - <USER_ID>.
   • For the post (say Welcome to TestGroup1 Thread), you can see Last Post: 17/09/2016 - testuser1. Click on testuser1. You can get the user_id in the url or under Query Statistics: SELECT COUNT(DISTINCT GI.ID) AS NUM FROM GROUP_ITEM GI, GROUPS G, USER_GROUP UG, USERS P WHERE P.USER_ID='3' AND ...
4. Indirect attack via SQL Query: If we know that one user (user_id 2) has only 1 advertisement, we can find budget put by user_id 2
   1. SELECT SUM(BUDGET) FROM Advertisement WHERE user_id != 2;
   2. SELECT SUM(BUDGET) FROM Advertisement
   By taking a difference of (1) and (2), we can get the Budget put by user_id 2