Ryan Wails, Yixin Sun, Aaron Johnson, Mung Chiang and Prateek Mittal
Many recent proposals for anonymous communication omit from their security analyses a consideration of the effects of time on important system components. In practice, many components of anonymity systems, such as the client location and network structure, exhibit changes and patterns over time. In this paper, we focus on the effect of such temporal dynamics on the security of anonymity networks. We present Tempest, a suite of novel attacks based on (1) client mobility, (2) usage patterns, and (3) changes in the underlying network routing. Using experimental analysis on real-world datasets, we demonstrate that these temporal attacks degrade user privacy across a wide range of anonymity networks, including deployed systems such as Tor; pathselection protocols for Tor such as DeNASA, TAPS, and Counter-RAPTOR; and network-layer anonymity protocols for Internet routing such as Dovetail and HORNET. The degradation is in some cases surprisingly severe. For example, a single host failure or network route change could quickly and with high certainty identify the client’s ISP to a malicious host or ISP. The adversary behind each attack is relatively weak – generally passive and in control of one network location or a small number of hosts. Our findings suggest that designers of anonymity systems should rigorously consider the impact of temporal dynamics when analyzing anonymity.
Jonathan Rusert, Osama Khalid, Dat Hong, Zubair Shafiq and Padmini Srinivasan
 C. Li and A. Sun. Fine-grained location extraction from tweets with temporal awareness. In Proceedings of the 37th International ACM SIGIR Conference on Research & Development in Information Retrieval , SIGIR ’14, pages 43–52, New York, NY, USA, 2014. ACM.
 J. Lingad, S. Karimi, and J. Yin. Location extraction from disaster-related microblogs. In 22nd international conference on World Wide Web companion International World Wide Web Conferences Steering Committee , 2013.
 Z. Liu and Y. Huang. Where are you tweeting?: A context
user activity preference by leveraging user spatial temporal characteristics in lbsns. IEEE Transactions on Systems, Man, and Cybernetics: Systems 45(1):129–142
 Zhang S, Wang W, Ford J, Makedon F (2006) Learning from incomplete ratings usig non-negative matrix factorization. In: Proceedings of the 6th SIAM International Conference on Data Mining (SDM’06), pp 548–552
 Zheng Y, Zhang L, Xie X, Ma WY (2009) Mining interesting locations and travel sequences from GPS trajectories. In: Proceedings of the 18th International Conference on World Wide Web
Niklas Buescher, Spyros Boukoros, Stefan Bauregger and Stefan Katzenbeisser
The widespread deployment of smart meters that frequently report energy consumption information, is a known threat to consumers’ privacy. Many promising privacy protection mechanisms based on secure aggregation schemes have been proposed. Even though these schemes are cryptographically secure, the energy provider has access to the plaintext aggregated power consumption. A privacy trade-off exists between the size of the aggregation scheme and the personal data that might be leaked, where smaller aggregation sizes leak more personal data. Recently, a UK industrial body has studied this privacy trade-off and identified that two smart meters forming an aggregate, are sufficient to achieve privacy. In this work, we challenge this study and investigate which aggregation sizes are sufficient to achieve privacy in the smart grid. Therefore, we propose a flexible, yet formal privacy metric using a cryptographic game based definition. Studying publicly-available, real world energy consumption datasets with various temporal resolutions, ranging from minutes to hourly intervals, we show that a typical household can be identified with very high probability. For example, we observe a 50% advantage over random guessing in identifying households for an aggregation size of 20 households with a 15-minutes reporting interval. Furthermore, our results indicate that single appliances can be identified with significant probability in aggregation sizes up to 10 households.
Apostolos Pyrgelis, Carmela Troncoso and Emiliano De Cristofaro
 Waze. https://www.waze.com , 2016.
 G. Acs and C. Castelluccia. A case study: privacy preserving release of spatio-temporal density in paris. In KDD , 2014.
 M. E. Andrés, N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi. Geo-indistinguishability: Differential privacy for location-based systems. In CCS , 2013.
 S. Bocconi, A. Bozzon, A. Psyllidis, C. Titos Bolivar, and G.-J. Houben. Social glass: A platform for urban analytics and decision-making through heterogeneous social data. In WWW , 2015.
Wisam Eltarjaman, Rinku Dewri and Ramakrishna Thurimella
://developers.google.com/places/web-service/search#PlaceSearchRequests , 2017. [Online; accessed 1-March-2017].
 M. Gruteser and D. Grunwald. Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In Proceedings of the 1st International Conference on Mobile Systems, Applications, and Services , pages 31–42, 2003.
 P. Kalnis, G. Ghinita, K. Mouratidis, and D. Papadias. Preventing Location-Based Identity Inference in Anonymous Spatial Queries. IEEE Transactions on Knowledge and Data Engineering , 19(12):1719–1733, 2007.
 A. Khoshgozaran, C. Shahabi, and H. Shirani-Mehr. Location
Konstantinos Chatzikokolakis, Ehab ElSalamouny and Catuscia Palamidessi
assignment for crowd sensing with cloaked participant locations,” in Proceedings of the 23rd SIGSPATIAL Int. Conf. on Advances in Geographic Information Systems , GIS ’15, pp. 90:1–90:4, ACM, 2015.
 Y. Xiao and L. Xiong, “Protecting locations with differential privacy under temporal correlations,” in Proc. of CCS , pp. 1298–1309, ACM, 2015.
 A. Ghosh, T. Roughgarden, and M. Sundararajan, “Universally utility-maximizing privacy mechanisms,” in Proc. of STOC , pp. 351–360, ACM, 2009.
 K. Chatzikokolakis, C. Palamidessi, and M. Stronati
Archita Agarwal, Maurice Herlihy, Seny Kamara and Tarik Moataz
 Javallier. https://github.com/snipsco/paillier-librariesbenchmarks/tree/master/java-javallier .
 J. Abowd. The challenge of scientific reproducibility and privacy protection for statistical agencies., 15 September 2016. https://www2.census.gov/cac/sac/meetings/2016-09/2016-abowd.pdf .
 G. Acs and C. Castelluccia. A case study: privacy preserving release of spatio-temporal density in paris. In Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining , pages 1679–1688. ACM, 2014
Changchang Liu, Xi He, Thee Chanyaswad, Shiqiang Wang and Prateek Mittal
& communications security , pages 901–914. ACM, 2013.
 Borja Balle and Yu-Xiang Wang. Improving the gaussian mechanism for differential privacy: Analytical calibration and optimal denoising. In International Conference on Machine Learning (ICML) , 2018.
 Vincent Bindschaedler, Reza Shokri, and Carl A Gunter. Plausible deniability for privacy-preserving data synthesis. Proceedings of the VLDB Endowment , 10(5):481–492, 2017.
 Yang Cao, Masatoshi Yoshikawa, Yonghui Xiao, and Li Xiong. Quantifying differential privacy under temporal correlations. In
Malte Möser, Kyle Soska, Ethan Heilman, Kevin Lee, Henry Heffan, Shashvat Srivastava, Kyle Hogan, Jason Hennessey, Andrew Miller, Arvind Narayanan and Nicolas Christin
/question-on-mixin-selection, September 2015.
 EhVedadoOAnonimato. https://forum.getmonero.org/6/ideas/2372/using-time-neighbors-in-mixin-selection-in-orderto-solve-temporal-associations, September 2015.
 Thomas Fox-Brewster. Wannacry hackers are using this Swiss company to launder $142,000 Bitcoin ransoms. https://www.forbes.com/sites/thomasbrewster/2017/08/03/wannacryhackers-use-shapeshift-to-launder-bitcoin, August 2017.
 Steven Goldfeder, Harry A. Kalodner, Dillon Reisman, and Arvind Narayanan. When the