Private & Anonymous Communication. Peter Kairouz ECE Department University of Illinois at Urbana-Champaign
|
|
- Homer Hood
- 5 years ago
- Views:
Transcription
1 Private & Anonymous Communication Peter Kairouz ECE Department University of Illinois at Urbana-Champaign
2 Communication Bob Alice transfer of information from one point in space-time to the other
3 Wireless communication the fundamental limits of wireless communication are well understood
4 Rise of the planet of the apps!
5 Rise of the planet of the apps!
6 Rise of the planet of the apps!
7 Rise of the planet of the apps! can we communicate anonymously and privately?
8 Does privacy matter? if you re doing something that you don t want other people to know, maybe you shouldn t be doing it in first place privacy is no longer a social norm!
9 Recent privacy leaks deanonymizing Netflix data, identifying personal genomes, etc.
10 China s crackdown on messaging apps if your message is shared 500 times, you may face 3 years in prison
11 some people have important, sensitive things to say Political activism
12 Personal confessions others have less important, but sensitive things to say
13 Private and anonymous communication Bob Alice the data privacy and meta-data privacy contexts
14 Part I: Anonymous Communication
15 Existing anonymous messaging apps Bob Alice
16 Existing anonymous messaging apps Bob
17 Existing anonymous messaging apps Bob
18 Existing anonymous messaging apps Bob
19 Existing anonymous messaging apps Bob
20 Existing anonymous messaging apps Alice
21 Existing anonymous messaging apps
22 Existing anonymous messaging apps
23 Existing anonymous messaging apps
24 Existing anonymous messaging apps
25 Existing anonymous messaging apps Bob Mary Alice
26 Existing anonymous messaging apps Bob Mary Alice
27 Existing anonymous messaging apps Bob Mary Server Alice
28 Existing anonymous messaging apps Bob Mary Server Alice
29 Existing anonymous messaging apps Bob Mary Server Alice centralized networks are not truly anonymous!
30 Compromises in anonymity
31 Compromises in anonymity
32 Compromises in anonymity anonymity loss extends beyond the network
33 Anonymous communication
34 Anonymous communication designed for point-to-point communication
35 Distributed messaging Bob Mary Alice
36 Distributed messaging Bob Mary Alice
37 Distributed messaging Bob Mary Alice what can an adversary do?
38 Adversary without timing Craig Bob Mary David Alice
39 Adversary without timing Craig Bob Mary David Alice
40 Adversary without timing Craig Bob Mary David Alice
41 Adversary without timing Craig Bob Mary David Alice adversary can figure out who got the message
42 Adversary with timing Craig Bob Mary David Alice
43 Adversary with timing Craig Bob Mary David Alice
44 Adversary with timing Craig Bob Mary David Alice
45 Adversary with timing -message -timestamp -message -timestamp adversary can collect timing information
46 Adversary with timing -message -timestamp -message -timestamp adversary can collect timing information
47 Distributed network forensics timing + who has the message = authorship
48 Information flow in social networks G is the graph representing the social network
49 Information flow in social networks message author
50 Information flow in social networks the author passes the message to its neighbors
51 Information flow in social networks its neighbors pass the message to theirs
52 Information flow in social networks the message spreads in all directions at the same rate
53 Information flow in social networks the message spreads in all directions at the same rate
54 Information flow in social networks the message spreads in all directions at the same rate
55 Information flow in social networks this spreading model is known as the diffusion model
56 Adversary can we locate the message author?
57 Concentration around the center the message author is in the center
58 Node eccentricity maximum distance from a node to any other node
59 Node eccentricity the message author has an eccentricity of 3
60 Node eccentricity all other nodes have larger eccentricities
61 Jordan centrality Jordan center other centralities: distance centrality, rumor centrality, etc.
62 Maximum likelihood detection high likelihood low likelihood diffusion spreading = deanonymization [Shah, Zaman 2011]
63 Our goal Craig Bob Mary David Alice engineer the spread to hide authorship
64 Main Result: Adaptive diffusion
65 Main Result: Adaptive diffusion
66 Main Result: Adaptive diffusion
67 Main Result: Adaptive diffusion
68 Main Result: Adaptive diffusion
69 Main Result: Adaptive diffusion
70 Main Result: Adaptive diffusion
71 Main Result: Adaptive diffusion
72 Main Result: Adaptive diffusion High likelihood Low likelihood provides provable anonymity guarantees [Spy vs. Spy: Rumor Source Obfuscation, to appear in ACM SIGMETRICS 2015]
73 let s start with line graphs Line graphs
74 Line graphs: diffusion T = 0 the message author starts a rumor at T = 0
75 Line graphs: diffusion p p T = 1 with probability p, the left (right) node receives the message
76 Line graphs: diffusion T = 1 the node to the right of the author receives the message
77 Line graphs: diffusion p p T = 2 the rumor propagates in both directions at the same rate
78 Line graphs: diffusion T = 2 the rumor propagates in both directions at the same rate
79 Line graphs: diffusion p p T = 3 p is independent of time or hop distance to message author
80 Line graphs: diffusion T = 3 diffusion on a line is equivalent to two independent random walks
81 Adversary N = 5 nodes with the message can we locate the message author?
82 Maximum likelihood detection Likelihoods 1 N/2 N v the node in the middle is the mostly likely author
83 Maximum likelihood detection Likelihoods 1 N/2 N v Probability of detection 1 N
84 Pólya s urn process T = 1 choose a ball at random from the urn
85 Pólya s urn process with probability 1/2 T = 1 choose a ball at random from the urn
86 Pólya s urn process T = 1 replace the chosen ball by two balls of the same color
87 Pólya s urn process repeat previous steps T = 2
88 Pólya s urn process with probability 2/3 repeat previous steps T = 2
89 Pólya s urn process T = 2 the rich get richer and poor get poorer
90 Pólya s urn process: anonymity properties T = red and 4 blue 4 red and 10 blue 7 red and 7 blue all events are equally likely
91 Pólya s urn process: learning Urn 1 Urn 2 10 red and 4 blue 5 red and 9 blue given two urns generated independently
92 Pólya s urn process: learning Urn 1 Urn 2 N balls how many red balls came from urn 1?
93 Maximum likelihood detection Likelihoods Polya urn process diffusion process 1 N/2 N k we broke the concentration around N/2
94 Line graphs: adaptive diffusion consider a line graph
95 Line graphs: adaptive diffusion T = 0 node 0 starts a rumor at T = 0
96 Line graphs: adaptive diffusion /2 1/2 T = 1 with probability 1/2, the left (right) node receives the message
97 Line graphs: adaptive diffusion T = 1 right node 1 receives the message
98 Line graphs: adaptive diffusion /3 2/3 T = 2 hop distance to message author probability of passing message = h+1 T+1 elapsed time
99 Line graphs: adaptive diffusion T = 2 right node 2 receives the message
100 Line graphs: adaptive diffusion /4 3/4 T = 3 hop distance to message author probability of passing message = h+1 T+1 elapsed time
101 Line graphs: adaptive diffusion T = 3 left node 1 receives the message
102 Adversary N = 4 nodes with the message can we locate the message author?
103 Maximum likelihood detection Likelihoods adaptive diffusion diffusion 1 N/2 N k
104 Maximum likelihood detection Likelihoods adaptive diffusion diffusion 1 N/2 N k Probability of detection 1 N
105 what about d-regular trees? d-regular trees
106 d-regular trees: diffusion likelihoods concentrate around the center
107 d-regular trees: Pólya s urn processes Probability of detection using Jordan centrality does not work at all! number of nodes with the message
108 d-regular trees : adaptive diffusion
109 d-regular trees : adaptive diffusion initially, the author is also the virtual source
110 d-regular trees : adaptive diffusion at T = 1, the author selects one neighbor at random
111 d-regular trees : adaptive diffusion the author passes h = 1 and T = 2 to the chosen neighbor at T = 1, the author selects one neighbor at random
112 d-regular trees : adaptive diffusion the chosen neighbor becomes the new virtual source
113 d-regular trees : adaptive diffusion at T = 2, the virtual source passes the message to all its neighbors
114 d-regular trees : adaptive diffusion as T transitions from even to odd, the virtual source has two options: keeping the virtual source token passing the virtual source token
115 Keeping the virtual source token adaptive rate virtual source token is kept with probability d 1 T d 1 2 h 1 1 T
116 Keeping the virtual source token happens in T = 3 and T = 4 all leaf nodes with the message pass it to their neighbors
117 Passing the virtual source token new virtual source current virtual source selects one of its neighbors at random
118 Passing the virtual source token current virtual source passes h = 2 and T = 4 to new virtual source current virtual source selects one of its neighbors at random
119 Passing the virtual source token happens in T = 3 and T = 4 new virtual source passes the message to its neighbors which in turn pass it to their neighbors
120 Symmetry properties the graph is always symmetric around the virtual source
121 Adversary can we locate the message author?
122 Maximum likelihood detection high likelihood low likelihood all nodes except for the final virtual source are equally likely
123 Maximum likelihood detection high likelihood Probability of detection = 1 N 1 low likelihood
124 General graphs can we extend adaptive diffusion for general graphs?
125 General graphs: cycles do not pass the message to a node that already has the message
126 General graphs: degree irregularities which d to choose? virtual source token is kept with probability d 1 T d 1 2 h 1 1 T
127 General graphs: degree irregularities any d 3 works well in practice to preserve symmetry, each node talks to at most 3 neighbors
128 General graphs: boundary effects the virtual source is allowed to turn around when it hits the boundary
129 Simulation setup 10,000 Facebook users in New Orleans circa 2009 all users with degree less than 3 were removed
130 Simulation results on average, 96% of users received the message within 10 time steps
131 Simulation results Probability of detection d = chosen N bound d = 4 chosen likelihoods can be approximated numerically number of nodes with the message
132 Part I: Proposed Research
133 Spy adversarial model Craig Bob Mary David -message -timestamp -message -timestamp Alice adversary can collect timing information
134 Adversary with timing spy node 1 spy node 2 N = distance between spies what if spies can collect timing information?
135 Maximum likelihood detection Probability of detection 1 N 1 N hop distance between spies Probability of detection 1 N
136 Adversary with timing T 3 T 3 T 1 T 1 T 5 T 1 cordon of spy nodes: a work in progress
137 Current progress: Wildfire Bob Alice Alice Faith Saul Like Bob Carol Mary Like Mary Alice Faith Mike Saul Like
138 Current progress: Wildfire Bob Alice Alice Faith Saul Like Bob Carol Mary Like Wildfire empowers devices by removing central service providers Mary Alice Faith Mike Saul Like
139 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers Bob Carol Mary Like Wildfire empowers devices by removing central service providers Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers
140 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers
141 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers
142 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers
143 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak.
144 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. anonymous, distributed, secure implementation
145 Upcoming research Theoretical Spy adversarial model Hiding relays Dynamic networks Systems Video sharing Message caching Bootstrapping contacts Wildfire Release
146 Part II: Private Communication
147 Local privacy model X 1 Clients Data Analyst X 2 clients receive a service if they share their data clients do not trust data analyst
148 Lying is the ultimate protection lying = randomizing the future of privacy is lying
149 Privacy via plausible deniability have you ever used illegal drugs? say yes answer truthfully [Warner 1965]
150 Privacy via plausible deniability Q: privatization mechanism instead of X = x, share Y = y w.p. Q(y x) Q: X Y is a stochastic mapping
151 Local privacy model X 1 Privatization Q Y 1 Clients Data Analyst X 2 Privatization Q Y 2 each user privatizes her data before releasing it [Duchi, et. al., 2013]
152 Local differential privacy Q is ε-locally differentially private iff for all x, x X and y Y e ε Q y x Q y x e ε ε controls the level of privacy large ε, low privacy small ε, high privacy D ε : set of all ε-locally differentially private mechanisms
153 Privacy vs utility the more private you want to be, the less utility you get there is a fundamental trade-off between privacy and utility U Q : application dependent utility function D ε : set of all ε-locally differentially private mechanisms
154 Utility functions X X Q Y Y W Z Z utility functions obeying the data processing inequality: T = Q W U T U(Q) further randomization can only reduce utility note that if Q D ε T D ε
155 Information theoretic utility functions for X > 2, we focus on a rich class of convex utility functions: Q y : the column of Q corresponding to Q(y. ) μ: any sub-linear function includes all f-divergences and mutual information
156 Staircase mechanisms Q is ε-locally differentially private if for all x, x X and y Y e ε Q y x Q y x e ε
157 Staircase mechanisms Q is ε-locally differentially private if for all x, x X and y Y e ε Q y x Q y x e ε Q is a staircase mechanism if for all x, x X and y Y Q y x Q y x {e ε, 1, e ε }
158 Example of staircase mechanisms Binary Mechanism Randomized Response
159 for X = 2, binary data: Main result: binary data w.p. 1 1+e ε lie w.p. eε 1+eε say the truth optimal for all ε optimal for all U(Q) obeying the data processing inequality
160 Main result: general case for X > 2, general data: Binary Mechanism Randomized Response staircase mechanisms all locally differentially private mechanisms staircase mechanisms are optimal for all ε BM optimal for small ε RR optimal for large ε
161 Acknowledgments Giulia Fanti Pramod Viswanath Sewoong Oh
162 Thank You!
Spy vs. Spy: Rumor Source Obfuscation
Spy vs. Spy: Rumor Source Obfuscation Peter Kairouz University of Illinois at Urbana-Champaign Joint work with Giulia Fanti, Sewoong Oh, and Pramod Viswanath Some people have important, sensitive things
More informationAnonymous Messaging. Giulia Fanti and Peter Kairouz. Advised by Professors Sewoong Oh, Kannan Ramchandran, and Pramod Viswanath
Anonymous Messaging Giulia Fanti and Peter Kairouz Advised by Professors Sewoong Oh, Kannan Ramchandran, and Pramod Viswanath Some people have important, sensitive things to say. Some people have important,
More informationSpy vs. spy: Anonymous messaging over networks. Giulia Fanti, Peter Kairouz, Sewoong Oh, Kannan Ramchandran, Pramod Viswanath
Spy vs. spy: Anonymous messaging over networks Giulia Fanti, Peter Kairouz, Sewoong Oh, Kannan Ramchandran, Pramod Viswanath Some people have important, sensitive things to say. Others have less important,
More informationMetadata-Conscious Anonymous Messaging
Giulia Fanti Peter Kairouz Sewoong Oh Kannan Ramchandran Pramod Viswanath University of Illinois at Urbana-Champaign, Champaign, IL 68 FANTI@ILLINOIS.EDU KAIROUZ2@ILLINOIS.EDU SWOH@ILLINOIS.EDU KANNANR@EECS.BERKELEY.EDU
More informationDandelion: Privacy-Preserving Transaction Propagation in Bitcoin s P2P Network
Dandelion: Privacy-Preserving Transaction Propagation in Bitcoin s P2P Network Presenter: Giulia Fanti Joint work with: Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Brad Denby, Shruti Bhargava, Andrew
More informationPrivApprox. Privacy- Preserving Stream Analytics.
PrivApprox Privacy- Preserving Stream Analytics https://privapprox.github.io Do Le Quoc, Martin Beck, Pramod Bhatotia, Ruichuan Chen, Christof Fetzer, Thorsten Strufe July 2017 Motivation Clients Analysts
More informationUsing Chains for what They re Good For
Using Chains for what They re Good For Andrew Poelstra usingchainsfor@wpsoftware.net Scaling Bitcoin, November 5, 2017 1 / 14 On-Chain Smart Contracting Bitcoin (and Ethereum, etc.) uses a scripting language
More informationwith BLENDER: Enabling Local Search a Hybrid Differential Privacy Model
BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model Brendan Avent 1, Aleksandra Korolova 1, David Zeber 2, Torgeir Hovden 2, Benjamin Livshits 3 University of Southern California 1
More informationKaraoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich
Karaoke Distributed Private Messaging Immune to Passive Traffic Analysis David Lazar, Yossi Gilad, Nickolai Zeldovich 1 Motivation: Report a crime without getting fired You re Fired if you talk to the
More informationSecuring services running over untrusted clouds : the two-tiered trust model
Securing services running over untrusted clouds : the two-tiered trust model Aggelos Kiayias (U. Athens & U. Connecticut) Joint work, Juan Garay, Ran Gelles, David Johnson, Moti Yung (AT&T UCLA - AT&T
More informationarxiv: v1 [cs.cr] 28 May 2018
arxiv:805.060v [cs.cr] 28 May 208 Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees GIULIA FANTI, Carnegie Mellon University SHAILESHH BOJJA VENKATAKRISHNAN, Massachusetts
More informationPrivacy Preserving Data Publishing: From k-anonymity to Differential Privacy. Xiaokui Xiao Nanyang Technological University
Privacy Preserving Data Publishing: From k-anonymity to Differential Privacy Xiaokui Xiao Nanyang Technological University Outline Privacy preserving data publishing: What and Why Examples of privacy attacks
More informationThe Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
More informationHow Alice and Bob meet if they don t like onions
How Alice and Bob meet if they don t like onions Survey of Network Anonymisation Techniques Erik Sy 34th Chaos Communication Congress, Leipzig Agenda 1. Introduction to Anonymity Networks Anonymity Strategies
More informationGeoPal: Friend Spam Detection in Social Networks with Private Location Proofs
GeoPal: Friend Spam Detection in Social Networks with Private Location Proofs Bogdan Carbunar, Mizanur Rahman, Mozhgan Azimpourkivi, Debra Davis Florida International University carbunar@cs.fiu.edu Social
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationEating from the Tree of Ignorance Part 2
Eating from the Tree of Ignorance Part 2 Jan van Eijck, CWI Amsterdam and Uil-OTS Utrecht Rineke Verbrugge, Institute of AI, University of Groningen ESSLLI 2009, Bordeaux, July 22, 2009 Overview of Part
More informationQualifying exam: operating systems, 1/6/2014
Qualifying exam: operating systems, 1/6/2014 Your name please: Part 1. Fun with forks (a) What is the output generated by this program? In fact the output is not uniquely defined, i.e., it is not always
More informationQuiz 8 May 21, 2015 Computer Engineering 80N
Quiz 8 May 21, 2015 Computer Engineering 80N Left Neighbor: Right Neighbor: Keep this side up on your desk until you are told to turn the page over. This is a closed book quiz. No calculators. First Name
More informationCONIKS: Bringing Key Transparency to End Users
CONIKS: Bringing Key Transparency to End Users Morris Yau 1 Introduction Public keys must be distributed securely even in the presence of attackers. This is known as the Public Key Infrastructure problem
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationUtilizing Large-Scale Randomized Response at Google: RAPPOR and its lessons
Utilizing Large-Scale Randomized Response at Google: RAPPOR and its lessons Úlfar Erlingsson, Vasyl Pihur, Aleksandra Korolova, Steven Holte, Ananth Raghunathan, Giulia Fanti, Ilya Mironov, Andy Chu DIMACS
More informationInformation Leak in the Chord Lookup Protocol
Information Leak in the Chord Lookup Protocol Charles W. O Donnell Vinod Vaikuntanathan Massachusetts Institute of Technology August 25, 2004 4 th IEEE International Conference on Peer-to-Peer Computing
More informationExperimental Analysis of Popular Anonymous, Ephemeral, and End-to-End Encrypted Apps
UEOP 2016 Experimental Analysis of Popular Anonymous, Ephemeral, and End-to-End Encrypted Apps Lucky Onwuzurike and Emiliano De Cristofaro University College London https://emilianodc.com Our Work
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationPufferfish: A Semantic Approach to Customizable Privacy
Pufferfish: A Semantic Approach to Customizable Privacy Ashwin Machanavajjhala ashwin AT cs.duke.edu Collaborators: Daniel Kifer (Penn State), Bolin Ding (UIUC, Microsoft Research) idash Privacy Workshop
More informationAnonymity. Christian Grothoff.
christian@grothoff.org http://grothoff.org/christian/ The problem with losing your anonymity is that you can never go back. Marla Maples 1 Agenda Definitions and Metrics Techniques, Research Proposals
More informationCSC 5930/9010 Cloud S & P: Cloud Primitives
CSC 5930/9010 Cloud S & P: Cloud Primitives Professor Henry Carter Spring 2017 Methodology Section This is the most important technical portion of a research paper Methodology sections differ widely depending
More information2018: Problem Set 1
crypt@b-it 2018 Problem Set 1 Mike Rosulek crypt@b-it 2018: Problem Set 1 1. Sometimes it is not clear whether certain behavior is an attack against a protocol. To decide whether something is an attack
More informationProtocols for Anonymous Communication
18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your
More informationHomomorphic Encryption. By Raj Thimmiah
Homomorphic Encryption By Raj Thimmiah Symmetric Key Encryption Symmetric Key Encryption Symmetric Key Encryption: XOR Gates XOR gates are the simplest way to implement symmetric key encryption XOR gates
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationProvable Anonymity. Epistemic Logic for Anonymizing Protocols. Ichiro Hasuo. Radboud University Nijmegen The Netherlands
Provable Anonymity Epistemic Logic for Anonymizing Protocols Ichiro Hasuo Radboud University Nijmegen The Netherlands Internatinal Summer School Marktoberdorf Provable Anonymity Ichiro Hasuo, Nijmegen,
More informationSocial Media. The infinite abilities of a smart phone
Social Media The infinite abilities of a smart phone It s all about the Likes, Shares and Stats Social Media is driven by users desire for Likes - Shares - Retweets - Followers to the point that users
More informationDemonstration of Damson: Differential Privacy for Analysis of Large Data
Demonstration of Damson: Differential Privacy for Analysis of Large Data Marianne Winslett 1,2, Yin Yang 1,2, Zhenjie Zhang 1 1 Advanced Digital Sciences Center, Singapore {yin.yang, zhenjie}@adsc.com.sg
More informationCryptography. and Network Security. Lecture 0. Manoj Prabhakaran. IIT Bombay
Cryptography and Network Security Lecture 0 Manoj Prabhakaran IIT Bombay Security In this course: Cryptography as used in network security Humans, Societies, The World Network Hardware OS Libraries Programs
More informationAnonymous Communications
Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationSecure Multi-party Computation
Secure Multi-party Computation What it is, and why you d care Manoj Prabhakaran University of Illinois, Urbana-Champaign SMC SMC SMC conceived more than 30 years back SMC SMC conceived more than 30 years
More informationSMART DEVICES: DO THEY RESPECT YOUR PRIVACY?
SMART DEVICES: DO THEY RESPECT YOUR PRIVACY? Systems and Mobile Research Lab, Department of Computer Science and Engineering INDIAN INSTITUTE OF TECHNOLOGY KHARAGPUR Presenter: Sandip Chakraborty sandipc@cse.iitkgp.ac.in
More informationPrivacy-Enhancing Technologies & Applications to ehealth. Dr. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies & Applications to ehealth Dr. Anja Lehmann IBM Research Zurich IBM Research Zurich IBM Research founded in 1945 employees: 3,000 12 research labs on six continents IBM Research
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, autumn 2015 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationLearning Network Graph of SIR Epidemic Cascades Using Minimal Hitting Set based Approach
Learning Network Graph of SIR Epidemic Cascades Using Minimal Hitting Set based Approach Zhuozhao Li and Haiying Shen Dept. of Electrical and Computer Engineering Clemson University, SC, USA Kang Chen
More informationAnonymity. With material from: Dave Levin and Michelle Mazurek
http://www.sogosurvey.com/static/sogo_resp_images/tat_resp_images/designimg/guaranteed-anonymous-survey.png Anonymity With material from: Dave Levin and Michelle Mazurek What is anonymity? Dining cryptographers
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationCS 134 Winter Privacy and Anonymity
CS 134 Winter 2016 Privacy and Anonymity 1 Privacy Privacy and Society Basic individual right & desire Relevant to corporations & government agencies Recently increased awareness However, general public
More informationNet Trust: User-Centered Detection of Pharming, Phishing and Fraud. L Jean Camp
Net Trust: User-Centered Detection of Pharming, Phishing and Fraud L Jean Camp www.ljean.com Core Problem Statement How to inform individual assessments of trustworthiness of a potential online transaction.
More information2 ND GENERATION ONION ROUTER
2 ND GENERATION ONION ROUTER Roger Dingledine, Nick Mathewson and Paul Syverson Presenter: Alejandro Villanueva Agenda Threat model Cells and circuits Other features Related work How does it work? Rendezvous
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationChanging Threats To Privacy Moxie Marlinspike Institute For Disruptive Studies
Changing Threats To Privacy moxie@thoughtcrime.org Cypherpunks Government Dangerous Scared The Fuck Out Of Them Ultimate Control No Control As Dangerous? = Cryptography Is Not A Banana!= Cypherpunks
More informationAn Overview of Secure Multiparty Computation
An Overview of Secure Multiparty Computation T. E. Bjørstad The Selmer Center Department of Informatics University of Bergen Norway Prøveforelesning for PhD-graden 2010-02-11 Outline Background 1 Background
More informationFamily Technology Boundaries:
General questions to answer Family Technology Boundaries: How much time per day/week will various technologies be allowed? Can social media be accessed from all devices? What should children do if they
More informationSecurity Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008
Security Principles and Policies CS 136 Computer Security Peter Reiher January 15, 2008 Page 1 Outline Security terms and concepts Security policies Basic concepts Security policies for real systems Page
More informationSybil defenses via social networks
Sybil defenses via social networks Abhishek University of Oslo, Norway 19/04/2012 1 / 24 Sybil identities Single user pretends many fake/sybil identities i.e., creating multiple accounts observed in real-world
More informationCS Final Exam
CS 600.443 Final Exam Name: This exam is closed book and closed notes. You are required to do this completely on your own without any help from anybody else. Feel free to write on the back of any page
More informationAnalyzing Tor s Anonymity with Machine Learning. Sanjit Bhat, David Lu May 21 st, 2017 Mentor: Albert Kwon
Analyzing Tor s Anonymity with Machine Learning Sanjit Bhat, David Lu May 21 st, 2017 Mentor: Albert Kwon Acknowledgements Thank you to Albert Kwon for mentoring us Thank you to Prof. Srini Devadas for
More informationPrivacy-Preserving Machine Learning
Privacy-Preserving Machine Learning CS 760: Machine Learning Spring 2018 Mark Craven and David Page www.biostat.wisc.edu/~craven/cs760 1 Goals for the Lecture You should understand the following concepts:
More informationSecurity for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818
Security for Structured Peer-to-peer Overlay Networks By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818 1 Acknowledgement Some of the following slides are borrowed from talks by Yun Mao
More informationECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #9 Authentication Using Shared Secrets Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we introduce the concept of authentication and
More informationComputer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes
More informationUntraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym?
More informationPrivate Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes
Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationEncryption Providing Perfect Secrecy COPYRIGHT 2001 NON-ELEPHANT ENCRYPTION SYSTEMS INC.
Encryption Providing Perfect Secrecy Presented at Calgary Unix Users Group. November 27, 2001 by: Mario Forcinito, PEng, PhD With many thanks to Prof. Aiden Bruen from the Mathematics Department, University
More informationPrivacy Preserving Probabilistic Record Linkage
Privacy Preserving Probabilistic Record Linkage Duncan Smith (Duncan.G.Smith@Manchester.ac.uk) Natalie Shlomo (Natalie.Shlomo@Manchester.ac.uk) Social Statistics, School of Social Sciences University of
More informationCryptography III Want to make a billion dollars? Just factor this one number!
Cryptography III Want to make a billion dollars? Just factor this one number! 3082010a0282010100a3d56cf0bf8418d66f400be31c3f22036ca9f5cf01ef614de2eb9a1cd74a0c344b5a20d5f80df9a23c89 10c354821aa693432a61bd265ca70f309d56535a679d68d7ab89f9d32c47c1182e8a14203c050afd5f1831e5550e8700e008f2
More informationAnonymous Credentials: How to show credentials without compromising privacy. Melissa Chase Microsoft Research
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research Credentials: Motivation ID cards Sometimes used for other uses E.g. prove you re over 21, or
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored
More informationNumber Theory and RSA Public-Key Encryption
Number Theory and RSA Public-Key Encryption Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu CIA Triad: Three Fundamental
More informationDistributed Private Data Collection at Scale
Distributed Private Data Collection at Scale Graham Cormode g.cormode@warwick.ac.uk Tejas Kulkarni (Warwick) Divesh Srivastava (AT&T) 1 Big data, big problem? The big data meme has taken root Organizations
More informationOnion services. Philipp Winter Nov 30, 2015
Onion services Philipp Winter pwinter@cs.princeton.edu Nov 30, 2015 Quick introduction to Tor An overview of Tor Tor is a low-latency anonymity network Based on Syverson's onion routing......which is based
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner April 29, 2016 Announcements Final exam in RSF Fieldhouse, 5/10, arrive by 7PM HW4 due Monday, 5/2, 11:59pm Review
More informationDefining Encryption. Lecture 2. Simulation & Indistinguishability
Defining Encryption Lecture 2 Simulation & Indistinguishability Roadmap First, Symmetric Key Encryption Defining the problem We ll do it elaborately, so that it will be easy to see different levels of
More informationUser Authentication Protocols
User Authentication Protocols Class 5 Stallings: Ch 15 CIS-5370: 26.September.2016 1 Announcement Homework 1 is due today by end of class CIS-5370: 26.September.2016 2 User Authentication The process of
More informationNaming. Brighten Godfrey cs598pbg Sept slides 2010 by Brighten Godfrey unless otherwise noted
Naming Brighten Godfrey cs598pbg Sept 23 2010 slides 2010 by Brighten Godfrey unless otherwise noted Announcements Presentations are not on the assigned reading We all read it; no need to see a detailed
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationDifferential Privacy. CPSC 457/557, Fall 13 10/31/13 Hushiyang Liu
Differential Privacy CPSC 457/557, Fall 13 10/31/13 Hushiyang Liu Era of big data Motivation: Utility vs. Privacy large-size database automatized data analysis Utility "analyze and extract knowledge from
More informationIntroduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory
Introduction to Traffic Analysis George Danezis University of Cambridge, Computer Laboratory Outline Introduction to anonymous communications Macro-level Traffic Analysis Micro-level Traffic Analysis P2P
More informationSecure Multi-Party Computation. Lecture 13
Secure Multi-Party Computation Lecture 13 Must We Trust? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data
More informationKey Establishment and Authentication Protocols EECE 412
Key Establishment and Authentication Protocols EECE 412 1 where we are Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationTor and circumvention: Lessons learned. Roger Dingledine The Tor Project
Tor and circumvention: Lessons learned Roger Dingledine The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) software, 2) network, 3) protocol Open source, freely available Community
More informationFair exchange and non-repudiation protocols
Fair exchange and non-repudiation protocols Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics buttyan@crysys.hu 2010 Levente Buttyán
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Anonymity Mobile Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationSymmetric Encryption 2: Integrity
http://wwmsite.wpengine.com/wp-content/uploads/2011/12/integrity-lion-300x222.jpg Symmetric Encryption 2: Integrity With material from Dave Levin, Jon Katz, David Brumley 1 Summing up (so far) Computational
More informationPrivacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cloud Computing
S.NO PROJECT CODE IEEE JAVA PROJECT TITLES DOMAIN 1 NEO1501 A Hybrid Cloud Approach for Secure Authorized Deduplication 2 NEO1502 A Profit Maximization Scheme with Guaranteed Quality of Service in Cloud
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationInformation Sharing and User Privacy in the Third-party Identity Management Landscape
Information Sharing and User Privacy in the Third-party Identity Management Landscape Anna Vapen¹, Niklas Carlsson¹, Anirban Mahanti², Nahid Shahmehri¹ ¹Linköping University, Sweden ²NICTA, Australia 2
More informationHans Joachim Jelena Mirkovic Ivica Milanovic Øyvind Bakkeli
Hans Joachim Jelena Mirkovic Ivica Milanovic Øyvind Bakkeli Introduction Research questions: What are most common and accepted authentication methods for mobile services? What are differences, opportunities
More informationOn the Internet, nobody knows you re a dog.
On the Internet, nobody knows you re a dog. THREATS TO DISTRIBUTED APPLICATIONS 1 Jane Q. Public Big Bank client s How do I know I am connecting to my bank? server s Maybe an attacker...... sends you phishing
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationCryptography & Data Privacy Research in the NSRC
Cryptography & Data Privacy Research in the NSRC Adam Smith Assistant Professor Computer Science and Engineering 1 Cryptography & Data Privacy @ CSE NSRC SIIS Algorithms & Complexity Group Cryptography
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationUnLinked: Private Proximity-Based Offline OSN Interaction
UnLinked: Private Proximity-Based Offline OSN Interaction G. Tsudik (CS@UCI) Joint work with R. Petrlic (Saarbruecken) and S. Faber (UCI) 1 Privacy in Social Networks Stylometry Cryptographic techniques
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationPrivacy. CS Computer Security Profs. Vern Paxson & David Wagner
Privacy CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/ March 31,
More information