Private & Anonymous Communication. Peter Kairouz ECE Department University of Illinois at Urbana-Champaign

Size: px

Start display at page:

Download "Private & Anonymous Communication. Peter Kairouz ECE Department University of Illinois at Urbana-Champaign"

Homer Hood
5 years ago
Views:

1 Private & Anonymous Communication Peter Kairouz ECE Department University of Illinois at Urbana-Champaign

2 Communication Bob Alice transfer of information from one point in space-time to the other

3 Wireless communication the fundamental limits of wireless communication are well understood

4 Rise of the planet of the apps!

5 Rise of the planet of the apps!

6 Rise of the planet of the apps!

7 Rise of the planet of the apps! can we communicate anonymously and privately?

8 Does privacy matter? if you re doing something that you don t want other people to know, maybe you shouldn t be doing it in first place privacy is no longer a social norm!

9 Recent privacy leaks deanonymizing Netflix data, identifying personal genomes, etc.

10 China s crackdown on messaging apps if your message is shared 500 times, you may face 3 years in prison

11 some people have important, sensitive things to say Political activism

12 Personal confessions others have less important, but sensitive things to say

13 Private and anonymous communication Bob Alice the data privacy and meta-data privacy contexts

14 Part I: Anonymous Communication

15 Existing anonymous messaging apps Bob Alice

16 Existing anonymous messaging apps Bob

17 Existing anonymous messaging apps Bob

18 Existing anonymous messaging apps Bob

19 Existing anonymous messaging apps Bob

20 Existing anonymous messaging apps Alice

21 Existing anonymous messaging apps

22 Existing anonymous messaging apps

23 Existing anonymous messaging apps

24 Existing anonymous messaging apps

25 Existing anonymous messaging apps Bob Mary Alice

26 Existing anonymous messaging apps Bob Mary Alice

27 Existing anonymous messaging apps Bob Mary Server Alice

28 Existing anonymous messaging apps Bob Mary Server Alice

29 Existing anonymous messaging apps Bob Mary Server Alice centralized networks are not truly anonymous!

30 Compromises in anonymity

31 Compromises in anonymity

32 Compromises in anonymity anonymity loss extends beyond the network

33 Anonymous communication

34 Anonymous communication designed for point-to-point communication

35 Distributed messaging Bob Mary Alice

36 Distributed messaging Bob Mary Alice

37 Distributed messaging Bob Mary Alice what can an adversary do?

38 Adversary without timing Craig Bob Mary David Alice

39 Adversary without timing Craig Bob Mary David Alice

40 Adversary without timing Craig Bob Mary David Alice

41 Adversary without timing Craig Bob Mary David Alice adversary can figure out who got the message

42 Adversary with timing Craig Bob Mary David Alice

43 Adversary with timing Craig Bob Mary David Alice

44 Adversary with timing Craig Bob Mary David Alice

45 Adversary with timing -message -timestamp -message -timestamp adversary can collect timing information

46 Adversary with timing -message -timestamp -message -timestamp adversary can collect timing information

47 Distributed network forensics timing + who has the message = authorship

48 Information flow in social networks G is the graph representing the social network

49 Information flow in social networks message author

50 Information flow in social networks the author passes the message to its neighbors

51 Information flow in social networks its neighbors pass the message to theirs

52 Information flow in social networks the message spreads in all directions at the same rate

53 Information flow in social networks the message spreads in all directions at the same rate

54 Information flow in social networks the message spreads in all directions at the same rate

55 Information flow in social networks this spreading model is known as the diffusion model

56 Adversary can we locate the message author?

57 Concentration around the center the message author is in the center

58 Node eccentricity maximum distance from a node to any other node

59 Node eccentricity the message author has an eccentricity of 3

60 Node eccentricity all other nodes have larger eccentricities

61 Jordan centrality Jordan center other centralities: distance centrality, rumor centrality, etc.

62 Maximum likelihood detection high likelihood low likelihood diffusion spreading = deanonymization [Shah, Zaman 2011]

63 Our goal Craig Bob Mary David Alice engineer the spread to hide authorship

64 Main Result: Adaptive diffusion

65 Main Result: Adaptive diffusion

66 Main Result: Adaptive diffusion

67 Main Result: Adaptive diffusion

68 Main Result: Adaptive diffusion

69 Main Result: Adaptive diffusion

70 Main Result: Adaptive diffusion

71 Main Result: Adaptive diffusion

72 Main Result: Adaptive diffusion High likelihood Low likelihood provides provable anonymity guarantees [Spy vs. Spy: Rumor Source Obfuscation, to appear in ACM SIGMETRICS 2015]

73 let s start with line graphs Line graphs

74 Line graphs: diffusion T = 0 the message author starts a rumor at T = 0

75 Line graphs: diffusion p p T = 1 with probability p, the left (right) node receives the message

76 Line graphs: diffusion T = 1 the node to the right of the author receives the message

77 Line graphs: diffusion p p T = 2 the rumor propagates in both directions at the same rate

78 Line graphs: diffusion T = 2 the rumor propagates in both directions at the same rate

79 Line graphs: diffusion p p T = 3 p is independent of time or hop distance to message author

80 Line graphs: diffusion T = 3 diffusion on a line is equivalent to two independent random walks

81 Adversary N = 5 nodes with the message can we locate the message author?

82 Maximum likelihood detection Likelihoods 1 N/2 N v the node in the middle is the mostly likely author

83 Maximum likelihood detection Likelihoods 1 N/2 N v Probability of detection 1 N

84 Pólya s urn process T = 1 choose a ball at random from the urn

85 Pólya s urn process with probability 1/2 T = 1 choose a ball at random from the urn

86 Pólya s urn process T = 1 replace the chosen ball by two balls of the same color

87 Pólya s urn process repeat previous steps T = 2

88 Pólya s urn process with probability 2/3 repeat previous steps T = 2

89 Pólya s urn process T = 2 the rich get richer and poor get poorer

90 Pólya s urn process: anonymity properties T = red and 4 blue 4 red and 10 blue 7 red and 7 blue all events are equally likely

91 Pólya s urn process: learning Urn 1 Urn 2 10 red and 4 blue 5 red and 9 blue given two urns generated independently

92 Pólya s urn process: learning Urn 1 Urn 2 N balls how many red balls came from urn 1?

93 Maximum likelihood detection Likelihoods Polya urn process diffusion process 1 N/2 N k we broke the concentration around N/2

94 Line graphs: adaptive diffusion consider a line graph

95 Line graphs: adaptive diffusion T = 0 node 0 starts a rumor at T = 0

96 Line graphs: adaptive diffusion /2 1/2 T = 1 with probability 1/2, the left (right) node receives the message

97 Line graphs: adaptive diffusion T = 1 right node 1 receives the message

98 Line graphs: adaptive diffusion /3 2/3 T = 2 hop distance to message author probability of passing message = h+1 T+1 elapsed time

99 Line graphs: adaptive diffusion T = 2 right node 2 receives the message

100 Line graphs: adaptive diffusion /4 3/4 T = 3 hop distance to message author probability of passing message = h+1 T+1 elapsed time

101 Line graphs: adaptive diffusion T = 3 left node 1 receives the message

102 Adversary N = 4 nodes with the message can we locate the message author?

103 Maximum likelihood detection Likelihoods adaptive diffusion diffusion 1 N/2 N k

104 Maximum likelihood detection Likelihoods adaptive diffusion diffusion 1 N/2 N k Probability of detection 1 N

105 what about d-regular trees? d-regular trees

106 d-regular trees: diffusion likelihoods concentrate around the center

107 d-regular trees: Pólya s urn processes Probability of detection using Jordan centrality does not work at all! number of nodes with the message

108 d-regular trees : adaptive diffusion

109 d-regular trees : adaptive diffusion initially, the author is also the virtual source

110 d-regular trees : adaptive diffusion at T = 1, the author selects one neighbor at random

111 d-regular trees : adaptive diffusion the author passes h = 1 and T = 2 to the chosen neighbor at T = 1, the author selects one neighbor at random

112 d-regular trees : adaptive diffusion the chosen neighbor becomes the new virtual source

113 d-regular trees : adaptive diffusion at T = 2, the virtual source passes the message to all its neighbors

114 d-regular trees : adaptive diffusion as T transitions from even to odd, the virtual source has two options: keeping the virtual source token passing the virtual source token

115 Keeping the virtual source token adaptive rate virtual source token is kept with probability d 1 T d 1 2 h 1 1 T

116 Keeping the virtual source token happens in T = 3 and T = 4 all leaf nodes with the message pass it to their neighbors

117 Passing the virtual source token new virtual source current virtual source selects one of its neighbors at random

118 Passing the virtual source token current virtual source passes h = 2 and T = 4 to new virtual source current virtual source selects one of its neighbors at random

119 Passing the virtual source token happens in T = 3 and T = 4 new virtual source passes the message to its neighbors which in turn pass it to their neighbors

120 Symmetry properties the graph is always symmetric around the virtual source

121 Adversary can we locate the message author?

122 Maximum likelihood detection high likelihood low likelihood all nodes except for the final virtual source are equally likely

123 Maximum likelihood detection high likelihood Probability of detection = 1 N 1 low likelihood

124 General graphs can we extend adaptive diffusion for general graphs?

125 General graphs: cycles do not pass the message to a node that already has the message

126 General graphs: degree irregularities which d to choose? virtual source token is kept with probability d 1 T d 1 2 h 1 1 T

127 General graphs: degree irregularities any d 3 works well in practice to preserve symmetry, each node talks to at most 3 neighbors

128 General graphs: boundary effects the virtual source is allowed to turn around when it hits the boundary

129 Simulation setup 10,000 Facebook users in New Orleans circa 2009 all users with degree less than 3 were removed

130 Simulation results on average, 96% of users received the message within 10 time steps

131 Simulation results Probability of detection d = chosen N bound d = 4 chosen likelihoods can be approximated numerically number of nodes with the message

132 Part I: Proposed Research

133 Spy adversarial model Craig Bob Mary David -message -timestamp -message -timestamp Alice adversary can collect timing information

134 Adversary with timing spy node 1 spy node 2 N = distance between spies what if spies can collect timing information?

135 Maximum likelihood detection Probability of detection 1 N 1 N hop distance between spies Probability of detection 1 N

136 Adversary with timing T 3 T 3 T 1 T 1 T 5 T 1 cordon of spy nodes: a work in progress

137 Current progress: Wildfire Bob Alice Alice Faith Saul Like Bob Carol Mary Like Mary Alice Faith Mike Saul Like

138 Current progress: Wildfire Bob Alice Alice Faith Saul Like Bob Carol Mary Like Wildfire empowers devices by removing central service providers Mary Alice Faith Mike Saul Like

139 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers Bob Carol Mary Like Wildfire empowers devices by removing central service providers Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers

140 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers

141 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers

142 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers

143 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak.

Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak.

144 Current progress: Wildfire Bob Alice Alice Faith Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Bob Carol Mary Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. Mary Alice Faith Mike Saul Like Wildfire empowers devices by removing central service providers It also has stronger anonymity properties than Secret, Whisper, and Yik Yak. anonymous, distributed, secure implementation

145 Upcoming research Theoretical Spy adversarial model Hiding relays Dynamic networks Systems Video sharing Message caching Bootstrapping contacts Wildfire Release

146 Part II: Private Communication

147 Local privacy model X 1 Clients Data Analyst X 2 clients receive a service if they share their data clients do not trust data analyst

148 Lying is the ultimate protection lying = randomizing the future of privacy is lying

149 Privacy via plausible deniability have you ever used illegal drugs? say yes answer truthfully [Warner 1965]

150 Privacy via plausible deniability Q: privatization mechanism instead of X = x, share Y = y w.p. Q(y x) Q: X Y is a stochastic mapping

151 Local privacy model X 1 Privatization Q Y 1 Clients Data Analyst X 2 Privatization Q Y 2 each user privatizes her data before releasing it [Duchi, et. al., 2013]

152 Local differential privacy Q is ε-locally differentially private iff for all x, x X and y Y e ε Q y x Q y x e ε ε controls the level of privacy large ε, low privacy small ε, high privacy D ε : set of all ε-locally differentially private mechanisms

153 Privacy vs utility the more private you want to be, the less utility you get there is a fundamental trade-off between privacy and utility U Q : application dependent utility function D ε : set of all ε-locally differentially private mechanisms

154 Utility functions X X Q Y Y W Z Z utility functions obeying the data processing inequality: T = Q W U T U(Q) further randomization can only reduce utility note that if Q D ε T D ε

155 Information theoretic utility functions for X > 2, we focus on a rich class of convex utility functions: Q y : the column of Q corresponding to Q(y. ) μ: any sub-linear function includes all f-divergences and mutual information

156 Staircase mechanisms Q is ε-locally differentially private if for all x, x X and y Y e ε Q y x Q y x e ε

157 Staircase mechanisms Q is ε-locally differentially private if for all x, x X and y Y e ε Q y x Q y x e ε Q is a staircase mechanism if for all x, x X and y Y Q y x Q y x {e ε, 1, e ε }

158 Example of staircase mechanisms Binary Mechanism Randomized Response

159 for X = 2, binary data: Main result: binary data w.p. 1 1+e ε lie w.p. eε 1+eε say the truth optimal for all ε optimal for all U(Q) obeying the data processing inequality

160 Main result: general case for X > 2, general data: Binary Mechanism Randomized Response staircase mechanisms all locally differentially private mechanisms staircase mechanisms are optimal for all ε BM optimal for small ε RR optimal for large ε

161 Acknowledgments Giulia Fanti Pramod Viswanath Sewoong Oh

162 Thank You!

Spy vs. Spy: Rumor Source Obfuscation

Spy vs. Spy: Rumor Source Obfuscation Peter Kairouz University of Illinois at Urbana-Champaign Joint work with Giulia Fanti, Sewoong Oh, and Pramod Viswanath Some people have important, sensitive things