Spy vs. Spy: Rumor Source Obfuscation

Size: px

Start display at page:

Download "Spy vs. Spy: Rumor Source Obfuscation"

Jocelyn Norton
6 years ago
Views:

1 Spy vs. Spy: Rumor Source Obfuscation Peter Kairouz University of Illinois at Urbana-Champaign Joint work with Giulia Fanti, Sewoong Oh, and Pramod Viswanath

2 Some people have important, sensitive things to say. Political activism

3 Personal confessions Others have less important, but sensitive things to say.

4 Existing anonymous messaging apps

5 Existing anonymous messaging apps Bob Mary Alice

6 Existing anonymous messaging apps Bob Mary Alice

7 Existing anonymous messaging apps Bob Mary Server Alice

8 Existing anonymous messaging apps Bob Mary Server Alice

9 Existing anonymous messaging apps Bob Mary Server Alice centralized networks are not truly anonymous!

10 Compromises in anonymity anonymity loss extends beyond the network

11 Distributed messaging Bob Mary Alice

12 Distributed messaging Bob Mary Alice

13 Distributed messaging Bob Mary Alice what can an adversary do?

14 Adversarial model Craig Bob Mary David Alice

15 Adversarial model Craig Bob Mary David Alice

16 Adversarial model Craig Bob Mary David Alice

17 Adversarial model Craig Bob Mary David Alice the adversary can figure out who got the message

18 Information flow in social networks G is the graph representing the social network

19 Information flow in social networks Alice

20 Information flow in social networks Alice passes the message to her neighbors

21 Information flow in social networks her neighbors pass the message to theirs

22 Information flow in social networks the message spreads in all directions at the same rate

23 Information flow in social networks the message spreads in all directions at the same rate

24 Information flow in social networks the message spreads in all directions at the same rate

25 Information flow in social networks this spreading model is known as the diffusion model

26 Adversary s observation can the adversary locate the message author?

27 Concentration around the center the message author is in the center with high probability

28 Rumor source identification high likelihood low likelihood diffusion does not provide anonymity [Shah, Zaman 2011]

29 Our goal Probability of detection diffusion 1 N T adaptive diffusion log N T N T : expected number of nodes with the message at time T

30 Main result: adaptive diffusion

31 Main result: adaptive diffusion

32 Main result: adaptive diffusion

33 Main result: adaptive diffusion

34 Main result: adaptive diffusion

35 Main result: adaptive diffusion

36 Main result: adaptive diffusion

37 Main result: adaptive diffusion

38 Main result: adaptive diffusion high likelihood low likelihood provides provable anonymity guarantees!

39 let s start with line graphs Line graphs

40 Line graphs: diffusion T = 0 the message author starts a rumor at T = 0

41 Line graphs: diffusion T = 1 with probability α, the left (right) node receives the message

42 Line graphs: diffusion T = 1 the node to the right of the author receives the message

43 Line graphs: diffusion T = 2 the rumor propagates in both directions at the same rate

44 Line graphs: diffusion T = 2 the rumor propagates in both directions at the same rate

45 Line graphs: diffusion T = 3 α is independent of time or hop distance to message author

46 Line graphs: diffusion T = 3 diffusion on a line is equivalent to two independent random walks

47 Adversary s observation N = 5 nodes with the message can the adversary locate the message author?

48 Maximum likelihood detection Likelihoods 1 N T /2 N T v the node in the middle is the mostly likely author

49 Maximum likelihood detection Likelihoods 1 NN/2 T N T v Probability of detection 1 N T

50 Line graphs: adaptive diffusion consider a line graph

51 Line graphs: adaptive diffusion T = 0 node 0 starts a rumor at T = 0

52 Line graphs: adaptive diffusion /2 1/2 T = 1 with probability 1/2, the left (right) node receives the message

53 Line graphs: adaptive diffusion T = 1 right node 1 receives the message

54 Line graphs: adaptive diffusion /3 2/3 T = 2 hop distance to message author probability of passing message: α = h+1 T+1 elapsed time

55 Line graphs: adaptive diffusion T = 2 right node 2 receives the message

56 Line graphs: adaptive diffusion /4 3/4 T = 3 hop distance to message author probability of passing message: α = h+1 T+1 elapsed time

57 Line graphs: adaptive diffusion T = 3 left node 1 receives the message

58 Adversary s observation N T = 4 nodes with the message can the adversary locate the message author?

59 Maximum likelihood detection Likelihoods adaptive diffusion diffusion k 1 N T /2 N T

60 Maximum likelihood detection Likelihoods adaptive diffusion diffusion k 1 N T /2 N T Probability of detection 1 N T

61 what about d-regular trees? d-regular trees

62 d-regular trees: diffusion likelihoods concentrate heavily around the center

63 d-regular trees : adaptive diffusion

64 d-regular trees : adaptive diffusion initially, the source is also the virtual source

65 d-regular trees : adaptive diffusion at T = 1, the author selects one neighbor at random

66 d-regular trees : adaptive diffusion the author passes h = 1 and T = 2 to the chosen neighbor at T = 1, the author selects one neighbor at random

67 d-regular trees : adaptive diffusion the chosen neighbor becomes the new virtual source

68 d-regular trees : adaptive diffusion at T = 2, the virtual source passes the message to all her neighbors

69 d-regular trees : adaptive diffusion as T transitions from even to odd, the virtual source has two options: keeping the virtual source token passing the virtual source token

70 Symmetry properties the graph is always symmetric around the virtual source

71 Keeping the virtual source token adaptive rate virtual source token is kept with probability α = d 1 T d 1 2 h 1 1 T

72 Keeping the virtual source token happens in T = 3 and T = 4 all leaf nodes with the message pass it to their neighbors

73 Passing the virtual source token new virtual source current virtual source selects one of its neighbors at random

74 Passing the virtual source token previous virtual source passes h = 2 and T = 4 to new virtual source

75 Passing the virtual source token happens in T = 3 and T = 4 new virtual source passes the message to its neighbors which in turn pass it to their neighbors

76 Adversary s observation can the adversary locate the message author?

77 Maximum likelihood detection high likelihood low likelihood all nodes except for the final virtual source are equally likely

78 Main Theorem 1. We spread fast: N T d 1 T 2 2. All nodes except for the final virtual source are equally likely to be the source, hence P v ML = v = 1 N T 1 3. The expected distance between the estimated and true source is at least T 2.

79 General graphs adaptive diffusion for general graphs?

80 Simulation results: Facebook graph Probability of detection adaptive diffusion 1 N T bound likelihoods can be approximated numerically number of nodes with the message

81 Extensions and related work Theoretical Adversaries with timing information Peer-to-peer dynamic networks Hiding relays Multiple message sources Systems Cyber-bullying detection Anonymous video sharing Message caching Bootstrapping contacts

Private & Anonymous Communication. Peter Kairouz ECE Department University of Illinois at Urbana-Champaign

Private & Anonymous Communication Peter Kairouz ECE Department University of Illinois at Urbana-Champaign Communication Bob Alice transfer of information from one point in space-time to the other Wireless