Atom. Horizontally Scaling Strong Anonymity. Albert Kwon Henry Corrigan-Gibbs 10/30/17, SOSP 17
|
|
|
- Cassandra Fletcher
- 6 years ago
- Views:
Transcription
1 Atom Horizontally Scaling Strong Anonymity Albert Kwon Henry Corrigan-Gibbs MIT Stanford Srinivas Devadas Bryan Ford MIT EPFL 10/30/17, SOSP 17
2 Motivation Anonymous bulletin board (broadcast) in the face of global adversary Protest at 4 p.m.! 2
3 Anonymous communication networks Anonymity provider (set of servers) 3
4 Existing systems vs. Atom Properties Tor [USENIX Sec 04] Riposte [Oakland 15] Atom Horizontal Vertical Horizontal Scaling Latency (1 million users) < 10s 11 hrs 28min Anonymity against global adversaries Vulnerable Secure Secure 4
5 Deployment and threat model Global network adversary A large number of users are malicious Constant fraction of the servers are malicious 20% 5
6 Atom overview 6
7 Atom overview 1 2 Layer 1 Layer 2 Layer L Unknown random permutation of all inputs
8 Horizontally scalability Depth Fixed (Independent of the width)... Width More servers => Larger width
9 Challenges 1. Guaranteeing anytrust property 9
10 Challenges 1. Guaranteeing anytrust property 2. Group mixing and routing protocol
11 Challenges 1. Guaranteeing anytrust property 2. Group mixing and routing protocol 3. Active adversaries
12 Active attacks
13 Challenges 1. Guaranteeing anytrust property 2. Group mixing and routing protocol 3. Active adversaries 4. Tolerating server churn 1 13
14 Challenges 1. Guaranteeing anytrust property 2. Group mixing and routing protocol 3. Active adversaries 4. Tolerating server churn 1 14
15 Generating anytrust groups 20% malicious Public randomness k = 32 Randomly select k servers Pr[group is fully malicious] = 0.2 k Pr[any group is fully malicious] < (# of groups) 0.2 k <
16 Handling actively malicious servers Trap messages (nonces) Trusted third party & $ Idea: use verifiable trap messages & $... 16
17 Send trap and real messages in a random order Trusted third party : encrypted for TTP & $ & $ 4 17
18 TTP checks for the traps : encrypted for TTP Trusted third party & $ 3 & 1 #
19 What happens when a trap message is dropped? 0 : encrypted for TTP Trusted third party & $ $ 3 & 1 #
20 What happens when a real message is dropped? : encrypted for TTP 0 Trusted third party & $ $ 3 & 1 #
21 Improving the trap messages Distributing the trust in the third party Distributing the trap verification and decryption 21
22 Properties of trap-based defense If the adversary tampers with any trap, then no plaintext revealed Can remove 1 message with probability ½ Remove t messages with probability 2 -t Realistically remove < ~64 msgs Reactive 22
23 Two modes of operation Trap messages Zero-knowledge Proof Idea Verify untamperable traps Verify protocol with ZKP Anonymity set size N - t N Defense type Reactive Proactive Latency 1x 4x 23
24 Implementation ~4000 lines of Go Both trap and ZKP based defenses Code available at github.com/kwonalbert/atom 24
25 Evaluation setup Heterogenous set of 1024 EC2 servers 80% of the servers were 4-core machines 20% malicious servers Trap messages 160-byte msgs 32 server group Depth = 10 25
26 Latency is inversely proportional to the number of servers 23x Better 26
27 Latency scales linearly with the number of users Better 27
28 Limitations Medium to high latency Denial-of-service Depth = server group 28
29 Related work Strong anonymity but veritically scaling Dissent[OSDI 12], Riffle [PETS 16], Riposte [Oakland 15],... Horizontally scaling systems but weaker anonymity Crowds [ACM 99], Mixminion [Oakland 03], Tor [USENIX Sec 04], Aqua [SIGCOMM 13], Loopix [USENIX Sec 17], Distributed mixing Parallel mix-net [CCS 04], matrix shuffling [Håstad 06], random switching networks [SODA 99, CRYPTO 15],... Private point-to-point messaging Vuvuzela [SOSP 15], Pung [OSDI 16], Stadium [SOSP 17] 29
30 Conclusion Atom provides horizontally-scaling strong anonymity Global anonymity set Latency is inversely proportional to the number of servers Supports 1 million users with 160 byte msgs in 28min github.com/kwonalbert/atom 30
31 These icons were acquired from thenounprojcet.com, and are under CC BY 3.0 US Created by H Alberto Gongora Created by H Alberto Gongora Created by Andre Luiz Gollo Created by Creative Stall Created by Anil 31
arxiv: v3 [cs.cr] 2 Oct 2017
![arxiv: v3 [cs.cr] 2 Oct 2017](/thumbs/76/73621349.jpg "arxiv: v3 [cs.cr] 2 Oct 2017")
Atom: Horizontally Scaling Strong Anonymity Albert Kwon MIT Henry Corrigan-Gibbs Stanford Srinivas Devadas MIT Bryan Ford EPFL arxiv:1612.07841v3 [cs.cr] 2 Oct 2017 Abstract Atom is an anonymous messaging
1 Introduction. Albert Kwon*, David Lazar, Srinivas Devadas, and Bryan Ford Riffle. An Efficient Communication System With Strong Anonymity
Proceedings on Privacy Enhancing Technologies ; 2016 (2):115 134 Albert Kwon*, David Lazar, Srinivas Devadas, and Bryan Ford Riffle An Efficient Communication System With Strong Anonymity Abstract: Existing
Stadium. A Distributed Metadata-private Messaging System. Matei Zaharia Nickolai Zeldovich SOSP 2017
Stadium A Distributed Metadata-private Messaging System Nirvan Tyagi Yossi Gilad Derek Leung Matei Zaharia Nickolai Zeldovich SOSP 2017 Previous talk: Anonymous broadcast This talk: Private messaging Alice
The Loopix Anonymity System
The Loopix Anonymity System Ania M. Piotrowska 1 Jamie Hayes 1 Tariq Elahi 2 Sebastian Meiser 1 George Danezis 1 1 University College London, UK 2 KU Leuven 1 / 19 Mixnets Background A set of cryptographic
Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich
Karaoke Distributed Private Messaging Immune to Passive Traffic Analysis David Lazar, Yossi Gilad, Nickolai Zeldovich 1 Motivation: Report a crime without getting fired You re Fired if you talk to the
Design and Implementation of Privacy-Preserving Surveillance. Aaron Segal
1 Design and Implementation of Privacy-Preserving Surveillance Aaron Segal Yale University May 11, 2016 Advisor: Joan Feigenbaum 2 Overview Introduction Surveillance and Privacy Privacy Principles for
DISSENT: Accountable, Anonymous Communication
DISSENT: Accountable, Anonymous Communication Joan Feigenbaum http://www.cs.yale.edu/homes/jf/ Joint work with Bryan Ford (PI), Henry Corrigan Gibbs, Ramakrishna Gummadi, Aaron Johnson (NRL), Vitaly Shmatikov
Young Hyun Kwon. at the. June Department of Electrical Engineering and Computer Science May 20, ((
Riffle: An Efficient Communication System with Strong Anonymity by Young Hyun Kwon B.S., University of Pennsylvania (2013) Submitted to the Department of Electrical Engineering and Computer Science in
CPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 25 April 18, 2012 CPSC 467b, Lecture 25 1/44 Anonymous Communication DISSENT- Accountable Anonymous
Dissent: Accountable Anonymous Group Communication
Dissent: Accountable Anonymous Group Communication Bryan Ford Joan Feigenbaum, David Wolinsky, Henry Corrigan-Gibbs, Shu-Chun Weng, Ewa Syta Yale University Vitaly Shmatikov, Aaron Johnson University of
Circuit Fingerprinting Attack: Passive Deanonymization of Tor Hidden Services
Circuit Fingerprinting Attack: Passive Deanonymization of Tor Hidden Services Albert Kwon 1 Mashael Saad Al-Sabah 123 David Lazar 1 Marc Dacier 2 Srinivas Devadas 1 1 CSAIL/MIT 2 Qatar Computing Research
Herbivore: An Anonymous Information Sharing System
Herbivore: An Anonymous Information Sharing System Emin Gün Sirer August 25, 2006 Need Anonymity Online Current networking protocols expose the identity of communication endpoints Anyone with access to
Maintaining the Anonymity of Direct Anonymous Attestation with Subverted Platforms MIT PRIMES Computer Science Conference October 13, 2018
Maintaining the Anonymity of Direct Anonymous Attestation with Subverted Platforms MIT PRIMES Computer Science Conference October 13, 2018 By: Ethan Mendes and Patrick Zhang Mentor: Kyle Hogan What is
Securing Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh
Securing Distributed Computation via Trusted Quorums Yan Michalevsky, Valeria Nikolaenko, Dan Boneh Setting Distributed computation over data contributed by users Communication through a central party
Privacy Preserving Collaborative Filtering
Privacy Preserving Collaborative Filtering Emily Mu, Christopher Shao, Vivek Miglani May 2017 1 Abstract As machine learning and data mining techniques continue to grow in popularity, it has become ever
Avoiding The Man on the Wire: Improving Tor s Security with Trust-Aware Path Selection
Avoiding The Man on the Wire: Improving Tor s Security with Trust-Aware Path Selection Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum Paul Syverson (U.S. Naval Research Laboratory) (U.S. Naval
0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
Design and Implementation of the Ascend Secure Processor. Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas
Design and Implementation of the Ascend Secure Processor Ling Ren, Christopher W. Fletcher, Albert Kwon, Marten van Dijk, Srinivas Devadas Agenda Motivation Ascend Overview ORAM for obfuscation Ascend:
Scalable Bias-Resistant Distributed Randomness
Scalable Bias-Resistant Distributed Randomness Ewa Syta*, Philipp Jovanovic, Eleftherios Kokoris Kogias, Nicolas Gailly, Linus Gasser, Ismail Khoffi, Michael J. Fischer, Bryan Ford *Trinity College, USA
Dandelion: Privacy-Preserving Transaction Propagation in Bitcoin s P2P Network
Dandelion: Privacy-Preserving Transaction Propagation in Bitcoin s P2P Network Presenter: Giulia Fanti Joint work with: Shaileshh Bojja Venkatakrishnan, Surya Bakshi, Brad Denby, Shruti Bhargava, Andrew
Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party
Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone
Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis
Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David Lazar, Matei Zaharia, and Nickolai Zeldovich MIT CSAIL Abstract Private messaging over the Internet has proven
Key establishment in sensor networks
Security and Cooperation in Wireless Networks http://secowinet.epfl.ch/ key types; establishment of link keys using a shortterm master key; random key predistribution: - the basic scheme, and - some improvements;
VPriv: Protecting Privacy in Location- Based Vehicular Services
VPriv: Protecting Privacy in Location- Based Vehicular Services Raluca Ada Popa and Hari Balakrishnan Computer Science and Artificial Intelligence Laboratory, M.I.T. Andrew Blumberg Department of Mathematics
Practical Anonymity for the Masses with MorphMix
Practical Anonymity for the Masses with MorphMix Marc Rennhard, Bernhard Plattner () Financial Cryptography 2004 12 th February 2004 http://www.tik.ee.ethz.ch/~morphmix Overview Circuit-based mix networks
Dissent in Numbers: Making Strong Anonymity Scale
Dissent in Numbers: Making Strong Anonymity Scale David Isaac Wolinsky, Henry Corrigan-Gibbs, and Bryan Ford Yale University Aaron Johnson U.S. Naval Research Laboratory Abstract Current anonymous communication
PrivCount: A Distributed System for Safely Measuring Tor
PrivCount: A Distributed System for Safely Measuring Tor Rob Jansen Center for High Assurance Computer Systems Invited Talk, October 4 th, 2016 University of Oregon Department of Computer and Information
Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012
Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hübner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28(10), October 1985 Who paid for the
Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems
Safely Measuring Tor Safely Measuring Tor, Rob Jansen and Aaron Johnson, In the Proceedings of the 23rd ACM Conference on Computer and Communication Security (CCS 2016). Rob Jansen Center for High Assurance
communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.
Introduction to anonymous communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.Leuven) 1 a few words on the scope of the
HOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
How Alice and Bob meet if they don t like onions
How Alice and Bob meet if they don t like onions Survey of Network Anonymisation Techniques Erik Sy 34th Chaos Communication Congress, Leipzig Agenda 1. Introduction to Anonymity Networks Anonymity Strategies
Metrics for Security and Performance in Low-Latency Anonymity Systems
Metrics for Security and Performance in Low-Latency Anonymity Systems Tor user Entry node Tor Network Middle node Exit node Bandwidth per node (kb/s) (log scale) 1e+01 1e+03 1e+05 Encrypted tunnel Web
CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
Plaintext Awareness via Key Registration
Plaintext Awareness via Key Registration Jonathan Herzog CIS, TOC, CSAIL, MIT Plaintext Awareness via Key Registration p.1/38 Context of this work Originates from work on Dolev-Yao (DY) model Symbolic
Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
Lecture 8: Privacy and Anonymity Using Anonymizing Networks. CS 336/536: Computer Network Security Fall Nitesh Saxena
Lecture 8: Privacy and Anonymity Using Anonymizing Networks CS 336/536: Computer Network Security Fall 2015 Nitesh Saxena Some slides borrowed from Philippe Golle, Markus Jacobson Course Admin HW/Lab 3
Authentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
A Privacy-Aware Service Protocol for Ubiquitous Computing Environments
A Privacy-Aware Service Protocol for Ubiquitous Computing Environments Gunhee Lee, Song-hwa Chae, Inwhan Hwang, and Manpyo Hong Graduate School of Information Communication, Ajou University, Suwon, Korea
An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks
An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks December 1. 2006 Jong Oh Choi Department of Computer Science Yonsei University jochoi@emerald.yonsei.ac.kr Contents Motivation
Peer-to-Peer Systems and Security
Peer-to-Peer Systems and Security Attacks! Christian Grothoff Technische Universität München April 13, 2013 Salsa & AP3 Goal: eliminate trusted blender server Idea: Use DHT (AP3: Pastry, Salsa: custom
Block ciphers, stream ciphers
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 31, 2018 Announcements Project 1 is out, due Feb 14 midnight Recall: Block cipher A
Scavenging for Anonymity with BlogDrop
Scavenging for Anonymity with BlogDrop Henry Corrigan- Gibbs Yale University Bryan Ford Provable Privacy Workshop 9-10 July 2012 Vigo, Spain MoNvaNon Alice is a cinzen of country X Alice uses Tor to make
Safely Measuring Tor. Rob Jansen U.S. Naval Research Laboratory Center for High Assurance Computer Systems
Safely Measuring Tor Safely Measuring Tor, Rob Jansen and Aaron Johnson, In the Proceedings of the 23rd ACM Conference on Computer and Communication Security (CCS 2016). Rob Jansen Center for High Assurance
Block ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016
Block ciphers CS 161: Computer Security Prof. Raluca Ada Popa February 26, 2016 Announcements Last time Syntax of encryption: Keygen, Enc, Dec Security definition for known plaintext attack: attacker provides
Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory
Introduction to Traffic Analysis George Danezis University of Cambridge, Computer Laboratory Outline Introduction to anonymous communications Macro-level Traffic Analysis Micro-level Traffic Analysis P2P
Problem: Equivocation!
Bitcoin: 10,000 foot view Bitcoin and the Blockchain New bitcoins are created every ~10 min, owned by miner (more on this later) Thereafter, just keep record of transfers e.g., Alice pays Bob 1 BTC COS
Yale University Department of Computer Science
Yale University Department of Computer Science Security Analysis of Accountable Anonymous Group Communication in Dissent Preliminary Draft - Not for Public Release Ewa Syta Aaron Johnson Henry Corrigan-Gibbs
ENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM)
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 7b Ascend: Architecture for Secure Computation on Encrypted Data Oblivious RAM (ORAM) Marten van Dijk Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen
ENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
A Security Infrastructure for Trusted Devices
Infrastructure () A Security Infrastructure for Trusted Devices Mahalingam Ramkumar Mississippi State University, MS Nasir Memon Polytechnic University, Brooklyn, NY January 31, 2005 Infrastructure ()
Cryptanalysis of a Universally Verifiable Efficient Re-encryption Mixnet
Cryptanalysis of a Universally Verifiable Efficient Re-encryption Mixnet Shahram Khazaei, khazaei@kth.se Björn Terelius, terelius@kth.se Douglas Wikström, dog@csc.kth.se February 24, 2012 Abstract We study
Crypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
Basic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
A SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
Security in Data Science
SDSI Nov. 2017 Security in Data Science Dan Boneh Stanford University Private genomic data analysis [Jagadeesh, Wu, Birgmeier, Boneh, Bejerano, Science, 2017] What genes causes a specific disorder? 2 v
P 5 : A Protocol for Scalable Anonymous Communications
P 5 : A Protocol for Scalable Anonymous Communications 1 P 5 : A Protocol for Scalable Anonymous Communications Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan University of Maryland, College Park
Key establishment in sensor networks
Key establishment in sensor networks -- introduction to wireless sensor networks -- needed key types -- LEAP -- random key pre-distribution (c) Levente Buttyán (buttyan@crysys.hu) Wireless sensor networks
Karaoke: Distributed Private Messaging Immune to Passive Traffic Analysis
Karaoke: Distriuted Private Messaging Immune to Passive Traffic Analysis David Lazar, Yossi Gilad, and Nickolai Zeldovich MIT CSAIL Astract Karaoke is a system for low-latency metadata-private communication.
Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
Low-Cost Traffic Analysis of Tor
Low-Cost Traffic Analysis of Tor Steven J. Murdoch, George Danezis University of Cambridge, Computer Laboratory Review of Tor Support anonymous transport of TCP streams over the Internet Support anonymous
Dissent in Numbers: Making Strong Anonymity Scale
Dissent in Numbers: Making Strong Anonymity Scale David Isaac Wolinsky, Henry Corrigan-Gibbs, and Bryan Ford Yale University Aaron Johnson U.S. Naval Research Laboratory Abstract Current anonymous communication
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
Design and Analysis of Efficient Anonymous Communication Protocols
Design and Analysis of Efficient Anonymous Communication Protocols Thesis Defense Aaron Johnson Department of Computer Science Yale University 7/1/2009 1 Acknowledgements Joan Feigenbaum Paul Syverson
What's the buzz about HORNET?
1 What's the buzz about HORNET? 2 You've probably all seen the news "Internet-scale anonymity" "Without sacrificing security, the network supports data transfer speeds of up to 93GBps" "can be scaled at
Tor: An Anonymizing Overlay Network for TCP
Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication?
Secure Programming for Fun and Profit
Secure Programming for Fun and Profit (Real World Experiences in Secure Programming) Scott D. Miller Security Analyst Arxan Research, Inc. Doctoral Student in CS Advisors: Aditya Mathur; Ray DeCarlo January
Concrete cryptographic security in F*
Concrete cryptographic security in F* crypto hash (SHA3) INT-CMA encrypt then-mac Auth. encryption Secure RPC some some some adversary attack attack symmetric encryption (AES). IND-CMA, CCA2 secure channels
Efficient Private Information Retrieval
Efficient Private Information Retrieval K O N S T A N T I N O S F. N I K O L O P O U L O S T H E G R A D U A T E C E N T E R, C I T Y U N I V E R S I T Y O F N E W Y O R K K N I K O L O P O U L O S @ G
Cashmere: Resilient Anonymous Routing
Cashmere: Resilient Anonymous Routing Li Zhuang, Feng Zhou U. C. Berkeley {zl,zf}@cs.berkeley.edu Ben Y. Zhao U. C. Santa Barbara ravenben@cs.ucsb.edu Antony Rowstron icrosoft Research UK antr@microsoft.com
CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION
#RSAC SESSION ID: CRYP-W04 CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION Adam Shull Recent Ph.D. Graduate Indiana University Access revocation on the cloud #RSAC sk sk Enc Pub Sym pk k
How to (not) Share a Password:
How to (not) Share a Password: Privacy preserving protocols for finding heavy hitters with adversarial behavior Moni Naor Benny Pinkas Eyal Ronen Passwords First modern use in MIT's CTSS (1961) Passwords
Analyzing Tor s Anonymity with Machine Learning. Sanjit Bhat, David Lu May 21 st, 2017 Mentor: Albert Kwon
Analyzing Tor s Anonymity with Machine Learning Sanjit Bhat, David Lu May 21 st, 2017 Mentor: Albert Kwon Acknowledgements Thank you to Albert Kwon for mentoring us Thank you to Prof. Srini Devadas for
CS 425 / ECE 428 Distributed Systems Fall 2017
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your
Private Web Search with Malicious Adversaries
Private Web Search with Malicious Adversaries Yehuda Lindell Erez Waisbard March 24, 20 Abstract Web search has become an integral part of our lives and we use it daily for business and pleasure. Unfortunately,
Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981
Anonymizing Networks Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981 Reed, Syverson, Goldschlag, Anonymous Connections and Onion
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, autumn 2015 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
Remote E-Voting System
Remote E-Voting System Crypto2-Spring 2013 Benjamin Kaiser Jacob Shedd Jeremy White Phases Initialization Registration Voting Verifying Activities Trusted Authority (TA) distributes 4 keys to Registrar,
Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Anonymity Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
Protocols for Anonymous Communication
18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym?
Low Latency Anonymity with Mix Rings
Low Latency Anonymity with Mix Rings Matthew Burnside and Angelos D. Keromytis Department of Computer Science, Columbia University {mb,angelos}@cs.columbia.edu Abstract. We introduce mix rings, a novel
CS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
Network Security Technology Project
Network Security Technology Project Shanghai Jiao Tong University Presented by Wei Zhang zhang-wei@sjtu.edu.cn!1 Part I Implement the textbook RSA algorithm. The textbook RSA is essentially RSA without
Security. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
Refresher: Applied Cryptography
Refresher: Applied Cryptography (emphasis on common tools for secure processors) Chris Fletcher Fall 2017, 598 CLF, UIUC Complementary reading Intel SGX Explained (ISE) Victor Costan, Srini Devadas https://eprint.iacr.org/2016/086.pdf
Security Analysis of Accountable Anonymity in Dissent
0 Security Analysis of Accountable Anonymity in Dissent EWA SYTA, HENRY CORRIGAN-GIBBS, SHU-CHUN WENG, DAVID WOLINSKY, BRYAN FORD, Yale University AARON JOHNSON, U.S. Naval Research Laboratory Users often
Cooperation in Open Distributed Systems. Stefan Schmid
Cooperation in Open Distributed Systems Stefan Schmid T-Labs, Berlin, July 2, 2009 Distributed Systems 2008/9 Wireless: Many mobile phones today have WLAN (and even Skype) P2P: Olympic games 2008 live-broadcast
Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012
Ideal Security Protocol Satisfies security requirements Requirements must be precise Efficient Small computational requirement Small bandwidth usage, network delays Not fragile Works when attacker tries
CIS 6930/4930 Computer and Network Security. Project requirements
CIS 6930/4930 Computer and Network Security Project requirements Project Requirement Form a team of 3 people to complete the course project. The project has 100pts + 20pts (extra credit) Report requirement:
Secure Multi-Hop Infrastructure Access
Secure Multi-Hop Infrastructure Access presented by Reza Curtmola (joint work with B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens) 600.647 Advanced Topics in Wireless Networks Wireless Infrastructure
CSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
M 2 R: ENABLING STRONGER PRIVACY IN MAPREDUCE COMPUTATION
1 M 2 R: ENABLING STRONGER PRIVACY IN MAPREDUCE COMPUTATION TIEN TUAN ANH DINH, PRATEEK SAXENA, EE-CHIEN CHANG, BENG CHIN OOI, AND CHUNWANG ZHANG, NATIONAL UNIVERSITY OF SINGAPORE PRESENTED BY: RAVEEN
Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
Cryptography: More Primitives
Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital
Securing Cloud Computing
Securing Cloud Computing NLIT Summit, May 2018 PRESENTED BY Jeffrey E. Forster jeforst@sandia.gov Lucille Forster lforste@sandia.gov Sandia National Laboratories is a multimission laboratory managed and
Block Ciphers Tutorial. c Eli Biham - May 3, Block Ciphers Tutorial (5)
Block Ciphers Tutorial c Eli Biham - May 3, 2005 146 Block Ciphers Tutorial (5) A Known Plaintext Attack on 1-Round DES After removing the permutations IP and FP we get: L R 48 K=? F L R c Eli Biham -