anon pass
play

Anon-Pass: Practical Anonymous Subscriptions Michael Z. Lee , Alan - PowerPoint PPT Presentation

Aug 11, 2023 •252 likes •677 views

Anon-Pass: Practical Anonymous Subscriptions Michael Z. Lee , Alan M. Dunn , Jonathan Katz * , Brent Waters , Emmett Witchel University of Texas at Austin * University of Maryland May 20, 2013 Media Subscriptions Unlimited

  1. Anon-Pass: Practical Anonymous Subscriptions Michael Z. Lee † , Alan M. Dunn † , Jonathan Katz * , Brent Waters † , Emmett Witchel † † University of Texas at Austin * University of Maryland May 20, 2013

  2. Media Subscriptions Unlimited access subscriptions -2-

  3. Let’s build a service X 1234… ♫♪♩♬ 1234… ♫ ♪ ♫♩ ♪ ♩ 2345… Sharing Resistance (admission control) -3-

  4. They are collecting information about you. -4-

  5. Anonymous Media Accesses can’t be correlated Song 1 Song 2 time 1234… 8720 … Unlinkability -5-

  6. Linked accesses could deanonymize users Access patterns for enough time could help deanonymize clients The Netflix Prize dataset [Narayanan, Shmatikov 2008] Social networks [Narayanan, Shmatikov 2009] -6-

  7. But even if tokens are unlinkable … 1234… 141.212.15.125 ♫♪♩♬ 128.83.122.105 8720 … 37.130.227.133 128.83.122.105 We assume clients are using a network anonymity service -7-

  8. Anonymous Music Service Straw Man 1234… ♫♪♩♬ 8720… 7964… 8739… 1910… Unlinkability 2372… but not sharing resistance 3141… -8-

  9. How do we get both? Unlinkable Serial Transactions [Syverson et al. 1997 Sharing resistance, unlinkability but needs unbounded storage Anonymous Blacklisting Systems [Tsang et al. 2008] Sharing resistance, unlinkability but computationally expensive -9-

  10. And also be practical? Unlinkable Serial Transactions [Syverson et al. 1997 Sharing resistance, unlinkability but needs unbounded storage Anonymous Blacklisting Systems [Tsang et al. 2008] Sharing resistance, unlinkability but computationally expensive Anon-Pass Sharing resistance, unlinkability, and efficiency Example: over 12,000 concurrent clients -10-

  11. How? How is Anon-Pass built? How is Anon-Pass used? How does Anon-Pass perform? -11-

  12. How is it built? Split up time into epochs Each user has a unique token for an epoch t – 1 t t+1 t+2 time 1234… Each epoch allows a new, unpredictable token -12-

  13. How is it built? Split up time into epochs Each user has a unique token for an epoch t – 1 t t+1 t+2 time 1234… <- PRF (t) PRF Each epoch allows a new, unpredictable token Use a pseudorandom function (PRF) -13-

  14. High Level Protocols Register Get a blinded signature on a secret Login Prove the token used the signed secret (in zero knowledge) -14-

  15. Anonymous Music Service Song 1 Song 2 t – 1 t t+1 t+2 time 1234… 8720… PRF (t) PRF (t+2) -15-

  16. Anonymous Music Service But songs don’t always fit in one epoch Song 1 t – 1 t t+1 t+2 time PRF (t) PRF (t+1) PRF (t+2) 1234… 5629… 8720… -16-

  17. Anonymous Music Service But songs don’t always fit in one epoch And these accesses are implicitly linked t – 1 t t+1 t+2 time 1234… 5629… 8720… Conditional Linkability -17-

  18. Accesses can be implicitly linked Baby+ 0s The service knows when the Baby+15s same song is repeatedly accessed Baby+30s Baby+45s Client is implicitly linked Baby+60s while accessing the same media Baby+75s Baby+90s And unlinkability costs …. the service provider (and therefore harms the system) -18-

  19. Re-Up Our way of getting conditional linkability Prove the current token and the next token are linked Trades unlinkability for efficiency But the client already lost unlinkability while accessing the same media -19-

  20. Re-Up is more efficient Login proves you should be allowed access Re-Up proves you logged in before Login takes 10 expensive operations Re-Up takes only 2 -20-

  21. Using Login and Re- Up A client must Login to start a new song And Re-Up to continue playing the same song t – 1 t t+1 t+2 time Re-Up Re-Up To be unlinkable again, the client must wait until the next epoch -21-

  22. Epoch Lengths: Long vs. Short A short epoch means less time to be unlinkable And less delay between client actions Happy Clients A long epoch means fewer client requests And lower server load Happy Server Choosing an epoch length depends on the service (e.g., 15 seconds for music, 5 minutes for movies) -22-

  23. Re-Up helps balance this tension Short epochs means less wait between unlinkable actions Re-Up instead of Login reduces server load -23-

  24. And Anon-Pass is formally proven Formal proof of security holds under the DDHI assumption Formal proof of soundness holds under the LRSW assumption Stated and proved in the paper -24-

  25. How? How is Anon-Pass built? How is Anon-Pass used? How does Anon-Pass perform? -25-

  26. How could it be used? Anonymous Music Streaming Music download over normal HTTP 15 second epoch Unlimited-use Subway Pass NYC’s “unlimited” pass 6 minute epoch Account Proxy Multiplex accounts to news sites 1 minute epoch -26-

  27. System Architecture my laptop subscription service ♪ Application Client Server Application -27-

  28. System Architecture my laptop subscription service ♪ Application Client Server Application Authentication Server User Agent -28-

  29. System Architecture my laptop subscription service ♪ Application Gatewa Server Client y Application 3 rd party Authentication Server User Agent service -29-

  30. User Agent Purpose: minimize changes to client applications Job: Create Login and Re-Up requests Keep the user secret secure Modified VLC to anonymously stream (54 LoC) No modifications to support browsers -30-

  31. Authentication Server Purpose: enforce sharing resistance Job: Verify tokens and token uniqueness Record active tokens Runs on the service or as a 3 rd party -31-

  32. Gateway Purpose: enforce access control with minimal change to existing services Job: Prevent unauthorized access and responses Remove verification from the critical path Runs on the service as a front end server -32-

  33. How? How is Anon-Pass built? How is Anon-Pass used? How does Anon-Pass perform? -33-

  34. Evaluation Environment quad-core 2.66 GHz Intel Core 2 CPU 8GB RAM 1 Gbps network 10 client machine to evaluate the streaming music service An HTC Evo 3D to evaluate the anonymous subway pass -34-

  35. Crypto Cost 10 9 8 milliseconds 7  Other 6 5  Verify 7.8x Faster 4 3 2 1 0 Login Re-up -35-

  36. Music Service Scaling HTTP server to stream music 15 second epoch Add clients until we run out of resources Used 10 client machines -36-

  37. Music Service Scaling Login Only vs. Anon-Pass Steady  Login Only 8,000 Clients % CPU  Anon-Pass 12,000 Clients Time -37-

  38. Anonymous Subway Pass Problem: Need to rate limit between swipes A long epoch can simulate that timeout But sharing is still possible… t t+1 -38-

  39. Anonymous Subway Pass Solution: Login and Re-Up at the same time Accesses during later epochs are linkable t – 1 t t+1 t+2 time X -39-

  40. Anonymous Subway Pass Implemented as an Android application Clients Login and Re-Up twice (18 minute NYC policy) Takes only 0.2 seconds (on an HTC Evo 3D) -40-

  41. Anon-Pass Practical – efficient enough to scale Flexible – works with different services Deployable – minimizes service changes -41-

  42. -42-

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon.

Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon.

anonymize Anon. Key parse TCP assembly Offline Online capture anonymize Anon. One-Way Interface Key (anon. trace) parse TCP assembly Enc. Key decrypt Offline Online encrypt Encrypted Raw Data capture Capture Hardware Closed-box VM anonymize

838 views • 40 slides
Nar-Anon Midwest Region 2016 OUTREACH WORKSHOP WE WANT TO CONNECT WITH YOU! Outreach Pre-Test

Nar-Anon Midwest Region 2016 OUTREACH WORKSHOP WE WANT TO CONNECT WITH YOU! Outreach Pre-Test

Nar-Anon Midwest Region 2016 OUTREACH WORKSHOP WE WANT TO CONNECT WITH YOU! Outreach Pre-Test 1. The objective of Outreach is to. A. Increase awareness of Nar-Anon B. Hand out literature to help people C. Get people to a meeting D.

690 views • 21 slides
U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the

U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the

U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the Algonquin Students Association sponsored a Universal Transit Pass Referendum which was passed and in March 2015 the U-Pass Agreement was formally

446 views • 10 slides
50% pass developmental credit course course pass take pass developmental credit credit

50% pass developmental credit course course pass take pass developmental credit credit

Calculating Success Co-Requisite Models # who # who # who # who take pass take pass 115 115 121 121 # who # who = Success Rate pass take 121 115 credit course 50% pass developmental credit course course pass take

633 views • 16 slides
An n Emp Empir iric ical Ana naly lysis s of of Anon nonymit ity in n Zcash George

An n Emp Empir iric ical Ana naly lysis s of of Anon nonymit ity in n Zcash George

An n Emp Empir iric ical Ana naly lysis s of of Anon nonymit ity in n Zcash George Kappos, Haaroon Yousaf, Mary Maller, Sarah Meiklejohn University College London Zcon0: 26/06/2018 What level of anonymity do users obtain by using

626 views • 24 slides
U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot

U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot

U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot Program has completed 21 months of its 24- month pilot program, which will expire in August 2018. Through partnerships with colleges, U-Pass TAP

87 views • 8 slides
Its a death penalty case until someone tells a court it isnt. Anon. Federal

Its a death penalty case until someone tells a court it isnt. Anon. Federal

3/27/2017 Its a death penalty case until someone tells a court it isnt. Anon. Federal Death Penalty Resource Counsel Jean D. Barrett, Esquire Anthony L. Ricco, Esquire David A. Ruhnke, Esquire New York Law SchoolMarch 27,

121 views • 9 slides
k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG

k IP IP: a Measured Approach ch to IPv6 Ad Addres ess An Anon onymiz ization ion MAPRG Meeting Prague, July 20, 2017 David Plonka &lt;plonka@akamai.com&gt; kI kIP: : a Me Measured Approach to IPv6 Address Anonymizati tion

873 views • 64 slides
3 3 Siren en Song of Lebanon anon Solomon &amp; Delilah: Characters Solomon the King

3 3 Siren en Song of Lebanon anon Solomon &amp; Delilah: Characters Solomon the King

The Kin Th e King Who Fel g Who Fell l 3 3 Siren en Song of Lebanon anon Solomon &amp; Delilah: Characters Solomon the King Lebanese Bride Heb literally THE King Bloch, p120 1:1,5; 3:7,9,11; 8:11,12 4:8; 4:11,15; 7:4 2 / 23

806 views • 26 slides
Kristina Lerman Anon Plangprasopchok Craig Knoblock USC Information Sciences Institute Find

Kristina Lerman Anon Plangprasopchok Craig Knoblock USC Information Sciences Institute Find

Kristina Lerman Anon Plangprasopchok Craig Knoblock USC Information Sciences Institute Find hotels address Select hotel by price, features and reviews Check weather forecast features Get distance to hotel Find flights Email agenda

341 views • 23 slides
Building a Pass Rusher from Scratch Since 2002 Big Skill Pass Rush System V.G.H.H Vision

Building a Pass Rusher from Scratch Since 2002 Big Skill Pass Rush System V.G.H.H Vision

Consulting, Teaching, Developing Pass Rushers Since 2002 Since 2002 Building a Pass Rusher from Scratch Since 2002 Big Skill Pass Rush System V.G.H.H Vision +GetOff+Hands+Hips V.G.H.H This system was created for DefensiveLineman,

258 views • 9 slides
What is a bus pass? Permanent bus pass is a change to a busing schedule that remains consistent

What is a bus pass? Permanent bus pass is a change to a busing schedule that remains consistent

6/18/2015 Acton Boxborough Regional School District Elementary Bus Passing Policy and Procedures 06/11/2015 What is a bus pass? Permanent bus pass is a change to a busing schedule that remains consistent for the course of the year. Typically

406 views • 5 slides
1 2 3 The pass rates continue to be disappointing. For several years the pass rate has been in

1 2 3 The pass rates continue to be disappointing. For several years the pass rate has been in

1 2 3 The pass rates continue to be disappointing. For several years the pass rate has been in the low to mid 30% range. Reasons for less than satisfactory performance has been discussed at every past conference and in every past examiners

633 views • 15 slides
What is Our Pass? Its a bus pass for, young people aged 16-18* that gives you the freedom to

What is Our Pass? Its a bus pass for, young people aged 16-18* that gives you the freedom to

What is Our Pass? Its a bus pass for, young people aged 16-18* that gives you the freedom to get around Greater Manchester. Whether you want to get to college, visit friends or family, go shopping or visit one of Greater Manchesters

497 views • 11 slides
Industry Certification Pass Rates END 2 Reporting Industry Certification Pass Rates Barton

Industry Certification Pass Rates END 2 Reporting Industry Certification Pass Rates Barton

Industry Certification Pass Rates END 2 Reporting Industry Certification Pass Rates Barton must have data comparable to other similar national colleges to meet the requirements of Higher Learning Commission Open Pathways Accreditation.

385 views • 7 slides
E-Pass Redesign Overview Presentation for E-Pass Implementation Team February 12, 2003

E-Pass Redesign Overview Presentation for E-Pass Implementation Team February 12, 2003

E-Pass Redesign Overview Presentation for E-Pass Implementation Team February 12, 2003 12-Feb-2003 (c) 2003, Phena Partners LLC &amp; DuPont 1 Agenda Why re-design? Key improvements Project timeline Feature walkthrough

836 views • 39 slides
CS535 Big Data 4/13/2020 Week 12-A Sangmi Lee Pallickara CS535 Big Data | Computer Science |

CS535 Big Data 4/13/2020 Week 12-A Sangmi Lee Pallickara CS535 Big Data | Computer Science |

CS535 Big Data 4/13/2020 Week 12-A Sangmi Lee Pallickara CS535 Big Data | Computer Science | Colorado State University CS535 Big Data | Computer Science | Colorado State University CS535 BIG DATA FAQs Wednesday (4/15) is the GEAR Session

339 views • 11 slides
CS480/680 Lecture 22: July 22, 2019 Ensemble Learning [RN] Sec. 18.10, [M] Sec. 16.2.5, [B]

CS480/680 Lecture 22: July 22, 2019 Ensemble Learning [RN] Sec. 18.10, [M] Sec. 16.2.5, [B]

CS480/680 Lecture 22: July 22, 2019 Ensemble Learning [RN] Sec. 18.10, [M] Sec. 16.2.5, [B] Chap. 14, [HTF] Chap 15-16, [D] Chap. 11 University of Waterloo CS480/680 Spring 2019 Pascal Poupart 1 Outline Ensemble Learning Bagging

1.72k views • 22 slides
CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory

CS573 Data Privacy and Security Li Xiong Department of Mathematics and Computer Science Emory University Today Meet everyone in class Course overview Why data privacy and security What is data privacy and security What we

810 views • 70 slides
Probabilistic Low-Rank Matrix Completion with Adaptive Spectral Regularization Algorithms Fran

Probabilistic Low-Rank Matrix Completion with Adaptive Spectral Regularization Algorithms Fran

Probabilistic Low-Rank Matrix Completion with Adaptive Spectral Regularization Algorithms Fran cois Caron Department of Statistics, Oxford STATLEARN 2014, Paris April 7, 2014 Joint work with Adrien Todeschini, Marie Chavent (INRIA, U. of

699 views • 45 slides
Anonymization Beyond GDPR 1 WHO I AM Damien Clochard PostgreSQL DBA &amp; Co-founder at Dalibo

Anonymization Beyond GDPR 1 WHO I AM Damien Clochard PostgreSQL DBA &amp; Co-founder at Dalibo

Anonymization Beyond GDPR 1 WHO I AM Damien Clochard PostgreSQL DBA &amp; Co-founder at Dalibo President of PostgreSQLFr Association 2 WHO I AM NOT I Am Not A Lawyer I Am Not A Privacy Expert Dont take my word for it / Check the links

1.24k views • 74 slides
CMSC320 Introduction to Data One thing we might want to What data is available? What is the

CMSC320 Introduction to Data One thing we might want to What data is available? What is the

An Illustrative Analysis Business First Data Science in Society Abstracting the analysis Abstracting the analysis Data Science in Society: Data Journalism Data Science in Society: Machine Learning Data Science in Society: Machine Learning

921 views • 69 slides
The Price of Privacy In Untrusted Recommendation Engines Siddhartha Banerjee, Nidhi Hegde &amp;

The Price of Privacy In Untrusted Recommendation Engines Siddhartha Banerjee, Nidhi Hegde &amp;

The Price of Privacy In Untrusted Recommendation Engines Siddhartha Banerjee, Nidhi Hegde &amp; Laurent Massouli UT Austin Technicolor Privacy efficiency trade-offs q Google &amp; FaceBook track online browsing behaviour q Apple

610 views • 27 slides
Maximum Likelihood Matrix Completion Under Sparse Factor Models: Error Guarantees and Efficient

Maximum Likelihood Matrix Completion Under Sparse Factor Models: Error Guarantees and Efficient

Maximum Likelihood Matrix Completion Under Sparse Factor Models: Error Guarantees and Efficient Algorithms Jarvis Haupt Department of Electrical and Computer Engineering University of Minnesota Institute for Computational and Experimental

596 views • 40 slides

More recommend