anonymity and secure messaging fall 2016 ada adam lerner
play

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner - PowerPoint PPT Presentation

Mar 01, 2023 •146 likes •699 views

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

  1. CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Cookies • Alternative/additional technology: – Ice cream • Some of you asked if we could study these technologies 12/7/16 CSE 484 / CSE M 584 - Fall 2016 2

  3. Cookies • Section is cancelled, but: • During section, we’ll have a special culinary seminar on the topic of “Delectable Technology” 12/7/16 CSE 484 / CSE M 584 - Fall 2016 3

  4. Cookies • During section, we’ll have a special culinary seminar on the topic of “Delectable Technology” 12/7/16 CSE 484 / CSE M 584 - Fall 2016 4

  5. Security Mindsetish – Reflections on Trusting Trust 12/7/16 CSE 484 / CSE M 584 - Fall 2016 5

  6. Identifying Web Pages: Electrical Outlets Clark et al. “Current Events: Identifying Webpages by Tapping the Electrical Outlet” ESORICS 2013 12/7/16 CSE 484 / CSE M 584 - Spring 2016 6

  7. Powerline Eavesdropping Enev et al.: Televisions, Video Privacy, and Powerline Electromagnetic Interference, CCS 2011 12/7/16 CSE 484 / CSE M 584 - Spring 2016 7

  8. Privacy on Public Networks • Internet is designed as a public network – Machines on your LAN may see your traffic, network routers see all traffic that passes through them • Routing information is public – IP packet headers identify source and destination – Even a passive observer can easily figure out who is talking to whom • Encryption does not hide identities – Encryption hides payload, but not routing information – Even IP-level encryption (tunnel-mode IPSec/ESP) reveals IP addresses of IPSec gateways 12/7/16 CSE 484 / CSE M 584 - Spring 2016 8

  9. Questions Q1: What is anonymity? Q2: Why might people want anonymity on the Internet? Q3: Why might people not want anonymity on the Internet? 12/7/16 CSE 484 / CSE M 584 - Spring 2016 9

  10. Applications of Anonymity (I) • Privacy – Hide online transactions, Web browsing, etc. from intrusive governments, marketers and archivists • Untraceable electronic mail – Corporate whistle-blowers – Political dissidents – Socially sensitive communications (online AA meeting) – Confidential business negotiations • Law enforcement and intelligence – Sting operations and honeypots – Secret communications on a public network 12/7/16 CSE 484 / CSE M 584 - Spring 2016 10

  11. Applications of Anonymity (II) • Digital cash – Electronic currency with properties of paper money (online purchases unlinkable to buyer’s identity) • Anonymous electronic voting • Censorship-resistant publishing 12/7/16 CSE 484 / CSE M 584 - Spring 2016 11

  12. What is Anonymity? • Anonymity is the state of being not identifiable within a set of subjects – You cannot be anonymous by yourself! • Big difference between anonymity and confidentiality – Hide your activities among others’ similar activities • Unlinkability of action and identity – For example, sender and email he/she sends are no more related after observing communication than before • Unobservability (hard to achieve) – Observer cannot even tell whether a certain action took place or not 12/7/16 CSE 484 / CSE M 584 - Spring 2016 12

  13. Part 1: Anonymity in Datasets 12/7/16 CSE 484 / CSE M 584 - Spring 2016 13

  14. How to release an anonymous dataset? • Possible approach: remove identifying information from datasets? Massachusetts medical+voter data [Sweeney 1997] 12/7/16 CSE 484 / CSE M 584 - Spring 2016 14

  15. k-Anonymity • Each person contained in the dataset cannot be distinguished from at least k-1 others in the data. Doesn’t work for high-dimensional datasets (which tend to be sparse ) 12/7/16 CSE 484 / CSE M 584 - Spring 2016 15

  16. [Dwork et al.] Differential Privacy • Setting: Trusted party has a database • Goal: allow queries on the database that are useful but preserve the privacy of individual records • Differential privacy intuition: add noise so that an output is produced with similar probability whether any single input is included or not • Privacy of the computation, not of the dataset 12/7/16 CSE 484 / CSE M 584 - Spring 2016 16

  17. Part 2: Anonymity in Communication 12/7/16 CSE 484 / CSE M 584 - Spring 2016 17

  18. Chaum’s Mix • Early proposal for anonymous email – David Chaum. “Untraceable electronic mail, return addresses, and digital pseudonyms”. Communications of the ACM, February 1981. Before spam, people thought anonymous email was a good idea J • Public key crypto + trusted re-mailer (Mix) – Untrusted communication medium – Public keys used as persistent pseudonyms • Modern anonymity systems use Mix as the basic building block 12/7/16 CSE 484 / CSE M 584 - Spring 2016 18

  19. Basic Mix Design B {r 1 ,{r 0 ,M} pk(B) ,B} pk(mix) {r 0 ,M} pk(B) ,B A {r 5 ,M’’} pk(B) ,B C E {r 2 ,{r 3 ,M’} pk(E) ,E} pk(mix) {r 3 ,M’} pk(E) ,E D Mix {r 4 ,{r 5 ,M’’} pk(B) ,B} pk(mix) Adversary knows all senders and all receivers, but cannot link a sent message with a received message 12/7/16 CSE 484 / CSE M 584 - Spring 2016 19

  20. Q2 B {r 1 ,{r 0 ,M} pk(B) ,B} pk(mix) {r 0 ,M} pk(B) ,B A {r 5 ,M’’} pk(B) ,B C E {r 2 ,{r 3 ,M’} pk(E) ,E} pk(mix) {r 3 ,M’} pk(E) ,E D Mix {r 4 ,{r 5 ,M’’} pk(B) ,B} pk(mix) Adversary knows all senders and all receivers, but cannot link a sent message with a received message 12/7/16 CSE 484 / CSE M 584 - Spring 2016 20

  21. Anonymous Return Addresses M includes {K 1 ,A} pk(mix) , K 2 where K 2 is a fresh public key {r 1 ,{r 0 ,M} pk(B) ,B} pk(mix) {r 0 ,M} pk(B) ,B B MIX A A,{{r 2 ,M’} K 2 } K 1 {K 1 ,A} pk(mix) , {r 2 ,M’} K 2 Response MIX Secrecy without authentication (good for an online confession service J ) 12/7/16 CSE 484 / CSE M 584 - Spring 2016 21

  22. Mix Cascades and Mixnets • Messages are sent through a sequence of mixes • Can also form an arbitrary network of mixes ( “ mixnet ” ) • Some of the mixes may be controlled by attacker, but even a single good mix ensures anonymity • Pad and buffer traffic to foil correlation attacks 12/7/16 CSE 484 / CSE M 584 - Spring 2016 22

  23. Disadvantages of Basic Mixnets • Public-key encryption and decryption at each mix are computationally expensive • Basic mixnets have high latency – OK for email, not OK for anonymous Web browsing • Challenge: low-latency anonymity network 12/7/16 CSE 484 / CSE M 584 - Spring 2016 23

  24. Another Idea: Randomized Routing • Hide message source by routing it randomly – Popular technique: Crowds, Freenet, Onion routing • Routers don’t know for sure if the apparent source of a message is the true sender or another router 12/7/16 CSE 484 / CSE M 584 - Spring 2016 24

  25. [Reed, Syverson, Goldschlag 1997] Onion Routing R R R 4 R R 3 R R 1 R R 2 Alice R Bob • Sender chooses a random sequence of routers • Some routers are honest, some controlled by attacker • Sender controls the length of the path 12/7/16 CSE 484 / CSE M 584 - Spring 2016 25

  26. Route Establishment R 2 R 4 Alice R 3 Bob R 1 {M} pk(B) {B,k 4 } pk(R4) ,{ } k4 {R 4 ,k 3 } pk(R3) ,{ } k3 {R 3 ,k 2 } pk(R2) ,{ } k2 {R 2 ,k 1 } pk(R1) ,{ } k1 • Routing info for each link encrypted with router’s public key • Each router learns only the identity of the next router 12/7/16 CSE 484 / CSE M 584 - Spring 2016 26

  27. Tor • Second-generation onion routing network – http://tor.eff.org – Developed by Roger Dingledine, Nick Mathewson and Paul Syverson – Specifically designed for low-latency anonymous Internet communications • Running since October 2003 • “Easy-to-use” client proxy – Freely available, can use it for anonymous browsing 12/7/16 CSE 484 / CSE M 584 - Spring 2016 27

  28. Tor Circuit Setup (1) • Client proxy establishes a symmetric session key and circuit with Onion Router #1 12/7/16 CSE 484 / CSE M 584 - Spring 2016 28

  29. Tor Circuit Setup (2) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #2 – Tunnel through Onion Router #1 12/7/16 CSE 484 / CSE M 584 - Spring 2016 29

  30. Tor Circuit Setup (3) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #3 – Tunnel through Onion Routers #1 and #2 12/7/16 CSE 484 / CSE M 584 - Spring 2016 30

  31. Using a Tor Circuit • Client applications connect and communicate over the established Tor circuit. 12/7/16 CSE 484 / CSE M 584 - Spring 2016 31

  32. Tor Management Issues • Many applications can share one circuit – Multiple TCP streams over one anonymous connection • Tor router doesn’t need root privileges – Encourages people to set up their own routers – More participants = better anonymity for everyone • Directory servers – Maintain lists of active onion routers, their locations, current public keys, etc. – Control how new routers join the network • “Sybil attack”: attacker creates a large number of routers – Directory servers’ keys ship with Tor code 12/7/16 CSE 484 / CSE M 584 - Spring 2016 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

779 views • 30 slides
Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

622 views • 44 slides
Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

633 views • 47 slides
Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to

Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

1.29k views • 42 slides
Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu

Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

559 views • 41 slides
Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks

Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks

CSE 484 / CSE M 584: Computer Security and Privacy Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

807 views • 78 slides
Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner

Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

917 views • 55 slides
Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno,

577 views • 43 slides
Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam)

Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam)

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan

567 views • 38 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner

The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

870 views • 76 slides
Administrative Lab 2 is out please form groups of 1-3 and get to work, its due Nov 21!

Administrative Lab 2 is out please form groups of 1-3 and get to work, its due Nov 21!

CSE 484 / CSE M 584: Computer Security and Privacy XSS attacks Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly

940 views • 48 slides
We have all the pieces! Symmetric Encryption (privacy!) MACs (integrity!) Asymmetric

We have all the pieces! Symmetric Encryption (privacy!) MACs (integrity!) Asymmetric

CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly

872 views • 42 slides
Web Security! Big Picture: Browser and Network request website Browser reply OS Network

Web Security! Big Picture: Browser and Network request website Browser reply OS Network

CSE 484 / CSE M 584: Computer Security and Privacy CSRF and XSS attacks Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell,

1.29k views • 59 slides
Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter

813 views • 43 slides
CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet

654 views • 51 slides
FLST08-09 Linguistic Foundations Exercise of week 1 of Linguistic Foundations (31.10.2008)

FLST08-09 Linguistic Foundations Exercise of week 1 of Linguistic Foundations (31.10.2008)

FLST08-09 Linguistic Foundations Exercise of week 1 of Linguistic Foundations (31.10.2008) Ambiguity Ambiguity is the quality or state of being ambiguous. When a sentence is ambiguous, it has two or more possible meanings. There are two types

96 views • 6 slides
Kellogg Company FIRST QUARTER 2018 FINANCIAL RESULTS May 3, 2018 Forward-Looking Statements

Kellogg Company FIRST QUARTER 2018 FINANCIAL RESULTS May 3, 2018 Forward-Looking Statements

Kellogg Company May 3, 2018 Kellogg Company FIRST QUARTER 2018 FINANCIAL RESULTS May 3, 2018 Forward-Looking Statements & Non-GAAP Measures This presentation contains, or incorporates by reference, forward - looking statements with

463 views • 10 slides
July 30, 2019 This presentation contains a number of forward-looking statements. Words, and

July 30, 2019 This presentation contains a number of forward-looking statements. Words, and

July 30, 2019 This presentation contains a number of forward-looking statements. Words, and variations of words, such as will, expect, should, estimate, anticipate, deliver, positioned, potential,

618 views • 47 slides
Discourse particles and their connection to sentence types, speech acts, and discourse Eva Csipak

Discourse particles and their connection to sentence types, speech acts, and discourse Eva Csipak

Introduction Licensing proposals Discourse function matters Conclusion Discourse particles and their connection to sentence types, speech acts, and discourse Eva Csipak & Sarah Zobel Universitt Konstanz & Universitt

721 views • 43 slides
We are learning to: WALT share equally divide by sharing Maths division sharing day

We are learning to: WALT share equally divide by sharing Maths division sharing day

Maths division sharing day 1.notebook June 04, 2020 We are learning to: WALT share equally divide by sharing Maths division sharing day 1.notebook June 04, 2020 2 + 2 + 2 + 2 = What would the array look like? Maths division

202 views • 9 slides
Rewrite this sentence placing the adverbial at the end. In the afternoon, Thomas had to go to the

Rewrite this sentence placing the adverbial at the end. In the afternoon, Thomas had to go to the

GPS Starter: Work through bronze, silver, gold AND challenge Write Rewrite this sentence placing the adverbial at the end. In the afternoon, Thomas had to go to the doctors. __________________________________

369 views • 10 slides
Speak with Impact In depth Presentation Skills If you can unscramble these, they are your link

Speak with Impact In depth Presentation Skills If you can unscramble these, they are your link

Speak with Impact In depth Presentation Skills If you can unscramble these, they are your link to effective presentations GNINNALP CRAPTICE BILITYAREMOM Ways of Working Together Timekeeping Confidentiality Respect

412 views • 30 slides
The strength of the SCT criterion Silvia Steila joint work with Emanuele Frittaion and Keita

The strength of the SCT criterion Silvia Steila joint work with Emanuele Frittaion and Keita

The strength of the SCT criterion Silvia Steila joint work with Emanuele Frittaion and Keita Yokoyama University of Bern JAIST February 28th, 2017 A first informal question Assume that a child really likes biscuits, he has z -many biscuits.

610 views • 27 slides

More recommend