anonymity
play

Anonymity Fall 2017 Franziska (Franzi) Roesner - PowerPoint PPT Presentation

Oct 16, 2022 •219 likes •556 views

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov,

  1. CSE 484 / CSE M 584: Computer Security and Privacy Anonymity Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Admin • Homework #3: Friday 8pm – Late days available – Don’t wait until the last minute for fuzzing • Final Project: next Wednesday 11:59pm – No late days! – Rubric online – Make sure you include a legal/ethics slide, and make sure you include references • If you make a claim that’s not obvious, ideal to have the reference integrated directly on that slide • Extra credit readings due Friday @ 11:59pm 12/6/17 CSE 484 / CSE M 584 - Spring 2017 2

  3. Privacy on Public Networks • Internet is designed as a public network – Machines on your LAN may see your traffic, network routers see all traffic that passes through them • Routing information is public – IP packet headers identify source and destination – Even a passive observer can easily figure out who is talking to whom • Encryption does not hide identities – Encryption hides payload, but not routing information – Even IP-level encryption (tunnel-mode IPSec/ESP) reveals IP addresses of IPSec gateways 12/6/17 CSE 484 / CSE M 584 - Spring 2017 3

  4. Questions Q1: What is anonymity? Q2: Why might people want anonymity on the Internet? Q3: Why might people not want anonymity on the Internet? 12/6/17 CSE 484 / CSE M 584 - Spring 2017 4

  5. 12/6/17 CSE 484 / CSE M 584 - Spring 2017 5

  6. Applications of Anonymity (I) • Privacy – Hide online transactions, Web browsing, etc. from intrusive governments, marketers and archivists • Untraceable electronic mail – Corporate whistle-blowers – Political dissidents – Socially sensitive communications (online AA meeting) – Confidential business negotiations • Law enforcement and intelligence – Sting operations and honeypots – Secret communications on a public network 12/6/17 CSE 484 / CSE M 584 - Spring 2017 6

  7. Applications of Anonymity (II) • Digital cash – Electronic currency with properties of paper money (online purchases unlinkable to buyer’s identity) • Anonymous electronic voting • Censorship-resistant publishing 12/6/17 CSE 484 / CSE M 584 - Spring 2017 7

  8. What is Anonymity? • Anonymity is the state of being not identifiable within a set of subjects – You cannot be anonymous by yourself! • Big difference between anonymity and confidentiality – Hide your activities among others’ similar activities • Unlinkability of action and identity – For example, sender and email he/she sends are no more related after observing communication than before • Unobservability (hard to achieve) – Observer cannot even tell whether a certain action took place or not 12/6/17 CSE 484 / CSE M 584 - Spring 2017 8

  9. Part 1: Anonymity in Datasets 12/6/17 CSE 484 / CSE M 584 - Spring 2017 9

  10. How to release an anonymous dataset? 12/6/17 CSE 484 / CSE M 584 - Spring 2017 10

  11. How to release an anonymous dataset? • Possible approach: remove identifying information from datasets? Massachusetts medical+voter data [Sweeney 1997] 12/6/17 CSE 484 / CSE M 584 - Spring 2017 11

  12. k-Anonymity • Each person contained in the dataset cannot be distinguished from at least k-1 others in the data. Doesn’t work for high-dimensional datasets (which tend to be sparse ) 12/6/17 CSE 484 / CSE M 584 - Spring 2017 12

  13. [Dwork et al.] Differential Privacy • Setting: Trusted party has a database • Goal: allow queries on the database that are useful but preserve the privacy of individual records • Differential privacy intuition: add noise so that an output is produced with similar probability whether any single input is included or not • Privacy of the computation, not of the dataset 12/6/17 CSE 484 / CSE M 584 - Spring 2017 13

  14. Part 2: Anonymity in Communication 12/6/17 CSE 484 / CSE M 584 - Spring 2017 14

  15. Chaum’s Mix • Early proposal for anonymous email – David Chaum. “Untraceable electronic mail, return addresses, and digital pseudonyms”. Communications of the ACM, February 1981. Before spam, people thought anonymous email was a good idea J • Public key crypto + trusted re-mailer (Mix) – Untrusted communication medium – Public keys used as persistent pseudonyms • Modern anonymity systems use Mix as the basic building block 12/6/17 CSE 484 / CSE M 584 - Spring 2017 15

  16. Basic Mix Design B {r 1 ,{r 0 ,M} pk(B) ,B} pk(mix) {r 0 ,M} pk(B) ,B A {r 5 ,M’’} pk(B) ,B C E {r 2 ,{r 3 ,M’} pk(E) ,E} pk(mix) {r 3 ,M’} pk(E) ,E D Mix {r 4 ,{r 5 ,M’’} pk(B) ,B} pk(mix) Adversary knows all senders and all receivers, but cannot link a sent message with a received message 12/6/17 CSE 484 / CSE M 584 - Spring 2017 16

  17. Anonymous Return Addresses M includes {K 1 ,A} pk(mix) , K 2 where K 2 is a fresh public key {r 1 ,{r 0 ,M} pk(B) ,B} pk(mix) {r 0 ,M} pk(B) ,B B MIX A A,{{r 2 ,M’} K 2 } K 1 {K 1 ,A} pk(mix) , {r 2 ,M’} K 2 Response MIX Secrecy without authentication (good for an online confession service J ) 12/6/17 CSE 484 / CSE M 584 - Spring 2017 17

  18. Mix Cascades and Mixnets • Messages are sent through a sequence of mixes • Can also form an arbitrary network of mixes ( “ mixnet ” ) • Some of the mixes may be controlled by attacker, but even a single good mix ensures anonymity • Pad and buffer traffic to foil correlation attacks 12/6/17 CSE 484 / CSE M 584 - Spring 2017 18

  19. Disadvantages of Basic Mixnets • Public-key encryption and decryption at each mix are computationally expensive • Basic mixnets have high latency – OK for email, not OK for anonymous Web browsing • Challenge: low-latency anonymity network 12/6/17 CSE 484 / CSE M 584 - Spring 2017 19

  20. Another Idea: Randomized Routing • Hide message source by routing it randomly – Popular technique: Crowds, Freenet, Onion routing • Routers don’t know for sure if the apparent source of a message is the true sender or another router 12/6/17 CSE 484 / CSE M 584 - Spring 2017 20

  21. [Reed, Syverson, Goldschlag 1997] Onion Routing R R R 4 R R 3 R R 1 R R 2 Alice R Bob • Sender chooses a random sequence of routers • Some routers are honest, some controlled by attacker • Sender controls the length of the path 12/6/17 CSE 484 / CSE M 584 - Spring 2017 21

  22. Route Establishment R 2 R 4 Alice R 3 Bob R 1 {M} pk(B) {B,k 4 } pk(R4) ,{ } k4 {R 4 ,k 3 } pk(R3) ,{ } k3 {R 3 ,k 2 } pk(R2) ,{ } k2 {R 2 ,k 1 } pk(R1) ,{ } k1 • Routing info for each link encrypted with router’s public key • Each router learns only the identity of the next router 12/6/17 CSE 484 / CSE M 584 - Spring 2017 22

  23. Tor • Second-generation onion routing network – http://tor.eff.org – Developed by Roger Dingledine, Nick Mathewson and Paul Syverson – Specifically designed for low-latency anonymous Internet communications • Running since October 2003 • “Easy-to-use” client proxy – Freely available, can use it for anonymous browsing 12/6/17 CSE 484 / CSE M 584 - Spring 2017 23

  24. Tor Circuit Setup (1) • Client proxy establishes a symmetric session key and circuit with Onion Router #1 12/6/17 CSE 484 / CSE M 584 - Spring 2017 24

  25. Tor Circuit Setup (2) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #2 – Tunnel through Onion Router #1 12/6/17 CSE 484 / CSE M 584 - Spring 2017 25

  26. Tor Circuit Setup (3) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #3 – Tunnel through Onion Routers #1 and #2 12/6/17 CSE 484 / CSE M 584 - Spring 2017 26

  27. Using a Tor Circuit • Client applications connect and communicate over the established Tor circuit. 12/6/17 CSE 484 / CSE M 584 - Spring 2017 27

  28. Tor Management Issues • Many applications can share one circuit – Multiple TCP streams over one anonymous connection • Tor router doesn’t need root privileges – Encourages people to set up their own routers – More participants = better anonymity for everyone • Directory servers – Maintain lists of active onion routers, their locations, current public keys, etc. – Control how new routers join the network • “Sybil attack”: attacker creates a large number of routers – Directory servers’ keys ship with Tor code 12/6/17 CSE 484 / CSE M 584 - Spring 2017 28

  29. Location Hidden Service • Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it • Accessible from anywhere • Resistant to censorship • Can survive a full-blown DoS attack • Resistant to physical attack – Can’t find the physical server! 12/6/17 CSE 484 / CSE M 584 - Spring 2017 29

  30. Creating a Location Hidden Server Server creates circuits To “introduction points” Client obtains service descriptor and intro point address from directory Server gives intro points ’ descriptors and addresses to service lookup directory 12/6/17 CSE 484 / CSE M 584 - Spring 2017 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh | Shinyoung Cho | Phillipa Gill Stony Brook University 1 Anonymity on the Internet Tor Network 2 Anonymity on the Internet Does not know the source

261 views • 15 slides
Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith

Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith

CyLab Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818:

467 views • 46 slides
for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

Anonymity Trilemma not all is lost for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 Universitaet zu Luebeck Anonymous Communication (AC) Networks

449 views • 21 slides
Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb 2011 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how

926 views • 51 slides
Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March 30, 2006 Outline Anonymity 1 Anonymity with identity escrow 2 Marshall and Molina-Jiminez protocol 3 Our protocol 4 Verification in

567 views • 20 slides
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of AT&T Labs (August, 1997) Presenter: Craig Bergstrom Overview The Problem At Hand How Crowds Works Levels and Types of Anonymity &

326 views • 19 slides
Stuttering modification with the young stuttering child - additional slides Peter Schneider

Stuttering modification with the young stuttering child - additional slides Peter Schneider

Stuttering modification with the young stuttering child - additional slides Peter Schneider Schule fr Logopdie am Uniklinikum der RWTH Aachen, Germany Veerle Waelkens Artevelde Hogeschool, Ghent, Belgium ECSF Presymposium Workshop

363 views • 12 slides
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2,

Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2,

Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 oday Goals For T State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored Adversaries Anonymous

974 views • 58 slides
How your native language shapes your world Daniel Rozenberg Sapir-Whorf hypothesis The principle

How your native language shapes your world Daniel Rozenberg Sapir-Whorf hypothesis The principle

How your native language shapes your world Daniel Rozenberg Sapir-Whorf hypothesis The principle of linguistic relativity (colloquially known as the Sapir-Whorf hypothesis) holds that the structure of a language affects the ways in which its

491 views • 28 slides
MLE/MAP + Nave Bayes MLE / MAP Readings: Nave Bayes Readings: Matt Gormley

MLE/MAP + Nave Bayes MLE / MAP Readings: Nave Bayes Readings: Matt Gormley

10-601 Introduction to Machine Learning Machine Learning Department School of Computer Science Carnegie Mellon University MLE/MAP + Nave Bayes MLE / MAP Readings: Nave Bayes Readings: Matt

891 views • 44 slides
Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi

Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi

CS 642: Computer Security and Privacy Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi Roesner Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

881 views • 29 slides
Security II: Security Strikes Back 15-441/641 Spring 2019 Profs Peter Steenkiste & Justine

Security II: Security Strikes Back 15-441/641 Spring 2019 Profs Peter Steenkiste & Justine

Security II: Security Strikes Back 15-441/641 Spring 2019 Profs Peter Steenkiste & Justine Sherry Cryptography Overview Symmetric Asymmetric One-Time Pad Encrypt w/ Public Key Stream Ciphers Confidentiality Block Ciphers Message

620 views • 35 slides
CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San

CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San

CS 683 - Security and Privacy Spring 2018 Instructor: Karim Eldefrawy University of San Francisco http://www.cs.usfca.edu/~keldefrawy/teaching /spring2018/cs683/cs683_main.htm (https://goo.gl/t396Fw) 1 Privacy cy and Anonymity 2 Privacy

883 views • 86 slides
DCS/CSCI 2350: Social & Economic Networks WWW: Information Networks Chapters 13, 14

DCS/CSCI 2350: Social & Economic Networks WWW: Information Networks Chapters 13, 14

4/25/18 DCS/CSCI 2350: Social & Economic Networks WWW: Information Networks Chapters 13, 14 Mohammad T . Irfan Questions 1. What does the web look like? [Ch 13] 2. How does Google search it? [Ch 14] 1 4/25/18 Information network u

349 views • 17 slides

More recommend