asymmetric message franking
play

Asymmetric Message Franking Content Moderation for Metadata-Private - PowerPoint PPT Presentation

Dec 01, 2023 •239 likes •1k views

Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan Tyagi Paul Grubbs Julia Len Ian Miers Tom Ristenpart CRYPTO 2019 1 Setting: End-to-end encrypted messaging Hello From: Alice To: Bob

  1. Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan Tyagi Paul Grubbs Julia Len Ian Miers Tom Ristenpart CRYPTO 2019 1

  2. Setting: End-to-end encrypted messaging Hello From: Alice To: Bob Alice Bob Platform 2

  3. Setting: End-to-end encrypted messaging - Confidentiality and Integrity Hello From: Alice To: Bob Alice Bob Platform 3

  4. Setting: End-to-end encrypted messaging “Public” - Confidentiality and Integrity - Deniability Hello - Alice Hello From: Alice To: Bob Alice Bob Platform [OTR BGB ’04], [Signal X3DH ’16] 4

  5. Setting: End-to-end encrypted messaging - Confidentiality and Integrity - Deniability - Metadata privacy From: ? ? To: Alice Bob Platform 5 [Dissent OSDI’12], [Riposte S&P’15], [Vuvuzela SOSP’15], [Pung OSDI’16] . . .

  6. Setting: End-to-end encrypted messaging - Confidentiality and Integrity - Deniability - Metadata privacy From: ? To: Bob Alice Bob Platform 6 [Dissent OSDI’12], [Riposte S&P’15], [Vuvuzela SOSP’15], [Pung OSDI’16] . . .

  7. What about abuse? From: ? To: Bob Alice Bob Platform 7

  8. What about abuse? $#@%! From: ? To: Bob Alice Bob Platform 8

  9. What about abuse? Online bully Abusive partner Spammer Misinformation $#@%! From: ? To: Bob Alice Bob Platform 9

  10. What about abuse? Moderator Online bully $#@%! Abusive partner Spammer Misinformation $#@%! From: ? To: Bob Alice Bob Platform 10

  11. What about abuse? Moderation is a big priority: Facebook employs ≈15K content moderators* Moderator Online bully $#@%! Abusive partner Spammer Misinformation $#@%! From: ? To: Bob Alice Bob Platform 11 * “The secret lives of Facebook moderators in America” [The Verge 2019]

  12. What about abuse? Moderation is a big priority: Facebook employs ≈15K content moderators* Moderator Online bully $#@%! Abusive partner ? ? Spammer Misinformation Privacy complicates abuse moderation! $#@%! From: ? To: Bob Alice Bob Platform 12 * “The secret lives of Facebook moderators in America” [The Verge 2019]

  13. What about abuse? Moderation is a big priority: Facebook employs ≈15K content moderators* Moderator Online bully $#@%! Abusive partner ? ? Spammer Misinformation Privacy complicates abuse moderation! $#@%! Can we balance need for accountability via moderation From: ? To: Bob with privacy goals? Alice Bob Platform 13 * “The secret lives of Facebook moderators in America” [The Verge 2019]

  14. Our contributions Asymmetric Message Franking (AMF) : a new cryptographic ● primitive for content moderation Metadata-privacy : message sender and/or recipient identities ○ hidden Third-party moderation : moderator decoupled from ○ message-delivery platform Formal accountability and deniability security notions for content ● moderation Construction inspired by “designated-verifier” signatures ● Implementation and proof-of-concept deployment ● [TGLMR CRYPTO’19] 14

  15. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption 15

  16. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Moderator m Alice Bob From: Alice To: Bob Platform 16

  17. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Symmetric encryption Moderator following key agreement [Signal X3DH ‘16] m Alice Bob From: Alice To: Bob Platform 17

  18. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Moderator m Identities authenticated by platform Alice Bob From: Alice To: Bob Platform 18

  19. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Moderator m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 19

  20. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Moderator k m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 20

  21. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) Alice sent Bob m Moderator k m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 21

  22. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) Alice sent Bob m Moderator k m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 22

  23. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) Alice sent Bob m Moderator k m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 23

  24. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) ? sent Bob m Moderator k m Alice Bob From: ? To: Bob Platform ? , Bob, ct 24

  25. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) ? sent Bob m Moderator k m Alice Bob From: ? To: Bob Platform ? , Bob, ct 25

  26. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m , Alice = Dec k ( ct) Alice sent Bob m Can we patch by including Alice’s identity in commitment? Moderator k m , Alice Alice Bob From: ? To: Bob Platform ? , Bob, ct 26

  27. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m , Alice = Dec k ( ct) Alice sent Bob m Can we patch by including Alice’s identity in commitment? Moderator k m , Alice Charlie Bob From: ? To: Bob Platform ? , Bob, ct 27

  28. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m , Alice = Dec k ( ct) Alice sent Bob m Can we patch by including Alice’s identity in commitment? Moderator k m , Alice Charlie Bob Core problem: Alice’s identity not cryptographically From: ? To: Bob bound to message content Platform ? , Bob, ct 28

  29. AMFs: High level idea Specialized digital signature scheme that provides: - Accountability - Deniability 29

  30. AMFs: High level idea Specialized digital signature scheme that provides: - Accountability - Deniability Moderator Alice Bob ? From: ? To: Platform 30

  31. AMFs: High level idea Specialized digital signature scheme that provides: - Accountability - Deniability Moderator m , σ m , σ Alice Bob ? From: ? sk A , pk A To: σ = Sign( sk A , m ) Platform 31

  32. AMFs: High level idea Specialized digital signature scheme that provides: - Accountability Standard digital signatures provide - Deniability accountability …but not deniability Verify( pk A , m , σ ) Moderator m , σ m , σ Alice Bob ? From: ? sk A , pk A To: σ = Sign( sk A , m ) Platform 32

  33. AMFs: High level idea “Public” Specialized digital signature scheme that provides: - Accountability Standard digital signatures provide - Deniability accountability …but not deniability Verify( pk A , m , σ ) Moderator m , σ m , σ Alice Bob ? From: ? sk A , pk A To: σ = Sign( sk A , m ) Platform 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fast Message Franking: From Invisible Salamanders to Encryptment Yevgeniy Dodis, Paul Grubbs ,

Fast Message Franking: From Invisible Salamanders to Encryptment Yevgeniy Dodis, Paul Grubbs ,

Fast Message Franking: From Invisible Salamanders to Encryptment Yevgeniy Dodis, Paul Grubbs , Thomas Ristenpart, Joanne Woodage End-to-end encrypted messaging Message Message Authenticated Authenticated Encryption Encryption Service

546 views • 36 slides
Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y:

Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y:

Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y: Ravi V vi Vor ora 26 Ma May 2 y 2018 ROMPEX, OMPEX, DEN ENVER VER. C . COL OLOR ORADO O ORGANIZATION AROUND THE WORLD VIA INDIA

584 views • 31 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

Message Authentication CPE 542: CRYPTOGRAPHY & NETWORK SECURITY message authentication is concerned with: protecting the integrity of a message Chapter 11 Message Authentication and validating identity of originator Hash

462 views • 6 slides
Overview What is an Asymmetric Barrier? Median barrier with unbalanced roadway elevations

Overview What is an Asymmetric Barrier? Median barrier with unbalanced roadway elevations

Asymmetric Barrier Design 2/16/2017 Asymmetric Barriers Pete White, PE Systems Assessment Manager - Greenfield, INDOT February 16, 2017 Overview What is an Asymmetric Barrier? Median barrier with unbalanced roadway elevations

706 views • 19 slides
Asymmetric Graphical Models Guy Van den Broeck and Mathias Niepert Jan 28, 2015, AAAI Take-Away

Asymmetric Graphical Models Guy Van den Broeck and Mathias Niepert Jan 28, 2015, AAAI Take-Away

Lifted Probabilistic Inference for Asymmetric Graphical Models Guy Van den Broeck and Mathias Niepert Jan 28, 2015, AAAI Take-Away Message Two problems: 1. Lifted inference gives exponential speedups in symmetric graphical models. But what

807 views • 16 slides
Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical

Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical

Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical aspect of successful advocacy is the ability to create and deliver a message. While your passion matters greatly, your coalitions make the work

487 views • 15 slides
Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies,

Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies,

Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies, a message is defined as information conveyed by words (in speech or writing), and/or other signs and symbols. A message (verbal or nonverbal, or

485 views • 17 slides
GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message

GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message

National Taiwan University Department of Computer Science and Information Engineering GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message Service Phone Lin Phone Lin Ph.D. Ph.D. Email:

360 views • 13 slides
ping Program ICMP Message Format Available at /usr/sbin/ping Test whether another host is

ping Program ICMP Message Format Available at /usr/sbin/ping Test whether another host is

ICMP Internet Control Message Protocol ICMP is a protocol used for exchanging control messages. CSCE 515: Two main categories Query message Computer Network Error message Programming Usage of an ICMP message is determined by

473 views • 10 slides
Message integrity Message Auth. Codes Dan Boneh Message

Message integrity Message Auth. Codes Dan Boneh Message

Online Cryptography Course

556 views • 52 slides
Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header

Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header

Structure of HTTP Messages Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt CRLF [ message-body ] Universitt Karlsruhe start-line =

289 views • 12 slides
MPI - Message Passing Interface MPI is the mostly used message passing-standard By

MPI - Message Passing Interface MPI is the mostly used message passing-standard By

MPI - Message Passing Interface MPI is the mostly used message passing-standard By using MPI you obtain portable programs MPI is based on earlier message passing libraries Lecture 7: NX, MPL, PVM, P4, TCGMSH, PARMACS, ...

360 views • 9 slides
Message Passing Concepts Message Passing Model The message passing model is based on the

Message Passing Concepts Message Passing Model The message passing model is based on the

Message Passing Concepts Message Passing Model The message passing model is based on the notion of processes can think of a process as an instance of a running program, together with the programs data In the message passing model,

601 views • 16 slides
GIVING A PRESENTATION The Core structure Introduction Message 1 Message 2 Message 3

GIVING A PRESENTATION The Core structure Introduction Message 1 Message 2 Message 3

GIVING A PRESENTATION The Core structure Introduction Message 1 Message 2 Message 3 Conclusion INTRODUCTION Introduce yourself Summary of the messages USEFUL PHRASES: USEFUL PHRASES: Good morning/afternoon everyone. Im

772 views • 8 slides
What was your message? what were you trying to achieve, your goal? what was your core message?

What was your message? what were you trying to achieve, your goal? what was your core message?

PRESENTATION TO CHILDREN YOUTH AND FAMILIES FORUM FOR YR IN MAY 2011 AT THEIR ADVOCACY PLANNING DAY I PRESENTED OUR AAA PROJECT AT THAT TIME. What was your message? what were you trying to achieve, your goal? what was your core message?

193 views • 5 slides
SML Modules and Abstract Data Types (ADTs) Hiding implementa-on details is the most important

SML Modules and Abstract Data Types (ADTs) Hiding implementa-on details is the most important

Overview of Modules and ADTs SML Modules and Abstract Data Types (ADTs) Hiding implementa-on details is the most important strategy for wriCng correct, robust, reusable soEware. Topics: These slides are lightly edited versions of Ben Woods

442 views • 8 slides
Sublinear Algorithms Lecture 6 Sofya Raskhodnikova Penn State University Thanks to Madhav Jha

Sublinear Algorithms Lecture 6 Sofya Raskhodnikova Penn State University Thanks to Madhav Jha

Sublinear Algorithms Lecture 6 Sofya Raskhodnikova Penn State University Thanks to Madhav Jha (Penn State) for help with creating these slides. 1 Communication Complexity A Method for Proving Lower Bounds [Blais Brody Matulef 11 ] Use known

551 views • 27 slides
Store, Forget & Check: Using Algebraic Signatures to Check Remotely Administered Storage

Store, Forget & Check: Using Algebraic Signatures to Check Remotely Administered Storage

Store, Forget & Check: Using Algebraic Signatures to Check Remotely Administered Storage Ethan L. Miller & Thomas J. E. Schwarz Storage Systems Research Center University of California, Santa Cruz Whats the problem? Systems

759 views • 44 slides
Short-term Linkable Group Signatures with Categorized Batch Verification Lukas Malina 1 , Jordi

Short-term Linkable Group Signatures with Categorized Batch Verification Lukas Malina 1 , Jordi

Short-term Linkable Group Signatures with Categorized Batch Verification Lukas Malina 1 , Jordi Castella-Roc` a 2 , Arnau Vives-Guasch 2 , Jan Hajny 1 1 Department of Telecommunications Faculty of Electrical Engineering and Communication Brno

432 views • 20 slides
From Declarative Signatures to Misuse IDS 4th International Symposium on Recent Advances in

From Declarative Signatures to Misuse IDS 4th International Symposium on Recent Advances in

From Declarative Signatures to Misuse IDS 4th International Symposium on Recent Advances in Intrusion Detection (RAID'01) October 10-12, 2001 - Davis, CA, USA Jean-Philippe P OUZOL Mireille D UCASS IRISA / INSA de Rennes (France)

412 views • 24 slides
Robotic Arm Motion for Verifying Signatures Moises Diaz 1 Miguel A. Ferrer 2 Jose J. Quintana 2 1

Robotic Arm Motion for Verifying Signatures Moises Diaz 1 Miguel A. Ferrer 2 Jose J. Quintana 2 1

Introduction VSA Robotic features Results Conclusions Robotic Arm Motion for Verifying Signatures Moises Diaz 1 Miguel A. Ferrer 2 Jose J. Quintana 2 1 Universidad del Atlantico Medio, Spain 2 Instituto para el Desarrollo Tecnolgico y la

364 views • 25 slides
Multivariate Cryptography Part 2: UOV and Rainbow Albrecht Petzoldt PQCrypto Summer School 2017

Multivariate Cryptography Part 2: UOV and Rainbow Albrecht Petzoldt PQCrypto Summer School 2017

Multivariate Cryptography Part 2: UOV and Rainbow Albrecht Petzoldt PQCrypto Summer School 2017 Eindhoven, Netherlands Tuesday, 20.06.2017 A. Petzoldt Multivariate Cryptography PQCrypto Summer School 1 / 34 Oil-Vinegar Polynomials [Pa97]

677 views • 34 slides
Cryptographic Engineering An example of post-quantum crypto Radboud University, Nijmegen, The

Cryptographic Engineering An example of post-quantum crypto Radboud University, Nijmegen, The

Cryptographic Engineering An example of post-quantum crypto Radboud University, Nijmegen, The Netherlands Spring 2015 Crypto today Ephemeral ECDH on 256 -bit curve to compute shared key Use EdDSA signatures for public-key

1.43k views • 109 slides

More recommend