but quite a lot is
play

but quite a lot is. Coordination among users can help with - PowerPoint PPT Presentation

Feb 02, 2023 •106 likes •551 views

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

  1. Not all is lost for anonymity – but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1

  2. Sender Anonymity (AnoA definition) Alice Eve Pr[ Eve:“Alice”| Alice sends message] Bob ≤ Pr[ Eve:“Alice”| Bob sends message] + δ ( η ) 2

  3. Sender Anonymity (AnoA definition) Alice Eve Pr[ Eve:“Alice”| Alice sends message] Bob ≤ Pr[ Eve:“Alice”| Bob sends message] + δ ( η ) strong: δ ( η) ≤ negl( η ) 2

  4. Sender Anonymity (AnoA definition) Alice Eve Pr[ Eve:“Alice”| Alice sends message] Bob ≤ Pr[ Eve:“Alice”| Bob sends message] + δ ( η ) strong: δ ( η) ≤ negl( η ) 2

  5. Anonymity Trilemma • Q1: Can we achieve strong strong anonymity anonymity without introducing large latency or bandwidth overhead? low latency low bandwidth overhead overhead 3

  6. Anonymity Trilemma • Q1: Can we achieve strong strong anonymity anonymity without introducing large latency or bandwidth overhead? - NO. low latency low bandwidth overhead overhead 3

  7. Anonymity Trilemma • Q1: Can we achieve strong strong anonymity anonymity without introducing large latency or bandwidth overhead? - NO. low latency low bandwidth overhead overhead Low = constant( η ) 3

  8. Anonymity Trilemma • Q1: Can we achieve strong strong anonymity anonymity without introducing large latency or bandwidth overhead? - NO. low latency low bandwidth overhead IEEE S&P 2018 overhead Low = constant( η ) 3

  9. Outline ❖ Prior Results on Anonymity Trilemma ❖ How coordination among users can help anonymity ❖ New impossibility results for anonymity ❖ Future direction of anonymity communication protocols 4

  10. Bandwidth Overhead and Latency Overhead • We consider one communication round as one time unit. • Latency overhead l is the number of rounds a message can be delayed by the protocol before being delivered. S R Latency overhead l = 4 Bandwidth overhead β = 2 • Bandwidth overhead β is the number of noise messages per user per round, i.e., the dummy message rate. 5

  11. Prior Results for mix-nets (including onion routing) • When users send messages at bandwidth β a rate of p’ per user per round, To achieve strong anonymity: δ = negl( η ) 2 l (β+p ’ ) ≥ 1 2 l (β+p ’ ) = 1 latency l 6

  12. When Adversary can compromise c protocol parties bandwidth β • to achieve strong anonymity: 2( l −c)β ≥ 1 when c>0 l > θ(1) - 2( l −c)β ≥ 1, when l > c . - 2 l (β+p ’ ) = 1 l in θ(1) latency l 7

  13. When Adversary can compromise c protocol parties bandwidth β • to achieve strong anonymity: 2( l −c)β ≥ 1 when c>0 l > θ(1) - 2( l −c)β ≥ 1, when l > c . - 2 l (β+p ’ ) = 1 l in θ(1) latency l 7

  14. Is it impossible to achieve strong anonymity with constant latency overhead, when c>0 ? 8

  15. Is it impossible to achieve strong anonymity with constant latency overhead, when c>0 ? - NO. - Example: DC-net with user coordination . 8

  16. Is it impossible to achieve strong anonymity with constant latency overhead, when c>0 ? - NO. - Example: DC-net with user coordination . Our earlier protocol model did not assume any out-of-band user coordination. 8

  17. DC-net type protocols – user coordination • Eve cannot point to a single packet to say Charlie the real message is only inside this packet. • Another naïve way is to secret share the Bob real message among several parties. Eve • Can provide strong anonymity even with constant latency. Alice Eve can retrieves the actual message only after combining all three packets. 9

  18. DC-net type protocols – user coordination • Eve cannot point to a single packet to say Charlie the real message is only inside this packet. • Another naïve way is to secret share the Bob real message among several parties. Eve • Can provide strong anonymity even with constant latency. Alice Eve can retrieves the actual message only after combining all three packets. Issue: these protocols use very high bandwidth overhead. The overhead (number of dummy messages) per real message, B > (N-1), N = total users. 9

  19. Protocols beyond mix-nets – hybrid protocols Debo Charlie 3 2 Eve 1 Bob Alice 10

  20. Protocols beyond mix-nets – hybrid protocols Debo Charlie 3 2 Eve 1 Bob Alice Bob and Charlie send shares for Alice’s message, with some pre-setup, without Alice communicating to them. 10

  21. Protocols beyond mix-nets – hybrid protocols Debo Charlie 3 2 Eve 1 Bob Eve can retrieves the actual message only after combining all three packets. Alice Bob and Charlie send shares for Alice’s message, with some pre-setup, without Alice communicating to them. 10

  22. Assumptions on the protocols Charlie Eve1 3 1 Bob Eve2 2 Alice 11

  23. Assumptions on the protocols Charlie Eve1 3 1 Bob Eve2 2 Alice 11

  24. Assumptions on the protocols Charlie Eve1 3 1 Bob Eve2 2 Alice Assumption 1: One packet does not take part in the reconstruction of two separate messages. 11

  25. Assumptions on the protocols Eve 3 1 Bob 2 Alice 12

  26. Assumptions on the protocols Eve 3 1 Bob 2 Alice Assumption 2: Oblivious swapping is not possible. 12

  27. Assumptions on the protocols Eve 3 1 Bob 2 Alice Assumption 2: Oblivious swapping is not possible. 12

  28. Necessary Invariant for Anonymity Alice Bob Bob after (r- l ) Bob at time r r- l r t 1 t 2 Protocol t 0 Eve at time t 0 Alice For anonymity we need: • Bob sends at least one message within the time slice [r- l , r). 13

  29. Necessary Invariant for Anonymity Alice Bob Bob after (r- l ) Bob at time r r- l r t 1 t 2 Protocol t 0 Eve at time t 0 Alice For anonymity we need: • Bob sends at least one message within the time slice [r- l , r). 13

  30. Necessary Invariant for Anonymity Alice Bob Bob after (r- l ) Bob at time r r- l r t 1 t 2 Protocol t 0 Eve at time t 0 Alice For anonymity we need: • Bob sends at least one message within the time slice [r- l , r). • At least one of the packets helping the message from Alice meets a message from Bob at an honest node. 13

  31. Results are same when no parties are compromised bandwidth β • To achieve strong anonymity: δ = negl( η ) 2 l (β+p ’ ) ≥ 1 2 l (β+p ’ ) = 1 latency l 14

  32. Results are same when no parties are compromised bandwidth β • To achieve strong anonymity: δ = negl( η ) 2 l (β+p ’ ) ≥ 1 2 l (β+p ’ ) = 1 latency l The basic trilemma still holds, except l =0. 14

  33. Quantum of Solace: when protocol parties are compromised 15

  34. Quantum of Solace: when protocol parties are compromised • If strong anonymity is not required, user coordination could allow better anonymity. 15

  35. Quantum of Solace: when protocol parties are compromised • If strong anonymity is not required, user coordination could allow better anonymity. • Better resistance against compromization. 15

  36. Quantum of Solace: when protocol parties are compromised • If strong anonymity is not required, user coordination could allow better anonymity. • Better resistance against compromization. 2 l (β+p ’ ) = 1 latency l 15

  37. Quantum of Solace: when protocol parties are compromised 2( l −c)β ≥ 1 when c>0 • If strong anonymity is not required, user coordination could allow better anonymity. • Better resistance against compromization. 2 l (β+p ’ ) = 1 latency l 15

  38. Quantum of Solace: when protocol parties are compromised 2( l −c)β ≥ 1 when c>0 • If strong anonymity is not required, user coordination could allow better anonymity. • Better resistance against compromization. 2 l (β+p ’ ) = 1 latency l 15

  39. Effect of coordination: resistance against compromised protocol parties K: total number of intermediate protocol parties (routers/nodes), c: total number of compromised parties out of K parties, p: the probability that a user sends a message in a round, η: security parameter, l : latency overhead 16

  40. Takeaways bandwidth β • Our work points protocol designers to focus on hybrid protocols, to at least achieve resistance against compromization. • Still we can not do better than the limit specified by the trilemma: 2 l (β+p ’ ) ≥ 1. • If a protocol achieves strong anonymity 2 l (β+p ’ ) = 1 for 2 l (β+p ’ ) = 1, then that will be the when c>0 optimal ACN. latency l 17

  41. Leap of faith: bandwidth β Challenge: Achieve oblivious swapping at a dishonest node. when c>0 2 l (β+p ’ ) = 1 latency l 18

  42. Leap of faith: bandwidth β Challenge: Achieve oblivious swapping at a dishonest node. when c>0 Still strong anonymity will be impossible for 2 l (β+p ’ ) = 1 2 l (β+p ’ ) < 1 latency l 18

  43. A New Hope: Challenge 2: Break Assumption 1. If a protocol can use a secret sharing scheme that generates w < k*n shares for n messages such that k shares are sufficient to reconstruct all the n messages correctly, without using any trusted third party, with a communication of O(n) and constant latency overhead, that protocol can break anonymity trilemma. 19

  44. http://bit.ly/AnonymityTrilemma Thank you. ☺ @tutaidas das48@purdue.edu 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Latency-Driven Replica Placement Michal Szymaniak Guillaume Pierre Maarten

Latency-Driven Replica Placement Michal Szymaniak Guillaume Pierre Maarten

Latency-Driven Replica Placement Michal Szymaniak Guillaume Pierre Maarten van Steen Vrije Universiteit Amsterdam The Netherlands {michal,gpierre,steen}@cs.vu.nl Problem Description Large distributed system

376 views • 14 slides
Latency and Throughput Latency (of task): Time elapsed between start of the task and

Latency and Throughput Latency (of task): Time elapsed between start of the task and

Latency and Throughput Latency (of task): Time elapsed between start of the task and and its finish Example : Travel from Houston to NY Takeoff to Landing Arrival at Airport to Baggage pickup Leave for Airport to Arrival at

506 views • 12 slides
Using Friendly Tail Bounds for Sums of Random Matrices Joel A. Tropp Computing +

Using Friendly Tail Bounds for Sums of Random Matrices Joel A. Tropp Computing +

Using Friendly Tail Bounds for Sums of Random Matrices Joel A. Tropp Computing + Mathematical Sciences California Institute of Technology jtropp@cms.caltech.edu Research supported in part by NSF, DARPA, ONR, and AFOSR 1 . Matrix .

726 views • 26 slides
Regular expressions as types: Bit-coded regular expression parsing Fritz Henglein Department of

Regular expressions as types: Bit-coded regular expression parsing Fritz Henglein Department of

Regular expressions as types: Bit-coded regular expression parsing Fritz Henglein Department of Computer Science University of Copenhagen Email: henglein@diku.dk WG 2.8 Meeting, Marble Falls, 2011-03-07 Joint work with Lasse Nielsen, DIKU

987 views • 37 slides
Latency_nice Implementation and Use-case for Scheduler Optimization Parth Shah

Latency_nice Implementation and Use-case for Scheduler Optimization Parth Shah

Latency_nice Implementation and Use-case for Scheduler Optimization Parth Shah &lt;parth@linux.ibm.com&gt; IBM Chris Hyser &lt;chris.hyser@oracle.com&gt; Oracle Dietmar Eggemann &lt;dietmar.eggemann@arm.com&gt; Arm Agenda Design &amp;

541 views • 20 slides
Latency: the #1 metric of your cloud Boyan Krosnov Chief of Product Cloud architect

Latency: the #1 metric of your cloud Boyan Krosnov Chief of Product Cloud architect

Latency: the #1 metric of your cloud Boyan Krosnov Chief of Product Cloud architect &quot;External technology&quot; Previously service providers, networks, packet processing (SDN) Algorithms &amp; data structures 2 StorPool

744 views • 28 slides
Front End Digitization of tRPCs in the ATLAS Muon Spectrometer Phase-I Upgrade X.T. Meng 1,2 1

Front End Digitization of tRPCs in the ATLAS Muon Spectrometer Phase-I Upgrade X.T. Meng 1,2 1

Front End Digitization of tRPCs in the ATLAS Muon Spectrometer Phase-I Upgrade X.T. Meng 1,2 1 University of Michigan, US 2 Lanzhou University, P.R. China 1 Outlines Introduction of the Front End Signal Digitization- High Performance Time to

368 views • 18 slides
Architecting a Low-Latency Schemaless SQL Engine Igor Canadi, Rockset About Rockset Igor

Architecting a Low-Latency Schemaless SQL Engine Igor Canadi, Rockset About Rockset Igor

Architecting a Low-Latency Schemaless SQL Engine Igor Canadi, Rockset About Rockset Igor Search and analytics engine Rockset Enables data-driven Facebook applications RocksDB GraphQL 2 Overview Hardware and people

850 views • 52 slides
Demystifying the Real-Time Linux Scheduling Latency Daniel Bristot de Oliveira , Daniel Casini,

Demystifying the Real-Time Linux Scheduling Latency Daniel Bristot de Oliveira , Daniel Casini,

Demystifying the Real-Time Linux Scheduling Latency Daniel Bristot de Oliveira , Daniel Casini, Rmulo Silva de Oliveira and Tommaso Cucinotta Principal Software Engineer 1 Demystifying The Real-Time Linux Scheduling Latency - 32 nd Euromicro

461 views • 31 slides
Welcome! This event will start shortly. In the meantime, visit us at OhioFamiliesEngage.osu.edu

Welcome! This event will start shortly. In the meantime, visit us at OhioFamiliesEngage.osu.edu

Welcome! This event will start shortly. In the meantime, visit us at OhioFamiliesEngage.osu.edu We all work together to launch student success! Partnerships for Literacy Engaging Families to Launch Early Literacy Ohio Family Engagement

621 views • 15 slides
Cyber OverVue Product Launch What We Deliver Data Solutions Web Connectivity One of the

Cyber OverVue Product Launch What We Deliver Data Solutions Web Connectivity One of the

Cyber OverVue Product Launch What We Deliver Data Solutions Web Connectivity One of the largest curated P&amp;C System agnostic messaging commercial &amp; specialty and technical solutions to datasets the global insurance market

448 views • 16 slides
Kick-star*ng Kanban ( KB101) Rick Simmons

Kick-star*ng Kanban ( KB101) Rick Simmons

Kick-star*ng Kanban ( KB101) Rick Simmons rsimmons@rallydev.com Twi=er @simmons3k Created by Rick Simmons rsimmons@rallydev.com This work is licensed under

614 views • 30 slides
Making the Jump : A Step-By-Step Guide On How to Launch Your Law Firm Valerie Barnhart, Esq. A

Making the Jump : A Step-By-Step Guide On How to Launch Your Law Firm Valerie Barnhart, Esq. A

Making the Jump : A Step-By-Step Guide On How to Launch Your Law Firm Valerie Barnhart, Esq. A Florida Bar LegalFuel Speaker Series Step 1 : Choosing an Entity Which One Is Right for You? There are many types of entities to choose from when

631 views • 29 slides
Low Cost Launch- -on on- -Shift Shift Low Cost Launch Delay Test with Slow Scan Delay Test

Low Cost Launch- -on on- -Shift Shift Low Cost Launch Delay Test with Slow Scan Delay Test

Low Cost Launch- -on on- -Shift Shift Low Cost Launch Delay Test with Slow Scan Delay Test with Slow Scan Enable (ETS06) Enable (ETS06) Gefu Xu Xu Gefu Adit D. Singh D. Singh Adit Auburn University Auburn University Outline

931 views • 17 slides
E50 Awards Launch Live Webinar Monday, 27 July 2020 3.00pm 4.00pm EXTRAORDINARY TIMES,

E50 Awards Launch Live Webinar Monday, 27 July 2020 3.00pm 4.00pm EXTRAORDINARY TIMES,

E50 Awards Launch Live Webinar Monday, 27 July 2020 3.00pm 4.00pm EXTRAORDINARY TIMES, EXCEPTIONAL RESILIENCE 2 SPEAKERS Wong Wei Kong David Chiem Jonathan Ho Editor, Founder CEO Partner, The Business Times and &amp; Executive

420 views • 16 slides
Portrait of a Graduate: District Launch Meeting March 12, 2020 INTRODUCTIONS Name, role,

Portrait of a Graduate: District Launch Meeting March 12, 2020 INTRODUCTIONS Name, role,

Portrait of a Graduate: District Launch Meeting March 12, 2020 INTRODUCTIONS Name, role, school. What is one skill you believe all CREC graduates should demonstrate upon graduation in order to be successful in the next step of their

467 views • 34 slides
The 4 Essential Elements for Launching Transformative &amp; Lucrative Online Courses with Chris

The 4 Essential Elements for Launching Transformative &amp; Lucrative Online Courses with Chris

The 4 Essential Elements for Launching Transformative &amp; Lucrative Online Courses with Chris Kyle, Founder of Launch Academy LETS HEAR FROM YOU 2 Questions for You Q#1: What is YOUR primary reason for wanting to create and launch

1.43k views • 67 slides
Using Great Circles to Understand Motion on a Rotating Sphere David H. McIntyre Oregon State

Using Great Circles to Understand Motion on a Rotating Sphere David H. McIntyre Oregon State

Using Great Circles to Understand Motion on a Rotating Sphere David H. McIntyre Oregon State University Department of Physics NSF - Paradigms Tevian Dray, Janet Tate, Rubin Landau 1 Rotating reference frames d r = d r + r

334 views • 17 slides
Contents Introduction ZHT Enhancement for SLURM++ Compare and Swap Resource

Contents Introduction ZHT Enhancement for SLURM++ Compare and Swap Resource

MATRIX:DJLSYS EXPLORING RESOURCE ALLOCATION TECHNIQUES FOR DISTRIBUTED JOB LAUNCH UNDER HIGH SYSTEM UTILIZATION XIAOBING ZHOU(xzhou40@hawk.iit.edu) HAO CHEN (hchen71@hawk.iit.edu) Contents Introduction ZHT Enhancement for SLURM++

530 views • 36 slides
Introduction to Machine Learning Deep Learning Barnabs Pczos Credits Many of the pictures,

Introduction to Machine Learning Deep Learning Barnabs Pczos Credits Many of the pictures,

Introduction to Machine Learning Deep Learning Barnabs Pczos Credits Many of the pictures, results, and other materials are taken from: Ruslan Salakhutdinov Joshua Bengio Geoffrey Hinton Yann LeCun 2 Contents Definition

599 views • 44 slides
Dela lay-Driven Layer Assignment in in Glo lobal Routing under Multi-tier In Interconnect Str

Dela lay-Driven Layer Assignment in in Glo lobal Routing under Multi-tier In Interconnect Str

Dela lay-Driven Layer Assignment in in Glo lobal Routing under Multi-tier In Interconnect Str tructure ISPD-2013 Jianchang Ao*, Sheqin Dong* Song Chen, Satoshi Goto *Dept. of Computer Sci. &amp; Tech., Tsinghua U China U of Sci.

588 views • 31 slides
SDN Layers and Architecture T erminology draft-haleplidis-sdnrg-layer-terminology IETF 88

SDN Layers and Architecture T erminology draft-haleplidis-sdnrg-layer-terminology IETF 88

SDN Layers and Architecture T erminology draft-haleplidis-sdnrg-layer-terminology IETF 88 Vancouver Evangelos Haleplidis (ehalep@ece.upatras.gr) Spyros Denazis (sdena@upatras.gr) Kostas Pentikousis (k.pentikousis@eict.de) Jamal Hadi

404 views • 9 slides
Layer 2 Cryptocurrency Networks Cryptocurrency transaction rates are slow. How can we build

Layer 2 Cryptocurrency Networks Cryptocurrency transaction rates are slow. How can we build

Continuous Credit Networks and Layer 2 Blockchains Ashish Goel and Geoffrey Ramseyer , Stanford University Layer 2 Cryptocurrency Networks Cryptocurrency transaction rates are slow. How can we build trusted relationships in an untrusted

454 views • 4 slides
Advanced Computer Graphics CS 525M: ProfileDroid: Multi layer Profiling of Android Applications

Advanced Computer Graphics CS 525M: ProfileDroid: Multi layer Profiling of Android Applications

Advanced Computer Graphics CS 525M: ProfileDroid: Multi layer Profiling of Android Applications Cheng Cheng Computer Science Dept. Worcester Polytechnic Institute (WPI) Motivation More and more people Android is an very use smartphones

548 views • 23 slides

More recommend