cnt 5410 computer and network security privacy anonymity
play

CNT 5410 - Computer and Network Security: Privacy/Anonymity - PowerPoint PPT Presentation

Mar 12, 2023 •314 likes •582 views

CNT 5410 - Computer and Network Security: Privacy/Anonymity Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center When Confidentiality is Insufficient Southeastern Security for Enterprise and

  1. CNT 5410 - Computer and Network Security: Privacy/Anonymity Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

  2. When Confidentiality is Insufficient Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 2

  3. Privacy != Confidentiality • Confidentiality refers to the property of the content being unreadable from unauthorized readers. • A man-in-the-middle can see ciphertexts fly by, but their contents are indistinguishable from random bits. • Privacy refers to the awareness of the existence of communication between two or more parties. • Do Alice and Bob talk to each other? How often? Are the messages indicative of their content? • Note that these two are often used interchangeably in the vernacular, but should not be. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 3

  4. Questions… • Can we have confidentiality without privacy? 
 • Can we have privacy/anonymity without confidentiality? Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 4

  5. Anonymity • The purpose of anonymity is to protect identity. • e.g.,An anonymous poster on a website wants you to read their comments. • Their intended goal is to expose content without letting you know who revealed the content itself. • You do not have to be anonymous to have privacy.You must maintain privacy to achieve anonymity. • Ok, great. Can we do any better than just not logging into a webpage when posting contents? Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 5

  6. Anonymous Publishing • Goal: Publish “The Graduate Student’s Manifesto”, a subversive guidebook to completing your Ph.D. without exposing your identity. • Publius: Encrypted content is posted across multiple servers, readers must assemble a threshold number of key pieces to recover plaintext. • Published content is cryptographically 
 tied to the URL, meaning that 
 changes can instantly be detected. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 6

  7. Private Browsing • Most major browsers now provide “Private Browsing” Modes, that allow you to visit webpages while reducing the state you expose to the world. • Does not record visited pages in your browsing history. • Stores cookies while on a single site and deletes them when you leave that site. • What protections are provided by these mechanisms? • Who is the adversary? • Try Panopticlick to see if you can 
 be fingerprinted: 
 https://panopticlick.eff.org/ Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 7

  8. Anonymous Proxies • Simplest architecture - redirect all traffic via an encrypted tunnel to some proxy in the Internet, which in turn forwards your traffic to its intended destination. • e.g.,YouHide.com, Proxify.com,The Anonymizer, Anonymouse.org, etc, etc... • In their terms of service, many of these services note that they will not sell your information to 
 third-parties. • What protections are provided by these 
 services? • Who is the adversary? Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 8

  9. Mixes • Originally proposed by Chaum, a client selects a series of mix nodes called a cascade through which each message should pass. • Messages are encrypted in reverse order of the cascade using the public key of each mix node. • Messages are decrypted in each mix, which reveals the next hop along the cascade. • Note that messages are stored , interleaved and eventually forwarded in a mix. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 9

  10. Mixes In Action File Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 10

  11. Mixes: Limitations • A simple, mechanism for providing privacy (and potentially anonymity) for store and forward-based communications. • Where does that leave everything else? • HTTP? SMTP? IMAP? SSH? Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 11

  12. Tor • Extends the mix concept to “real-time” traffic. • Note that real-time is somewhat of a misnomer. • Like in mix networks,Tor wraps each message in multiple layers of encryption, from last to first hop. • Tor specifically mandates three layers.Why three? • Upon receipt, each message is decrypted, placed into the outgoing queue and sent out as quickly as possible. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 12

  13. Tor in Action circID = 
 867 circID = 100 File circID = 
 5309 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 13

  14. Tor: Details • Mix networks are very much a uni-directional process. • How does Tor get responses back to their sender? • Tor relies on circuits, pre-established identifiers and keys to return such information. • The “exit node” receives a response from a webpage and, knowing the ID of the previous hop (circID), encrypts the message. • The previous node receives the message, looks up the corresponding circID for the next hop, encrypts and forwards. • The originator eventually receives a thrice encrypted packet. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 14

  15. Tor: Hidden Services • Tor also allows users to access “hidden services”. • Services within the Tor network that do not want their identities revealed. • Tor includes a rendezvous service to allow users to find registered services. • Hidden services include: • Anonymous publishing (think alternative to Publius) • Black Markets (Silk Road) • NGOs (Reporters Without Borders) Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 15

  16. Tor: Limitations • Tor is run on a series of nodes located throughout the world. • The hope of this architecture is that not only can you pick a diverse route, but that you can also rely on servers in other countries if yours outlaws Tor. • Problem: Everyone knows which nodes are running Tor, so if it is illegal, these nodes are already blocked. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 16

  17. Tor: Limitations • Unlike mix networks,Tor’s lack of potentially infinite delay of packets makes it susceptible to timing attacks. • Many of researchers have demonstrated the ability to add fingerprints to flows by changing the inter-packet timing. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 17

  18. Tor: Hidden Service Takedown • In October 2013, Ross Ulbricht was arrested and the Silk Road was taken down. • Ulbricht made a number of mistakes and deanonymized himself, leading to his ID and arrest. • In November 2014, hundreds of hidden services were taken down by law enforcement worldwide. • Sites included Silk Road v2.0. • How was this done? • What is the state of Hidden Service 
 Security? Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 18

  19. Additional Techniques • Crowds: Clients join a “jondo”, a group that forwards messages to a random other member. • Each receiver gets a message, it flips a biased coin and if heads, it forwards the message to another random node. If tails, it sends the message to the final destination. • Hordes: Similar to Crowds, but assumes that that nodes share a multicast connection. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 19

  20. Proofs? • Mix-based schemes are intuitive, and allow for relatively high throughput. • Unfortunately, they do not offer strong, formally verifiable guarantees. • How many mix nodes must you visit to achieve “anonymity”? • What about insiders in each of these designs? Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 20

  21. Dining Cryptographers • Allows a sender to anonymously send a single bit: NSA Bob Alice :A,B ⊕ A,C = 1 ⊕ 0 = 1 Alice :A,B ⊕ A,C = 1 ⊕ 0 = 1 Bob : A,B ⊕ B,C = 1 ⊕ 1 = 0 Bob : A,B ⊕ B,C = ¬ (1 ⊕ 1) = 1 Alice Charles : A,C ⊕ B,C = 0 ⊕ 1 = 1 Charles : A,C ⊕ B,C = 0 ⊕ 1 = 1 A ⊕ B ⊕ C=0 A ⊕ B ⊕ C=1 Flip A,B = 1 Flip A,C = 0 Flip B,C = 1 Bob Charles Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 21

  22. DC-net Protocols • Various extensions to the basic DC-net model. • e.g., Collision resistance, maliciousness, etc • Take advantage of underlying broadcast or multicast network topologies. • More recent schemes take advantage of emerging cryptographic primitives: • pMixes (Melchor et al.) use Private Information Retrieval (PIR) to hide their queries. • SFENets (Nipane et al.) use Secure Function Evaluation (SFE) Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 22

  23. DC-nets: Limitations • These systems have strong, provable properties. • Based on certain assumptions (or varying strength), you can demonstrate that these systems provide certain properties. • There is no such thing as a real-time DC-net. • Some get close (SFENets show IM client working at practical speed), but operations are far 
 too heavy for SSH, HTTP and VoIP . • Most are significantly slower. Southeastern Security for Enterprise and Infrastructure (SENSEI) Center 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Firewalls Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Firewalls A firewall ... is a physical barrier inside a building or vehicle,

555 views • 23 slides
CNT 5410 - Computer and Network Security: Denial of Service Professor Kevin Butler Fall 2015

CNT 5410 - Computer and Network Security: Denial of Service Professor Kevin Butler Fall 2015

CNT 5410 - Computer and Network Security: Denial of Service Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Mandate " The art of war teaches us to rely not on the likelihood of

623 views • 26 slides
CS 5410 - Computer and Network Security: Intrusion Detection Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Intrusion Detection Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Intrusion Detection Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Locked Down Youre using all the techniques we will talk about over the

577 views • 19 slides
CNT 5410 - Computer and Network Security: Web Security Professor Kevin Butler Fall 2015

CNT 5410 - Computer and Network Security: Web Security Professor Kevin Butler Fall 2015

CNT 5410 - Computer and Network Security: Web Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Network vs. Web Security Southeastern Security for Enterprise and Infrastructure

710 views • 58 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
CS 5410 - Computer and Network Security: Malware and Botnets Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Malware and Botnets Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Malware and Botnets Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Final Posters Final posters are your chance to show myself and your peers

730 views • 33 slides
Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

600 views • 36 slides
CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian Stefan UCSD Fall 2019 Lecture outline Foundations of privacy Historical and current crypto wars in the US Privacy-enhancing

611 views • 50 slides
CS 5410 - Computer and Network Security: Cloud Security Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Cloud Security Professor Kevin Butler Fall 2015

CS 5410 - Computer and Network Security: Cloud Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Imagine Southeastern Security for Enterprise and Infrastructure (SENSEI) Center

663 views • 24 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
Cheleby: Subnet Level Internet Topology Mehmet Hadi Gunes with Hakan Kardes and Mehmet B. Akgun

Cheleby: Subnet Level Internet Topology Mehmet Hadi Gunes with Hakan Kardes and Mehmet B. Akgun

Cheleby: Subnet Level Internet Topology Mehmet Hadi Gunes with Hakan Kardes and Mehmet B. Akgun Department of Computer Science and Engineering University of Nevada, Reno Subnet Resolution A B C D genuine topology A B A B C D C D

614 views • 28 slides
Location Privacy Protection with a Semi-honest Anonymizer in Information Centric Networking

Location Privacy Protection with a Semi-honest Anonymizer in Information Centric Networking

Location Privacy Protection with a Semi-honest Anonymizer in Information Centric Networking Kentaro Kita, Yoshiki Kurihara, Yuki Koizumi and Toru Hasegawa Graduate School of Information and Technology, Osaka University, Japan Sep. 23, 2018 1

465 views • 23 slides
PROJECT HUB Demos! Open workspace Food! Make friends! Learn stuff!

PROJECT HUB Demos! Open workspace Food! Make friends! Learn stuff!

Biweekly (hopefully) Workshop or talk PROJECT HUB Demos! Open workspace Food! Make friends! Learn stuff! PROJECT HUB Slack Workspace: https://ubccsss.org/projecthub-chat BRINGING AN IDEA TO LIFE Robert

914 views • 39 slides
Panel: Context-Dependent Evaluation of Tools for NL RE Tasks: Recall vs. Precision, and Beyond

Panel: Context-Dependent Evaluation of Tools for NL RE Tasks: Recall vs. Precision, and Beyond

Panel: Context-Dependent Evaluation of Tools for NL RE Tasks: Recall vs. Precision, and Beyond Daniel Berry, Jane Cleland-Huang, Alessio Ferrari, Walid Maalej, John Mylopoulos, Didar Zowghi 2017 Daniel M. Berry RE 2017 R vs P Panel Pg.

1.02k views • 77 slides
Because you cant fix what you dont know is broken About me Initiator of the Automated

Because you cant fix what you dont know is broken About me Initiator of the Automated

Because you cant fix what you dont know is broken About me Initiator of the Automated Error Reporting Initiative Project Lead of Eclipse Code Recommenders Eclipse Committer since 2010 Plug-in Developer for 10+ years

811 views • 66 slides
Anonymous communications and systems A short introduction George Danezis Computer Security

Anonymous communications and systems A short introduction George Danezis Computer Security

Anonymous communications and systems A short introduction George Danezis Computer Security Group Computer Laboratory 1 Introducing Hiding Two strategies to safeguard assets: protect (guards, walls, safes,

613 views • 25 slides
Leveraging Data Analytics to Turn Abandoned Mine Data into Insight Doug Cushing Katie Deheer

Leveraging Data Analytics to Turn Abandoned Mine Data into Insight Doug Cushing Katie Deheer

Leveraging Data Analytics to Turn Abandoned Mine Data into Insight Doug Cushing Katie Deheer October 23, 2019 Introduction Doug Cushing, PE, PMP Vice President of Digital Capital Masters degrees in Environmental Engineering and

331 views • 18 slides
Motivation Big and growing mobile Internet 2 7 B mobile phone users (cf 850 MM PCs) 2.7 B

Motivation Big and growing mobile Internet 2 7 B mobile phone users (cf 850 MM PCs) 2.7 B

Private Queries in Location Based Services New technologies can pinpoint your location at any time and place. They promise safety and convenience but i f d i b threaten privacy and security IEEE Spectrum, July 2003 Motivation

1.02k views • 24 slides

More recommend