lecture 24 anonymity and privacy
play

Lecture 24 Anonymity and Privacy Stephen Checkoway University of - PowerPoint PPT Presentation

Mar 16, 2023 •233 likes •860 views

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

  1. Lecture 24 – Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 – Fall 2017 Slides based on Miller and Bailey’s ECE 422

  3. Anonymity • Anonymity: Concealing your identity • In the context of the Internet, we may want anonymous communications – Communications where the identity of the source and/or destination are concealed • Not the same as secrecy/confidentiality – Confidentiality is about message contents, • (what was said) • Anonymity is about identities • (who said it and to whom)

  4. Nymity Spectrum • Verinymity – credit card #s, driver's license, address • Pseudonymity – pen names, many blogs • Linkable anonymity – loyalty cards, prepaid mobile phone • Unlinkable anonymity – paying in cash, Tor

  5. Why do we need anonymity? • Necessary to ensure civil liberties: – Free speech, free association, autonomy, freedom from censorship and constant surveillance • Privacy is a human right – Dignity – Not explicit in US constitution, but relevant to 1st 4th 5th 9th amendments in bill of rights • Surveillance is exploited for profit – Targeted marketing campaigns – Discrimination (insurance, employment)

  6. Arguments against Privacy? • The "Nothing to Hide” Argument – Dangers of constructing a Kafkaesque world – Optional reading: 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy, Daniel J. Solove – Typically spoken from a view of privilege • No one expects privacy anymore anyway – Kids today share their entire lives on Facebook • Benefits from sharing (better search results?) • Private communications abused by bad guys

  7. How to get Anonymity • Internet anonymity is hard* – Difficult if not impossible to achieve on your own – Right there in every packet is the source and destination IP address – * But it’s easy for bad guys. Why? • How do we do it? • State of the art technique: Ask someone else to send it for you – Ok, it’s a bit more sophisticated than that...

  8. Proxies • Proxy: Intermediary that relays our traffic • Trusted 3rd party, e.g. ... hidemyass.com – You set up an encrypted VPN to their site – All of your traffic goes through them • Why easy for bad guys? Compromised machines as proxies.

  9. Alice wants to send a message M to Bob ... • Bob doesn’t know M is from Alice, and • Eve can’t determine that Alice is indeed communicating with Bob. • HMA accepts messages encrypted for it. Extracts destination and forwards.

  10. Anonymity motivation Surveillance under: • The Patriot Act • Section 215 • National Security Letters (NSLs) • FISA Amendment Act

  11. Image credit: ACLU

  12. Google Transparency Report National Security Letters (NSLs) Reporting Period National Security Letters Users/Accounts January to June 2016 0–499 500–999 July to December 2015 1–499 500–999 January to June 2015 0–499 500–999 July to December 2014 0–499 500–999 January to June 2014 500–999 500–999 July to December 2013 500–999 1000–1499 January to June 2013 0–499 500–999 July to December 2012 0–499 500–999 January to June 2012 500–999 1000–1499 July to December 2011 0–499 500–999 January to June 2011 0–499 500–999 July to December 2010 0–499 1000–1499 January to June 2010 500–999 1500–1999 July to December 2009 0–499 500–999 January to June 2009 0–499 500–999

  13. Metadata • Everything except the contents of your communications: – If – When – How much – Who • What (this is actually the data) “... analysis of telephony metadata often reveals information that could traditionally only be obtained by examining the contents of communications. That is, metadata is often a proxy for content.” — Prof. Edward W. Felten, Computer Science and Public Affairs, Princeton; (former) Chief Technologist of FTC

  15. XKEYSCORE “I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant, to a federal judge or even the President, if I had a personal e-mail,”

  16. Technology as a defense

  17. “Whether we are surveilled by our government, by criminals, or by our neighbors, it is fair to say that never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost.” — 9th Circuit court opinion, Bernstein v US DOJ 1999 “Crypto wars”

  18. Encryption Tools: PGP • GnuPG, free software – Pretty Good Privacy (PGP), Phil Zimmerman (1991) – GnuPG (GPG) is a free software recreation – Lets you hide email content via encryption • Basic idea: – Hybrid encryption to conceal messages – Digital signatures on messages (hash-then-sign)

  19. PGP cont'd • Each user has: – A public encryption key, paired with a private decryption key – A private signature key, paired with a public verification key • How does sending/receiving work? • How do you find out someone's public key?

  20. Sending and receiving • To send a message: – Sign with your signature key – Encrypt message and signature with recipient's public encryption key • To receive a message: – Decrypt with your private key to get message and signature – Use sender's public verification key to check sig

  22. Fingerprints • How do you obtain Bob's public key? – Get it from Bob's website? ( ☹ ) – Get it from Bob's website, verify using out-of-band communication • Keys are unwieldy -→ fingerprints • A fingerprint is a cryptographic hash of a key – Key servers: store public keys, look up by name/email address, verify with fingerprint • What if you don't personally know Bob? – Web of Trust (WoT), “friend of a friend” – Bob introduces Alice to Caro by signing Alice’s key

  24. Drawbacks of (Just) Encryption I • What if Bob's machine compromised? – His key material becomes known – Past messages can be decrypted and read – You also have sender's signature on messages sent, so you can prove identity of sender • The software created lots of incriminating records – Key material that decrypts data sent over the public Internet – Signatures with proofs of who said what • Alice better watch what she says – Her privacy depends on Bob’s actions

  25. Drawbacks of (Just) Encryption II

  26. Casual Conversations • Alice and Bob talk in a room • No one else can hear – Unless being recorded • No one else knows what they say – Unless Alice or Bob tell them • No one can prove what was said – Not even Alice or Bob • These conversations are “off-the-record”

  27. Desirable communication properties • Forward secrecy: – Even if your key material is compromised, past messages should be safe • Deniability: be able to plausibly deny having sent a message • Mimic casual, off-the-record conversations – Deniable authentication: be confident of who you are talking to, but unable to prove to a third party what was said

  28. Off-the-Record (OTR) Messaging 1. Use Authenticated Diffie-Hellman to establish a (short-lived) session key EK Sign alice (g x ) Alice Bob Sign bob (g y ) SS = (g y ) x SS = (g x ) y EK = H(SS) EK = H(SS)

  29. OTR II 2. Then use secret-key encryption on message M ... And authenticate using a MAC E EK (M) Alice MAC MK (E EK (M)) Bob SS = (g y ) x SS = (g x ) y EK = H(SS) EK = H(SS ) MK = H(EK) MK = H(EK)

  30. Off-the-Record 3. Re-key using Diffie-Hellman g x’ , MAC MK (g x’ ) Alice Bob g y’ , MAC MK (g y’ ) SS’ = (g y’ ) x’ SS’ = (g x’ ) y’ EK’ = H(SS’) EK’ = H(SS’) MK’ = H(EK’) MK’ = H(EK’) MK = H(EK) MK = H(EK)

  31. Off-the-Record 4. Publish old MK MK Alice Bob SS’ = (g y’ ) x’ SS’ = (g x’ ) y’ EK’ = H(SS’) EK’ = H(SS’) MK’ = H(EK’) MK’ = H(EK’) MK = H(EK) MK = H(EK)

  32. Off-the-record Messaging (OTR) • Note this is suited to interactive communication, not so much email • But, OTR provides – message confidentiality – authentication – perfect forward secrecy – deniability • Caveat: we do not have examples of “deniability” serving its purpose in practice

  33. Using OTR • Built in to Adium and Pidgin • But beware defaults – Logging enabled by default – Etiquette dictates you should disable this, so does history (e.g., Chelsea Manning) • Very different from Google Hangout’s “off the record” feature which merely doesn’t log the conversation

  34. Signal and the “Double Ratchet” The protocol behind Signal app (iphone,android) Trevor Perin and Moxie Marlinspike - Forward secrecy Today’s messages are secret, even if key compromised tomorrow - Future secrecy Tomorrow’s messages are secret, even if key compromised today - Deniability No permanent/transferable evidence of what was said - Usability Tolerates out-of-order message delivery https://whispersystems.org/docs/specifications/doubleratchet/

  35. Plausibly Deniable Storage Goal: Encrypt data stored on your hard drive Problem: Can be compelled to decrypt it! Idea: have a “decoy” volume with benign information on it Example: VeraCrypt [Does this solve the problem? Caveats?]

  36. Recap Privacy/Anonymity • Metadata: Everything except the contents of your communications: – If – When – How much – Who • What (this is actually the data) Signal and OTR

  37. Anonymity for browsing? You Server

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian Stefan UCSD Fall 2019 Lecture outline Foundations of privacy Historical and current crypto wars in the US Privacy-enhancing

611 views • 50 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

K Anonymity Dagstuhl Workshop Federated Semantic 8 Data Management, June 2017 4 27.06.2017

27.06.2017 Schutz der Privatsphre (WS15/16) Introduction to Privacy (Part 1) You have zero privacy. Get over it. Scott McNealy, 1999 Privacy, k anonymity, and differential privacy Johann Christoph Freytag Humboldt-Universitt zu

457 views • 11 slides
Privacy Definitions: Beyond Anonymity CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture

Privacy Definitions: Beyond Anonymity CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture

Privacy Definitions: Beyond Anonymity CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 5 : 590.03 Fall 12 1 Announcements Some new project ideas added Please meet with me at least once before you finalize your project

725 views • 53 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories

Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories

Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories NTT Corporation References Simulation-based proof method of privacy/anonymity Y. Kawabe, K. Mano, H. Sakurada and Y. Tsukada

303 views • 28 slides
protecting privacy ( By L.Sweeney ) Presented by : Navreet Kaur ROADMAP Data sharing and data

protecting privacy ( By L.Sweeney ) Presented by : Navreet Kaur ROADMAP Data sharing and data

k-ANONYMITY: A model for protecting privacy ( By L.Sweeney ) Presented by : Navreet Kaur ROADMAP Data sharing and data privacy Related background work k-anonymity model Possible attacks against k-Anonymity Weaknesses of

575 views • 28 slides
Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly

Amplification by Shuffling: From Local to Central Differential Privacy via Anonymity Vitaly Feldman Ulfar Erlingsson Ilya Mironov Ananth Raghunathan Kunal Talwar Abhradeep Thakurta Local Differential Privacy (LDP) 1 1 For all ,

151 views • 11 slides
The Right to be forgotten (RTBF), Privacy, Anonymity and Access to Information Panellists:

The Right to be forgotten (RTBF), Privacy, Anonymity and Access to Information Panellists:

APrIGF 2016 theme: Merging Physical Space with Cyberspace Merged workshop #8 The Right to be forgotten (RTBF), Privacy, Anonymity and Access to Information Panellists: Kyungsin Park (OpenNet Korea) Monika Zalnieriute (University of

255 views • 3 slides
On k -anonymity and the curse of dimensionality Introduction An important method for privacy

On k -anonymity and the curse of dimensionality Introduction An important method for privacy

Charu C. Aggarwal T J Watson Research Center IBM Corporation Hawthorne, NY USA On k -anonymity and the curse of dimensionality Introduction An important method for privacy preserving data mining is that of anonymization . In

985 views • 34 slides
Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio

Privacy-Enhancing Overlays in Bitcoin Sarah Meiklejohn (University College London) Claudio Orlandi (Aarhus University) 1 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin 2 Anonymity in Bitcoin

1.23k views • 90 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher

Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher

Enhancing UNTs Presence in Sub -Saharan Africa: Building Partnerships with Ethiopian Higher Education Institutions Daniel Gelaw Alemneh, Ph.D University of North Texas Daniel.Alemneh@unt.edu AFRICA RESEARCH SYMPOSIUM Thinking and

608 views • 27 slides
Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society

Privacy and security in the cloud Challenges and solutions for our future information society Panel Building trust the technical challenges World Summit on the Information Society Forum 25-29 May 2015 ITU, UNESCO, UNDP and UNCTAD

709 views • 17 slides
Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS

Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS

Communications and Electric Power Sectors: Need for Common Situation Awareness and Tools DIMACS Workshop on Algorithmic Decision Theory for the Smart Grid October 25, 2010 Daniel C. Hurley, Jr. Director, Critical Infrastructure

284 views • 14 slides
RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and

RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and

Ecole Internationale de Printemps Syst` emes R epartis : METIS2008 RFID Security Gildas Avoine UCL, Louvain-la-Neuve, Belgium Department of Computing Science and Engineering RFID Security gildas.avoine@uclouvain.be Introduction Outline

1.28k views • 95 slides
DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University

DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University

DMAP : Global Name Resolution Services Through Direct Mapping Tam Vu WINLAB, Rutgers University http://www.winlab.rutgers.edu/~tamvu/ (Joint work with Akash Baid, Yanyong Zhang, Thu D. Nguyen, Junichiro Fukuyama, Richard P. Martin, Dipankar

584 views • 35 slides
Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at

Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at

Verteilte Systeme (Distributed Systems) Karl M. Gschka Karl.Goeschka@tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Lecture 5: Naming and Discovery Name, Address, Identifier Name Space and Name

670 views • 66 slides
CSE 5306 Distributed Systems Naming Jia Rao http://ranger.uta.edu/~jrao/ 1 Naming Names

CSE 5306 Distributed Systems Naming Jia Rao http://ranger.uta.edu/~jrao/ 1 Naming Names

CSE 5306 Distributed Systems Naming Jia Rao http://ranger.uta.edu/~jrao/ 1 Naming Names play a critical role in all computer systems To access resources, uniquely identify entities, or refer to locations To access an entity, you

612 views • 37 slides

More recommend