[PPT] - Privacy-Enabling Social Networking Over Untrusted Networks Jonathan PowerPoint Presentation

SLIDE 1

Privacy-Enabling Social Networking Over Untrusted Networks

Jonathan Anderson, Claudia Diaz*, Joseph Bonneau and Frank Stajano {jonathan.anderson,joseph.bonneau,frank.stajano}@cl.cam.ac.uk claudia.diaz@esat.kuleuven.be Computer Laboratory

* K.U. Leuven ESAT/COSIC 1 Monday, August 17, 2009

SLIDE 2

Outline

Social networks require absolute trust
Operators don’t protect their users
Smart clients can protect themselves
Protocols
Privacy
Performance

2

2 Monday, August 17, 2009

SLIDE 3

Social Networks Require Absolute Trust

3

3 Monday, August 17, 2009

SLIDE 4

Social Networks Require Absolute Trust

3

3 Monday, August 17, 2009

SLIDE 5

Social Networks Require Absolute Trust

3

3 Monday, August 17, 2009

SLIDE 6

Social Networks Require Absolute Trust

3

3 Monday, August 17, 2009

SLIDE 7

Social Networks Require Absolute Trust

3

3 Monday, August 17, 2009

SLIDE 8

Social Networks Require Absolute Trust

3

3 Monday, August 17, 2009

SLIDE 9

Network Operators Don’t Protect Their Users

4

4 Monday, August 17, 2009

SLIDE 10

Network Operators Don’t Protect Their Users

4

4 Monday, August 17, 2009

SLIDE 11

Smart Clients Can Protect Themselves

Stop trusting the network!
Smart clients, dumb servers

5

5 Monday, August 17, 2009

SLIDE 12

How Do You Facebook?

6 Monday, August 17, 2009

SLIDE 13

How Do You Facebook?

6 Monday, August 17, 2009

SLIDE 14

Decentralised Architecture

7

7 Monday, August 17, 2009

SLIDE 15

Decentralised Architecture

7

7 Monday, August 17, 2009

SLIDE 16

Decentralised Architecture

7

7 Monday, August 17, 2009

SLIDE 17

Privacy Requirements

Protect content and links
Adversaries:
Other users
Application developers
Network operator
Reduce to social contract

8

8 Monday, August 17, 2009

SLIDE 18

Software Architecture

9

9 Monday, August 17, 2009

SLIDE 19

Software Architecture

9

  



 

 



 

  



 

 



 

9 Monday, August 17, 2009

SLIDE 20

Software Architecture

10

  



 

 



 

10 Monday, August 17, 2009

SLIDE 21

Application Layer

Sandboxed applications
Security API
Restrictive default policies
User policy specification

11

11 Monday, August 17, 2009

SLIDE 22

Software Architecture

12

  



 

 



 

12 Monday, August 17, 2009

SLIDE 23

Data Structures Layer

13

13 Monday, August 17, 2009

SLIDE 24

Data Structures Layer

13

13 Monday, August 17, 2009

SLIDE 25

Data Structures Layer

13

13 Monday, August 17, 2009

SLIDE 26

Data Structures Layer

14

14 Monday, August 17, 2009

SLIDE 27

Data Structures Layer

14

14 Monday, August 17, 2009

SLIDE 28

Data Structures Layer

15

15 Monday, August 17, 2009

SLIDE 29

Data Structures Layer

15

15 Monday, August 17, 2009

SLIDE 30

Data Structures Layer

15

15 Monday, August 17, 2009

SLIDE 31

Software Architecture

16

  



 

 



 

16 Monday, August 17, 2009

SLIDE 32

Cryptography Layer

Encryption, digital signatures, etc.
Key Management
Identity Verification
Link Hiding

17

17 Monday, August 17, 2009

SLIDE 33

Encrypted Blocks

Unique symmetric key per block per ACL revision
This sounds familiar...
No revocation guarantees

18

18 Monday, August 17, 2009

SLIDE 34

Key Management

Direct distribution via PK
Key hierarchy
“Group key” blocks
Hidden links

19

19 Monday, August 17, 2009

SLIDE 35

Link Hiding

03 00 4d 0b 59 7a e5 b0 7a bf 89 c8 f6 b0 2d 74 76 2d 30 64 67 9a 42 f6 34 15 bc 66 71 91 2a 34 0e e6 45 c4 ff 8f d7 90 95 4a e3 a8 2e

20

20 Monday, August 17, 2009

SLIDE 36

Link Hiding

03 00 4d 0b 59 7a e5 b0 7a bf 89 c8 f6 b0 2d 74 76 2d 30 64 67 9a 42 f6 34 15 bc 66 71 91 2a 34 0e e6 45 c4 ff 8f d7 90 95 4a e3 a8 2e

20

E

+

K1 E

+

K2

20 Monday, August 17, 2009

SLIDE 37

Link Hiding

03 00 4d 0b 59 7a e5 b0 7a bf 89 c8 f6 b0 2d 74 76 2d 30 64 67 9a 42 f6 34 15 bc 66 71 91 2a 34 0e e6 45 c4 ff 8f d7 90 95 4a e3 a8 2e

20

E

+

K1 E

+

K2

20 Monday, August 17, 2009

SLIDE 38

Link Hiding

03 00 4d 0b 59 7a e5 b0 7a bf 89 c8 f6 b0 2d 74 76 2d 30 64 67 9a 42 f6 34 15 bc 66 71 91 2a 34 0e e6 45 c4 ff 8f d7 90 95 4a e3 a8 2e

20

ad e6 e1 69 fd 4e 70 3c da ce f8 c6 94 0f e7 3c 6b 66 c5 39 6c 1c 74 c1 14 ef 53 L I N K : d e f .. .. 70 32 22 12 37 9d 92 e4 1e fb L I N K : a b c .. .. 92 71 44 99 1c ff bf d9 5a e1 03 08 8e 7d 9b c2 45 56 aa dd 0e 64 fc 7f a3 c4 77 77 e6 a0 81 c4 5a

E

+

K1 E

+

K2

20 Monday, August 17, 2009

SLIDE 39

Messaging

Asynchronous
Encryption
Signing
Synchronous
OTR

21

21 Monday, August 17, 2009

SLIDE 40

Identity Verification

PKI
Web of Trust
Fingerprint Exchange
Multi-Channel Protocol

22

22 Monday, August 17, 2009

SLIDE 41

Fingerprint Exchange

CryptoIDs
“a little longer than most email addresses, a little shorter than most

postal addresses, and about the same size as a credit card plus its 4- digit expiration date”

f3v4g.ifcen.r3rj5.embx8
small enough for a business card

23

23 Monday, August 17, 2009

SLIDE 42

Mutual Identity Verification

Wong-Stajano protocol
Exchange of small nonces
Nonces can be cryptographically weak
Relies on data origin authenticity

24

24 Monday, August 17, 2009

SLIDE 43

Joint Content

Digital signature convention
Sign content and context

25

25 Monday, August 17, 2009

SLIDE 44

Software Architecture

26

  



 

 



 

26 Monday, August 17, 2009

SLIDE 45

Network Layer

GET, POST
Access control
Not for confidentiality
Ok for integrity
Extra: mailboxes?

27

27 Monday, August 17, 2009

SLIDE 46

Implementation

28

28 Monday, August 17, 2009

SLIDE 47

Implementation

28

28 Monday, August 17, 2009

SLIDE 48

Implementation

28

28 Monday, August 17, 2009

SLIDE 49

Performance

Server
Storage scales (roughly) linearly with users
Computation scales linearly with storage
I/O-bound clients (branching factor)

29

29 Monday, August 17, 2009

SLIDE 50

Open Problems

Usability of policy specification
End user development
Security API

30

30 Monday, August 17, 2009

SLIDE 51

Discussion

31

?

31 Monday, August 17, 2009

SLIDE 52

Appendix

Wong-Stajano protocol
Crypto performance

32

32 Monday, August 17, 2009

SLIDE 53

Wong-Stajano Protocol

A → B : KA B → A : KB A → B : H(A | KA | KB | Ra | Ka) B → A : H(B | KA | KB | Rb | Kb) A ⇒ B : Ra B ⇒ A : Rb A → B : Ka B → A : Kb A ⇒ B : outcome B ⇒ A : outcome

33

33 Monday, August 17, 2009

SLIDE 54

Crypto Performance

SunJCE v1.7 on Intel Core2 Quad CPU Q6600 @ 2.4 GHz
RSA
1024b en/decryption @ 600 kB/s, 30 kB/s
2048b RSA en/decryption @ 200 kB/s, 7 kB/s
AES: 128b @ 35 MB/s

34

34 Monday, August 17, 2009