the free haven project distributed anonymous storage
play

The Free Haven project: Distributed Anonymous Storage Service R. - PowerPoint PPT Presentation

Feb 28, 2023 •46 likes •446 views

http://www.freehaven.net The Free Haven project: Distributed Anonymous Storage Service R. Dingledine (MIT), M.J. Freedman(MIT) and S. Molnar(Harvard) Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, July 2000

  1. ☞ http://www.freehaven.net The Free Haven project: Distributed Anonymous Storage Service R. Dingledine (MIT), M.J. Freedman(MIT) and S. Molnar(Harvard) Proceedings of the Workshop on Design Issues in Anonymity and Unobservability, July 2000 Presenter: Dragos Niculescu

  2. ☞ summary ❍ problem statement ❍ terminology ❍ related work ❍ freehaven design − basic idea − publication − trading − accountability − possible attacks ❍ conclusions

  3. ☞ problem statement ❍ storage system − anonymous − resists powerful adversaries to find/destroy data ❍ goals − anonymity - publishers, readers, servers − persistence - determined by publisher − flexibility - add/remove nodes − accountability - reputation

  4. ☎✝ ✁ ✂ ✟ ✞ ✁ ✄ �✁ ✄ ✁ ✂ ✞ ✟ ✞ ✟ ✂ ✞ ✄ �✁ �✁ ✞ ✁ ✂ ✟ �✁ ☛☞ ✌ ☛ ✄ ✟ ☎✝ ☞ terminology ❍ anonymity ❍ pseudonymity ❍ agents: author, publisher, server, reader ❍ safe communication channel - cypherpunks remailer blocks ❍ symmetric keys: (public) and (secret) − ✟✡✠ ✟✡✠ ✄✆☎✝ − = authenticates sender ✄✆☎✝ − = authenticates reader ✄✆☎✝ ❍ - noninvertible functions (MD5)

  5. � � � � � ☞ anonymity ❍ author-anonymity (document author) ❍ publisher-anonymity (document publisher) ❍ reader-anonymity (document readers) ❍ server-anonymity (document servers) ❍ document-anonymity (server does not know what documents it stores) − passive: cannot recreate document based only on data it stores. − active: may compare data with other servers. ❍ query-anonymity (request document)

  6. ☞ summary ❍ problem statement ❍ terminology ❍ related work ❍ freehaven design − basic idea − publication − trading − accountability − possible attacks ❍ conclusions

  7. �✁ ☞ anonymous remailers- cypherpunk ❍ a network of servers running specialized mail servers ❍ a message − is sent across a chain of remailers − is ecrypted with of remailers in the chain ❍ a remailer − only knows identity of prev/next remailer − serve anonymous , not pseudonymous email − can send to unknown destinations

  8. ✂ �✁ �✁ ✁ ☞ pseudonym remailers - nymserver ❍ use cypherpunk remailers and a pseudonym server ❍ to send email from the nym, one sends it to send@nymserver.net ❍ to config the nym, requests go to config@nymserver.net ❍ for each (pseudo)nym, the server keeps: − • all mail from the nym is encrypted with the • all mail to the nym is encrypted with this − reply block • cypherpunk chain to the true destination • the last remailer(innermost) knows the real address • the real address may be alt.anonymous.messages − configuration settings

  9. ☞ Pseudonym Server: rem@isp.nl: rem@b.edu: Message cyphertext−A cyphertext−B sign, encrypt w. PGP encrypt w. PGP encrypt w. nym public key symmetric key2 symmetric key1 PGP encrypt w. cyphertext−B cyphertext−C symmetric key3 cyphertext−A b. E ncrypt i ons perfo rmed on messagesat each remailer

  10. ☞ Anon−To: usr@a.com Latent−Time: +1:00r Anon−To: rem@b.edu Encrypt−Key: key1 Latent−Time: +1:00r Encrypt−Key: key2 Anon−To: rem@isp.nl PGP encrypt for rem@b.edu replyblock−1 Latent−Time: +1:00r Encrypt−Key: key3 PGP encrypt for rem@isp.nl replyblock−2 y a user toconstructarep s performed b a. Step l y bloc k with t wo hops Pseudonym Server rem@isp.nl rem@b.edu usr@a.com replyblock−1 replyblock−2 cyphertext−C cyphertext−B cyphertext−A c. The actu al data thattrav ersesthe network

  11. ☞ related work - napster, gnutella ❍ napster − central directory with filenames − server supports directory searching − logical p2p, but physical client-server − no anonymity ❍ gnutella − true p2p − dynamic graph - each node chooses its degree − a query has a TTL and is sent to all neighbors − nodes directly report hits − no anonymity - “Gnutella Wall of Shame” − bottlenecks in the middle − bootstrap - implicit hierarchy − spam

  12. � ☞ related work - freenet ❍ high accessibility ❍ documents are encrypted with their names ❍ query − hash of the document name − fwd to more likely nearby server ❍ document lifetime popularity ❍ anonymity: sender, reader, server

  13. ☞ related work - mojo nation ❍ focus is accessibility, not anonymity ❍ digital cash = mojo ❍ central bank to handle mojo transactions ❍ trackers: − content - keeps sharemaps − metatracker - what servers keep what shares − publication - tracks documents ❍ each server has a bitmask describing allowed shares

  14. ✁ � � � ✁ ☞ related work - mojo nation ❍ publish − doc is split in 8 pieces, any 4 of which can rebuild the original − hashes of the 8 pieces sharemap − sharemap is split in 8 content tracker − pay to store a share on a server ❍ query − content tracker info about 8 pieces of sharemap − metatracker servers covering address spaces for the pieces − buy pieces and rebuild the sharemap − repeat for the document pieces ❍ document lifetime popularity

  15. ☞ related work - eternity service ❍ publisher − uploads doc and digital cash − uploads to 100 servers, monitors only 10 ❍ servers − broadcast queries − delivery through anonymous remailers ❍ problems − digital cash − what to do with cheating servers (stop payment) − no smooth join/leave

  16. ☞ related work - USENET “eternity” ❍ uses normal NNTP for retrieval/posting/expiring ❍ documents are − in html format − stored in alt.anonymous.messages − PGP signed by publishers - pseudonym − posted through cypherpunks ❍ reader anonymity - a user download all today’s messages ❍ append only document system ❍ not censorable

  17. ☎✝ ✁ ✁ ✁ � ✁ � ✁ ✟ � ✞ ✁ ✄ ✁ ☞ related work - Publius ❍ focus on availability and anonymity ❍ publish − encrypt document with key − split in shares, any of which can rebuild − sends and a share to servers − “name” of the doc = addresses of the servers ❍ query − run a local web proxy − contact servers, rebuild ❍ doesn’t have − accountability - DoS with garbage − smooth join/leave for servers

  18. ☞ summary ❍ problem statement ❍ terminology ❍ related work ❍ freehaven design − basic idea − publication − trading − accountability − possible attacks ❍ conclusions

  19. ✁ ☞ freehaven - basic ideas “anonymity for anonymous storage” ❍ servnet = community of servers ❍ true p2p: all clients/users are servers ❍ users query the entire servnet at once, not one particular server ❍ publishers convince a single server to publish ❍ nobody knows where any server is located (pseudonymity) ❍ servers form contracts to store each other’s material − trade − reputation ❍ a server gives up space gets space on other servers

  20. ✟ ✂✄ ☎ �✁ ✂ ✄ ☎ ✟ ✂ ✁ ☎ ✁ ☛ ☞ ✌ ☛ ✄ �✁ ✂✄ ☎ ✂✄ ✆ ✂ � � � � ✁ � ✁ � ✄ ✁ ☞ freehaven - publication ❍ split doc into shares, of which can rebuild the file ( ) − large brittle file − small larger share, more duplication ❍ generate and encrypt each share with ❍ store on a server: − encrypted share − timestamp − expiration date −

  21. ☛ ☎ �✁ ☛ ☞ ✌ ✟ ✄ �✁ ✂✄ ☎ ✟ �✁ ✁ ☎ � ✁ ✂ ✄☎ ✄ ✂ �✁ ✄ ☛ ☞ ☎ � ✟ ☛ ✂ ✄☎ ☛ ☞ ✌ ☛ ✄ �✁ ✂ ✄ ☎ ✟ ✄ ✄☎ �✁ ☎ � ✁ ✂ ✄☎ ✆ ✂ ✁ ☎ � ✁ ✂ ✌ ☞ freehaven - retrieval ❍ documents are indexed by ❍ reader generates and a one-time remailer reply block ❍ reader broadcasts , and the remailer block − to all servers it knows about − broadcasts may be queued and bulk sent ❍ servers holding shares with − encode the share with − send it using the remailer block

  22. ✌ � ✁✂ ✄ ☎ � ✆ ✂ ✝ � ✞ ✂ ☞ freehaven - share expiration ❍ absolute date ❍ “price” of a file = ❍ Freenet and Mojo nation favor popular documents

  23. � ✁ ✂ � ✁ ✂ ✝ ✂ ☎ ✂ ☎ ✟ � ✂ � ☎ ✌ ✝ ✂ ☎ ☛ ☞ ✂ ✂ ✄ ☛ ☞ freehaven - document revocation ❍ could be simple: − store a _ inside each share − broadcast _ to have all servers delete the shares ❍ but: − allows new attacks − decreases consistency (unreached shares) • poor channels • malicious servers dropping delete requests − revoke capability incentive for adversaries to pressure/threaten

  24. ☞ summary ❍ problem statement ❍ terminology ❍ related work ❍ freehaven design − basic idea − publication − trading − accountability − possible attacks ❍ conclusions

  25. ☞ trading - why? ❍ to provide a cover for publishing ❍ to let servers join and leave − well behaved, but transient servers ❍ to permit longer expiration dates ❍ to accommodate ethical concerns of server operators − attack: lists of “discouraged” documents ❍ to provide a moving target

  26. ✆ ✂ ✂ ✞ � ✌ � ✁✂ ✄ ☎ � ✝ ☞ freehaven - trading ❍ frequency set by server operator ❍ use reputation to choose partners ❍ currency is ❍ rounds − exchange shares − exchange receipts − send receipts to buddies

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven Project Electronic Frontier Foundation http://tor.eff.org/ 17 September 2005 Talk Outline Motivation: Why anonymous communication? Myth 1:

703 views • 47 slides
Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven

Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven

Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven Project 1 Threat Model (what we aim to defend against) Global passive adversary can observe everything Owns half the nodes We are not

656 views • 41 slides
Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ April 12, CFP 2005 Talk Outline Motivation: Why anonymous communication? Myth 1: This is only for privacy

488 views • 33 slides
Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project

Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication? Personal privacy

1.03k views • 55 slides
Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ 1 Tor: Big Picture Freely available (Open Source), unencumbered. Comes with a spec and full documentation:

806 views • 56 slides
Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense ... and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ 1 Tor: Big Picture Freely available (Open Source), unencumbered. Comes with a spec and full documentation:

704 views • 49 slides
Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free

Tor: Anonymous Communications for the US Dept of Defense ... and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ 1 Tor: Big Picture Freely available (Open Source), unencumbered. Comes with a spec and full

1k views • 54 slides
M ixminion: D esign of a T ype III Anonymous Remailer Prot ocol Roger D ingledine T he Free

M ixminion: D esign of a T ype III Anonymous Remailer Prot ocol Roger D ingledine T he Free

M ixminion: D esign of a T ype III Anonymous Remailer Prot ocol Roger D ingledine T he Free Haven Project 1 T hreat M odel ( what we aim t o defend against ) Global passive adversary can observe M ult iple Hops A E ...(E (M,to B),

290 views • 15 slides
Synchronous Batching: From Cascades to Free Routes Roger Dingledine The Free Haven Project

Synchronous Batching: From Cascades to Free Routes Roger Dingledine The Free Haven Project

Synchronous Batching: From Cascades to Free Routes Roger Dingledine The Free Haven Project Vitaly Shmatikov Paul Syverson SRI International Naval Research Laboratory Presented at PET 2004, May 27, 2004 Reminder: What does a mix do?

677 views • 28 slides
Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine The Free Haven Project {nickm,arma}@freehaven.net Scope Introduction to anonymity How we got started Introduction to mix-nets

649 views • 27 slides
W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need

W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need

W hy is anonymity so hard? Roger D ingledine T he Free Haven Project 1 M any people need anonymity Polit ical dissident s in oppressive count ries Government s want t o do operat ions secret ly. Corporat ions are vulnerable t o t

838 views • 38 slides
O nline Reput at ion Syst ems Roger D ingledine T he Free Haven Project 1 B ased on linkability

O nline Reput at ion Syst ems Roger D ingledine T he Free Haven Project 1 B ased on linkability

O nline Reput at ion Syst ems Roger D ingledine T he Free Haven Project 1 B ased on linkability Reput at ion can help solve market for lemons Useful even in pseudonymous/ dynamic environment s B ut somet imes dangerous if people can

270 views • 7 slides
OSiRIS: A Distributed Storage and Networking Project Update Open Storage Research Infrastructure

OSiRIS: A Distributed Storage and Networking Project Update Open Storage Research Infrastructure

OSiRIS: A Distributed Storage and Networking Project Update Open Storage Research Infrastructure Shawn McKee 1 (presenting), Ben Meekhof 1 , Martin Swany 2 , Ezra Kissel 2 , Andrew Keen 3 for the OSiRIS Collaboration University of Michigan 1 ,

374 views • 24 slides
Disclaimer "C.A.", "Cocaine Anonymous, we're here and we're free and the C.A.

Disclaimer "C.A.", "Cocaine Anonymous, we're here and we're free and the C.A.

Disclaimer "C.A.", "Cocaine Anonymous, we're here and we're free and the C.A. Logo are registered trademarks of Cocaine Anonymous World Services, Inc. All rights reserved. Some of the items contained in this presentation are

439 views • 29 slides
New Haven Free Public Library FY2020 Budget Presentation April 29, 2019 Board of Alders, Finance

New Haven Free Public Library FY2020 Budget Presentation April 29, 2019 Board of Alders, Finance

New Haven Free Public Library FY2020 Budget Presentation April 29, 2019 Board of Alders, Finance Committee Table of Contents PAGE 1. New Haven Free Public Library At a Glance 2 2. Strategic Initiatives and Annual Operational Plan 3 3. NHFPL General

329 views • 10 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Storage One thing we haven't talked about is JS file I/O

CS/COE 1520 pitt.edu/~ach54/cs1520 Storage One thing we haven't talked about is JS file I/O

CS/COE 1520 pitt.edu/~ach54/cs1520 Storage One thing we haven't talked about is JS file I/O Because there isn't any! Why? So we just pull all information from the web? 2 Storage As part of HTML5, an API for Web Storage

241 views • 5 slides
SHOT Brand Price NOTES WEST COAST MAGNUM SIZES 4 - 9 $ 39.20 Eagle shot prices may not be

SHOT Brand Price NOTES WEST COAST MAGNUM SIZES 4 - 9 $ 39.20 Eagle shot prices may not be

SHOT Brand Price NOTES WEST COAST MAGNUM SIZES 4 - 9 $ 39.20 Eagle shot prices may not be stable as prices are set when $ 37.20 EAGLE SHOT SIZES 7.5, 8.5, 9 supplier receives from Peru SPARTAN MAGNUM SHOT SIZES 7.5, 8.5, 9 $ 40.50

298 views • 6 slides
M C Q S T Motivation Configuration space of N spin- 1 Q N = { 1 , 1 } N 2 : Random Energy

M C Q S T Motivation Configuration space of N spin- 1 Q N = { 1 , 1 } N 2 : Random Energy

Phase Transition in the Quantum Random Energy Model Simone Warzel Venice Quantissima in the Serenissima III August 23, 2019 M C Q S T Motivation Configuration space of N spin- 1 Q N = { 1 , 1 } N 2 : Random Energy Model Derrida

327 views • 15 slides
L 8 algebras for extended geometry from Borcherds superalgebras Part 1 Jakob Palmkvist

L 8 algebras for extended geometry from Borcherds superalgebras Part 1 Jakob Palmkvist

L 8 algebras for extended geometry from Borcherds superalgebras Part 1 Jakob Palmkvist Based on 1804.04377 and 1711.07694 with Martin Cederwall and 1507.08828 Consider eleven-dimensional (or type IIB) supergravity in a Kaluza-Klein

452 views • 27 slides
NE NEHER ERS Webinar inar Modeling Mechanicals Consistently September 20, 2017 1 Chris

NE NEHER ERS Webinar inar Modeling Mechanicals Consistently September 20, 2017 1 Chris

NE NEHER ERS Webinar inar Modeling Mechanicals Consistently September 20, 2017 1 Chris McTaggart RESNET QAD & Trainer BER HERS Manager PHIUS Trainer/QA Manager PHIUS Tech Committee RESNET SDC 200 Chair email:

906 views • 59 slides
Leaving work behind? The impact of emigration on female labour force participation in Morocco

Leaving work behind? The impact of emigration on female labour force participation in Morocco

Leaving work behind? The impact of emigration on female labour force participation in Morocco Anda David (AFD) Audrey Lenol (INED) UNU- WIDER conference on Migration and Mobility - new frontiers for research and policy #MondeEnCommun

476 views • 23 slides
Numb3rs 11 2 10 3 Modular Arithmetic 9 4 8 5 7 6 Congruence For a modulus m and

Numb3rs 11 2 10 3 Modular Arithmetic 9 4 8 5 7 6 Congruence For a modulus m and

0 12 1 Numb3rs 11 2 10 3 Modular Arithmetic 9 4 8 5 7 6 Congruence For a modulus m and two integers a and b, we say a b (mod m) if m|(a-b) Typically, we shall consider modulus > 0 a b (mod 0) a=b a b (mod 1)

342 views • 13 slides
SemEval-2013 Task 13: Word Sense Induction for Graded and Non-Graded Senses David Jurgens

SemEval-2013 Task 13: Word Sense Induction for Graded and Non-Graded Senses David Jurgens

SemEval-2013 Task 13: Word Sense Induction for Graded and Non-Graded Senses David Jurgens Dipartimento di Informatica Sapienza Universita di Roma jurgens@di.uniroma1.it Ioannis Klapaftis Search Technology Center Europe Microsoft

982 views • 77 slides
Getting Started with Azure SQL Database K C D C C h a d G r e e n J u l y 1 8 , 2 0 1 9

Getting Started with Azure SQL Database K C D C C h a d G r e e n J u l y 1 8 , 2 0 1 9

Getting Started with Azure SQL Database K C D C C h a d G r e e n J u l y 1 8 , 2 0 1 9 @chadgreen Titanium Sponsors Platinum Sponsors Gold Sponsors Who is Chad Green D i r e c t o r o f S o f t w a r e D e v e l o p m e n t S c h o

427 views • 31 slides

More recommend