Aladdin Center, Carnegie Mellon University Deniable and Traceable Anonymity Andrew Bortz Joint work with: Luis von Ahn Nick Hopper Kevin O’Neill (Cornell)

Slides:

Advertisements

Similar presentations

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Advertisements

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Privacy in signatures. Hiding in rings, hiding in groups.

Off-the-Record Communication, or, Why Not To Use PGP

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

David Evans CS588: Cryptography University of Virginia Computer Science Lecture 17: Public-Key Protocols.

Talk by Vanessa Teague, University of Melbourne Joint work with Chris Culnane, James Heather & Steve Schneider at University of.

Efficient Zero-Knowledge Proof Systems Jens Groth University College London.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

Polling With Physical Envelopes A Rigorous Analysis of a Human–Centric Protocol Tal Moran Joint work with Moni Naor.

Rennes, 24/10/2014 Cristina Onete CIDRE/ INRIA Sigma Protocols and (Non-Interactive) Zero Knowledge.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

VIS-À-VIS CRYPTOGRAPHY : PRIVATE AND TRUSTWORTHY IN-PERSON CERTIFICATIONS IAN MIERS*, MATTHEW GREEN* CHRISTOPH U. LEHMANN †, AVIEL D. RUBIN* *Johns Hopkins.

Introduction to Modern Cryptography, Lecture 12 Secure Multi-Party Computation.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

COVERT MULTI-PARTY COMPUTATION YINMENG ZHANG ALADDIN REU 2005 LUIS VON AHN MANUEL BLUM.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.

COVERT TWO-PARTY COMPUTATION LUIS VON AHN CARNEGIE MELLON UNIVERSITY JOINT WORK WITH NICK HOPPER JOHN LANGFORD.

Proactive Secure Mobile Digital Signatures Work in progress. Ivan Damgård and Gert Læssøe Mikkelsen University of Aarhus.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Programming Satan’s Computer

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Matthias Neubauer CAPTCHA What humans can do, But computers can not.

Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/09/08 CRYP-202 Legally-Enforceable Fairness in Secure Two-Party Computation.

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.

Security+ All-In-One Edition Chapter 14 – and Instant Messaging Brian E. Brzezicki.

Anonymous Communication -- a brief survey

It’s a Big Deal. ‘It’s a Big Deal’  If a photo is sent to you, do not send it to other people.  If you receive a photo from someone you.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.

Facilities for Secure Communication The Internet is insecure The Internet is a shared collection of networks. Unfortunately, that makes it insecure An.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.

6 June Lecture 2 1 TU Dresden - Ws on Proof Theory and Computation Formal Methods for Security Protocols Catuscia Palamidessi Penn State University,

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

Efficient Fork-Linearizable Access to Untrusted Shared Memory Presented by: Alex Shraer (Technion) IBM Zurich Research Laboratory Christian Cachin IBM.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

COMP 424 Computer Security Lecture 09 & 10. Protocol ● An orderly sequence of steps agreed upon by two or more parties in order to accomplish a task ●

Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

It’s a Big Deal SEXTING. ‘It’s a Big Deal’

 5.1 Zero-Knowledge Proofs  5.2 Zero-Knowledge Proofs of Identity  5.3 Identity-Based Public-Key Cryptography  5.4 Oblivious Transfer  5.5 Oblivious.

29/Jul/2009 Young Hoon Park.  M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and.

Unit 3 Section 6.4: Internet Security

Anonize “Large Scale Anonymous System”

Malicious Participants

Big Numbers: Mathematics and Internet Commerce

Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas.

0x1A Great Papers in Computer Security

OTR: Off-the-record Communication

I will understand why people create government.

Cryptography Reference: Network Security

Zero Knowledge Proofs Campbell R. Harvey Duke University, NBER and

Presentation transcript:

Aladdin Center, Carnegie Mellon University Deniable and Traceable Anonymity Andrew Bortz Joint work with: Luis von Ahn Nick Hopper Kevin O’Neill (Cornell)

Aladdin Center, Carnegie Mellon University Anonymous Communication Allow parties to communicate without anyone, including the two parties, knowing who is talking to whom We can imagine many different levels of anonymity, in many different models Incredibly useful for privacy preservation in an increasingly digital world

Aladdin Center, Carnegie Mellon University Motivation So, great stuff! It would be great if we could use it, but: Very complex Very inefficient Not even secure Fix all of this!

Aladdin Center, Carnegie Mellon University Previous Work Onion Routing (Chaum) DC-Nets (Chaum) k-AMT (von Ahn, Bortz, Hopper) DC-Nets Revisited (Juels, Golle) And many more…

Aladdin Center, Carnegie Mellon University Unfinished Business We use models that simplify the world that these protocols operate in. Approximate the real world Easy to analyze But we have found holes in these models where real-life problems are not analyzed correctly, and thus the protocols are insecure

Aladdin Center, Carnegie Mellon University Deniability Parties could be forced to prove they didn’t send a particular message Even worse, can be done in zero- knowledge, so there is no plausible reason to refuse such a proof Ideally, we’d like it to be impossible to prove that you didn’t send a message*

Aladdin Center, Carnegie Mellon University Is Anything Deniable? Well… yes: DC-Nets and Onion Routing And for two different reasons! But interestingly: k-AMT and DC-Nets Revisited are not! And unfortunately it doesn’t seem easy at all to correct this Very hard, but we’re working on it

Aladdin Center, Carnegie Mellon University Traceability Allow the group to vote to reveal the identity of the sender of a message Useful in the case of particularly bad messages Governments might prohibit truly anonymous communication unless it is traceable

Aladdin Center, Carnegie Mellon University First Attempts Use group signatures! Members of the group can sign, no one can tell which signed unless the anonymity of a signature is revoked Sign every message that is sent through the anonymous protocol, and when receiving a message, throw out those that don’t have a signature Does anyone see the problem?

Aladdin Center, Carnegie Mellon University Overall Goals Theme of these two properties: No one should know anything about the sender and receiver except If a threshold has been reached, and then only precisely what the group votes to reveal Very precise revelation of information

Aladdin Center, Carnegie Mellon University Questions?