Presentation is loading. Please wait.

Presentation is loading. Please wait.

Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.

Published byDylan Charity Modified over 10 years ago

Similar presentations

Presentation on theme: "Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University."— Presentation transcript:

1 Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University of Washington

2 Internet Tracking is Pervasive 2 Alice Bob Tracker User1: UW, CSE, Route to [Alice’s home] User2: SIGCOMM, Hacking, Depression Trackers link user activities to form large user profiles SIGCOMM 2013

3 Implications of Tracking for Users Pros: 3 Cons: Lack of Privacy Personalization Better Security Revenue for Service SIGCOMM 2013

4 Threat Model: Trackers Correlate Unwanted Traffic 4 Alice Bob Tracker User1: UW, CSE, Route to [Alice’s home] User2: SIGCOMM, Hacking, Depression SIGCOMM 2013

5 Goal: Give Users Control over How They are Tracked 5 Alice Bob Tracker User1: UW, CSE User2: Route to [Alice’s home] User3: SIGCOMM, Hacking User4: Depression SIGCOMM 2013

6 Implications of Giving Users Control Pros: 6 Cons: Lack of Privacy Personalization Better Security Revenue for Service SIGCOMM 2013

7 Current Defenses Provide Insufficient Control Current Defenses – Application Layer: Third-party cookie blocking, DoNotTrack – Network Layer: Tor, Proxies Limitations – Coarse-grained – Not cross-layer 7SIGCOMM 2013

8 Outline Motivation / Background Approach: Cross-Layer Pseudonyms System Design – Application-Layer – Network-Layer Implementation and Evaluation Conclusion 8SIGCOMM 2013

9 Trackers Link User Requests Important identifiers for Web tracking: – Application info. (cookie, JS localstorage, Flash) – IP Address 9 Multiple requests are linkable by remote trackers, if they share the same identifiers. Req. 1 (128.208.7.x), header: cookie(…) Req. 2 (128.208.7.x), header: cookie(…) User Tracker SIGCOMM 2013

10 Approach: Pseudonym Abstraction Pseudonym = A set of all identifying features that persist across an activity Allow a user to manage a large number of unlinkable pseudonyms – User can choose which ones are used for which operations. 10 Pseudonym1 IP1 Cookie1 Pseudonym2 IP2 Cookie2 Alice Tracker Medical information Location-related (Alice’s home) SIGCOMM 2013

11 How We Want to Use Pseudonyms 11 Application IP1 Policy Engine Alice OS IP Tracker Pseudonym1 IP1 Cookie1 IP Pseudonym2 IP2 Cookie2 DHCP Routers SIGCOMM 2013 2. Network-Layer Design 1. Application-Layer Design Medical Location

12 Application-Layer Design Application needs to assign different pseudonyms into different activities. – How to use pseudonyms depends on user and application. – APIs are provided to define policies. Policy in Web browsing: a function of the request information and the state of the browser. – Window ID, tab ID, request ID, URL, whether request is going to the first-party, etc. 12SIGCOMM 2013

13 Sample Pseudonym Policies for the Web SIGCOMM 201313 Default: P1 = P2 = P3 Per-Request: P1 != P2 != P3 Per-First Party: P1 = P2 != P3 Article on Politics facebook.com news.com facebook.com P2 P1 P3

14 Sample Pseudonym Policies for the Web SIGCOMM 201314 Default: P1 = P2 = P3 Per-Request: P1 != P2 != P3 Per-First Party: P1 = P2 != P3 Article on Politics facebook.com news.com facebook.com P2 P1 P3

15 Sample Pseudonym Policies for the Web SIGCOMM 201315 Default: P1 = P2 = P3 Per-Request: P1 != P2 != P3 Per-First Party: P1 = P2 != P3 Facebook cannot know the user’s visit to news.com Article on Politics facebook.com news.com facebook.com P2 P1 P3

16 Pseudonyms in Action 16 Application IP1 Policy Engine Alice OS IP Tracker Pseudonym1 IP1 Cookie1 IP Pseudonym2 IP2 Cookie2 DHCP Routers SIGCOMM 2013 2. Network-Layer Design

17 Network-Layer Design Consideration 1.Many IP addresses for an end-host 2.Proper mixing 3.Efficient routing 4.Easy revocation 5.Support for small networks 17SIGCOMM 2013

18 Network-Layer Design Consideration 1.Many IP addresses for an end-host 2.Proper mixing 3.Efficient routing 4.Easy revocation 5.Support for small networks 18SIGCOMM 2013

19 1) IPv6 Allows Many IPs per Host IPv6 Address 128bits 19 Small networks get /64 address space (1.8e19) SIGCOMM 2013

20 2, 3) Symmetric Encryption for Mixing and Routing 20SIGCOMM 2013 Network Prefix To route the packet “within” the network To route the packet “to” the network Networks can use this part as they want IPv6 Address 128bits

21 2, 3) Symmetric Encryption for Mixing and Routing 128bits Network Prefix 21 SubnetHost Pseudonym Network PrefixEncrypted ID EncryptDecrypt Use symmetric-key encryption End-hosts know only encrypted IP addresses Router uses the base addresses to forward packets – By longest-prefix matching with subnet::host, thus, the size of routing table does not change. Base Encrypted SIGCOMM 2013

22 Routing Example 22 Internet ISP ( Prefix :: … ) Prefix Encrypted ID Sub::Host::Pseudo SIGCOMM 2013

23 Outline Motivation / Background Approach: Cross-Layer Pseudonyms System Design – Application-Layer – Network-Layer Implementation and Evaluation Conclusion 23SIGCOMM 2013

24 IPv6 Internet Prototype Implementation 24 Web Browser Policy Engine Alice Web Server IP1 OS IP IPv6 Tunnel Broker Extension Gateway /64 network IP SIGCOMM 2013 function extreme_policy(request, browser) { return request.requestID; }

25 Evaluation Is the policy framework expressive enough? How many pseudonyms are required? Do policies effectively preserve privacy? Are that many pseudonyms feasible? How much overhead in OS and router? SIGCOMM 201325

26 Pseudonym Policy is Expressive 26 NameDescription TrivialEvery request uses the same pseudonym ExtremeEvery request uses different pseudonym Per tab [1]Request from each tab uses different pseudonym Per 1 st -party [2]Based on the connected page (1 st -party)’s domain Time-based [3]Change pseudonym every 10 minutes We could implement all the protection mechanisms from the related work in a cross-layer manner. SIGCOMM 2013 More examples in the paper: Per browsing session, 3 rd -party blocking [1] CookiePie Extension, [2] Milk, Walls et al. HotSec 2012, [3] Tor

27 Privacy Preservation over Policies 27SIGCOMM 2013 10 bits

28 Privacy Preservation over Policies 28SIGCOMM 2013

29 Conclusion Pseudonym abstraction: user control over unlinkable identities. – Provided new network addressing and routing mechanisms that exploit the ample IPv6 address space. – Enabled various policies with expressive policy framework. – Prototyped with an extension for web browser to show the feasibility 29SIGCOMM 2013

Download ppt "Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.

Auto Configuration and Mobility Options in IPv6 By: Hitu Malhotra and Sue Scheckermann.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Module 4: Configuring Network Connectivity

Module 4: Configuring Network Connectivity
Understanding Internet Protocol

Understanding Internet Protocol
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Module 4: Configuring Network Connectivity

Module 4: Configuring Network Connectivity
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Oct 28, 2004CS573: Network Protocols and Standards1 IP: Routing and Subnetting Network Protocols and Standards Autumn 2004-2005.

Oct 28, 2004CS573: Network Protocols and Standards1 IP: Routing and Subnetting Network Protocols and Standards Autumn
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Similar presentations

Ads by Google