Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks - I CS 436/636/736 Spring 2012 Nitesh Saxena Some slides borrowed from Philippe Golle, Markus.

Published byJazmin Everest Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks - I CS 436/636/736 Spring 2012 Nitesh Saxena Some slides borrowed from Philippe Golle, Markus."— Presentation transcript:

1 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks - I CS 436/636/736 Spring 2012 Nitesh Saxena Some slides borrowed from Philippe Golle, Markus Jacobson

2 Course Admin Mid-term graded – Scores posted – To be distributed today – Stats: Mean 87.75; Median 92.5 HW3 to be posted in the next few days 5/3/20152 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

3 A Case History: AOL Web Search Query Log Leakage AOL's disturbing glimpse into users' lives, CNET News, August 7, 2006 AOL's disturbing glimpse into users' lives, CNET News, August 7, 2006 – 21 million search queries posed over a 3-month long period; 650,000 users – No user identification information released per se, but?? Search Log still available: – http://www.gregsadetsky.com/aol-data/ http://www.gregsadetsky.com/aol-data/ 5/3/20153 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

4 Other Scenarios where privacy is important Location-based search Web browsing Electronic voting Electronic payments Email conversation … 5/3/2015 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks 4

5 Today’s Outline Anonymizing Network (or Mix Network) Anonymizing Network Applications Requirements Robustness Types of Anonymizing Networks – Decryption based (Onion Routing) – Re-encryption based 5/3/20155 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

6 Definition: Mix Server (or Relay) 5/3/20156 A mix server: Receives inputs Produces “related” outputs The relationship between inputs and outputs is secret InputsOutputs ? Mix Server Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

7 Definition: Mix Network 5/3/20157 Mix network A group of mix servers that operate sequentially. Server 1Server 2Server 3 InputsOutputs ??? Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

8 Applications Hide:  “who voted for whom?”  “who paid whom?”  “who communicated with whom?”  “what is the source of a message?” Good for protecting privacy for election and communication Used as a privacy building block 5/3/20158 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

9 Electronic Voting Demonstration 1.“Who do you like best?” 2.Put your ballot into a WHITE envelope and put again in a RED one and sign on it 5/3/20159 Jerry  Washington  Lincoln  Roosevelt Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

10 Electronic Voting Demo. (Cont’d) Administrators will 1.Verify signatures together 2.1 st Admin. shuffles and opens RED envelopes 3.Send them to 2 nd Admin. 4.2 nd Admin. shuffles again and opens WHITE envelopes 5.Count ballots together 5/3/201510 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

11 A real system for elections Sign voter 1 (encr(encr (vote 1 ))) Sign voter 2 (encr(encr (vote 2 ))). Sign voter n (encr(encr (vote n ))) 5/3/201511 Jerry vote 1 vote 2 vote 3. vote n Mix Net  Washington  Lincoln  Roosevelt Mix Net

12 “Choose one person you like to pay $5” Put your ballot into an WHITE envelope and put again in a RED one and sign on it 5/3/201512 Jerry Name of the person ( ___________ ) Electronic Payment Demo. Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

13 Electronic Payment Demo. (Cont’d) Administrators will 1.Verify signatures together 2.Deduct $5 from each account 3.1 st Admin. shuffles and opens RED envelopes 4.Send them to 2 nd Admin. 5.2 nd Admin. shuffles again and opens WHITE envelopes 6.Credit $5 to recipients 5/3/201513 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

14 For Payments Sign payer 1 (encr(encr (payee 1 ))) Sign payer 2 (encr(encr (payee 2 ))). Sign payer n (encr(encr (payee n ))) 5/3/201514 payee 1 payee 2 payee 3. payee n DEDUCTDEDUCT Credit Jerry Name (________ ) Mix Net

15 For email communication encr (email 1, addressee 1 ) encr (email 2, addressee 2 ). encr (email n, addressee n ) 5/3/201515...... Mix Net Deliver To: Jerry Don’t forget to have lunch.

16 Other Uses Anonymous web browsing; web searching (Anonymizer)Anonymizer 5/3/201516 From LPWA homepage Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

17 Other Uses (Cont’d) 5/3/201517 Location privacy for cellular devices – Location-based service is GOOD ! Landline-phone calling to 911 in the US, 112 in Europe All cellular carrier since December 2005 – RISK ! Location-based spam Harm to a reputation Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

18 Other Uses Anonymous VoIP calls Anonymous acquisition of security patches 5/3/201518 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

19 Other uses (Cont’d) Sometimes abuses Avoid legislation (e.g., piracy) P2P sharing of copyright content Terrorism: communication with media – Mumbai attacks Mumbai attacks 5/3/201519 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

20 Principle 5/3/201520 Chaum ’81 Message 1 Message 2 server 1server 2server 3 Privacy Efficiency Trust Robustness Requirements :

21 Requirements 1.Privacy Nobody knows who said what 2.Efficiency Mixing is efficient (= practically useful) 3.Trust How many entities do we have to trust? 4.Robustness Will replacement cheaters be caught? What if a certain number of mix servers fail? 5/3/201521 Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

22 But what about robustness? encr(Berry) encr(Kush) 5/3/201522 Kush STOP I ignore his output and produce my own There is no robustness!

23 Zoology of Mix Networks Decryption Mix Nets [Cha81,…]: – Inputs: ciphertexts – Outputs: decryption of the inputs. Re-encryption Mix Nets[PIK93,…]: – Inputs: ciphertexts – Outputs: re-encryption of the inputs 5/3/201523 InputsOutputs ? Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks

24 First Solution 5/3/201524 Chaum ’81, implemented by Syverson, GoldschlagSyverson, Goldschlag Not robust (or: tolerates  cheaters for correctness) Requires every server to participate (and in the “right” order!)

Download ppt "Lecture 7.1: Privacy and Anonymity Using Anonymizing Networks - I CS 436/636/736 Spring 2012 Nitesh Saxena Some slides borrowed from Philippe Golle, Markus."

Similar presentations

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.

PAYWORD, MICROMINT -TWO MICROPAYMENT SCHEMES PROJECT OF CS 265 SPRING, 2004 WRITTEN BY JIAN DAI.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Digital Rights Management © Knowledge Books & Software, 2012.

Digital Rights Management © Knowledge Books & Software, 2012.
Reusable Anonymous Return Channels

Reusable Anonymous Return Channels
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Privacy and Anonymity Using Mix Networks* Nitesh Saxena CS392/6813 Some slides borrowed from Philippe Golle, Markus Jacobson.

Privacy and Anonymity Using Mix Networks* Nitesh Saxena CS392/6813 Some slides borrowed from Philippe Golle, Markus Jacobson.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Parallel Mixing Philippe Golle, PARC Ari Juels, RSA Labs.

Parallel Mixing Philippe Golle, PARC Ari Juels, RSA Labs.
CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.

CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
UMBC Protocol Meeting 10/01/03 Universal Re-encryption: For Mix-Nets and Other Applications (to appear CT-RSA ’04) Paul Syverson NRL Markus Jakobsson Ari.

UMBC Protocol Meeting 10/01/03 Universal Re-encryption: For Mix-Nets and Other Applications (to appear CT-RSA ’04) Paul Syverson NRL Markus Jakobsson Ari.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure and Efficient Metering by Moni Naor and Benny Pinkas Vincent Collado Olga Toporovsky Alex Kogan Marina Lapkina Igor Iulis.

Secure and Efficient Metering by Moni Naor and Benny Pinkas Vincent Collado Olga Toporovsky Alex Kogan Marina Lapkina Igor Iulis.
Staying Safe, Having Fun, And Cruising The ‘Net Daniel Owens IT Security Professional.

Staying Safe, Having Fun, And Cruising The ‘Net Daniel Owens IT Security Professional.

Similar presentations

Ads by Google