Presentation is loading. Please wait.

Presentation is loading. Please wait.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing Privacy II.

Published byAdrian Peters Modified over 10 years ago

Similar presentations

Presentation on theme: "Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing Privacy II."— Presentation transcript:

1 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 1 Visualizing Privacy II March 9, 2006 Janice Tsai

2 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 2 Outline Visualizing privacy Anonymity Levels of Anonymity Usability Building a Successful Anonymity Network Wireless Privacy

3 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 3 Anonymity Definition: The state of not being identifiable in the anonymity set (the crowd). Purpose: Protects user identity Actions may be observed, but not linked back to the originator Achieve privacy goals

4 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 4

5 5 Levels of Anonymity Nymity - amount of information revealed Verinymity Pseudonymity Linkable Anonymity Unlinkable Anonymity Examples of Each? I. Goldberg. A pseudonymous communications infrastructure for the internet. PhD thesis, University of California Berkeley, 2000.

6 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 6 Anonymity Tools Proxy Services (Anonymizer.com) E-mail Remailers Type 0: anon.penet.fi Type I: Cypherpunks Remailers Type II: MixMaster Type III: MixMinion Nymservers Mix Networks Onion Routing

7 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 7 Attacks on Anonymity Networks Some Simple Attacks on Anonymity Single Points of Failure Central Location Database Traffic Analysis  Message Length  Timing Attacks Others? Legal Attacks

8 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 8 Usability for Security Security involves collaboration Usability risks Insecure modes of operation Optional Inconvenient Confusing  Badly labeled interface  Too many options  False sense of security

9 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 9 Usability for Anonymity Anonymity involves collaboration Anonymity networks Distributed Trust Infrastructure  Independently controlled nodes  Path of traffic is called a circuit Two Classes of Networks  High-Latency –Resist strong attacks –Tradeoff: Slow  Low-Latency –Fast(er) –Tradeoff: Susceptible to strong attacks

10 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 10 Usability for Anonymity Goal: To solicit as many users as possible Purpose: Create “cover traffic” Solution: Normalization Design default configurations to be secure and convenient. Make it easy to use, but to use properly!

11 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 11 Building a Successful Network Challenges Starting up (Bootstrapping) Attract low-end users Create an aura of perceived usability Create a Positive Public Perception Diversity of user-base - Reputability Lack of Reputability Reduces sustainability Attracts attackers

12 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 12 Examples Mixminion and MIME Anonymous email network MIME: Multipurpose Internet Mail Extensions  Flexibility of MIME makes it easy to distinguish originating email system. Weakness:  Susceptible to Traffic Analysis  Constricts users of certain email program Solution:  Normalized as much as possible  Warn users about email program information leakage

13 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 13 Mixminion Quick Glance: http://mixminion.net/http://mixminion.net/ First impression?

14 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 14 Java Anon Proxy (JAP) Anonymous web browsing network Allows users to choose entrance and exit node locations. JAP Class Feedback http://anon.inf.tu-dresden.de/index_en.html

15 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 15 Wireless Privacy Non-encrypted communications easily intercepted Information intercepted: Web searches (i.e. Google, MSN, Yahoo!) Instant Messenger Email Online postings (Google Groups, Yahoo Groups)

16 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 16 Peripheral Notification Study Objective: Inform users about personal information leakage on the wireless network using a peripheral display. Experiment: Capture traffic on CMU wireless network Display high frequency “snippets” Use a consistent font/text per person Display word immediately Protect the privacy of the user

17 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 17 Methods: Selected a non-CS or engineering graduate workspace for the peripheral display. Solicit participant from that workspace. Displayed privacy notifications for a week. Results: IM/Network usage did not change significantly. Several participants did become more self- conscious.

18 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 18 Mental Models: Peripheral display = capture of IM words. How could you better convey the problems, risk, and solutions? Discuss for 15 minutes in your groups.

19 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 19 Tools Instant Messaging  OTR (Off The Record Messaging) http://www.cypherpunks.ca/otr/ Google Mail  Use HTTPS instead of HTTP. https://mail.google.com/mail General Web Traffic  VPN (Virtual Private Networking) http://www.cmu.edu/computing/documentation/VPN/index.html

20 Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 20 Visualization of Privacy What symbols indicate “Privacy”?

Download ppt "Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing Privacy II."

Similar presentations

www.dynamicsoft.com VON Europe 2000 -- 06/19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.

VON Europe /19/00 SIP and the Future of VON Protocols SIP and the Future of VON Protocols: Presence and IM Jonathan Rosenberg.
www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
SURVEY RESEARCH: BASIC METHODS OF COMMUNICATION WITH RESPONDENTS

SURVEY RESEARCH: BASIC METHODS OF COMMUNICATION WITH RESPONDENTS
Why Eve & Mallory Love Android

Why Eve & Mallory Love Android
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Forensic Dead-Ends: Tracing Anonymous R er Abusers Len Sassaman The Shmoo Group

Forensic Dead-Ends: Tracing Anonymous R er Abusers Len Sassaman The Shmoo Group
Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.

Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Design for Privacy 1 February.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Design for Privacy 1 February.
Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?

Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 User Studies Motivation January.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 User Studies Motivation January.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.

I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Similar presentations

Ads by Google