Download presentation
Presentation is loading. Please wait.
Published byAdrian Peters Modified over 9 years ago
1
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 1 Visualizing Privacy II March 9, 2006 Janice Tsai
2
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 2 Outline Visualizing privacy Anonymity Levels of Anonymity Usability Building a Successful Anonymity Network Wireless Privacy
3
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 3 Anonymity Definition: The state of not being identifiable in the anonymity set (the crowd). Purpose: Protects user identity Actions may be observed, but not linked back to the originator Achieve privacy goals
4
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 4
5
5 Levels of Anonymity Nymity - amount of information revealed Verinymity Pseudonymity Linkable Anonymity Unlinkable Anonymity Examples of Each? I. Goldberg. A pseudonymous communications infrastructure for the internet. PhD thesis, University of California Berkeley, 2000.
6
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 6 Anonymity Tools Proxy Services (Anonymizer.com) E-mail Remailers Type 0: anon.penet.fi Type I: Cypherpunks Remailers Type II: MixMaster Type III: MixMinion Nymservers Mix Networks Onion Routing
7
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 7 Attacks on Anonymity Networks Some Simple Attacks on Anonymity Single Points of Failure Central Location Database Traffic Analysis Message Length Timing Attacks Others? Legal Attacks
8
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 8 Usability for Security Security involves collaboration Usability risks Insecure modes of operation Optional Inconvenient Confusing Badly labeled interface Too many options False sense of security
9
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 9 Usability for Anonymity Anonymity involves collaboration Anonymity networks Distributed Trust Infrastructure Independently controlled nodes Path of traffic is called a circuit Two Classes of Networks High-Latency –Resist strong attacks –Tradeoff: Slow Low-Latency –Fast(er) –Tradeoff: Susceptible to strong attacks
10
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 10 Usability for Anonymity Goal: To solicit as many users as possible Purpose: Create “cover traffic” Solution: Normalization Design default configurations to be secure and convenient. Make it easy to use, but to use properly!
11
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 11 Building a Successful Network Challenges Starting up (Bootstrapping) Attract low-end users Create an aura of perceived usability Create a Positive Public Perception Diversity of user-base - Reputability Lack of Reputability Reduces sustainability Attracts attackers
12
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 12 Examples Mixminion and MIME Anonymous email network MIME: Multipurpose Internet Mail Extensions Flexibility of MIME makes it easy to distinguish originating email system. Weakness: Susceptible to Traffic Analysis Constricts users of certain email program Solution: Normalized as much as possible Warn users about email program information leakage
13
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 13 Mixminion Quick Glance: http://mixminion.net/http://mixminion.net/ First impression?
14
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 14 Java Anon Proxy (JAP) Anonymous web browsing network Allows users to choose entrance and exit node locations. JAP Class Feedback http://anon.inf.tu-dresden.de/index_en.html
15
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 15 Wireless Privacy Non-encrypted communications easily intercepted Information intercepted: Web searches (i.e. Google, MSN, Yahoo!) Instant Messenger Email Online postings (Google Groups, Yahoo Groups)
16
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 16 Peripheral Notification Study Objective: Inform users about personal information leakage on the wireless network using a peripheral display. Experiment: Capture traffic on CMU wireless network Display high frequency “snippets” Use a consistent font/text per person Display word immediately Protect the privacy of the user
17
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 17 Methods: Selected a non-CS or engineering graduate workspace for the peripheral display. Solicit participant from that workspace. Displayed privacy notifications for a week. Results: IM/Network usage did not change significantly. Several participants did become more self- conscious.
18
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 18 Mental Models: Peripheral display = capture of IM words. How could you better convey the problems, risk, and solutions? Discuss for 15 minutes in your groups.
19
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 19 Tools Instant Messaging OTR (Off The Record Messaging) http://www.cypherpunks.ca/otr/ Google Mail Use HTTPS instead of HTTP. https://mail.google.com/mail General Web Traffic VPN (Virtual Private Networking) http://www.cmu.edu/computing/documentation/VPN/index.html
20
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter http://cups.cs.cmu.edu/courses/ups-sp06/ 20 Visualization of Privacy What symbols indicate “Privacy”?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.