Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.

Published byAugustus Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin."— Presentation transcript:

1 Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin

2 User privacy – the problem private information is processed and stored extensively by various individuals and organizations – location of user  telecom operators – financial situation of user  banks, tax authorities – wealth of user  insurance companies – shopping information of user  credit card companies, retailers (via usage of fidelity cards) – illnesses of user  medical institutions –…–… complete and meaningful profiles on people can be created and abused information technology makes this easier – no compartmentalization of information – cost of storage and processing (data mining) decreases  technology is available to everyone 2

3 User privacy – the goal private data should be protected from abuse by unauthorized entities – transactional data access/usage logs at telecom operators, buildings, parking, public transport, … – data that reveals personal interests video rentals, credit card purchases, click stream data (WWW), … – data that was disclosed for a well-defined purpose tax data revealed to tax authorities, health related data revealed to doctors, address information revealed in mail orders, … 3

4 User privacy – existing approaches data avoidance – “I don’t tell you, so you can’t abuse it.” – effective but not always applicable – often requires anonymity – examples: cash transactions, public phones data protection – “If ever you abuse it, you will be punished.” – well-established approach – difficult to define, enforce, and control – requires legislation or voluntary restrictions multilateral security – cooperation of more than two parties – shared responsibilities and partial knowledge combinations of the above 4

5 Anonymous Communication Concepts What do we want to hide? – sender anonymity attacker cannot determine who the sender of a particular message is – receiver anonymity attacker cannot determine who the intended receiver of a particular message is – unlinkability attacker may determine senders and receivers but not the associations between them (attacker doesn’t know who communicates with whom) From whom do we want to hide this? – communication partner (sender anonymity) – external attackers local eavesdropper (sniffing on a particular link (e.g., LAN)) global eavesdropper (observing traffic in the whole network) – internal attackers (colluding) compromised system elements (e.g., routers) 5

6 Degrees of anonymity beyond suspicion: – attacker can see evidence of a sent message, but – the sender appears no more likely to be the originator than any other potential sender in the system probable innocence: – the sender may be more likely the originator than any other potential sender, but – the sender appears no more likely to be the originator than to not be the originator possible innocence: – the sender appears more likely to be the originator than to not be the originator, but – there’s still a non-trivial probability that the originator is someone else 6 absolute privacy beyond suspicion probable innocence possible innocence exposedprovably exposed

7 Types of attackers local eavesdropper – can observe communication to and from the users computer collaborating crowd members – crowd members that can pool their information and deviate from the protocol end server – the web server to which the transaction is directed 7

Download ppt "Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin."

Similar presentations

Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
M. Guymon Pleasant Grove High School Spring 2003 Ethics & E-Mail Computer Technology Day 18.

M. Guymon Pleasant Grove High School Spring 2003 Ethics & Computer Technology Day 18.
Computer Technology Day 18

Computer Technology Day 18
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.

Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
Privacy: Challenges and Opportunities Tadayoshi Kohno Department of Computer Science and Engineering University of Washington.

Privacy: Challenges and Opportunities Tadayoshi Kohno Department of Computer Science and Engineering University of Washington.
Hidden Apps Carrier IQ and Privacy in Mobile Devices.

Hidden Apps Carrier IQ and Privacy in Mobile Devices.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Anonymity on the Web: Onion routing and Crowds. 2 Outline  the problem of user privacy  basic concepts of anonymous communication  MIXes  Onion routing.

Anonymity on the Web: Onion routing and Crowds. 2 Outline  the problem of user privacy  basic concepts of anonymous communication  MIXes  Onion routing.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Similar presentations

Ads by Google