Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Identity, Anonymity,

Slides:



Advertisements
Similar presentations
Chapter 14 – Authentication Applications
Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System Marc Waldman NYU – CS Dept. Lorrie Cranor AT&T Research Aviel Rubin.
Lorrie Cranor AT&T Labs Avi Rubin AT&T Labs Marc Waldman
Publius: A robust, tamper-evident, censorship-resistant web publishing system By Waldman, Rubin, and Cranor Presented by Marco Barreno October 8th, 2003.
Grid Security. Typical Grid Scenario Users Resources.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Electronic Transaction Security (E-Commerce)
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Cryptography In Censorship Resistant Web Publishing Systems By Hema Hariharan Swati B Shah.
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Regulating Online Speech.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Chapter 10: Authentication Guide to Computer Network Security.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Masud Hasan Secue VS Hushmail Project 2.
The Internet in Education Objectives Introduction Overview –The World Wide Web –Web Page v. Web Site v. Portal Unique and Compelling Characteristics Navigation.
Cryptography and Network Security
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Anonymity and Privacy Enhancing.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.
Anonymity on the Internet Presented by Randy Unger.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Identity and biometrics.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Types of Electronic Infection
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.
Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Identity, Anonymity, and.
1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.
DIGITAL SIGNATURE.
Freenet “…an adaptive peer-to-peer network application that permits the publication, replication, and retrieval of data while protecting the anonymity.
Information Security in Distributed Systems Distributed Systems1.
Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Fall 2006CS 395: Computer Security1 Key Management.
Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Secure HTTP (HTTPS) Pat Morin COMP 2405.
Chapter 40 Internet Security.
Grid Security.
NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.
Anonymous Communication
Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017
Anonymous Communication
Anonymous Communication
Presentation transcript:

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Identity, Anonymity, and Privacy Enhancing Technologies October 25, 2007

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 2 Discussion of privacy policy drafts

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 3 Identifiers Labels that point to individuals Name Social security number Credit card number Employee ID number Attributes may serve as (usually weak) identifiers (see next slide) Identifiers may be “strong” or “weak” Strong identifiers may uniquely identify someone while weak identifiers may identify a group of people Multiple weak identifiers in combination may uniquely identify someone Identifiers may be strong or weak depending on context

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 4 Attributes Properties associated with individuals Height Weight Hair color Date of birth Employer

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 5 Identification The process of using claimed or observed attributes of an individual to determine who that individual is

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 6 Authentication “About obtaining a level of confidence in a claim” Does not prove someone is who they say they are Types Individual authentication Identity authentication Attribute Authentication Three approaches Something you know Something you have Something you are

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 7 Credentials or authenticators Evidence that is presented to support the authentication of a claim

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 8 Authorization The process of deciding what an individual ought to be allowed to do

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 9 Identity The set of information that is associated with an individual in a particular identity system Individuals may have many identities

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 10 What does it mean to be identifiable? Identifiable person (EU directive): “one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 11 Identifiable vs. identified P3P spec distinguishes identifiable and identified Any data that can be used to identify a person is identifiable Identified data is information that can reasonably be tied to an individual Identified Non-identifiable (anonymous) Identifiable Non-identified

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 12 Linkable vs. linked P3P requires declaration of data linked to a cookie Lots of data is linkable, less data is actually linked Where do we draw the line? Draft P3P 1.1 spec says:Draft P3P 1.1 A piece of data X is said to be linked to a cookie Y if at least one of the following activities may take place as a result of cookie Y being replayed, immediately upon cookie replay or at some future time (perhaps as a result of retrospective analysis or processing of server logs):  A cookie containing X is set or reset.  X is retrieved from a persistent data store or archival media.  Information identifiable with the user -- including but not limited to data entered into forms, IP address, clickstream data, and client events -- is retrieved from a record, data structure, or file (other than a log file) in which X is stored.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 13 Privacy and identification/authentication To better protect privacy: Minimize use of identifiers  Use attribute authentication where possible Use local identifiers rather than global identifiers Use identification and authentication appropriate to the task

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 14 Cartoon dogs are anonymous on the Internet

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 15 Real dogs are anonymous on the Internet too!

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 16 The Internet can’t be censored “The Net treats censorship as damage and routes around it.” - John Gillmore

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 17 Actually, none of this is true It is easy to adopt a pseudonym or a persona on the Internet, but it is difficult to be truly anonymous Identities can usually be revealed with cooperation of ISP, local sys-admins, web logs, phone records, etc. The Internet can put up a good fight against censorship, but in the end there is still a lot of Internet censorship Repressive governments and intellectual property lawyers have been pretty successful at getting Internet content removed

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 18 Degrees of anonymity Absolute privacy: adversary cannot observe communication Beyond suspicion: no user is more suspicious than any other Probable innocence: each user is more likely innocent than not Possible innocence: nontrivial probability that user is innocent Exposed: adversary learns responsible user Provably exposed: adversary can prove your actions to others More Less Reiter, M. K. and Rubin, A. D Anonymous Web transactions with Crowds. Commun. ACM 42, 2 (Feb. 1999), DOI=

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 19 Anonymity tool applications Communication Publishing Payments Voting Surveys Credentials

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 20 The Anonymizer Acts as a proxy for users Hides information from end servers Sees all web traffic Adds ads to pages (free service; subscription service also available) Anonymizer Request Reply ClientServer

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 21 Cryptography Basics Encryption algorithm used to make content unreadable by all but the intended receivers E(plaintext,key) = ciphertext D(ciphertext,key) = plaintext Symmetric (shared) key cryptography A single key is used is used for E and D D( E(p,k1), k1 ) = p Management of keys determines who has access to content E.g., password encrypted

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 22 Public Key Cryptography Public Key cryptography Each key pair consists of a public and private component: k + (public key), k - (private key) D( E(p, k + ), k - ) = p D( E(p, k - ), k + ) = p Public keys are distributed (typically) through public key certificates Anyone can communicate secretly with you if they have your certificate E.g., SSL-base web commerce

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 23 B,kAkA CkBkB Mixes [Chaum81] Sender routes message randomly through network of “Mixes”, using layered public-key encryption. Mix A dest,msg kCkC CkBkB kCkC kCkC SenderDestination msg Mix C k X = encrypted with public key of Mix X Mix B

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 24 Crowds Users join a Crowd of other users Web requests from the crowd cannot be linked to any individual Protection from end servers other crowd members system administrators eavesdroppers First system to hide data shadow on the web without trusting a central authority

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 25 Crowds Crowd membersWeb servers

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 26 Anonymous Anonymous r ers allow people to send anonymously Similar to anonymous web proxies Send mail to r er, which strips out any identifying information (very controversial) Johan (Julf) Helsingius ~ Penet Some can be chained and work like mixes

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 27 Anonymous censorship-resistant publishing The printing press and the WWW can be powerful revolutionary tools Political dissent Whistle blowing Radical ideas but those who seek to suppress revolutions have powerful tools of their own Stop publication Destroy published materials Prevent distribution Intimidate or physically or financially harm author or publisher

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 28 Anonymity increases censorship-resistance Reduces ability to force “voluntary” self- censorship Allows some authors to have their work taken more seriously Reduces bias due to gender, race, ethnic background, social position, etc. Many historical examples of important anonymous publications In the Colonies during Revolutionary War when British law prohibited writings suggesting overthrow of the government Federalist papers

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 29 Publius design goals Censorship resistant Tamper evident Source anonymous Updateable Deniable Fault tolerant Persistent Extensible Freely Available

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 30 Publius Overview Publius Content – Static content (HTML, images, PDF, etc) Publishers – Post Publius content Servers – Host Publius content Retrievers – Browse Publius content PublishersServersRetrievers

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 31 Publishing a Publius document Generate secret key and use it to encrypt document Use “secret splitting” to split key into n shares This technique has special property that only k out of n shares are needed to put the key back together Publish encrypted document and 1 share on each of n servers Generate special Publius URL that encodes the location of each share and encrypted document – example: PublishersServers

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 32 Retrieving a Publius document Break apart URL to discover document locations Retrieve encrypted document and share from k locations Reassemble key from shares Decrypt retrieved document Check for tampering View in web browser PublishersServersRetrievers

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 33 Publius proxies Publius proxies running on a user’s local machine or on the network handle all the publish and retrieve operations Proxies also allow publishers to delete and update content PublishersServersRetrievers PROXYPROXY PROXYPROXY

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 34 Threats and limitations Attacks on server resources 100K Content Limit (easy to subvert) Server limits # of files it will store Possibility: use a payment scheme Threats to publisher anonymity “Rubber-Hose Cryptanalysis” Added “don’t update” and don’t delete bit Logging, network segment eavesdropping Collaboration of servers to censor content A feature?

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 35 Discussion Technology that can protect “good” speech also protects “bad” speech What if your dog does publish your secrets to the Internet and you can't do anything about it? Is building a censorship-resistant publishing system irresponsible? If a tree falls in a forest and nobody hears it….

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 36 For further reading Publius web site Publius chapter in Peer-to-Peer: Harnessing the Power of Disruptive Technologies edited by Andy Oram The Architecture of Robust Publishing Systems. ACM Transactions on Internet Technology 1(2):

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.