anonymity - background prof. newman, instructor cse-e346 352-505-1579 (don’t leave message) office...
TRANSCRIPT
![Page 1: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/1.jpg)
Anonymity - Background
Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR [email protected] - subject: Anon ...
![Page 2: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/2.jpg)
Reading
Read Pfitzman & Waidner Read Chaum Mix paper Start discussion of these Friday Reading list (approximate) on web page
![Page 3: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/3.jpg)
What is Anonymity
Literally, lacking a name (a + onyma) Unidentifiability Inability to attribute artifact or actions Related to privacy - how?
![Page 4: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/4.jpg)
Exercise
Take a minute or two to define privacy Share with your neighbor(s) Share with the class
![Page 5: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/5.jpg)
What is Privacy?
Ability of an entity to control its own space Physical space Bodily space Data space Communication space What else?
![Page 6: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/6.jpg)
Exercise
What are examples of privacy in these spaces? Physical space Bodily space Data space Communication space
What other spaces can you think of?
![Page 7: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/7.jpg)
Privacy Spaces
Physical space: invasion, paparazzi, location (GPS)
Bodily space: medical consent, battery
Data space: identity, activity, status, records
Communication space: email, Internet privacy, correspondents, phone #, address,
stalking, harassment
Overlap in spaces (e.g., location)
![Page 8: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/8.jpg)
Need for Privacy/Anonymity
Planning/execution in competition Fundamental right – voting, celebrities Philosophical necessity (free will) Restarting when past can cripple Statutory requirements (HIPAA, FISMA) Liability issues – data release Freedom/survival in repressive environments Increasing pressure from technologies
![Page 9: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/9.jpg)
Privacy/Anonymity Threats
Available surveillance technology Identification technology Increasing use of databases Data mining Identity theft Increasing requirements for I&A Increasing governmental desire for surveillance
![Page 10: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/10.jpg)
Surveillance Facts
1.5 million CCTV cameras installed in UK post 911 – Londoner on camera ~300 times a day http://epic.org/privacy/surveillance/
Face recognition software used in Tampa for Superbowl
5000 public surveillance cameras known in DC Home and work zipcodes give identity in 5% of
cases in US http://33bits.org/tag/anonymity/
![Page 11: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/11.jpg)
Homework
Count number of video cameras you encounter all day for one day.
Record locations, submit when Canvas up. Tally total, share total with class Friday.
![Page 12: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/12.jpg)
Data Reidentification
Even ”scrubbed” data can be re-identified Characteristics within the data (e.g., word
usage in documents) Intersection attacks on k-anonymized database
set releases Use of known outside data in combination with
released data Data mining – higher dimensional space gives
greater specificity!
![Page 13: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/13.jpg)
Exercise
What are legitmate limitations on anonymity? Write down 1-2 of these Share with neighbor Share with class
![Page 14: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/14.jpg)
Limitations on Anonymity
Accountability Legal/criminal issues Social expectations Competing need for trust
Others?
![Page 15: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/15.jpg)
Forms of Anonymity
Traffic Analysis Prevention Sender, Recipient, Message Anonymity Voter Anonymity Pseudonymity Revokable anonymity Data anonymity
![Page 16: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/16.jpg)
Anonymity Mechanisms
Cryptography Steganography Traffic Analysis Prevention (TAP) Mixes, crowds Data sanitization/scrubbing k-anonymity
![Page 17: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/17.jpg)
Adversaries
Global vs. Restricted All links vs. some links All network nodes vs. some or no nodes
Passive vs. Active Passive – listen only Active – remove, modify, replay, or inject new
messages Cryptography Assumptions
All unencrypted contents are observable All encrypted contents are not, without key
![Page 18: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/18.jpg)
Public Key Cryptography
Two keys, K and K-1, associated with entity A K is public key, K-1 is private key Keys are inverses: {{M}K}K-1 = {{M}K-1}K = M For message M, ciphertext C = {M}K
Anyone can send A ciphertext using K Only A has K-1 so only A can decrypt C
For message M, signature S = {M}K-1
Anyone can verify M,S using K Only A can sign with K-1
![Page 19: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/19.jpg)
Details we omit
Limit on size of M, based on size of K Need to format M to avoid attacks on PKC Use confounder to foil guessed ptxt attacks Typical use of one-way hash H to distill large M
to reasonable size for signing Typical use of PKC to distribute symmetric key
for actual encryption/decryption of larger messages
See http://www.rsa.com/rsalabs/ for standards
![Page 20: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/20.jpg)
Chaum – Untraceable Mail
Wish to receive email anonymously, but Be able to link new messages with past ones Respond to the sender
Do not trust single authority (e.g., Paypal) Underlying message delivery system is
untrusted Global active adversary
![Page 21: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/21.jpg)
Chaum Mix 1
Mix is like a special type of router/gateway It has its own public key pair, K
1 and K
1-1
Recipient A also has public key pair, Ka and K
a-1
Sender B prepends random confounder Ra to
message M, encrypts for A: Ca = {R
a|M}K
a
B then prepends confounder for mix to C and encrypts for mix: C
1 = {R
1|A|C
a}K
1
B sends C1 to mix, which later send C
a to A
![Page 22: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/22.jpg)
Chaum Mix 2
Mix simply decrypts and strips confounder from message to A
Incoming message and outgoing message do not appear related
Use padding to ensure same length (some technical details here)
Gather a batch of messages from different sources before sending them out in permuted order
![Page 23: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/23.jpg)
Chaum Mix
As long as messages are not repeated, adversary can't link an incoming message with an outgoing one (anonymous within the batch)
Mix can discard duplicate messages B can insert different confounder in repeats B can use timestamps – repeats look different
Mix signs message batchs, sends receipt to senders
This allows B to prove to A if a message was not forwarded
![Page 24: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/24.jpg)
Cascading Mixes 1
If one mix is good, lots of mixes are better! B prepares M for A by selecting sequence of
mixes, 1, 2, 3, … , n. Message for A is prepared for Mix 1 Message for Mix 1 is prepared for Mix 2 … Message for Mix n-1 is prepared for Mix n Layered message is sent to Mix n
Each mix removes its confounder, obtains address of next mix (or A), and forwards when batch is sent in permuted order
![Page 25: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/25.jpg)
Cascading Mixes 2
Mix in cascade that fails to forward a message can be detected as before (the preceding mix gets the signed receipt)
Any mix in cascade that is not compromised can provide unlinkability
This gets us anonymous message delivery, but does not allow return messages
![Page 26: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/26.jpg)
Return Addresses 1
B generates a public key Kb for the message
B seals its true address and another key K using the mix's key K
1: RetAddr = {K,B}K
1, K
b
A sends reply M to mix along with return address: Reply = {K,B}K
1, {R
0|M}K
b
Mix decrypts address and key, uses key K to re-encrypt reply: {{R
0|M}K
b}K and send to B
![Page 27: Anonymity - Background Prof. Newman, instructor CSE-E346 352-505-1579 (don’t leave message) Office Hours (tentative): 10-noon TR nemo@cise.ufl.edu - subject:](https://reader036.vdocuments.net/reader036/viewer/2022062517/56649ebc5503460f94bc453c/html5/thumbnails/27.jpg)
Return Addresses 2
B must generate a new return address for each message (K and K
b) so there are no duplicates
Mix must remove duplicates if found Symmetric cryptography may be used for both
K and Kb here (but not for mix key!)
Can cascade return messages by building the return address in reverse order, then peeling off layers as the reply is forwarded (and encrypted) along the return path