hang with your buddies to resist intersection attacks david wolinsky, ewa syta, bryan ford yale...
TRANSCRIPT
![Page 1: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/1.jpg)
Hang with Your Buddies to Resist Intersection Attacks
David Wolinsky, Ewa Syta, Bryan FordYale University
![Page 2: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/2.jpg)
Need for Anonymity
Nofunistan
Meet Tuesday at 7 PM in the park for
pizza and beer!
Hahaha! Got you! No fun for you!!!
![Page 3: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/3.jpg)
Need for Anonymity
Funland
Meet Tuesday at 7 PM in the park for
pizza and beer!
Nofunistan
![Page 4: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/4.jpg)
Need for Anonymity
![Page 5: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/5.jpg)
Need for Anonymity
Hahaha! Got you! No fun for you!!!
Funland
Meet Tuesday at 7 PM in the park for
pizza and beer!
Nofunistan
![Page 6: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/6.jpg)
Need for Anonymity
They Know What You're Shopping For'You're looking at the premium package, right?' Companies today are increasingly tying people's real-life identities to their online browsing habits.
![Page 7: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/7.jpg)
Anonymity in Action
Funland
Meet Tuesday at 7 PM in the park for
pizza and beer!
Anonymizer
You win this time!
Nofunistan
![Page 8: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/8.jpg)
Attacks Against Anonymity
![Page 9: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/9.jpg)
The Intersection AttackMeet Tuesday at 7 PM in the park for
pizza and beer!
AnonymizerXX
X
X X
![Page 10: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/10.jpg)
The Intersection AttackMeet Tuesday at 7 PM in the park for
pizza and beer!
AnonymizerXX
X
X X
XX
X
XXMeet Friday at 7
PM in the park for pizza and beer!
U
![Page 11: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/11.jpg)
The Intersection AttackMeet Tuesday at 7 PM in the park for
pizza and beer!
AnonymizerXX
X
X X
XX
X
XXMeet Friday at 7
PM in the park for pizza and beer!
X
X
XX
X
XX
Meet Monday at 7 PM in the park for
pizza and beer!
But I got you this time!
=
UU
![Page 12: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/12.jpg)
Buddies Overview• Buddies Goal: Prevent intersection attacks given a
global, active adversary
![Page 13: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/13.jpg)
Buddies Overview• Buddies Goal: Prevent intersection attacks given a
global, active adversary• Insight: Indistinguishable behavior among a k-set of
users or “buddies” – a buddy set
![Page 14: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/14.jpg)
Buddies Overview• Buddies Goal: Prevent intersection attacks given a
global, active adversary• Insight: Indistinguishable behavior among a k-set of
users or “buddies” – a buddy set• Similar concept to k-anonymity
• Our contributions• First design to resist intersection attacks in practical
anonymity system• Two metrics to measure anonymity: possinymity and
indinymity• Implemented in Dissent
![Page 15: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/15.jpg)
Organization•Motivation• The Buddies Insight• Buddies Design• Buddies in Practice• Conclusions
![Page 16: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/16.jpg)
PossinymityMeet Tuesday at 7 PM in the park for
pizza and beer!
Anonymizer
X X X
X
X
XXX X• No message, no change in status• Message, change in status• Too few users, no message• No protection from statistical disclosure
I’ll get you yet!
Possinymity is the set of users who possibly
own a pseudonym!
![Page 17: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/17.jpg)
Limitations of Possinymity
![Page 18: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/18.jpg)
Statistical DisclosureMeet Tuesday at 7 PM in the park for
pizza and beer!
AnonymizerMeet Friday at 7
PM in the park for pizza and beer!
Meet Monday at 7 PM in the park for
pizza and beer!
• No message, no change in status• Message, change in status• Too few users, no message• No protection from statistical disclosure
One week later…A few moments later…
Ahh… I think it’s you!
![Page 19: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/19.jpg)
Example Statistical Disclosure Adversary
Not very anonymous
Seems anonymous
Measured possinymity
Effective anonymity
![Page 20: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/20.jpg)
A Greater Challenge• Possinymity provides plausible deniability• May be sufficient as a legal defense• May be insufficient in Nofunistan• Conclusion: Anonymity sets alone are not
sufficient for buddies• Next step: Indistinguishability!
![Page 21: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/21.jpg)
IndinymityMeet Tuesday at 7 PM in the park for
pizza and beer!
AnonymizerMeet Friday at 7
PM in the park for pizza and beer!
Meet Monday at 7 PM in the park for
pizza and beer!
• One member goes offline, others follow – buddy set• All buddies in a set must be online for any to post
One week later…A few moments later…
I have my doubts…
![Page 22: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/22.jpg)
Organization•Motivation• The Buddies Insight• Buddies Design• Buddies in Practice• Conclusions
![Page 23: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/23.jpg)
Buddies Bird’s Eye ViewMeet Tuesday at 7 PM in the park for
pizza and beer!
AnonymizerMeet Friday at 7
PM in the park for pizza and beer!
Meet Monday at 7 PM in the park for
pizza and beer!
• Knows online state of all members• Implements a global passive adversary• Filters online buddies in sets with offline users
Policy Oracle
![Page 24: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/24.jpg)
Buddies Design Summary
![Page 25: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/25.jpg)
Putting It Together
Anonymizer
• Registration – Attempt to be Sybil resistant• Pseudonyms• Linkable communication from a single user• Distributed independently
![Page 26: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/26.jpg)
Putting It Together
Anonymizer
• Scheduling – Anonymizer announces which pseudonym(s) will post
![Page 27: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/27.jpg)
Putting It Together
Anonymizer
• Scheduling – Anonymizer announces which pseudonym(s) will post
![Page 28: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/28.jpg)
Putting It Together
Anonymizer
• Users post a ciphertext for each pseudonym• Pseudonym Owner posts nothing or a real message• Others post cover traffic
User ciphertexts
Pseu
dony
ms
![Page 29: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/29.jpg)
Putting It TogetherPolicy Oracle
Anonymizer
User ciphertexts
• Anonymizer shares online state with Policy Oracle• Policy Oracle tells Anonymizer which members’
ciphertext to ignore on a per-pseudonym basis
Pseu
dony
ms
![Page 30: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/30.jpg)
Putting It TogetherPolicy Oracle
Anonymizer
User ciphertexts
• Anonymizer reveals cleartext from remaining posts• Not every scheduled pseudonym posts• Owner may be offline, filtered, or have nothing to say
Pseu
dony
ms
I like fish sticks!
All hail Boring Bob!
Meet Monday at 7 PM in the park for
pizza and beer!
![Page 31: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/31.jpg)
Policy Oracle – Challenges• Forming buddy sets• Before we start?• When a user goes offline• After a user has been offline for a while
• Organizing buddy sets• By user sign-on time• User historical online / offline time• Random
• Setting buddy set size
![Page 32: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/32.jpg)
Static Buddy Sets
1 1 1 1 2 2 2 2 3 3 3 3
• Static policies assign buddy sets before first transmission (T0)• Unable to adjust to unpredictable nature of users
…
Tim
e
User Ciphertexts
1 1 1 1 2 2 2 2 3 3 3 3
Owner
T0
T1
T2
Cleartext output
1 1 1 1 2 2 2 2 3 3 3 3
1 1 1 1 2 2 2 2 3 3 3 3Ti
![Page 33: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/33.jpg)
Dynamic Buddy Sets
1 1 1 1 1 1 1 1 1 1 1 1
• Dynamic policy places all buddies into a single set• Makes sets as client behavior changes• Able to provide better utility as an owner is more
likely to be kept online
…
Tim
e
User Ciphertexts
1 1 1 2 2 1 1 1 2 1 1 1
Owner
T0
T1
T2
Cleartext output
3 1 1 2 2 1 1 1 2 1 1 2
3 3 3 2 2 3 1 1 2 1 1 2Ti
1 1 1 2 2 1 1 1 2 1 1 23 3 3 2 2 3 1 1 2 1 1 2
![Page 34: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/34.jpg)
Organization•Motivation• The Buddies Insight• Buddies Design• Buddies in Practice• Conclusions
![Page 35: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/35.jpg)
Buddies in Practice• Anonymizer – Dissent• Scalable Group Anonymous Communication• Dissent – Corrigan-Gibbs CCS’10• Scalable Dissent – Wolinsky OSDI’12
• Policy Oracle• Simulator – Python• Extension to Dissent – C++
![Page 36: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/36.jpg)
Experimental Dataset
Unreliable users
Reliable Users
Dataset info:• EFnet IRC #football channel• 1 Month continuous monitoring• 1207 total users, 300 users online most of the time
sort
ed b
y on
line
time
![Page 37: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/37.jpg)
Buddy set size
Maintains decent anonymity
Indinymity in Practice
• Effective anonymity (likelihood) Buddy set size
![Page 38: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/38.jpg)
Indinymity in Practice
• Effective anonymity (likelihood) Buddy set size• Larger buddy set size, more effective anonymity
Good anonymity
Great anonymity
Poor anonymity
![Page 39: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/39.jpg)
Indinymity in Practice
• Effective anonymity (likelihood) Buddy set size• Larger buddy set size, more effective anonymity• Larger buddy set size, less usable lifetime
Nearly perfect
Not so useful
Decent
![Page 40: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/40.jpg)
Organization•Motivation• The Buddies Insight• Buddies Design• Buddies in Practice• Conclusions
![Page 41: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/41.jpg)
Related Work• K-Anonymity in Mix-Nets – Hopper ’06• K-Anonymity for cover traffic in Tarzan – Freedman ‘02• K-Anonymity for cover traffic in Aqua – Le Blond ‘13• Anonym-O-Meter in Java Anonymous Proxy (JAP)• Buddies provides users control over intersection
attacks through availability / anonymity trade-offs
![Page 42: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/42.jpg)
Conclusions• Buddies can resist the intersection attack!• Two new metrics for measuring anonymity• Implemented in Dissent
• Research into different buddy set policies necessary:• A short-term policy for quick, efficient web browsing• A long-term policy for short, infrequent posts• Optimizing usability and anonymity oppose each other
![Page 43: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/43.jpg)
Thanks, questions?Find out more at http://dedis.cs.yale.edu/dissent
![Page 44: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/44.jpg)
Adversary• Each user has a counter• Increment counter, , if user i online and no message
from nym j• Consider the situation where is the probability that
a user is online and not posting
• We call the likelihood user i owns nym j• Bigger likelihood is better!
![Page 45: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/45.jpg)
Creating Nyms• Each user provides a public key• Anonymizer re-encrypts keys and publishes• User produces re-encrypted private key• Anonymizer produces a nym (key-pair), randomly
selects a re-encrypted key, encrypts the private key and distributes the key-pair• Owner can decrypt and claim, anonymously
![Page 46: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/46.jpg)
The Anonymizer• Expectations• Resistant traffic analysis and timing attacks• Anytrust – protocol runs across a set of servers, a user
need only trust that one server is honest without knowing which one
• Not Tor – not resistant to traffic analysis / timing attacks• MIXes – Yes, if users transmit empty messages• DC-nets / Dissent – YES!
![Page 47: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/47.jpg)
Nofunistan Funland
Anonymizer
![Page 48: Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University](https://reader038.vdocument.in/reader038/viewer/2022110322/56649d1e5503460f949f1da5/html5/thumbnails/48.jpg)
Anonymity in Action
Nofunistan Funland
Meet Tuesday at 7 PM in the park for
pizza and beer!
Anonymizer
You win this time!