publius a robust, tamper evident, censorship resistant www based publishing system
DESCRIPTION
Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System. Lorrie Cranor AT&T Research. Aviel Rubin AT&T Research. Marc Waldman NYU – CS Dept. Publius. Pen name used by authors of Federalist Papers - PowerPoint PPT PresentationTRANSCRIPT
Publius A Robust, Tamper Evident,
Censorship Resistant WWW Based Publishing System
Marc WaldmanNYU – CS Dept.
Lorrie CranorAT&T Research
Aviel RubinAT&T Research
Publius Pen name used by authors of Federalist Papers Federalist Papers influential in convincing NY
state voters to ratify US constitution.
Publius Design Goals
Censorship Resistant Tamper Evident Source Anonymous Updateable Host Content Deniability Persistent Extensible Freely Available
Related Work
Connection Based Anonymity
Hide identity of requestor
Location or Author Based Anonymity
Hide identity of author or WWW server
Connection Based Anonymity Anonymizer
HTTP proxy
URL rewrite
Proxymate
Formerly LPWA
HTTP Proxy
Pseudonym generation
www.anonymizer.com
www.proxymate.com
Connection Based Anonymity
Onion RouterMix NetworkHTTP Proxy Developed
CrowdsHTTP request via CrowdDynamic Path generation
www.onion-router.net
www.research.att.com/projects/crowds
Connection Based Anonymity
Freedom
Similar to Onion Routing
Implemented at transport layer
Nym creation – allows multiple pseudonyms
Supports HTTP, NNTP, POP3, Telnet , etc.
http://www.freedom.net
Location Based Anonymity Rewebber (aka Janus) www.rewebber.de
Author & Connection Based ToolHTTP ProxyURL Rewrite using public key crypto
U=http://www.cs.nyu.edu/~waldman/publius.html
Ek (M)=Encrypt message M with public key k
http://www.rewebber.com/surf-encrypted/Ek(U)
Location Based Anonymity
Taz & Rewebber
Computers with public/private key pair
Each runs HTTP proxy server
Encryption similar to onion-routing
TAZ servers translate name.taz to address
Down server = document irretrievable
www.firstserver.com:100/STOPREADINGTHISANDPAYATTENTIONTOTHESPEAKER
Eternity Service
Ross Anderson (Univ. of Cambridge) Network of servers – resists DOS attacks Fee based Files cannot be removed or updated Digital Libraries
Eternity Systems
Usenet Eternity
Scaled Down Eternity System
Usenet is storage medium
Formatting using PGP, SHA1
Send to alt.anonymous.messages
Server caches and performs updates
Connect via WWW browser
Eternity Inspired Systems Freenet
“Adaptive Network”Local caching
Anonymous query, retrieval
IntermemorySelf-replicating persistant RAMDonate hard disk space
File Sharing Systems
Napster
Peer-to-peer file sharing
Peers can capture IP address or peer
Gnutella
Anonymous query
Peer to peer file transfer, IP capture
Publius Overview
Publius Content – Static content (HTML, images, PDF, etc) with desired properties.
Publishers – Post Publius content Servers – Host Publius content Retrievers – Browse Publius content
Publius Servers
whitehouse.gov
library.fr
publius.uk
www.redcross.org
www.nyu.edu
Publius Server Table
publius.uk
www.nyu.edu
library.fr
whitehouse.gov
www.redcross.org
Publish OperationD = Document To Publish K=Key
Shamir Secret Sharing
ShareShare11 ShareShare22 ShareShare33
K
ShareShare44
MD5 ( D . Sharei ) / Mod 5 = Index Into Server Table
Index 0 = www.redcross.org Index 3 = www.nyu.edu
Store D encrypted under K, and one Share on Server
Publish Overview Servers available to store content Encrypt document with secret key K Secret split key K into (m,k) shares (Shamir) Store encrypted document and share on m servers Form URL cryptographically tied to document Distribute URL – Publius URL http://!publius!/
1e6adsg673h0=hgj7889340=yareyoureadingthis=12asbnm8945
Retrieve Overview
Break apart URL to discover document locations
Retrieve encrypted document and share from k locations
Reassemble Key K from shares Decrypt retrieved document Check for tampering View in WWW browser
Retrieve Operationhttp://!publius!/MD5(D.Share1 )MD5 (D.Share2)…
http://!publius!/unReaDableUrL
Index = MD5(D.Share1) Mod Table_Size
From www.redcross.org Get Encrypted File, Share
Key = combine Shares
D = Decrypt File with Key
Tamper Check = MD5(D.Share1) = value in URL
Tradeoffs N = # servers with Content & Share K = # Shares needed to reconstruct the Key Higher N
Greater availability
Harder to censor Higher K
Decreased performance
Greater tamper protection
Possibly Easier To Censor
Update and Delete Operations Update – “update” file, MD5(password.IP)
Delete – MD5(password .IP)
Threats – Place update file on server Brute force to delete files
URL contains update bit - Don’t accept updates
Publish Option – No Delete or Update
Mutually Hyperlinked Content
Publish B, Modify A, Publish A
Publish B First – Invalid A LinkPublish A First – Invalid B Link
Problem: Content cryptographically tied to URL
Hyperlinked Content Solution
Publish A, B
Modify A, B
Republish A,B
Update A,B
Hyperlink
HyperlinkHyperlink
Update
Update
User Interface
InternetPublius Proxy
Browser Based GUI
http://!publius!/URL http://!publius!/PUBLISH
http://!publius!/UPDATE http://!publius!/DELETE
Store MIME type in first three bytes of fileSend correct Content-Type to browser
Threats & Limitations
• Share Deletion or Corruption • Update File Deletion or Corruption • Denial of Service Attacks
• Threats to Publisher Anonymity
• “Rubber-Hose Cryptanalysis”
Live Trial (8/7/2000)
• 3 Week Server Recruitment Period
• 100 Volunteers, Test Script distributed
• 53 successfully installed test script
• 44 successfully installed.
• Proxy - server version of client, 9 volunteers Must trust proxy – see file, password for Publish Sees URL for retrieve
• Over 550 client requests
Contributions & Availability
• Automatic Tamper Checking Mechanism
• Update / Delete Method
• Publishing Mutually Hyperlinked Content
• 1500 Lines of Perl
• Uses Crypto++ 3.2 – Crypto Library (C++)
Future Work
Remove dependence on server list
- URL encodes locations, tamper check Split content
- Krawczyk – Information Dispersal CPU payment scheme (Dwork, Naor) Automatic replication across servers
- Intermemory model