Post on 20-Dec-2015
Privacy on the Web
Gertzman Lora
Krakov Lena
Why privacy?• Privacy is the number one consumer issue
facing the internet.
• An eavesdropper (server, service provider or a private person) can reveal surfer’s identity, profile etc.
• The computer security community has concentrated on improving user privacy by hiding his identifiable tracks on the WEB, thus assuring his anonymity while surfing.
Anonymity as a solution
Rough definition: A communicates
anonymously with B, if B doesn’t know A’s
identity, and if A’s and B’s communication
can’t be linked together by someone who has
an overview on the global network.
Sometimes B is allowed to know A’s identity,
but both sides want to hide their
communication from outsiders.
Anonymity properties
1. Anonymity type (sender / receiver anonymity)
2. Adversaries (web server, eavesdropper)
3. Degree of anonymity (ranges from absolute privacy to provably exposed)
Anonymity as a solution (cont.)
• Disadvantage: can be misused by criminals or people with malicious intentions (spam e-mail, money laundering).
• Providing anonymity on the internet isn’t trivial.
• We’ll present 4 solutions: • Anonymizer
• Crowds
• Onion Routing
• The new privacy model
Anonymizer
• Popular tool for anonymizing web communication.
• Web site that serves as a mediator between the client and the server.
• Used as web proxy, that strips identifying data and forwards the request.
• Similar mechanism is the LPWA (Lucent Personalized Web Assistant)
How anonymizer works
• User requests URL via the browser.
• The request sent to the anonymizer.
• Anonymizer submits the URL to end server.
• Server replies to anonymizer.
• Anonymizer sends the response to the user.
Advantages & disadvantages
Advantages:
• Simple.
• Doesn’t need wide bandwidth.
• Quick.
Disadvantages:
• The sender- anonymizer link isn’t secure.
• The user must trust the anonymizer.
Crowds
• An innovative way to become an invisible user is simply to get lost in the crowds. After all, anonymity loves company.
• This is an anonymity agent developed by AT&T labs.
• The goal: anonymous browsing, so that user data and retrieved info are hidden from web servers and other parties.
How crowds works
• Collecting web users into geographically diverse group called “crowd”.
• User represented by a process on his local machine called “jondo”.
• The jondo engages in a protocol to join the crowd and exchanging data with the other members.
• Now jondo can employ the crowd to issue requests to web servers.
How crowds works (cont.)
• User requests URL via the browser.
• The HTTP request being sent to the jondo.
• Jondo randomly chooses another crowd member and sends the request to him.
• The new member chooses to forward or to submit the request (pf>0.5), creating “path”.
• The request is submitted to the end server.
• The answer is sent along the same path.
How crowds works (cont.)
• Subsequent requests initiated by the same jondo follow the same path, even if they have different destinations.
• Each jondo knows his predecessor and successor.
• Path is changed only when jondo fails or a new jondo joins the crowd.
• All communication between jondos is encrypted, by key shared between them.
Advantages & disadvantages
Advantages:• End server obtains
no data about the request initiator.
• Each crowd member is probably innocent.
• The jondos on the path don’t know the initiator
Disadvantages:• Message content isn’t protected.• Increasing retrieval time & bandwidth.
• Mobile code allows to circumvent crowds.• Submitting jondo’s IP may be recorded by the end server.
Onion Routing
• It’s an infrastructure for private communication over public network.
• Provides anonymous connection that are strongly resistant to eavesdropping and traffic analysis.
• An onion is a layered data structure, treated by onion routers.
• Users submit layered encrypted data and at each pass through each onion router one layer is removed.
How onion routing works
• The network consists of a number of onion routers and is accessed via series of proxies.
• Data is sent by the user through a path of onion routers, determined by an onion.
• The onion is encrypted with the public key of the onion router to which it is sent. It contains the next hop info, key seed material and embedded onion.
How onion routing works (cont.)
• Data movement from an initiating client to responding server:
Client Data stream Server
How onion routing works (cont.)
Four phases in an onion routing system:1. Network setup (establishes connections
between OR).2. Connection setup (establishes anonymous
connections through the OR network).3. Data movement over an anonymous
connection.4. Destruction and cleanup of anonymous
connection.
How onion routing works (cont.)
Advantages & disadvantagesAdvantages:• Independent from
the actual application.
• Resistant to both eavesdropping and traffic analysis.
• Almost real time.
Disadvantages:
•Sender-first OR and last OR-receiver not anonymity protected.
•Limits traffic delay and therefore limits OR mixing properties.
•Connection bandwidth
A new privacy model
• This model was developed in BG University(2002).
• Designed for preserving users’ privacy while allowing them to identify themselves.
• Based on generation of faked transactions.
• Researchers are still planning to evaluate the effectiveness of the model.
A new privacy model(cont.)
• A User Transaction- an access to a web page from the user computer.
• Internal user profile (IUP)- constructed inside the user’s computer and based on the content of pages the user accesses.
• External user profile (EUP)- based on the data flowing from the Web to the user’s computer.
In this model the EUP is different from IUP.
A new privacy model(cont.)
• The new model uses vector space model based on the representation of documents and profiles by a vector of significant weighted terms.
d=(w1,w2,…,wn)
wi- weight of term i in document d.
A new privacy model(cont.)
• A new document(candidate) is considered relevant to user if the vector d is similar to the user profile.
• Cosine measure: the cos of the angle between two vectors
How the new model works
Three main components:
1. Browser Monitor
2. Transaction Generator
3. Profile Meter
back
Browser Monitor
• Input - user transactions• Output - vector of weighted terms for each
trans’ result sent to the Profile Meter. - trigger to Transaction Generator.• Functionality- while the user is surfing the
Web, BM generates a vector of weighted terms, , at time stamp . The trigger that sent indicates a completion of user’s trans’.
VU
tU t
U
To figure
Transaction Generator
• Input - a trigger from the Browser Monitor
- set of terms from an internal DB
- IUP from the Profile Meter
- faked transaction results(Web pages)
• Output- vector of weighted terms for each faked trans’ sent to the Profile Meter.
To figure
Transaction Generator(cont.)
• Functionality - constructs the “faked trans’ query string”.- randomly accesses selected pages from results
to the query.- generates faked trans’. User calibrates the
average number of faked trans’ per user trans’- .
- builds a vector of term weights for each of faked trans’, , at time stamp .
T r
VT
tT t
T
To figure
Profile Meter
• Input - vector , from the BM
- vector , from the TG
- parameters , from the user
• Output - IUP to TG
- current degree of privacy of the user
VT
tT
VU
tU
T r rP
To figure
Profile Meter(cont.)
• Functionality
- generates the IUP ( )
- generates the FUP( ), faked trans’ profile at time stamp :
- generates the EUP(t), combining IUP and FUP into one vector
- computes the Privacy Measure
tU
tT
tT
To PM figure
Computing the Privacy Measure
• Whenever the IUP or the EUP changes, PM computes the similarity between the profiles by finding the cos of the angle between the vectors:
The Profile Meter tasks
back
Advantages & disadvantages
Advantages:
•Enables the user to identify himself while preserving his privacy
•Enables the user to calibrate him privacy
Disadvantages:
•Communication bandwidth towards the Internet
•Works around MS Internet Explorer only
Prototype System
• The system consists of a smart agent installed in the user computer
• The system is built around the MS Internet Explorer
• The Transaction Generator and the Profile Meter are written using Borland C++ Builder
Future Research
• The effect of different values of on similarity
• The effect of different values of on system performance
T r
rP
The End