Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the...
-
Upload
byron-barten -
Category
Documents
-
view
218 -
download
0
Transcript of Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the...
![Page 1: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/1.jpg)
Conscript Your Friends into Larger Anonymity Sets with JavaScript
ACM Workshop on Privacy in the Electronic Society4 November 2013
Henry Corrigan-GibbsStanford
Bryan FordYale
![Page 2: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/2.jpg)
New Anonymity Systems Have a “Chicken-and-Egg” Problem
Few users
Small anonymity
sets
![Page 3: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/3.jpg)
![Page 4: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/4.jpg)
![Page 5: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/5.jpg)
Emacs rulz!!
Overthrow the regime!!
Start the revolution!!
Adversary could just arrest all three participants
![Page 6: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/6.jpg)
![Page 7: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/7.jpg)
Overthrow the regime!!
Start the revolution!!
Emacs rulz!!
??
![Page 8: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/8.jpg)
Idea
• “Conscript” casual Internet users into an anonymity system using JavaScript– Casual users submit null messages– Savvy users use a browser plug-in to swap
out the null messages with real ones
• Compatible with a number of existing anonymity systems
![Page 9: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/9.jpg)
Outline
• Motivation• Architecture• Attacks and Defenses• Evaluation
![Page 10: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/10.jpg)
000
GET /index.html
<html><script>...
E1(E2(E3(000)))
Using a randomized encryption scheme
![Page 11: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/11.jpg)
GET /index.html
<html><script>...
Plugin
m
E1(E2(E3(m)))
E1(E2(E3(000)))
m
000
![Page 12: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/12.jpg)
The Adversary Sees
![Page 13: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/13.jpg)
The Adversary Sees
![Page 14: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/14.jpg)
The Adversary Sees
Start the revolution
!
00000000
![Page 15: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/15.jpg)
Security Property
IF Casual users’ messages indistinguishable
from savvy users’ messages
THEN Conscripting increases the size of the savvy users’ anonymity set
≈Casual Savvy
![Page 16: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/16.jpg)
Compatible Anonymity Systems
1. Monotonic anonymity set size
2. Possible to simulate traffic streams
3. Easy to identify malformed messages
Yes: Timed mix cascade, verifiable shuffles, remailers (maybe), verifiable DC-nets
No: Tor, batching mix net
![Page 17: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/17.jpg)
The ConScript Script
E.g., for a mix-net• The JavaScript application sends
– RSA encryption routines, – server public keys, and– code to POST ciphertext to mix-server.
• Mix servers usesAccess-Control-Allow-Origin
header
![Page 18: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/18.jpg)
Outline
• Motivation• Architecture• Attacks and Defenses• Evaluation
![Page 19: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/19.jpg)
Web server can serve malicious JavaScript
User can submit incorrect messages
Vulnerabilities of the underlying anonymity
system
Threats
![Page 20: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/20.jpg)
JavaScript Attack
Plugin
Plugin only swaps out msg if scripts
match exactly
![Page 21: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/21.jpg)
More Attacks
• Side-channel attack• Selective DoS attack (“trickle attack”)• Distribution point monitoring
– Who downloads the plug-in?
• User-counting attack• […]
Even if adversary can distinguish:Anonymity provided ≥ | Savvy users |
![Page 22: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/22.jpg)
Outline
• Motivation• Architecture• Attacks and Defenses• Evaluation
![Page 23: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/23.jpg)
Proof-of-Concept Evaluation
Device Mix-netVerifiable
DC-netWorkstation 81 156
Laptop 133 231
iPhone 4 9 009 62 973
Milestone – 63 504
Time (ms) to generate a dummy message on different devices. OpenPGP.js for RSA encryption, SJCL for ECC.
![Page 24: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/24.jpg)
Related Work
• AdLeaks [Roth et al., FC‘13]
– Similar idea: JS for dummy messages– Works with one particular anonymity system– Vulnerable to active attacks by browsers
• FlashProxy [Fifield et al., PETS‘12]
– Use JavaScript to “conscript” browsers into acting as Tor bridges
• Bauer [WPES ‘03]
– Covert channel between mix servers
![Page 25: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/25.jpg)
Conclusion
• Conscripted anonymity is one possible way to address the chicken-and-egg problem in online anonymity
• Ongoing work on in-browser crypto could have benefits for anonymity systems too– e.g., W3C Crypto API standard
![Page 26: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/26.jpg)
Questions?
Henry Corrigan-Gibbs
Thanks to David Fifield and David Wolinsky for their comments.
![Page 27: Conscript Your Friends into Larger Anonymity Sets with JavaScript ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry Corrigan-Gibbs.](https://reader035.fdocuments.in/reader035/viewer/2022062417/551764d45503460e6e8b4b72/html5/thumbnails/27.jpg)