Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing...
20
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/u 1 Visualizing Privacy II Visualizing Privacy II March 9, 2006 Janice Tsai
-
Upload
adrian-peters -
Category
Documents
-
view
223 -
download
2
Transcript of Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing...
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/1
Visualizing Privacy IIVisualizing Privacy II
March 9, 2006
Janice Tsai
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/2
OutlineOutlineVisualizing privacy
• Anonymity• Levels of Anonymity•Usability• Building a Successful Anonymity Network•Wireless Privacy
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/3
AnonymityAnonymityDefinition: The state of not being identifiable
in the anonymity set (the crowd).
Purpose:• Protects user identity• Actions may be observed, but not linked back to the originator
• Achieve privacy goals
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/4
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/5
Levels of AnonymityLevels of AnonymityNymity - amount of information
revealed•Verinymity•Pseudonymity•Linkable Anonymity•Unlinkable Anonymity
Examples of Each?
I. Goldberg. A pseudonymous communications infrastructure for the
internet. PhD thesis, University of California Berkeley, 2000.
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/6
Anonymity ToolsAnonymity Tools Proxy Services (Anonymizer.com)
E-mail Remailers
Type 0: anon.penet.fi
Type I: Cypherpunks Remailers
Type II: MixMaster
Type III: MixMinion
Nymservers
Mix Networks
Onion Routing
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/7
Attacks on Anonymity NetworksAttacks on Anonymity NetworksSome Simple Attacks on Anonymity
• Single Points of Failure•Central Location Database• Traffic Analysis
Message Length Timing Attacks
•Others?
Legal Attacks
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/8
Usability for SecurityUsability for SecuritySecurity involves collaboration
Usability risks• Insecure modes of operation•Optional• Inconvenient•Confusing
Badly labeled interface Too many options False sense of security
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/9
Usability for AnonymityUsability for AnonymityAnonymity involves collaboration
Anonymity networks•Distributed Trust Infrastructure
Independently controlled nodes Path of traffic is called a circuit
• Two Classes of Networks High-Latency
– Resist strong attacks– Tradeoff: Slow
Low-Latency– Fast(er)– Tradeoff: Susceptible to strong attacks
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/10
Usability for AnonymityUsability for AnonymityGoal: To solicit as many users as possible
Purpose: Create “cover traffic”
Solution: Normalization•Design default configurations to be secure and
convenient.•Make it easy to use, but to use properly!
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/11
Building a Successful NetworkBuilding a Successful NetworkChallenges
• Starting up (Bootstrapping)• Attract low-end users •Create an aura of perceived usability•Create a Positive Public Perception•Diversity of user-base - Reputability
Lack of Reputability•Reduces sustainability• Attracts attackers
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/12
ExamplesExamplesMixminion and MIME
• Anonymous email network•MIME: Multipurpose Internet Mail Extensions
Flexibility of MIME makes it easy to distinguish originating email system.
•Weakness: Susceptible to Traffic Analysis Constricts users of certain email program
• Solution: Normalized as much as possible Warn users about email program information
leakage
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/13
Mixminion•Quick Glance: http://mixminion.net/ • First impression?
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/14
Java Anon Proxy (JAP)• Anonymous web browsing network• Allows users to choose entrance and exit node
locations.
JAP Class Feedbackhttp://anon.inf.tu-dresden.de/index_en.html
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/15
Wireless PrivacyWireless PrivacyNon-encrypted communications easily
intercepted
Information intercepted:•Web searches (i.e. Google, MSN, Yahoo!)• Instant Messenger• Email•Online postings (Google Groups, Yahoo
Groups)
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/16
Peripheral Notification StudyPeripheral Notification StudyObjective:
• Inform users about personal information leakage on the wireless network using a peripheral display.
Experiment: Capture traffic on CMU wireless network•Display high frequency “snippets”•Use a consistent font/text per person•Display word immediately • Protect the privacy of the user
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/17
Methods: • Selected a non-CS or engineering graduate
workspace for the peripheral display.• Solicit participant from that workspace. •Displayed privacy notifications for a week.
Results:• IM/Network usage did not change significantly.• Several participants did become more self-
conscious.
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/18
Mental Models:• Peripheral display = capture of IM words.
•How could you better convey the problems, risk, and solutions?
Discuss for 15 minutes in your groups.
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/19
Tools• Instant Messaging
OTR (Off The Record Messaging)
http://www.cypherpunks.ca/otr/
•Google Mail Use HTTPS instead of HTTP. https://mail.google.com/mail
•General Web Traffic VPN (Virtual Private Networking)
http://www.cmu.edu/computing/documentation/VPN/index.html
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/20
Visualization of PrivacyVisualization of PrivacyWhat symbols indicate “Privacy”?
