ACM Workshop on Privacy in the Electronic Society 4 November 2013 Henry CorriganGibbs Stanford Bryan Ford Yale New Anonymity Systems Have a ChickenandEgg Problem Few users Small anonymity sets ID: 246685
Download Presentation The PPT/PDF document "Conscript Your Friends into Larger Anony..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Conscript Your Friends into Larger Anonymity Sets with JavaScript
ACM Workshop on Privacy in the Electronic Society4 November 2013
Henry Corrigan-Gibbs
Stanford
Bryan Ford
YaleSlide2
New Anonymity Systems Have a “Chicken-and-Egg” Problem
Few users
Small anonymity setsSlide3Slide4Slide5
Emacs
rulz!!
Overthrow the regime!!
Start the revolution!!
Adversary could just arrest all three participantsSlide6Slide7
Overthrow the regime!!
Start the revolution!!
Emacs
rulz
!!
??Slide8
Idea
“Conscript” casual Internet users into an anonymity system using JavaScriptCasual users submit null messagesSavvy users use a browser plug-in to swap out the null messages with real onesCompatible with a number of existing anonymity systemsSlide9
Outline
MotivationArchitectureAttacks and DefensesEvaluationSlide10
000
GET /
index.html
<html><script>...
E
1
(E
2
(E
3
(000)))
Using a
randomized
encryption schemeSlide11
GET /
index.html
<html><script>...
Plugin
m
E
1
(E
2
(E
3
(
m
)))
E
1
(E
2
(E
3
(000)))
m
000Slide12
The Adversary SeesSlide13
The Adversary SeesSlide14
The Adversary Sees
Start the revolution
!
00000000Slide15
Security Property
IF Casual users’ messages indistinguishable from savvy users’ messagesTHEN Conscripting increases the size of the savvy users’ anonymity set
≈
Casual
SavvySlide16
Compatible Anonymity Systems
Monotonic anonymity set sizePossible to simulate traffic streamsEasy to identify malformed messagesYes: Timed mix cascade, verifiable shuffles, remailers (maybe
),
verifiable
DC-
netsNo: Tor, batching mix netSlide17
The ConScript Script
E.g., for a mix-netThe JavaScript application sendsRSA encryption routines, server public keys, andcode to POST ciphertext to mix-server.Mix servers uses
Access-Control-Allow-Origin
headerSlide18
Outline
MotivationArchitectureAttacks and DefensesEvaluationSlide19
Web server can serve malicious JavaScript
User can submit incorrect messages
Vulnerabilities of the underlying anonymity system
ThreatsSlide20
JavaScript Attack
Plugin
Plugin only swaps
out
msg
if scripts
match exactlySlide21
More Attacks
Side-channel attackSelective DoS attack (“trickle attack”)Distribution point monitoringWho downloads the plug-in?User-counting attack[…]
Even if adversary can distinguish:
Anonymity provided ≥ | Savvy users |Slide22
Outline
MotivationArchitectureAttacks and DefensesEvaluationSlide23
Proof-of-Concept Evaluation
Device
Mix-net
Verifiable
DC-net
Workstation
81
156
Laptop
133
231
iPhone 4
9
009
62 973
Milestone
–
63 504
Time (
ms
) to generate a dummy message on different devices.
OpenPGP.js
for RSA encryption, SJCL for ECC.Slide24
Related Work
AdLeaks [Roth et al., FC‘13]Similar idea: JS for dummy messagesWorks with one particular anonymity systemVulnerable to active attacks by browsers
FlashProxy
[
Fifield et al., PETS‘12]
Use JavaScript to “conscript” browsers into acting as Tor bridgesBauer [WPES ‘03]Covert channel between
mix serversSlide25
Conclusion
Conscripted anonymity is one possible way to address the chicken-and-egg problem in online anonymityOngoing work on in-browser crypto could have benefits for anonymity systems tooe.g., W3C Crypto API standardSlide26
Questions?
Henry Corrigan-Gibbshenrycg@stanford.edu
Thanks to David
Fifield
and
David Wolinsky for their comments.Slide27