hotnets slides
Post on 08-Jun-2015
3.334 Views
Preview:
DESCRIPTION
TRANSCRIPT
Crypto-Book: An Architecture for Privacy Preserving Online Identities
John Maheswaran, David Isaac Wolinsky, Bryan Ford
HotNets ’13 (11/22/2013)
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Cross-site Authentication
Cross-site Authentication
Cross-site Authentication
Cross-site Authentication
Cross-site AuthenticationTr
acki
ng in
fo Tracking info
Tracking info
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Privacy and Security Concerns
Privacy and Security Concerns
Privacy and Security Concerns
Privacy and Security Concerns
Privacy and Security Concerns
Privacy and Security Concerns
Privacy and Security Concerns
Privacy and Security Concerns
Problem Summary• Increasingly use of cross-site authentication– OAuth, OpenID, Facebook/Twitter/Google+ login
• Use social network for online IDs– Convenient, easy to use
• Using these IDs brings privacy/tracking risks– Cross-site tracking, browsing history, actions across
different sites
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Goals
• Crypto-Book aims to– Allow users to use social network IDs– Provide better privacy between social network
and third party sides
Crypto-Book
Personally identifiable social networking ID
Crypto-Book
Personally identifiable social networking ID
Crypto-Book Layer
Personally identifiable social networking ID
Crypto-Book privacy preserving layer
Crypto-Book Layer
Personally identifiable social networking ID
Crypto-Book privacy preserving layer
Crypto-Book Layer
Personally identifiable social networking ID
Anonymized IDs – one pseudonym per site
Crypto-Book privacy preserving layer
Crypto-Book Layer
Crypto-Book privacy preserving layer
Crypto-Book Layer
Crypto-Book privacy preserving layer
Not linkable by Facebook, Crypto-Book or by third party sites
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Key Assignment
• Cross-site authentication often relies on OAuth/OpenID
• Crypto-Book fits into OAuth protocol to isolate third party site from social network– Protects cross-site privacy– Assigns key pairs to social network IDs
OAuth
OAuth
Give me a limited scope OAuth access token
OAuth
Give me a limited scope OAuth access token Issue me an OAuth
access token with requested scope
OAuth
Give me a limited scope OAuth access token Issue me an OAuth
access token with requested scope
OAuth
Give me a limited scope OAuth access token Issue me an OAuth
access token with requested scope
Key Assignment
• To use privacy preserving cryptographic techniques– have to assign public/private keypairs to users
• Cloud of key servers with split trust• Clients do not provide own key– Allows us to conscript users into anonymity sets
without their knowledge/permission
OAuth
Give me a limited scope OAuth access token Issue me an OAuth
access token with requested scope
OAuth
Crypto-Book Workflow
Crypto-Book Workflow
Crypto-Book Workflow
Crypto-Book Workflow
Crypto-Book Workflow
Crypto-Book Workflow
Crypto-Book Workflow
abuse resistant anonymous 1-to-1 mapping
Anytrust key servers• An anytrust cloud is:– a decentralized client/server network model– trust there is at least one honest server
• Anytrust cloud of key servers– assigns key pairs to each social network user– Run by various privacy advocates e.g. EFF
Anytrust key servers
Key Server
Key Server
Key Server
Anytrust key servers
Key Server
Key Server
Key Server
Anytrust key servers
Key Server
Key Server
Key Server
Anytrust key servers
Key Server
Key Server
Key Server
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Anonymity set conscription
Anonymity set conscription
Anonymity set conscription
Anonymity set conscription
Anonymity set conscription
Anonymity set conscription
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Balancing Anonymity with Accountability
• Need to balance:– Supporting free speech, free expression of opinion– Improving the quality of public discourse. By
allowing people to fully hide anonymously, they may do things they would not otherwise• e.g. Wikipedia sock-puppetry, vandalism
Balancing Anonymity with Accountability
• Solution needs to provide both– Anonymity– Accountability
• Wikipedia would like to allow users to remain anonymous, but are worried about vandalism– Users need to be anonymous yet accountable
Digital Signature
Digital Signature
Digital Signature
Digital Signature
Linkable Ring Signature (LRS)
Linkable Ring Signature (LRS)
Linkable Ring Signature (LRS)
Linkable Ring Signature (LRS)
Linkable Ring Signature (LRS)
• Created by member of a group of users (each have keys)
• Third party can verify:– Some member of the group signed something– If two signatures are by same member
• Third party cannot discover– Which specific user created the signature
Privacy Preserving Crypto Layer
• LRS has linkage tag– If a client generates two LRSs, they will have the
same linkage tag– Means LRSs can be linked across time
• Linkage tag provides accountability– 1-to-1 mapping between Facebook users and
anonymized identities
Crypto-Book Summary
Crypto-Book Summary
abuse resistant anonymous 1-to-1 mapping
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution – Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Talk Overview
• The problem– Cross-site Authentication– Social network privacy concerns
• Solution – Overview– Key assignment– Conscripting an anonymity set– Anonymous login
• Conclusions and future work
Future Work
• Provide OAuth/OpenID API– Integration with more third party sites
• Deploy Crypto-Book key servers at various host institutions
• Abuse resistant way of using anonymous systems such as Tor
• Investigation of anonymity set selection
Conclusion
• Crypto-Book provides privacy preserving online identities – anonymous – abuse resistant
• www.crypto-book.com– Demo video– More info, SOSP’13 poster, more talk slides– Link to source code on GitHub
top related