CS721 – Privacy at the communication layer

Slides

27 Feb Introduction (slides)

* David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2),  1981.
* Andrei Serjantov and George Danezis. Towards an Information Theoretic Metric for Anonymity. Privacy Enhancing Technologies Workshop (PET 2002).
* Claudia Diaz, Stefaan Seys, Joris Claessens, and Bart Preneel.  Towards measuring anonymity. Privacy Enhancing Technologies Workshop (PET 2002).
* Michael Backes, Aniket Kate, Praveen Manoharan, Sebastian Meiser, Esfandiar MohammadiAnoA: A Framework for Analyzing. Anonymous Communication Protocols. Computer Security Foundations Symposium 2013.

6 March Tor – hidden services – finding bridges (slides)
13 March Crowds – predecessor attack, optimality of Crowds (slides)
20 March DC Nets – collisions, anonymity computation, predecessor attack (slides)
27 March Traffic analysis – mixing strategies, dummy traffic design, attacks in current systems (slides)
10 April Salsa – finding nodes without a centralized service (slides)
17 April Telex – decoy routing (slides)
24 April Parrot – Mimicking approaches to fool censorship (slides)
1 May Obfuscation – importance of false positives, ScrambleSuit – randomizing flows (slides)

Papers to read (* complementary reads)

6 March Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The Second-Generation Onion Router. In the Proceedings of the 13th USENIX Security Symposium, 2004.

* Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization IEEE Symposium on Security and Privacy (S&P 2013).
* Nikita Borisov, George Danezis, Prateek Mittal, and Parisa Tabriz. Denial of Service or Denial of Security? How Attacks on Reliability can Compromise Anonymity.
ACM Conference on Computer and Communications Security (CCS 2007).
* Rainer Böhme, George Danezis, Claudia Díaz, Stefan Köpsell, Andreas Pfitzmann. On the PET workshop panel “mix cascades versus peer-to-peer: is one concept superior?”.
4th international Workshop on Privacy Enhancing Technologies (PET 2004).
* Lasse Overlier and Paul Syverson. Locating Hidden ServersIEEE Symposium on Security and Privacy (S&P 2006).

13 March Michael Reiter and Aviel Rubin. Crowds: Anonymity for Web Transactions. In ACM Transactions on Information and System Security 1(1), 1998.

* George Danezis, Claudia Díaz, Emilia Käsper, and Carmela Troncoso. The Wisdom of Crowds: Attacks and Optimal Construction European Symposium on Research in Computer Security (ESORICS 2009).
* Matthew Wright, Micah Adler, Brian Neil Levine, and Clay Shields. An Analysis of the Degradation of Anonymous Protocols. Network and Distributed Security Symposium (NDSS 2002).

20 March David Chaum, The Dining Cryptographers Problem: Unconditional Sender and Recipient UntraceabilityIn Journal of Cryptology 1, 1988,

* Henry Corrigan-Gibbs and Bryan Ford Dissent: Accountable Anonymous Group Messaging. ACM Conference on Computer and Communications Security (CCS 2010).
* Henry Corrigan-Gibbs, Dan Boneh and David Mazieres. Riposte: An anonymous messaging system handling millions of usersIEEE Symposium on Security and Privacy (S&P 2015).

 

 27 March Jean-François Raymond, Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems. Designing Privacy Enhancing Technologies: Workshop on Design Issues in Anonymity and Unobservability, 2000.

* Dogan Kesdogan, Jan Egner, and Roland Büschkes. Stop-and-Go MIXes: Providing Probabilistic Anonymity in an Open System Information Hiding Workshop (IH 1998).
* George Danezis and Len Sassaman. Heartbeat Traffic to Counter (n-1) Attacks. Workshop on Privacy in the Electronic Society (WPES 2003).
* George Danezis. Mix-networks with Restricted Routes. Privacy Enhancing Technologies workshop (PET 2003).
* George Danezis. The Traffic Analysis of Continuous-Time Mixes.  Privacy Enhancing Technologies workshop (PET 2004).
* Claudia Díaz and Bart Preneel. Taxonomy of Mixes and Dummy Traffic. 3rd Working Conference on Privacy and Anonymity in Networked and Distributed Systems (I-NetSec 2004).
* Carmela Troncoso and George Danezis. The bayesian traffic analysis of mix networks. ACM Conference on Computer and Communications Security (CCS 2009).
* Claudia Diaz, Steven J. Murdoch, and Carmela Troncoso. Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks. Privacy Enhancing Technologies Symposium (PETS 2010).x

 

10 April Arjun Nambiar and Matthew Wright. Salsa: A Structured Approach to Large-Scale Anonymity. ACM Conference on Computer and Communications Security (CCS 2006).

* Qiyan Wang, Prateek Mittal, and Nikita Borisov. In Search of an Anonymous and Secure Lookup: Attacks on Structured Peer-to-peer Anonymous Communication Systems. ACM Conference on Computer and Communications Security (CCS 2010).
* Andriy Panchenko, Arne Rache, and Stefan Richter. NISAN: Network Information Service for Anonymization Networks. ACM Conference on Computer and Communications Security (CCS 2009).
* Jon McLachlan, Andrew Tran, Nicholas Hopper, and Yongdae Kim. Scalable onion routing with Torsk. ACM Conference on Computer and Communications Security (CCS 2009).
* Prateek Mittal and Nikita Borisov. ShadowWalker: Peer-to-peer Anonymous Communication using Redundant Structured Topologies. ACM Conference on Computer and Communications Security (CCS 2009).
* Prateek Mittal and Nikita Borisov. Information Leaks in Structured Peer-to-peer Anonymous Communication Systems. ACM Conference on Computer and Communications Security (CCS 2008).
* Michael J. Freedman and Robert Morris. Tarzan: A Peer-to-Peer Anonymizing Network Layer. ACM Conference on Computer and Communications Security (CCS 2002).
* Marc Rennhard and Bernhard Plattner. Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. Workshop on Privacy in the Electronic Society (WPES 2002).

 

17 April Eric Wustrow, Scott Wolchok, Ian Goldberg, and J. Alex Halderman. Telex: Anticensorship in the Network Infrastructure. Usenix Security Symposium 2011.

* Sheharbano Khattak, Tariq Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch, and Ian Goldberg. SoK: Making Sense of Censorship Resistance Systems. Proceedings on Privacy Enhancing Technologies (PoPETS 2016).
* Michael Carl Tschantz, Sadia Afroz, anonymous, Vern Paxson. SoK: Towards gounding censorship circumvention in empiricism. IEEE Security and Privacy Symposium (S&P 2016).
* Amir Houmansadr, Giang T. K. Nguyen, Matthew Caesar, and Nikita Borisov. Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability. ACM Conference on Computer and Communications Security (CCS 2011).
* Josh Karlin, Daniel Ellard, Alden W. Jackson, Christine E. Jones, Greg Lauer, David P. Mankins, and W. Timothy Strayer. Decoy Routing: Toward Unblockable Internet Communication. USENIX Workshop on Free and Open Communications on the Internet (FOCI 2011).

 

24 April  Amir Houmansadr, Chad Brubaker, and Vitaly Shmatikov. The Parrot is Dead: Observing Unobservable Network Communications. 2013 IEEE Symposium on Security and Privacy.

* Hooman Mohajeri Moghaddam, Baiyu Li, Mohammad Derakhshani, and Ian Goldberg. SkypeMorph: Protocol Obfuscation for Tor Bridges. ACM conference on Computer and Communications Security (CCS 2012).
* Zachary Weinberg, Jeffrey Wang, Vinod Yegneswaran, Linda Briesemeister, Steven Cheung, Frank Wang, and Dan Boneh. StegoTorus: A Camouflage Proxy for the Tor Anonymity System. ACM conference on Computer and Communications Security (CCS 2012).
* John Geddes, Maxfield Schuchard, and Nicholas Hopper. Cover Your ACKs: Pitfalls of Covert Channel Censorship Circumvention. ACM conference on Computer and Communications Security (CCS 2013).

 

1 May Liang Wang, Kevin P. Dyer, Aditya Akella, Thomas Ristenpart, and Thomas Shrimpton. Seeing Through Network-Protocol Obfuscation. ACM Conference on Computer and Communications Security (CCS ’15).

* Philipp Winter, Tobias Pulls, and Juergen Fuss. ScrambleSuit: A Polymorphic Network Protocol to Circumvent Censorship. Workshop on Privacy in the Electronic Society (WPES 2013).
* David Fifield, Chang Lan, Rod Hynes, Percy Wegmann, and Vern Paxson. Blocking-resistant communication through domain fronting. Proceedings on Privacy Enhancing Technologies (PoPETS 2015).

 

8 May Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, and Thomas Shrimpton. Peek-a-Boo, I Still See You: Why Efficient Traffic Analysis Countermeasures Fail. IEEE Symposium on Security and Privacy (S&P 2012).

* Andrew Hintz. Fingerprinting Websites Using Traffic Analysis. rivacy Enhancing Technologies workshop (PET 2002).
* Brian N. Levine, Michael K. Reiter, Chenxi Wang, and Matthew K. Wright. Timing Attacks in Low-Latency Mix-Based Systems.  Financial Cryptography (FC ’04).
* Andrei Serjantov and Peter Sewell. Passive Attack Analysis for Connection-Based Anonymity Systems.  European Symposium on Research in Computer Security (ESORICS 2003).
* Marc Liberatore and Brian Neil Levine. Inferring the Source of Encrypted HTTP Connections.  ACM conference on Computer and Communications Security (CCS 2006).
* Roei Schuster, Vitaly ShmatikovEran Tromer. Beauty and the Burst: Remote Identification of Encrypted Video Streams (USENIX Security 2017).

 

15 May Rebekah Overdorf, Marc Juarez, Gunes Acar, Rachel Greenstadt, and Claudia Diaz. How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services.  ACM Conference on Computer and Communications Security (CCS ’17)

* Marc Juarez, Sadia Afroz, Gunes Acar, Claudia Diaz, and Rachel Greenstadt. A Critical Evaluation of Website Fingerprinting Attacks. ACM conference on Computer and Communications Security (CCS 2014).
* Brad Miller, Ling Huang, A. D. Joseph, and J. D. Tygar. I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis.  Privacy Enhancing Technologies Symposium (PETS 2014).

 

22 May (W. Lueks) Ania Piotrowska, Jamie Hayes, Tariq Elahi, Sebastian Meiser, and George Danezis. The Loopix Anonymity System. 26th Usenix Security Symposium 2017.

 

29 May  

Mini CCS PC Committee