Privacy Protecting Technologies

Download Report

Transcript Privacy Protecting Technologies

L12: Privacy Protecting
Technologies
CSCI E-170
December 7, 2004
Simson L. Garfinkel
Agenda
• HW6 – Grades sent out. (sorry for the
delay)
• Projects – How are people doing?
• Privacy Protecting Technologies
• Course Evaluations
– In class or on the website
Technology: Value Neutral?
• Does technology, on average, help or
hinder personal privacy?
The Big Idea
• We can use technology to improve privacy
Privacy Protecting Tools
for Web Browsing
• Browser
– pop-up blocking
• Client Side:
– Web proxy – works with anything
– IE plug-in – “helper object”
• Web Service:
– Browser agnostic
– You must trust the service!
Browser protection
• Safari and Mozilla provide:
– pop-up blocking
– Cookie Management
• Demo; look at what’s offered
Client-side Protection
• Ad-Subtract
– http://www.intermute.com/adsubtract/
• Bugnosis
– http://www.bugnosis.org/
• SpoofGuard
– http://crypto.stanford.edu/SpoofGuard/
• WebPwdHash
– http://crypto.stanford.edu/PwdHash/
Ad Subtract
“Search Sanity”
Ad Subtract:
Client-Side Java Proxy
Advantages:
– Multiplatform
– Easy to debug
– Client/server
Disadvantages:
– Doesn’t work with SSL
– Install footprint
– Need to parse HTML
Ad Blockers
• Ad-Subtract
• Junkbuster Proxy
• Discussion?
Bugnosis
Bugnosis
Features:
– Browser helper object
– Accesses HTTP &
HTTPS
– Downloads updates
– Designed for journalists
SpoofGuard
• Browser plug-in (IE only)
• Rule-based; “spamassassin for websites”
SpoofGuard Controls
• Not quite sure
how to set these?
You’re not alone
SpoofGuard rules
• Domain Name Check
– http://www.paypai.com/
• URL check
– http://[email protected]/
• Email Check
– Arriving at a URL by email is bad
• Password Field Check
– Lower threshold for pages asking for passwords
• Link Check
– Suspicious links are links that have suspicious URLs
• Image Check
– Images on one website similar to those on another website
• Password Tracking
– Password at one website same as another website
SpoofGuard URL Check
SpoofGuard Image Check
SpoofGuard Download
• OpenSource - Good template for doing a browser plug-in
• Internet Explorer only
• http://crypto.stanford.edu/SpoofGuard/download.html
Discussion?
WebPwdHash
• The problem: Users tend to use the same
username & password at every site
• The solution: Hash the password with the
domain at the browser and send the hash
to the remote website
WebPwdHash
• Advantages:
– Each site gets a different password
– Protects against phishing
• Disadvantages:
– Must trust the browser (doing that anyway)
– Can’t run without the plug-in (unless you go to a
remote website)
– Users must “reset” all of their passwords
– Doesn’t work with handhelds, cell phones, etc.
Discussion?
Privacy Protecting Web Services
•
•
•
•
Web Caches & Open Proxies
Remailers
Anonymizer
Anonymous Transport Services:
– Freedom
– Onion Routing
• Anonymous Publishing Services
Why use a privacy service?
• Prevent tracing to your IP address
• Get around a national, ISP, or business
block
– China
– Saudi Arabia
– Fidelity
Mix-Nets
• Anonymity Loves Company
• Chaum’s mix-net scheme
– 1 mix: you trust the mixer
– More mixes -> Less Trust
– Mixing needs to be in space and time
Practical applications of mixers:
• Anonymous Remailers
• Anonymous Browsing
• Anonymous Publishing
Anonymous Remailers
• Anonymous posting on Usenet
• anon.penet.fi
–
–
–
–
–
–
–
–
Based in Finland
Operated by Julf Helsingius
70,000 registered users; 10,000 messages/day
February 1995 – Church of Scientology demands the True Name
of a nym [email protected]
Revealed on February 8 to belong to [email protected]
under order from Finish Court
(Information applied to the Finish court had apparently been
somewhat misleading)
August 30 – After second court case, anon.penet.fi shut down
full details at
www.xs4all.nl/~kspaink/cos/rnewman/anon/penet.html
Craig’s List
Key features of an anonymous
remailer
• Strips identity from messages passing
through
• Provides mapping of nyms to “true names”
– But only if replies are important
• Optional:
– Mixing - only if traffic in and out is observable
– Encryption – Prevents intermediaries from
knowing what’s going on.
Freedom / Onion Routing
Web Caches:
Less Sophisticated,
but easier to use
• No special software to install – support for
caches is already built in.
• Can work both ways – a cache can also
monitor you.
Web Caches
cache-ntc-ah12.proxy.aol.com - - [10/May/2003:22:47:31 -0400] "GET
/clips/1999.TR.LCS35-FountainOfIdeas.pdf HTTP/1.0" 200 65536
"http://aolsearch.aol.com/aol/search?query=fountain+ideas&page=2" "Mozilla/4.0
(compatible; MSIE 6.0; AOL 7.0; Windows NT 5.1; .NET CLR 1.0.3705)“
cache-ntc-ah12.proxy.aol.com - - [10/May/2003:22:47:39 -0400] "GET
/clips/1999.TR.LCS35-FountainOfIdeas.pdf HTTP/1.1" 206 688128 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; AOL 7.0; Windows NT 5.1; .NET CLR
1.0.3705)“
cache-ntc-ah12.proxy.aol.com - - [10/May/2003:22:47:44 -0400] "GET
/clips/1999.TR.LCS35-FountainOfIdeas.pdf HTTP/1.1" 206 1024 "-" "Mozilla/4.0
(compatible; MSIE 6.0; AOL 7.0; Windows NT 5.1; .NET CLR 1.0.3705)“
cache-ntc-ah12.proxy.aol.com - - [10/May/2003:22:47:47 -0400] "GET
/clips/1999.TR.LCS35-FountainOfIdeas.pdf HTTP/1.1" 206 75 "-" "Mozilla/4.0
(compatible; MSIE 6.0; AOL 7.0; Windows NT 5.1; .NET CLR 1.0.3705)“
Cache with anonymity
Anonymizer
Anonymizer.com rewrites URLs
<td width=90 style='background:aqua;
text-align:center; font:bold; font-family:Arial'>
<a href='http://anon.free.anonymizer.com/http://www.simson.net/photos.php'
title='Photos by and of Simson Garfinkel'> Photos </a>
</td>
<td width=90 style='background:lime;
text-align:center; font:bold; font-family:Arial'>
<a href='http://anon.free.anonymizer.com/http://www.simson.net/pubs.php'
title='Publications, both academic and journalistic.'> Pubs </a>
</td>
<td width=90 style='background:magenta;
text-align:center; font:bold; font-family:Arial'>
<a href='http://anon.free.anonymizer.com/http://www.simson.net/projects.php'
title='Current projects'> Projects </a>
</td>
Open Proxy
•
•
•
•
Like a cache, but no cache!
No logs (usually)
Anybody running an open proxy server
Also used by bad guys
Unresolved Issues
• How do you buy a book anonymously?
Anonymous Publishing Services
• anon.penet.fi was really about the right to
anonymous publication on Usenet (1996)
• The Eternity Service
– Ross J. Anderson
– http://www.cl.cam.ac.uk/users/rja14/eternity/eternity.ht
ml
• Publius:
– http://www.freehaven.net/anonbib/cache/publius.pdf
– Waldman, Rubin & Cranor
• Free Haven
• KaZaA?
Key Items Required for Anonymous
Publishing Service
•
•
•
•
•
•
•
Server Management
Naming of Documents
Publishing
Updating
Deleting
Indexing
Payment
Private Messaging
•
•
•
•
•
PGP – first generation
Hush Mail – web based
The Martus Project – application specific
Groove
Disappearing Ink (Omniva) – Deletion
– c.f. Microsoft Rights Management System
PGP
•
•
•
•
Add-on
Plug-in
S/MIME vs. OpenPGP
Political Baggage
Hush Mail
• Second-generation
• Web-based
• Java Crypto Client
Hush Mail
Hush Mail
Hush Mail
Hush Mail
Hush Mail Interface
HushMail Diagram
Matrus
• Closed system for filing human rights
reports
• Oriented around “bulletins”
• Lots of clever ideas
•
Martus Login
• Screen-based keyboard to defeat
keyboard sniffers.
Martus Bulletins
• Designed to be easily
created, easily
searched
• Based on 10+ years of
research by Patrick Ball
http://dir.salon.com/tech/col/garf/2000/09/08/patrick_ba
Martus Design
• All information kept in an encrypted
database
Groove Virtual Office
•
•
•
•
Peer-to-Peer
Encrypted Space and Communications
Messaging
Future unclear
Disappearing Ink / Omniva
• Self-destructing email for people who want
to use it.
• Why bother? Because it’s hard to delete
things
Email gets copies a lot
Microsoft Rights Management
System
• Like Dissappearing Ink, but you need to
have permission to get the key
• Main use: Preventing forwarding of
Microsoft Word documents to outside of
an organization
• Built into Office 2003
References:
• EPIC Online Guide to Privacy Protecting
tools:
• http://www.epic.org/privacy/tools.html