Classical Pseudonyms as Rhetorical Devices in Response to ...
Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas...
-
Upload
dylan-charity -
Category
Documents
-
view
219 -
download
2
Transcript of Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas...
![Page 1: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/1.jpg)
Expressive Privacy Control with Pseudonyms
Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall
University of Washington
![Page 2: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/2.jpg)
SIGCOMM 2013 2
Internet Tracking is Pervasive
Alice
Bob
Tracker
User1:UW, CSE, Route to [Alice’s home]User2:SIGCOMM, Hacking, Depression
Trackers link user activities to form large user profiles
![Page 3: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/3.jpg)
SIGCOMM 2013 3
Implications of Tracking for Users
• Pros: • Cons:
Lack of Privacy
Personalization
Better Security
Revenue for Service
![Page 4: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/4.jpg)
SIGCOMM 2013 4
Threat Model: Trackers Correlate Unwanted Traffic
Alice
Bob
Tracker
User1:UW, CSE, Route to [Alice’s home]User2:SIGCOMM, Hacking, Depression
![Page 5: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/5.jpg)
SIGCOMM 2013 5
Goal: Give Users Control over How They are Tracked
Alice
Bob
Tracker
User1: UW, CSE User2: Route to [Alice’s home]User3: SIGCOMM, HackingUser4: Depression
![Page 6: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/6.jpg)
SIGCOMM 2013 6
Implications of Giving Users Control
• Pros: • Cons:
Lack of Privacy
Personalization
Better Security
Revenue for Service
![Page 7: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/7.jpg)
SIGCOMM 2013 7
Current Defenses Provide Insufficient Control
Current Defenses– Application Layer: Third-party cookie blocking,
DoNotTrack– Network Layer: Tor, Proxies
Limitations– Coarse-grained – Not cross-layer
![Page 8: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/8.jpg)
SIGCOMM 2013 8
Outline
• Motivation / Background• Approach: Cross-Layer Pseudonyms• System Design– Application-Layer– Network-Layer
• Implementation and Evaluation• Conclusion
![Page 9: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/9.jpg)
SIGCOMM 2013 9
Trackers Link User Requests
• Important identifiers for Web tracking:– Application info. (cookie, JS localstorage, Flash)– IP Address
Multiple requests are linkable by remote trackers, if they share the same identifiers.
Req. 1 (128.208.7.x), header: cookie(…)
Req. 2 (128.208.7.x), header: cookie(…)
User Tracker
![Page 10: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/10.jpg)
SIGCOMM 2013 10
Approach: Pseudonym Abstraction
• Pseudonym = A set of all identifying features that persist across an activity
• Allow a user to manage a large number of unlinkable pseudonyms– User can choose which ones are used for which operations.
Pseudonym1
IP1
Cookie1
Pseudonym2
IP2
Cookie2
Alice TrackerMedical information
Location-related (Alice’s home)
![Page 11: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/11.jpg)
SIGCOMM 2013 11
How We Want to Use Pseudonyms
Application
IP1
Policy Engine
Alice
OS
IP
Tracker
Pseudonym1
IP1
Cookie1
IPIP Pseudonym2
IP2
Cookie2
DHCP Routers
2. Network-Layer Design
1. Application-Layer Design
Medical
Location
![Page 12: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/12.jpg)
SIGCOMM 2013 12
Application-Layer Design
• Application needs to assign different pseudonyms into different activities.– How to use pseudonyms depends on user and
application.– APIs are provided to define policies.
• Policy in Web browsing: a function of the request information and the state of the browser.– Window ID, tab ID, request ID, URL, whether request is
going to the first-party, etc.
![Page 13: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/13.jpg)
SIGCOMM 2013 13
Sample Pseudonym Policies for the Web
• Default: P1 = P2 = P3• Per-Request: P1 != P2 != P3• Per-First Party: P1 = P2 != P3
Article on Politics
facebook.com
news.com
facebook.com
P2
P1
P3
![Page 14: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/14.jpg)
SIGCOMM 2013 14
Sample Pseudonym Policies for the Web
• Default: P1 = P2 = P3• Per-Request: P1 != P2 != P3• Per-First Party: P1 = P2 != P3
Article on Politics
facebook.com
news.com
facebook.com
P2
P1
P3
![Page 15: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/15.jpg)
SIGCOMM 2013 15
Sample Pseudonym Policies for the Web
• Default: P1 = P2 = P3• Per-Request: P1 != P2 != P3• Per-First Party: P1 = P2 != P3
Facebook cannot know the user’s visit to news.com
Article on Politics
facebook.com
news.com
facebook.com
P2
P1
P3
![Page 16: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/16.jpg)
SIGCOMM 2013 16
Pseudonyms in Action
Application
IP1
Policy Engine
Alice
OS
IP
Tracker
Pseudonym1
IP1
Cookie1
IPIP Pseudonym2
IP2
Cookie2
DHCP Routers
2. Network-Layer Design
![Page 17: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/17.jpg)
SIGCOMM 2013 17
Network-Layer Design Consideration
1. Many IP addresses for an end-host
2. Proper mixing
3. Efficient routing
4. Easy revocation
5. Support for small networks
![Page 18: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/18.jpg)
SIGCOMM 2013 18
Network-Layer Design Consideration
1. Many IP addresses for an end-host
2. Proper mixing
3. Efficient routing
4. Easy revocation
5. Support for small networks
![Page 19: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/19.jpg)
SIGCOMM 2013 19
1) IPv6 Allows Many IPs per Host
IPv6 Address
128bits
Small networks get /64 address space (1.8e19)
![Page 20: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/20.jpg)
SIGCOMM 2013 20
2, 3) Symmetric Encryption for Mixing and Routing
Network Prefix
To route the packet “within” the network
To route the packet “to” the network
Networks can use this part as they want
IPv6 Address
128bits
![Page 21: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/21.jpg)
SIGCOMM 2013 21
2, 3) Symmetric Encryption for Mixing and Routing
128bits
Network Prefix Subnet Host Pseudonym
Network Prefix Encrypted ID
Encrypt DecryptUse symmetric-key encryption
• End-hosts know only encrypted IP addresses• Router uses the base addresses to forward packets– By longest-prefix matching with subnet::host, thus,
the size of routing table does not change.
Base
Encrypted
![Page 22: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/22.jpg)
SIGCOMM 2013 22
Routing Example
Internet
ISP ( Prefix :: … )
Prefix Encrypted ID
Sub::Host::Pseudo
Sub::Host::Pseudo
![Page 23: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/23.jpg)
SIGCOMM 2013 23
Outline
• Motivation / Background• Approach: Cross-Layer Pseudonyms• System Design– Application-Layer– Network-Layer
• Implementation and Evaluation• Conclusion
![Page 24: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/24.jpg)
SIGCOMM 2013 24
IPv6 Internet
Prototype Implementation
Web Browser
Policy Engine
Alice Web Server
IP1
OS
IPIPIP
IPv6 Tunnel Broker
Extension
Gateway/64 network
IPIPIP
function extreme_policy(request, browser){
return request.requestID;}
![Page 25: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/25.jpg)
SIGCOMM 2013 25
Evaluation
• Is the policy framework expressive enough?
• How many pseudonyms are required?
• Do policies effectively preserve privacy?
• Are that many pseudonyms feasible?
• How much overhead in OS and router?
![Page 26: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/26.jpg)
SIGCOMM 2013 26
Pseudonym Policy is Expressive
Name DescriptionTrivial Every request uses the same pseudonymExtreme Every request uses different pseudonymPer tab [1] Request from each tab uses different pseudonymPer 1st-party [2] Based on the connected page (1st-party)’s domainTime-based [3] Change pseudonym every 10 minutes
• We could implement all the protection mechanisms from the related work in a cross-layer manner.
More examples in the paper: Per browsing session, 3rd-party blocking
[1] CookiePie Extension, [2] Milk, Walls et al. HotSec 2012, [3] Tor
![Page 27: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/27.jpg)
SIGCOMM 2013 27
Privacy Preservation over Policies
Trivial
Per-tab
Time-base
d
Per 1st-
party
Per-request
1
10
100
1000
10000
100000
# of
Pse
udon
yms 10 bits
![Page 28: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/28.jpg)
SIGCOMM 2013 28
Privacy Preservation over Policies
Trivial
Per-tab
Time-base
d
Per 1st-
party
Per-request
1
10
100
1000
10000
100000
1
10
100
1000
10000
# of
Pse
udon
yms
# of
acti
vitie
s
![Page 29: Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649c765503460f9492ad76/html5/thumbnails/29.jpg)
SIGCOMM 2013 29
Conclusion
• Pseudonym abstraction: user control over unlinkable identities. – Provided new network addressing and routing
mechanisms that exploit the ample IPv6 address space.
– Enabled various policies with expressive policy framework.
– Prototyped with an extension for web browser to show the feasibility