L12: Privacy Protecting Technologies - PowerPoint PPT Presentation

About This Presentation
Title:

L12: Privacy Protecting Technologies

Description:

Craig's List. Key features of an anonymous remailer ... Anybody running an open proxy server. Also used by bad guys. Unresolved Issues ... – PowerPoint PPT presentation

Number of Views:285
Avg rating:3.0/5.0
Slides: 62
Provided by: simsonlg
Category:

less

Transcript and Presenter's Notes

Title: L12: Privacy Protecting Technologies


1
L12 Privacy Protecting Technologies
  • CSCI E-170December 7, 2004Simson L. Garfinkel

2
Agenda
  • HW6 Grades sent out. (sorry for the delay)
  • Projects How are people doing?
  • Privacy Protecting Technologies
  • Course Evaluations
  • In class or on the website

3
Technology Value Neutral?
  • Does technology, on average, help or hinder
    personal privacy?

4
The Big Idea
  • We can use technology to improve privacy

5
Privacy Protecting Tools for Web Browsing
  • Browser
  • pop-up blocking
  • Client Side
  • Web proxy works with anything
  • IE plug-in helper object
  • Web Service
  • Browser agnostic
  • You must trust the service!

6
Browser protection
  • Safari and Mozilla provide
  • pop-up blocking
  • Cookie Management
  • Demo look at whats offered

7
Client-side Protection
  • Ad-Subtract
  • http//www.intermute.com/adsubtract/
  • Bugnosis
  • http//www.bugnosis.org/
  • SpoofGuard
  • http//crypto.stanford.edu/SpoofGuard/
  • WebPwdHash
  • http//crypto.stanford.edu/PwdHash/

8
Ad Subtract
9
(No Transcript)
10
(No Transcript)
11
Search Sanity
12
Ad Subtract Client-Side Java Proxy
  • Advantages
  • Multiplatform
  • Easy to debug
  • Client/server
  • Disadvantages
  • Doesnt work with SSL
  • Install footprint
  • Need to parse HTML

13
Ad Blockers
  • Ad-Subtract
  • Junkbuster Proxy
  • Discussion?

14
Bugnosis
15
Bugnosis
  • Features
  • Browser helper object
  • Accesses HTTP HTTPS
  • Downloads updates
  • Designed for journalists

16
SpoofGuard
  • Browser plug-in (IE only)
  • Rule-based spamassassin for websites

17
SpoofGuard Controls
  • Not quite sure how to set these? Youre not alone

18
SpoofGuard rules
  • Domain Name Check
  • http//www.paypai.com/
  • URL check
  • http//www.paypai.com_at_123.123.123.123/
  • Email Check
  • Arriving at a URL by email is bad
  • Password Field Check
  • Lower threshold for pages asking for passwords
  • Link Check
  • Suspicious links are links that have suspicious
    URLs
  • Image Check
  • Images on one website similar to those on another
    website
  • Password Tracking
  • Password at one website same as another website

19
SpoofGuard URL Check
20
SpoofGuard Image Check
21
SpoofGuard Download
  • OpenSource - Good template for doing a browser
    plug-in
  • Internet Explorer only
  • http//crypto.stanford.edu/SpoofGuard/download.htm
    l
  • Discussion?

22
WebPwdHash
  • The problem Users tend to use the same username
    password at every site
  • The solution Hash the password with the domain
    at the browser and send the hash to the remote
    website

23
WebPwdHash
  • Advantages
  • Each site gets a different password
  • Protects against phishing
  • Disadvantages
  • Must trust the browser (doing that anyway)
  • Cant run without the plug-in (unless you go to a
    remote website)
  • Users must reset all of their passwords
  • Doesnt work with handhelds, cell phones, etc.
  • Discussion?

24
Privacy Protecting Web Services
  • Web Caches Open Proxies
  • Remailers
  • Anonymizer
  • Anonymous Transport Services
  • Freedom
  • Onion Routing
  • Anonymous Publishing Services

25
Why use a privacy service?
  • Prevent tracing to your IP address
  • Get around a national, ISP, or business block
  • China
  • Saudi Arabia
  • Fidelity

26
Mix-Nets
  • Anonymity Loves Company
  • Chaums mix-net scheme
  • 1 mix you trust the mixer
  • More mixes -gt Less Trust
  • Mixing needs to be in space and time

27
Practical applications of mixers
  • Anonymous Remailers
  • Anonymous Browsing
  • Anonymous Publishing

28
Anonymous Remailers
  • Anonymous posting on Usenet
  • anon.penet.fi
  • Based in Finland
  • Operated by Julf Helsingius
  • 70,000 registered users 10,000 messages/day
  • February 1995 Church of Scientology demands the
    True Name of a nym an144108_at_anon.penet.fi
  • Revealed on February 8 to belong to
    tc_at_alumni.caltech.edu under order from Finish
    Court
  • (Information applied to the Finish court had
    apparently been somewhat misleading)
  • August 30 After second court case,
    anon.penet.fi shut down
  • full details at www.xs4all.nl/kspaink/cos/rnewman
    /anon/penet.html

29
Craigs List
30
Key features of an anonymous remailer
  • Strips identity from messages passing through
  • Provides mapping of nyms to true names
  • But only if replies are important
  • Optional
  • Mixing - only if traffic in and out is observable
  • Encryption Prevents intermediaries from knowing
    whats going on.

31
Freedom / Onion Routing
32
Web Caches Less Sophisticated, but easier to
use
  • No special software to install support for
    caches is already built in.
  • Can work both ways a cache can also monitor you.

33
Web Caches
cache-ntc-ah12.proxy.aol.com - -
10/May/2003224731 -0400 "GET
/clips/1999.TR.LCS35-FountainOfIdeas.pdf
HTTP/1.0" 200 65536 "http//aolsearch.aol.com/aol/
search?queryfountainideaspage2" "Mozilla/4.0
(compatible MSIE 6.0 AOL 7.0 Windows NT 5.1
.NET CLR 1.0.3705) cache-ntc-ah12.proxy.aol.com
- - 10/May/2003224739 -0400 "GET
/clips/1999.TR.LCS35-FountainOfIdeas.pdf
HTTP/1.1" 206 688128 "-" "Mozilla/4.0
(compatible MSIE 6.0 AOL 7.0 Windows NT 5.1
.NET CLR 1.0.3705) cache-ntc-ah12.proxy.aol.com
- - 10/May/2003224744 -0400 "GET
/clips/1999.TR.LCS35-FountainOfIdeas.pdf
HTTP/1.1" 206 1024 "-" "Mozilla/4.0 (compatible
MSIE 6.0 AOL 7.0 Windows NT 5.1 .NET CLR
1.0.3705) cache-ntc-ah12.proxy.aol.com - -
10/May/2003224747 -0400 "GET
/clips/1999.TR.LCS35-FountainOfIdeas.pdf
HTTP/1.1" 206 75 "-" "Mozilla/4.0 (compatible
MSIE 6.0 AOL 7.0 Windows NT 5.1 .NET CLR
1.0.3705)
34
Cache with anonymity
35
Anonymizer
36
Anonymizer.com rewrites URLs
lttd width90 style'backgroundaqua
text-aligncenter fontbold
font-familyArial'gt lta href'http//anon.f
ree.anonymizer.com/http//www.simson.net/photos.ph
p' title'Photos by and of Simson Garfinkel'gt
Photos lt/agt lt/tdgt lttd width90
style'backgroundlime
text-aligncenter fontbold font-familyArial'gt
lta href'http//anon.free.anonymizer.com/h
ttp//www.simson.net/pubs.php' title'Publications
, both academic and journalistic.'gt Pubs lt/agt
lt/tdgt lttd width90 style'backgroundmagenta
text-aligncenter
fontbold font-familyArial'gt lta
href'http//anon.free.anonymizer.com/http//www.s
imson.net/projects.php' title'Current projects'gt
Projects lt/agt lt/tdgt
37
Open Proxy
  • Like a cache, but no cache!
  • No logs (usually)
  • Anybody running an open proxy server
  • Also used by bad guys

38
Unresolved Issues
  • How do you buy a book anonymously?

39
Anonymous Publishing Services
  • anon.penet.fi was really about the right to
    anonymous publication on Usenet (1996)
  • The Eternity Service
  • Ross J. Anderson
  • http//www.cl.cam.ac.uk/users/rja14/eternity/etern
    ity.html
  • Publius
  • http//www.freehaven.net/anonbib/cache/publius.pdf
  • Waldman, Rubin Cranor
  • Free Haven
  • KaZaA?

40
Key Items Required for Anonymous Publishing
Service
  • Server Management
  • Naming of Documents
  • Publishing
  • Updating
  • Deleting
  • Indexing
  • Payment

41
Private Messaging
  • PGP first generation
  • Hush Mail web based
  • The Martus Project application specific
  • Groove
  • Disappearing Ink (Omniva) Deletion
  • c.f. Microsoft Rights Management System

42
PGP
  • Add-on
  • Plug-in
  • S/MIME vs. OpenPGP
  • Political Baggage

43
Hush Mail
  • Second-generation
  • Web-based
  • Java Crypto Client

44
Hush Mail
45
Hush Mail
46
Hush Mail
47
Hush Mail
48
Hush Mail Interface
49
HushMail Diagram
50
Matrus
  • Closed system for filing human rights reports
  • Oriented around bulletins
  • Lots of clever ideas

51
Martus Login
  • Screen-based keyboard to defeat keyboard sniffers.

52
Martus Bulletins
  • Designed to be easily created, easily searched
  • Based on 10 years of research by Patrick Ball

http//dir.salon.com/tech/col/garf/2000/09/08/patr
ick_ball/index.html
53
Martus Design
  • All information kept in an encrypted database

54
Groove Virtual Office
  • Peer-to-Peer
  • Encrypted Space and Communications
  • Messaging
  • Future unclear

55
Disappearing Ink / Omniva
  • Self-destructing email for people who want to use
    it.
  • Why bother? Because its hard to delete things

56
Email gets copies a lot
57
(No Transcript)
58
(No Transcript)
59
(No Transcript)
60
Microsoft Rights Management System
  • Like Dissappearing Ink, but you need to have
    permission to get the key
  • Main use Preventing forwarding of Microsoft Word
    documents to outside of an organization
  • Built into Office 2003

61
References
  • EPIC Online Guide to Privacy Protecting tools
  • http//www.epic.org/privacy/tools.html
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "L12: Privacy Protecting Technologies" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!