http:cs.nyu.eduwaldmanpublius

1
Publius A Robust, Tamper Evident, Censorship
Resistant WWW Based Publishing System
Lorrie Cranor ATT Labs
Marc Waldman New York University
Avi Rubin ATT Labs

• http//cs.nyu.edu/waldman/publius/

2
Publius

• Pen name used by authors of Federalist Papers
• Federalist Papers influential in convincing NY
  voters to ratify US constitution.

3
Why Publish Anonymously?

• Political Dissent
• Whistleblowing
• Radical Ideas

4
Related Work

• Connection Based Anonymity
• Hide identity of requestor
• Anonymizing proxies (for example Anonymizer.com)
• Freedom (Zero-Knowledge Systems)
• Crowds (ATT Labs-Research)
• Location or Author Based Anonymity
• Hide identity of author or WWW server
• USENET Eternity System
• Freenet
• Intermemory
• Rewebber

5
Publius Design Goals

• Censorship Resistant
• Tamper Evident
• Source Anonymous
• Updateable
• Host Content Deniability
• Fault tolerant
• Persistent
• Extensible
• Freely Available

6
Publius Overview
Publishers
Servers
Retrievers

• Publius Content Static content (HTML, images,
  PDF, etc)
• Publishers Post Publius content
• Servers Host Publius content
• Retrievers Browse Publius content

7
Publishing a Publius document
Publishers
Servers

• Generate secret key and use it to encrypt
  document
• Use secret splitting to split key into n shares
• This technique has special property that only k
  out of n shares are needed to put the key back
  together
• Publish encrypted document and 1 share on each of
  n servers
• Generate special Publius URL that encodes the
  location of each share and encrypted document
  example http//!publius!/1e6adsg673h0hgj7889340
  345lsafdfg

8
Retrieving a Publius document
Publishers
Servers
Retrievers

• Break apart URL to discover document locations
• Retrieve encrypted document and share from k
  locations
• Reassemble key from shares
• Decrypt retrieved document
• Check for tampering
• View in web browser

9
Publius proxies
Publishers
Servers
Retrievers
PROXY
PROXY

• Publius proxies running on a users local machine
  or on the network handle all the publish and
  retrieve operations
• Proxies also allow publishers to delete and
  update content

10
Threats Limitations

• Share deletion or corruption
• Update file deletion or corruption
• Denial of service attacks
• Threats to publisher anonymity
• Rubber-hose cryptanalysis

11
Publius trial

• Trial began August 7 and will last at least two
  months
• Over 40 individuals and organizations in several
  countries volunteered to host Publius servers
• Over a dozen public Publius proxies
• Complete source code for servers and proxies has
  been released
• Code has been configured to accept files no
  larger than 100K
• Users have given us lots of good suggestions for
  improvements so far no major problems
• System designed for censorship resistance, but
  much current interest in intellectual property
  issues

12
For more information

• See the Publius web site
• http//cs.nyu.edu/waldman/publius/
• Download code and technical paper
• Read about Publius in the news
• Configure your browser to use a Publius proxy
• View sample Publius content