5,343 research outputs found
The Anonymous Poster: How to Protect Internet Users’ Privacy and Prevent Abuse
The threat of anonymous Internet posting to individual privacy has been met with congressional and judicial indecisiveness. Part of the problem stems from the inherent conflict between punishing those who disrespect one\u27s privacy by placing a burden on the individual websites and continuing to support the Internet\u27s development. Additionally, assigning traditional tort liability is problematic as the defendant enjoys an expectation of privacy as well, creating difficulty in securing the necessary information to proceed with legal action. One solution to resolving invasion of privacy disputes involves a uniform identification verification program that ensures user confidentiality while promoting accountability for malicious behavior
The Evolution of Embedding Metadata in Blockchain Transactions
The use of blockchains is growing every day, and their utility has greatly
expanded from sending and receiving crypto-coins to smart-contracts and
decentralized autonomous organizations. Modern blockchains underpin a variety
of applications: from designing a global identity to improving satellite
connectivity. In our research we look at the ability of blockchains to store
metadata in an increasing volume of transactions and with evolving focus of
utilization. We further show that basic approaches to improving blockchain
privacy also rely on embedding metadata. This paper identifies and classifies
real-life blockchain transactions embedding metadata of a number of major
protocols running essentially over the bitcoin blockchain. The empirical
analysis here presents the evolution of metadata utilization in the recent
years, and the discussion suggests steps towards preventing criminal use.
Metadata are relevant to any blockchain, and our analysis considers primarily
bitcoin as a case study. The paper concludes that simultaneously with both
expanding legitimate utilization of embedded metadata and expanding blockchain
functionality, the applied research on improving anonymity and security must
also attempt to protect against blockchain abuse.Comment: 9 pages, 6 figures, 1 table, 2018 International Joint Conference on
Neural Network
TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub
This paper presents TumbleBit, a new unidirectional unlinkable payment hub that is fully compatible with today s Bitcoin protocol. TumbleBit allows parties to make fast, anonymous, off-blockchain payments through an untrusted intermediary called the Tumbler. TumbleBits anonymity properties are similar to classic Chaumian eCash: no one, not even the Tumbler, can link a payment from its payer to its payee. Every payment made via TumbleBit is backed by bitcoins, and comes with a guarantee that Tumbler can neither violate anonymity, nor steal bitcoins, nor print money by issuing payments to itself. We prove the security of TumbleBit using the real/ideal world paradigm and the random oracle model. Security follows from the standard RSA assumption and ECDSA unforgeability. We implement TumbleBit, mix payments from 800 users and show that TumbleBits offblockchain payments can complete in seconds.https://eprint.iacr.org/2016/575.pdfPublished versio
Hang With Your Buddies to Resist Intersection Attacks
Some anonymity schemes might in principle protect users from pervasive
network surveillance - but only if all messages are independent and unlinkable.
Users in practice often need pseudonymity - sending messages intentionally
linkable to each other but not to the sender - but pseudonymity in dynamic
networks exposes users to intersection attacks. We present Buddies, the first
systematic design for intersection attack resistance in practical anonymity
systems. Buddies groups users dynamically into buddy sets, controlling message
transmission to make buddies within a set behaviorally indistinguishable under
traffic analysis. To manage the inevitable tradeoffs between anonymity
guarantees and communication responsiveness, Buddies enables users to select
independent attack mitigation policies for each pseudonym. Using trace-based
simulations and a working prototype, we find that Buddies can guarantee
non-trivial anonymity set sizes in realistic chat/microblogging scenarios, for
both short-lived and long-lived pseudonyms.Comment: 15 pages, 8 figure
An implementation of accountable anonymity
Complex well developed and established Anonymity systems lack Accountability. These systems offer unconditional anonymity to their users which can stimulate abusive behavior.
Controlling abuse should be equally important as protecting the anonymity of legitimate users when designing anonymous applications. Current anonymity systems are promoted to family
and friends, businesses, activists and the media. However, these same systems could potentially be used for: sending offensive email, spam, copyrighted material, cyber warfare, child pornography,
pedophiles chatting with kids online or any other illegal activity performed on the Internet. Freedom of speech and the First Amendment allows people to express their opinions and choose any anonymity service and by no means will people be forced to use this system. In this thesis, a model that allows an anonymous yet accountable method of communication on the Internet is introduced. The design and implementation is based on a new proxy-re-encryption scheme and a modifed onion routing scheme. Techniques for Accountable Anonymity are demonstrated by building a lightweight prototype. In this system, users are registered in the system\u27s database in order to use it. In this research, the total network latency is signifcantly smaller when sending data over the network compared to The onion router (Tor) system which makes it deployable to use at a larger scale system. Also, the Accountable Anonymity system\u27s digital forensic mode makes it easier to track the perpetrators
RAPTOR: Routing Attacks on Privacy in Tor
The Tor network is a widely used system for anonymous communication. However,
Tor is known to be vulnerable to attackers who can observe traffic at both ends
of the communication path. In this paper, we show that prior attacks are just
the tip of the iceberg. We present a suite of new attacks, called Raptor, that
can be launched by Autonomous Systems (ASes) to compromise user anonymity.
First, AS-level adversaries can exploit the asymmetric nature of Internet
routing to increase the chance of observing at least one direction of user
traffic at both ends of the communication. Second, AS-level adversaries can
exploit natural churn in Internet routing to lie on the BGP paths for more
users over time. Third, strategic adversaries can manipulate Internet routing
via BGP hijacks (to discover the users using specific Tor guard nodes) and
interceptions (to perform traffic analysis). We demonstrate the feasibility of
Raptor attacks by analyzing historical BGP data and Traceroute data as well as
performing real-world attacks on the live Tor network, while ensuring that we
do not harm real users. In addition, we outline the design of two monitoring
frameworks to counter these attacks: BGP monitoring to detect control-plane
attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our
work motivates the design of anonymity systems that are aware of the dynamics
of Internet routing
Utilizing Public Blockchains for the Sybil-Resistant Bootstrapping of Distributed Anonymity Services
Distributed anonymity services, such as onion routing networks or
cryptocurrency tumblers, promise privacy protection without trusted third
parties. While the security of these services is often well-researched,
security implications of their required bootstrapping processes are usually
neglected: Users either jointly conduct the anonymization themselves, or they
need to rely on a set of non-colluding privacy peers. However, the typically
small number of privacy peers enable single adversaries to mimic distributed
services. We thus present AnonBoot, a Sybil-resistant medium to securely
bootstrap distributed anonymity services via public blockchains. AnonBoot
enforces that peers periodically create a small proof of work to refresh their
eligibility for providing secure anonymity services. A pseudo-random, locally
replicable bootstrapping process using on-chain entropy then prevents biasing
the election of eligible peers. Our evaluation using Bitcoin as AnonBoot's
underlying blockchain shows its feasibility to maintain a trustworthy
repository of 1000 peers with only a small storage footprint while supporting
arbitrarily large user bases on top of most blockchains.Comment: To be published in the proceedings of the 15th ACM ASIA Conference on
Computer and Communications Security (ACM ASIACCS'20
- …