LiLAC: Lightweight Low-Latency Anonymous Chat

Low latency anonymity systems, like Tor and I2P, support private online communications, but offer limited protection against powerful adversaries with widespread eavesdropping capabilities. It is known that general-purpose communications, such as web and file transfer, are difficult to protect in that setting. However, online instant messaging only requires a low bandwidth and we show it to be amenable to strong anonymity protections. In this paper, we describe the design and engineering of LiLAC, a Lightweight Low-latency Anonymous Chat service, that offers both strong anonymity and a lightweight client-side presence. LiLAC implements a set of anonymizing relays, and offers stronger anonymity protections by applying dependent link padding on top of constantrate traffic flows. This leads to a key trade-off between the system’s bandwidth overhead and end-to-end delay along the circuit, which we study. Additionally, we examine the impact of allowing zero-installation overhead on the client side, by instead running LiLAC on web browsers. This introduces potential security risks, by relying on third-party software and requiring user awareness; yet it also reduces the footprint left on the client, enhancing deniability and countering forensics. Those design decisions and trade-offs make LiLAC an interesting case to study for privacy and security engineers

KeyForge: Mitigating Email Breaches with Forward-Forgeable Signatures

Email breaches are commonplace, and they expose a wealth of personal, business, and political data that may have devastating consequences. The current email system allows any attacker who gains access to your email to prove the authenticity of the stolen messages to third parties -- a property arising from a necessary anti-spam / anti-spoofing protocol called DKIM. This exacerbates the problem of email breaches by greatly increasing the potential for attackers to damage the users' reputation, blackmail them, or sell the stolen information to third parties. In this paper, we introduce "non-attributable email", which guarantees that a wide class of adversaries are unable to convince any third party of the authenticity of stolen emails. We formally define non-attributability, and present two practical system proposals -- KeyForge and TimeForge -- that provably achieve non-attributability while maintaining the important protection against spam and spoofing that is currently provided by DKIM. Moreover, we implement KeyForge and demonstrate that that scheme is practical, achieving competitive verification and signing speed while also requiring 42% less bandwidth per email than RSA2048

Three applications for mobile epidemic algorithms

This paper presents a framework for the pervasive sharing of data using wireless networks. 'FarCry' uses the mobility of users to carry files between separated networks. Through a mix of ad-hoc and infrastructure-based wireless networking, files are transferred between users without their direct involvement. As users move to different locations, files are then transmitted on to other users, spreading and sharing information. We examine three applications of this framework. Each of these exploits the physically proximate nature of social gatherings. As people group together in, for example, business meetings and cafés, this can be taken as an indication of similar interests, e.g. in the same presentation or in a type of music. MediaNet affords sharing of media files between strangers or friends, MeetingNet shares business documents in meetings, and NewsNet shares RSS feeds between mobile users. NewsNet also develops the use of pre-emptive caching: collecting information from others not for oneself, but for the predicted later sharing with others. We offer observations on developing this system for a mobile, multi-user, multi-device environment