136,649 research outputs found
Dovetail: Stronger Anonymity in Next-Generation Internet Routing
Current low-latency anonymity systems use complex overlay networks to conceal
a user's IP address, introducing significant latency and network efficiency
penalties compared to normal Internet usage. Rather than obfuscating network
identity through higher level protocols, we propose a more direct solution: a
routing protocol that allows communication without exposing network identity,
providing a strong foundation for Internet privacy, while allowing identity to
be defined in those higher level protocols where it adds value.
Given current research initiatives advocating "clean slate" Internet designs,
an opportunity exists to design an internetwork layer routing protocol that
decouples identity from network location and thereby simplifies the anonymity
problem. Recently, Hsiao et al. proposed such a protocol (LAP), but it does not
protect the user against a local eavesdropper or an untrusted ISP, which will
not be acceptable for many users. Thus, we propose Dovetail, a next-generation
Internet routing protocol that provides anonymity against an active attacker
located at any single point within the network, including the user's ISP. A
major design challenge is to provide this protection without including an
application-layer proxy in data transmission. We address this challenge in path
construction by using a matchmaker node (an end host) to overlap two path
segments at a dovetail node (a router). The dovetail then trims away part of
the path so that data transmission bypasses the matchmaker. Additional design
features include the choice of many different paths through the network and the
joining of path segments without requiring a trusted third party. We develop a
systematic mechanism to measure the topological anonymity of our designs, and
we demonstrate the privacy and efficiency of our proposal by simulation, using
a model of the complete Internet at the AS-level
Prosecuting Dark Net Drug Marketplace Operators Under the Federal Crack House Statute
Over 70,000 Americans died as the result of a drug overdose in 2017, a record year following a record year. Amidst this crisis, the popularity of drug marketplaces on what has been called the “dark net” has exploded. Illicit substances are sold freely on such marketplaces, and the anonymity these marketplaces provide has proved troublesome for law enforcement. Law enforcement has responded by taking down several of these marketplaces and prosecuting their creators, such as Ross Ulbricht of the former Silk Road. Prosecutors have typically leveled conspiracy charges against the operators of these marketplaces—in Ulbricht’s case, alleging a single drug conspiracy comprising Ulbricht and the thousands of vendors on the Silk Road. This Note argues that the conspiracy to distribute narcotics charge is a poor conceptual fit for the behavior of operators of typical dark net drug marketplaces, and that the federal “crack house” statute provides a better charge. Though charging these operators under the crack house statute would be a novel approach, justice is best served when the crime accurately describes the behavior, as the crack house statute does in proscribing what dark net drug marketplace operators like Ulbricht do
Bitcoin over Tor isn't a good idea
Bitcoin is a decentralized P2P digital currency in which coins are generated
by a distributed set of miners and transaction are broadcasted via a
peer-to-peer network. While Bitcoin provides some level of anonymity (or rather
pseudonymity) by encouraging the users to have any number of random-looking
Bitcoin addresses, recent research shows that this level of anonymity is rather
low. This encourages users to connect to the Bitcoin network through
anonymizers like Tor and motivates development of default Tor functionality for
popular mobile SPV clients. In this paper we show that combining Tor and
Bitcoin creates an attack vector for the deterministic and stealthy
man-in-the-middle attacks. A low-resource attacker can gain full control of
information flows between all users who chose to use Bitcoin over Tor. In
particular the attacker can link together user's transactions regardless of
pseudonyms used, control which Bitcoin blocks and transactions are relayed to
the user and can \ delay or discard user's transactions and blocks. In
collusion with a powerful miner double-spending attacks become possible and a
totally virtual Bitcoin reality can be created for such set of users. Moreover,
we show how an attacker can fingerprint users and then recognize them and learn
their IP address when they decide to connect to the Bitcoin network directly.Comment: 11 pages, 4 figures, 4 table
Pretty Private Group Management
Group management is a fundamental building block of today's Internet
applications. Mailing lists, chat systems, collaborative document edition but
also online social networks such as Facebook and Twitter use group management
systems. In many cases, group security is required in the sense that access to
data is restricted to group members only. Some applications also require
privacy by keeping group members anonymous and unlinkable. Group management
systems routinely rely on a central authority that manages and controls the
infrastructure and data of the system. Personal user data related to groups
then becomes de facto accessible to the central authority. In this paper, we
propose a completely distributed approach for group management based on
distributed hash tables. As there is no enrollment to a central authority, the
created groups can be leveraged by various applications. Following this
paradigm we describe a protocol for such a system. We consider security and
privacy issues inherently introduced by removing the central authority and
provide a formal validation of security properties of the system using AVISPA.
We demonstrate the feasibility of this protocol by implementing a prototype
running on top of Vuze's DHT
Exploiting Anonymity in Approximate Linear Programming: Scaling to Large Multiagent MDPs (Extended Version)
Many exact and approximate solution methods for Markov Decision Processes
(MDPs) attempt to exploit structure in the problem and are based on
factorization of the value function. Especially multiagent settings, however,
are known to suffer from an exponential increase in value component sizes as
interactions become denser, meaning that approximation architectures are
restricted in the problem sizes and types they can handle. We present an
approach to mitigate this limitation for certain types of multiagent systems,
exploiting a property that can be thought of as "anonymous influence" in the
factored MDP. Anonymous influence summarizes joint variable effects efficiently
whenever the explicit representation of variable identity in the problem can be
avoided. We show how representational benefits from anonymity translate into
computational efficiencies, both for general variable elimination in a factor
graph but in particular also for the approximate linear programming solution to
factored MDPs. The latter allows to scale linear programming to factored MDPs
that were previously unsolvable. Our results are shown for the control of a
stochastic disease process over a densely connected graph with 50 nodes and 25
agents.Comment: Extended version of AAAI 2016 pape
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems
Several years of academic and industrial research efforts have converged to a
common understanding on fundamental security building blocks for the upcoming
Vehicular Communication (VC) systems. There is a growing consensus towards
deploying a special-purpose identity and credential management infrastructure,
i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous
authentication, with standardization efforts towards that direction. In spite
of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and
harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant
questions remain unanswered towards deploying a VPKI. Deep understanding of the
VPKI, a central building block of secure and privacy-preserving VC systems, is
still lacking. This paper contributes to the closing of this gap. We present
SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI
standards specifications. We provide a detailed description of our
state-of-the-art VPKI that improves upon existing proposals in terms of
security and privacy protection, and efficiency. SECMACE facilitates
multi-domain operations in the VC systems and enhances user privacy, notably
preventing linking pseudonyms based on timing information and offering
increased protection even against honest-but-curious VPKI entities. We propose
multiple policies for the vehicle-VPKI interactions, based on which and two
large-scale mobility trace datasets, we evaluate the full-blown implementation
of SECMACE. With very little attention on the VPKI performance thus far, our
results reveal that modest computing resources can support a large area of
vehicles with very low delays and the most promising policy in terms of privacy
protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent
Transportation System
- …