4 research outputs found
Public Verification for Private Hash Matching
End-to-end encryption (E2EE) prevents online services from accessing user content. This important security property is also an obstacle for content moderation methods that involve content analysis. The tension between E2EE and efforts to combat child sexual abuse material (CSAM) has become a global flashpoint in encryption policy, because the predominant method of detecting harmful content---server-side perceptual hash matching on plaintext images---is unavailable.
Recent applied cryptography advances enable private hash matching (PHM), where a service can match user content against a set of known CSAM images without revealing the hash set to users or nonmatching content to the service. These designs, especially a 2021 proposal for identifying CSAM in Apple\u27s iCloud Photos service, have attracted widespread criticism for creating risks to security, privacy, and free expression.
In this work, we aim to advance scholarship and dialogue about PHM by contributing new cryptographic methods for system verification by the general public. We begin with motivation, describing the rationale for PHM to detect CSAM and the serious societal and technical issues with its deployment. Verification could partially address shortcomings of PHM, and we systematize critiques into two areas for auditing: trust in the hash set and trust in the implementation. We explain how, while these two issues cannot be fully resolved by technology alone, there are possible cryptographic trust improvements.
The central contributions of this paper are novel cryptographic protocols that enable three types of public verification for PHM systems: (1) certification that external groups approve the hash set, (2) proof that particular lawful content is not in the hash set, and (3) eventual notification to users of false positive matches. The protocols that we describe are practical, efficient, and compatible with existing PHM constructions
Cryptographically Secure Multiparty Computation and Distributed Auctions Using Homomorphic Encryption
We introduce a robust framework that allows for cryptographically secure multiparty computations, such as distributed private value auctions. The security is guaranteed by two-sided authentication of all network connections, homomorphically encrypted bids, and the publication of zero-knowledge proofs of every computation. This also allows a non-participant verifier to verify the result of any such computation using only the information broadcasted on the network by each individual bidder. Building on previous work on such systems, we design and implement an extensible framework that puts the described ideas to practice. Apart from the actual implementation of the framework, our biggest contribution is the level of protection we are able to guarantee from attacks described in previous work. In order to provide guidance to users of the library, we analyze the use of zero knowledge proofs in ensuring the correct behavior of each node in a computation. We also describe the usage of the library to perform a private-value distributed auction, as well as the other challenges in implementing the protocol, such as auction registration and certificate distribution. Finally, we provide performance statistics on our implementation of the auction
Leveraging strategic connection migration-powered traffic splitting for privacy
Network-level adversaries have developed increasingly sophisticated
techniques to surveil and control users' network traffic. In this paper, we
exploit our observation that many encrypted protocol connections are no longer
tied to device IP address (e.g., the connection migration feature in QUIC, or
IP roaming in WireGuard and Mosh), due to the need for performance in a
mobile-first world. We design and implement a novel framework, Connection
Migration Powered Splitting (CoMPS), that utilizes these performance features
for enhancing user privacy. With CoMPS, we can split traffic mid-session across
network paths and heterogeneous network protocols. Such traffic splitting
mitigates the ability of a network-level adversary to perform traffic analysis
attacks by limiting the amount of traffic they can observe. We use CoMPS to
construct a website fingerprinting defense that is resilient against traffic
analysis attacks by a powerful adaptive adversary in the open-world setting. We
evaluate our system using both simulated splitting data and real-world traffic
that is actively split using CoMPS. In our real-world experiments, CoMPS
reduces the precision and recall of VarCNN to 29.9% and 36.7% respectively in
the open-world setting with 100 monitored classes. CoMPS is not only
immediately deployable with any unaltered server that supports connection
migration, but also incurs little overhead, decreasing throughput by only
5-20%