Privacy and Security Enhancements for Tor

Arushi Arora (18414417)

21 April 2024

<p dir="ltr">Privacy serves as a crucial safeguard for personal autonomy and information, enabling control over personal data and space, fostering trust and security in society, and standing as a cornerstone of democracy by protecting against unwarranted interference. This work aims to enhance Tor, a volunteer-operated network providing privacy to over two million users, by improving its programmability, security, and user-friendliness to support wider adoption and underscore the importance of privacy in protecting individual rights in the digital age.</p><p dir="ltr">Addressing Tor's limitations in adapting to new services and threats, this thesis introduces programmable middleboxes, enabling users to execute complex functions on Tor routers to enhance anonymity, security, and performance. This architecture, called Bento, is designed to secure middleboxes from harmful functions and vice versa, making Tor more flexible and efficient.</p><p dir="ltr">Many of the attacks on Tor's anonymity occur when an adversary can intercept a user’s traffic; it is thus useful to limit how much of a user's traffic can enter potentially adversarial networks. We tackle the vulnerabilities of onion services to surveillance and censorship by proposing DeTor_OS, a Bento function enabling geographic avoidance for onion services- which is challenging since no one entity knows the full circuit between user and onion service, providing a method to circumvent adversarial regions and enhance user privacy.</p><p dir="ltr">The final part focuses on improving onion services' usability and security. Despite their importance, these services face high latency, Denial of Service (DoS) and deanonymization attacks due to their content. We introduce CenTor, a Content Delivery Network (CDN) for onion services using Bento, offering replication, load balancing, and content proximity benefits. Additionally, we enhance performance with multipath routing strategies through uTor, balancing performance and anonymity. We quantitatively analyze how geographical-awareness for an onion service CDN and its clients could impact a user’s anonymity- performance versus security tradeoff. Further, we evaluate CenTor on the live Tor network as well as large-scale Shadow simulations.</p><p dir="ltr">These contributions, requiring no changes to the Tor protocol, represent significant advancements in Tor's capabilities, performance, and defenses, demonstrating potential for immediate benefits to the Tor community.</p>

System and network security

Networking and communications

Privacy and data rights

tor

anonymity networks

privacy

usability and security

programmable networks

onion services

CDN

censorship

anonymity

NFV

INVESTIGATING THE IMPACT OF LEAN SIX SIGMA PRINCIPLES ON ESTABLISHING AND MAINTAINING DATA GOVERNANCE SYSTEMS IN SMES: AN EXPLORATORY STUDY USING GROUNDED THEORY AND ISM APPROACH

Manal Alduraibi (15265348)

29 April 2023

<p>Data Governance and Data Privacy are critical aspects of organizational management that are widely utilized across all organizational scales. However, this research focused specifically on the significance of Data Governance and Data Privacy in Small and Medium Enterprises (SMEs). While the importance of maintaining these systems is paramount across all organizations, the challenges faced by SMEs in maintaining these systems are greater due to their limited resources. These challenges include potential errors such as data leaks, use of corrupted data, or insufficient data, as well as the difficulty in identifying clear roles and responsibilities regarding data handling. To address these challenges, this research investigated the impact of utilizing Lean Six Sigma (LSS) tools and practices to overcome the anticipated gaps and challenges in SMEs. The qualitative methodology utilized is a grounded theory design, chosen due to the limited understanding of the best LSS practices for achieving data governance and data privacy in SMEs and how LSS can improve the adoption of data governance concerning privacy in SMEs. Data were collected using semi-structured interview questions that were reviewed by an expert panel and pilot tested. The sampling method included purposive, snowballing, and theoretical sampling, resulting in 20 participants being selected for interviews. Open, axial, and selective coding were performed, resulting in the development of a grounded theory. The obtained data were imported into NVivo, a qualitative analysis software program, to compare responses, categorize them into themes and groups, and develop a conceptual framework for Data Governance and Data Privacy. An iterative data collection and analysis approach was conducted to ensure that all aspects were considered. The applied grounded theory resulted in retrieving the themes used to generate a theory from the participants’ descriptions of LSS, SMEs, data governance, and data privacy. Finally, ISM technique has been applied to identify the relationships between the concepts and factors resulted from the grounded theory. It helps arranging the levels the criteria, drawing the relationships in a flowchart, and providing valuable insights to the researcher. </p>

Quality management

Data quality

Information security management

Privacy and data rights

data governance model

Lean Six Sigma (LSS)

Data Privacy

small and medium companies