Privacy and Security Enhancements for Tor

Arushi Arora (18414417)

21 April 2024

<p dir="ltr">Privacy serves as a crucial safeguard for personal autonomy and information, enabling control over personal data and space, fostering trust and security in society, and standing as a cornerstone of democracy by protecting against unwarranted interference. This work aims to enhance Tor, a volunteer-operated network providing privacy to over two million users, by improving its programmability, security, and user-friendliness to support wider adoption and underscore the importance of privacy in protecting individual rights in the digital age.</p><p dir="ltr">Addressing Tor's limitations in adapting to new services and threats, this thesis introduces programmable middleboxes, enabling users to execute complex functions on Tor routers to enhance anonymity, security, and performance. This architecture, called Bento, is designed to secure middleboxes from harmful functions and vice versa, making Tor more flexible and efficient.</p><p dir="ltr">Many of the attacks on Tor's anonymity occur when an adversary can intercept a user’s traffic; it is thus useful to limit how much of a user's traffic can enter potentially adversarial networks. We tackle the vulnerabilities of onion services to surveillance and censorship by proposing DeTor_OS, a Bento function enabling geographic avoidance for onion services- which is challenging since no one entity knows the full circuit between user and onion service, providing a method to circumvent adversarial regions and enhance user privacy.</p><p dir="ltr">The final part focuses on improving onion services' usability and security. Despite their importance, these services face high latency, Denial of Service (DoS) and deanonymization attacks due to their content. We introduce CenTor, a Content Delivery Network (CDN) for onion services using Bento, offering replication, load balancing, and content proximity benefits. Additionally, we enhance performance with multipath routing strategies through uTor, balancing performance and anonymity. We quantitatively analyze how geographical-awareness for an onion service CDN and its clients could impact a user’s anonymity- performance versus security tradeoff. Further, we evaluate CenTor on the live Tor network as well as large-scale Shadow simulations.</p><p dir="ltr">These contributions, requiring no changes to the Tor protocol, represent significant advancements in Tor's capabilities, performance, and defenses, demonstrating potential for immediate benefits to the Tor community.</p>

System and network security

Networking and communications

Privacy and data rights

tor

anonymity networks

privacy

usability and security

programmable networks

onion services

CDN

censorship

anonymity

NFV

Evaluating the security of anonymized big graph/structural data

Ji, Shouling

27 May 2016

We studied the security of anonymized big graph data. Our main contributions include: new De-Anonymization (DA) attacks, comprehensive anonymity, utility, and de-anonymizability quantifications, and a secure graph data publishing/sharing system SecGraph. New DA Attacks. We present two novel graph DA frameworks: cold start single-phase Optimization-based DA (ODA) and De-anonymizing Social-Attribute Graphs (De-SAG). Unlike existing seed-based DA attacks, ODA does not priori knowledge. In addition, ODA’s DA results can facilitate existing DA attacks by providing more seed information. De-SAG is the first attack that takes into account both graph structure and attribute information. Through extensive evaluations leveraging real world graph data, we validated the performance of both ODA and De-SAG. Graph Anonymity, Utility, and De-anonymizability Quantifications. We developed new techniques that enable comprehensive graph data anonymity, utility, and de-anonymizability evaluation. First, we proposed the first seed-free graph de-anonymizability quantification framework under a general data model which provides the theoretical foundation for seed-free SDA attacks. Second, we conducted the first seed-based quantification on the perfect and partial de-anonymizability of graph data. Our quantification closes the gap between seed-based DA practice and theory. Third, we conducted the first attribute-based anonymity analysis for Social-Attribute Graph (SAG) data. Our attribute-based anonymity analysis together with existing structure-based de-anonymizability quantifications provide data owners and researchers a more complete understanding of the privacy of graph data. Fourth, we conducted the first graph Anonymity-Utility-De-anonymity (AUD) correlation quantification and provided close-forms to explicitly demonstrate such correlation. Finally, based on our quantifications, we conducted large-scale evaluations leveraging 100+ real world graph datasets generated by various computer systems and services. Using the evaluations, we demonstrated the datasets’ anonymity, utility, and de-anonymizability, as well as the significance and validity of our quantifications. SecGraph. We designed, implemented, and evaluated the first uniform and open-source Secure Graph data publishing/sharing (SecGraph) system. SecGraph enables data owners and researchers to conduct accurate comparative studies of anonymization/DA techniques, and to comprehensively understand the resistance/vulnerability of existing or newly developed anonymization techniques, the effectiveness of existing or newly developed DA attacks, and graph and application utilities of anonymized data.

Security and privacy

Graph data

Structural data

De-anonymization

Anonymization

Quantification

Evaluation

Utility

Anonymity

How the Online Disinhibition Effect Affects the Online Video Game Industry

Monjezizadeh, Ladbon, Untoro, Alex

January 2016

Extensive computer use is creating a society where its citizens are communicating outside the norm of real life. These diversions from real life communication behavior have been named the Online Disinhibition Effect (ODE). The effect is a psychological model that is structured with different types of elements which can be triggered by different communication mediums. There are two sides of the effect; a benign, where compassion and a reveal of emotions are more likely, and a toxic, where anger, frustration and threats are in focus. In the online video game industry, ODE is active, but as the medium is different than regular internet use the effects are different as well. This paper looks at how online video games are affected by ODE. By using the most current disinhibition model made by Suler and looking at modern cyberpsychology in online games, this paper found eight features that have the possibility to decrease disinhibition amongst users. This paper concludes with a warning that games are becoming more immersive and without the proper authority features, games will increase their disinhibition effect amongst its users.

disinhibition

cyberpsychology

dissociative anonymity

invisibility

asynchronicity

solipsistic introjection

dissociative imagination

minimizing authority

Authoritarian collaboration : Unexpected effects of open government initiatives in China

Wallin, Pontus

January 2014

There is a recent emergence of open government initiatives for citizen participation in policy making in China. Open government initiatives seek to increase the level of participation, deliberation and transparency in government affairs, sometimes by use of Internet fora. In contemporary political science the introduction of these initiatives in authoritarian contexts has been described as a paradox of authoritarian deliberation. This thesis uses cybernetic theory, perspectives of information steering in all systems, to resolve the paradox and present a new view on authoritarianism and autocracy. A cybernetic definition of autocracy allows for an analysis of different types of autocracy in different models of governance. The theoretical tools developed are used to define and assess the potential for democratic autocracy, representative autocracy, deliberative autocracy and collaborative autocracy in online open government initiatives in China.   The argument of the thesis is that these initiatives must be understood within the environment in which they are introduced. In the case of the Chinese online environment, individuals often have limited possibilities of acting anonymously. To explore how online identity registration affects citizens, a lab-in-the-field experiment was set up. Chinese university students were invited to engage with a government sponsored online forum under conditions of both anonymity and identity registration. Previous research suggests that anonymity would lead users of online fora to be more active and produce more content. This hypothesis was partly proven false by the experiment. This study shows that users who have their identities registered, sometimes even produce more content. The study also shows that registered users tend to act against their own preferences and participate more in nationalistic debates. The concluding discussion is focused on the wider implications of these effects. If citizens are incentivized to channel their dissatisfaction as loyalty, rather than voice or exit, they might become complicit in sustaining authoritarianism. Interviews with experiment participants show that open government initiatives primarily enable deliberative and collaborative autocracy when introduced in the Chinese online environment. This has the potential of increasing the amount of dissatisfaction that citizens channel as loyalty via mechanisms of authoritarian collaboration.

Autocracy

authoritarian deliberation

cybernetics

open government initiatives

lab-in-the-field experiment

online anonymity

China

Towards Internet Voting in the State of Qatar

Al-Hamar, Jassim Khalid

January 2011

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government.

320

Anonymita akcionářů a podmínky jejich identifikace / Anonymity of shareholders and the requierements for their identification

Paulus, David

January 2012

Anonymity of shareholders and the requierements for their identification This thesis concentrates on the anonymity of shareholders which is currently one of the most discussed aspects of the corporate law. The topicality of this issue was one of the reasons for the selection of this topic. Czech legislation has been criticized both by NGOs and a large part of Czech population for the excessive simplicity of the use of anonymous shares and for owners identification impossibility.. The paper is focused on ways of both hiding the beneficial owner of shares and also shareholders identification. This work is written during the ongoing debate on the abolition of bearer shares, which is considered to be an instrument for corruption or legalization of proceeds from criminal activities, so-called money laundering. Debates on the abolition (or at least reducing) of the shareholders anonymity are being held not only in the Czech Republic. Many countries have already implemented certain instruments in this area. Bearer shares have been canceled without compensations in some countries, , other countries allowed their demeterialized or immobilized form. The aim of this work is to analyze not only valid and effective legislation, but also the legislation enacted in connection with the recodification of private...

Conditional Privacy-Preserving Authentication Protocols for Vehicular Ad Hoc Networks

Li, Jiliang

17 May 2019

No description available.

510

Privacy-preserving

Authentication

Vehicular Ad hoc Networks

Anonymity

Traceability

Informatik (PPN619939052)

Pour une philosophie de la subjectivation. Etude sur Michel Foucault / For a Philosophy of the Subjectivation. A Study of Michel Foucault

Fujita, Kojiro

11 May 2015

Cette thèse cherche à mettre en lumière la philosophie de la subjectivation chez Michel Foucault. Dans notre perspective, le premier Foucault (d’Histoire de la folie à Les mots et les choses) a essayé de surmonter la philosophie du sujet pour avancer une pensée de l’anonymat, mais le dernier Foucault (de L’archéologie du savoir à Histoire de la sexualité) a tenté de reprendre au-delà de cet anonymat le problème du sujet jusqu’à élaborer finalement le concept de subjectivation. Ainsi, notre thèse se demande comment le dernier Foucault a continué à réexaminer le sujet dans trois domaines anonymes, savoir, pouvoir et éthique, et ce pour dégager de ce parcours foucaldien ce qu’on pourrait appeler au fond la philosophie de la subjectivation. Cette philosophie consiste donc en trois éléments : la logique de la subjectivation, la politique de la subjectivation et l’éthique de la subjectivation. Dès lors que la plupart des études existantes se sont attachées à cette dernière, notre thèse se consacre prioritairement aux deux premières : la première partie de la thèse traite la logique de la subjectivation pour montrer notre existence dans le système du savoir, et la deuxième traite la politique de la subjectivation pour montrer notre existence dans celui du pouvoir. Ces recherches ne peuvent plus s’accomplir par les pensées traditionnelles (réalisme de l’objectivité scientifique, phénoménologie de la subjectivité transcendantale, épistémologie des formes idéales, herméneutique du sens fondamental, etc.), jamais étrangères à la philosophie du sujet, mais seulement par la pensée foucaldienne elle-même, bien destinée à celle de la subjectivation. Cette thèse lit ainsi la pensée foucaldienne par celle-ci elle-même pour en dégager la philosophie de la subjectivation. Elle aboutit cependant non seulement à montrer le concept de subjectivation, mais aussi à trouver paradoxalement ce qu’on pourrait appeler la « contre-subjectivation. / This thesis seeks to shed light on the philosophy of the subjectivation in the work of Michel Foucault. From our perspective, the early Foucault (from Madness and Civilization to The Order of Things) strived to overcome the philosophy of the subject in order to advance a thought of anonymity, but the later Foucault (from The Archaeology of Knowledge to The History of Sexuality) attempted to take up the problem of the subject again beyond that anonymity so as to finally elaborate the concept of subjectivation. Hence, our thesis inquires how the later Foucault continued to re-examine the subject in three anonymous domains – knowledge, power and ethics –, in order to extract from Foucault’s works what one can finally call the philosophy of the subjectivation. Thus this philosophy consists of three elements: the logic of the subjectivation, the politics of the subjectivation and the ethics of the subjectivation. Since most existing studies are related to the later element, our thesis is primarily devoted to the former two. The first half of the thesis addresses the logic of the subjectivation to reveal our existence in the system of knowledge, and the second half deals with the politics of the subjectivation to reveal our existence in that of power. Theses researches can no longer be accomplished by traditional thoughts (realism of scientific objectivity, phenomenology of transcendental subjectivity, epistemology of ideal forms, hermeneutics of fundamental meaning, etc.), which are never foreign to the philosophy of the subject, but only by Foucault’s thought itself, which is well destined to the philosophy of the subjectivation. Thus, our thesis reads Foucault’s thought by this same thought itself in order to extract the philosophy of the subjectivation from there. However, ultimately, it not only explores the concept of subjectivation, but also paradoxically sheds light on what one can call the “counter-subjectivation”.

Michel Foucault

Subjectivation

Sujet

Anonymat

Savoir

Pouvoir

Michel Foucault

Subjectification

Subject

Anonymity

Knowledge

Power

194

Towards an adaptive solution to data privacy protection in hierarchical wireless sensor networks

Al-Riyami, Ahmed

January 2016

Hierarchical Wireless Sensor networks (WSNs) are becoming attractive to many applications due to their energy efficiency and scalability. However, if such networks are deployed in a privacy sensitive application context such as home utility consumption, protecting data privacy becomes an essential requirement. Our threat analysis in such networks has revealed that PPDA (Privacy Preserving Data Aggregation), NIDA (Node ID Anonymity) and ENCD (Early Node Compromise Detection) are three essential properties for protecting data privacy. The scope of this thesis is on protecting data privacy in hierarchical WSNs byaddressing issues in relation to two of the three properties identified, i.e., NIDA and ENCD, effectively and efficiently. The effectiveness property is achieved by considering NIDA and ENCD in an integrated manner, and the efficiency property is achieved by using an adaptive approach to security provisioning. To this end, the thesis has made the following four novel contributions. Firstly, this thesis presents a comprehensive analysis of the threats to data privacy and literature review of the countermeasures proposed to address these threats. The analysis and literature review have led to the identification of two main areas for improvements: (1) to reduce the resources consumed as the result of protecting data privacy, and (2) to address the compatibility issue between NIDA and ENCD.Secondly, a novel Adaptive Pseudonym Length Estimation (AdaptPLE) method has been proposed. The method allows the determination of a minimum acceptable length of the pseudonyms used in NIDA based on a given set of security and application related requirements and constraints. In this way, we can balance the trade-off between an ID anonymity protection level and the costs (i.e., transmission and energy) incurred in achieving the protection level. To demonstrate its effectiveness, we have evaluated the method by applying it to two existing NIDA schemes, the Efficient Anonymous Communication (EAC) scheme and theCryptographic Anonymous Scheme (CAS).Thirdly, a novel Adaptive Early Node Compromise Detection (AdaptENCD) scheme for cluster-based WSNs has been proposed. This scheme allows early detections of compromised nodes more effectively and efficiently than existing proposals. This is achieved by adjusting, at run-time, the transmission rate of heartbeat messages, used to detect nodes' aliveness, in response to the average message loss ratio in a cluster. This adaptive approach allows us to significantly reduce detection errors while keeping the number of transmitted heartbeat messages as low as possible, thus reducing transmission costs. Fourthly, a novel Node ID Anonymity Preserving Scheme (ID-APS) for clusterbased WSNs has been proposed. ID-APS protects nodes ID anonymity while, at the same time, also allowing the global identification of nodes. This later property supports the identification and removal of compromised nodes in the network, which is a significant improvement over the state-of-the-art solution, the CAS scheme. ID-APS supports both NIDA and ENCD by making a hybrid use of dynamic and global identification pseudonyms. More importantly, ID-APS achieves these properties with less overhead costs than CAS. All proposed solutions have been analysed and evaluated comprehensively to prove their effectiveness and efficiency.

004

Conception et optimisation de mécanismes cryptographique anonymes / Design and Improvements of anonymous cryptographic primitives

Sanders, Olivier

24 September 2015

Les nouvelles technologies ont profondément modifié nos usages mais ne sont pas que synonymes d’avantages pour leurs utilisateurs. Elles ont en effet de lourdes conséquences sur notre vie privée, ce qui est bien souvent sous-estimé. Les utilisateurs de moyens de paiement électronique ne réalisent par exemple pas toujours que leurs transactions peuvent révéler des informations particulièrement intimes à leur sujet, telles que leur localisation, leur état de santé ou mêmes leurs croyances.Nous nous intéressons dans ce mémoire aux techniques cryptographiques permettant de concilier les exigences de sécurité traditionnelles et le respect de la vie privée. Dans une première partie nous étudions deux cas particuliers, celui du paiement anonyme et celui de l’authentification anonyme. Nous proposons de nouvelles constructions qui offrent une meilleure efficacité que les solutions existantes, ouvrant ainsi la voie à de réelles applications pratiques. Chacun de ces systèmes fait l’objet d’une étude de sécurité montrant qu’ils offrent de solides garanties sous des hypothèses raisonnables.Cependant, afin de satisfaire des contraintes techniques souvent très fortes dans ces contextes, il peut être nécessaire d’optimiser ces constructions qui nécessitent souvent un nombre significatif de calculs. Dans une deuxième partie nous proposons donc des moyens pour améliorer l’efficacité des opérations et algorithmes les plus fréquemment utilisés. Chacune de ces contributions peut présenter un intérêt au-delà du contexte de l’anonymat. / New technologies offer greater convenience for end-users but usually at the cost of a loss in terms of privacy, which is often underestimated by the latter. For example, knowledge by a third party of the information related to a transaction is far from insignificant since it may reveal intimate details such as whereabouts, religious beliefs or health status.In this thesis, we are interested in cryptographic technics allowing to reconcile both security requirements and user’s privacy. In a first part, we will focus on two specific cases: anonymous payment and anonymous authentication. We propose new constructions, improving the efficiency of state-of-the-art solutions, which make all the features of these primitives more accessible for practical applications. We provide a detailed security analysis for each scheme, proving that they achieve the expected properties under reasonable assumptions.However, to fulfill the strong technical constraints of these use cases, it may be necessary to optimize these constructions which are usually rather complex. To this end, we propose in a second part, new solutions to improve the efficiency of most common operations and algorithms. Each of these contributions is not restricted to anonymous systems and thus may be of independent interest.

Cryptographie

Anonymat

Clé publique

Monnaie électronique

Cryptography

Anonymity

Public key

Electronic cash

005.8