In scenarios where an individual wishes to leak confidential information to an unauthorized party, he may do so in a public or an anonymous way. When acting publicly a leaker exposes his identity, whereas acting anonymously a leaker can introduce doubts about the information’s authenticity. Current solutions assume anonymity from everyone except a trusted third party or rely on the leaker possessing prior cryptographic keys, both of which are inadequate assumptions in real-world secret leaking scenarios.
In this research we present a system called the attested drop protocol which provides confidentiality for the leaker, while still allowing leaked documents to have their origins verified. The protocol relies on identities associated with common communication mediums, and seeks to avoid having the leaker carry out sophisticated cryptographic operations. We also present two constructions of the general protocol, where each is designed to protect against different forms of adversarial surveillance. We use ceremony analysis and other techniques from the provable security paradigm to formally describe and evaluate security goals for both constructions. / Thesis / Master of Science (MSc) / Whistleblowing is an activity where an individual leaks some secrets about an organization to an unauthorized entity, often for moral or regulatory reasons. When doing so, the whistleblower is faced with the choice of acting publicly, and risking retribution or acting anonymously and risking not being believed. We have designed a protocol called the attested drop protocol, which protects the identity of the whistleblower, while allowing the unauthorized entity to have a means of verifying that the leak came from the organization. This protocol makes use of preexisting identities associated with a communication medium, such as emails, to avoid using cryptographic primitives that are impractical.
Identifer | oai:union.ndltd.org:mcmaster.ca/oai:macsphere.mcmaster.ca:11375/25007 |
Date | January 2019 |
Creators | Knopf, Karl |
Contributors | Samavi, Reza, Stebila, Douglas, Computing and Software |
Source Sets | McMaster University |
Language | English |
Detected Language | English |
Type | Thesis |
Page generated in 0.0021 seconds