Return to search

Anonymous Javascript Cryptography and CoverTraffic in Whistleblowing Applications / Anonym Javascript-kryptogra och täckningstrakför visselblåsarsystem

In recent years, whistleblowing has lead to big headlines aroundthe world. This thesis looks at whistleblower systems, which are systems specically created for whistleblowers to submit tips anonymously. The problem is how to engineer such a system asto maximize the anonymity for the whistleblower whilst at the same time remain usable.The thesis evaluates existing implementations for the whistle-blowing problem. Eleven Swedish newspapers are evaluated for potential threats against their whistleblowing service.I suggest a new system that tries to improve on existing systems. New features includes the introduction of JavaScript cryptography to lessen the reliance of trust for a hosted server. Use of anonymous encryption and cover traffic to partially anonymize the recipient, size and timing metadata on submissions sent by the whistleblowers. I explore the implementations of these features and the viability to address threats against JavaScript integrity by use of cover traffic.The results show that JavaScript encrypted submissions are viable. The tamper detection system can provide some integrity for the JavaScript client. Cover traffic for the initial submissions to the journalists was also shown to be feasible. However, cover traffic for replies sent back-and-forth between whistleblower and journalist consumed too much data transfer and was too slow to be useful.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:kth-190884
Date January 2016
CreatorsUddholm, Joakim
PublisherKTH, Skolan för datavetenskap och kommunikation (CSC)
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.002 seconds