1 / 32

Plausible deniability in an interest-based P2P network Josep Pegueroles

Plausible deniability in an interest-based P2P network Josep Pegueroles Universitat Politècnica de Catalunya. Searches of documents in P2P networks with these characteristics: Based on the self-declared interests of a user. Take advantage of the “small world” behavior of social networks.

jacie
Download Presentation

Plausible deniability in an interest-based P2P network Josep Pegueroles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Plausible deniability in an interest-based P2P network Josep Pegueroles Universitat Politècnica de Catalunya

  2. Searches of documents in P2P networks with these characteristics: Based on the self-declared interests of a user. Take advantage of the “small world” behavior of social networks. Creating clusters of users based on common interests. Interest based searches

  3. Social model

  4. Social model • A document can be described as a vector: • Bag of words: frequency of words inside a document [Manning09] • Bag of concepts: frequency of semantic descriptions of words inside a document [Thiagarajan08]

  5. Social model: assumptions • There is a metric for affinities. This metric must include only additions and multiplications [Resnick94] • Users often ask for documents related to their profile. Queries could be far away from each other!

  6. Network model: epidemic routing • It is not flooding!

  7. Privacy: Profiles include lots of information about a user Queries include profiles Legal Databases provides access to data. Case RapidShare. Intermediate nodes provides routes to data. Cases Pirate Bay, ShareMula. Security problems

  8. Searches based on interests where none of the nodes can be found liable of providing access to data. Objective

  9. Building blocks • Protection of users in clusters: consistent false negatives • Protection of profiles that are in clear: Random projections • Protection of queries: homomorphic encryption. • Protection of nodes: anonymous comms • Protection of databases: • Private Block Retrival • Bloom filters

  10. P2P network in clusters Documents of a cluster are stored in the other cluster.

  11. Consistent profiles • If all profiles in a cluster are close to each other, an attacker could fake his profile and collect lots of users. • Solution: different profiles in the same cluster. Pa? Pb?

  12. Consistent profiles: long term • Even if communications are anonymous, analyzing the content of the messages in the long term gives strong evidence about the neighbor's profile. • Solution: secure message content t0=Qa t1=Qa t2=Qb t3=Qa ... Pa Pb?

  13. Given two numbers [x],[y], encrypted with K, and z a number in clear, anyone could calculate these encryptions without K: [x+y] [zy] Examples: ElGamal, Pallier. Homomorphic ciphering

  14. A secure metric for profiles • Given the projected profile encrypted with the private key of a user: • It is possible to calculate the cosine distance to an encrypted profile as: • Problem: the other profile must be in clear!

  15. P2P network in clusters Documents of a cluster are stored in the other cluster.

  16. Simplified system • Anonymous routing in the cluster that searches and epidemic in the cluster that store information. Problems: • Oblivious queries to databases • Protection of database identity Objective: database deniability

  17. Random Orthogonal Projections

  18. Projections • If m<n/2, they are suitable for security: • If m<n/2, it is not possible to separate any component of the projection [Liu-Ryan 06] • Projections maintain distances: [Johnson-Lindestrauss 99]

  19. Projections: matrices • Wait: what about triangulations?

  20. Projections: matrices

  21. Guessing profiles: Montecarlo • Dmax= 1.5 Hmax=6,6b, Attacks at 0.1, H=5,8b

  22. Guessing profiles • Dmax= 1.5 Hmax=6,6b, Attacks at 0.2, H=6.2b

  23. Guessing profiles • Dmax= 1.5 Hmax=6,6b, Attacks at 0.5, H=6,5b

  24. Guessing profiles • Two kind of confidences in the result: • Confidence in the guessing itself • Confidence in the result of the guessing Attackers have to be very close to a node to guess the profile. Brute force attacks?

  25. The DB stores pairs (projected profile, URL) for each document. The projection cannot be easily inverted (plausible deniability). But the database must return a URL! Solution: Private Block Retrieval Databases

  26. Private Block Retrieval • Oblivious SELECT in a database [Gentry and Ramzam, 2005] • Used decides which blocks he wants, i • User sends and “oblivious index” to the DB, I(i) • The DB calculates a special block B(I(i)) from every block in the DB. • From B(I(i)), the user can extract the block i.

  27. Private Block Retrieval Protocol • A user sends to the DB: • The DB calculates for each document • The DB sends: • The user decrypts the distances, and picks up the closest i • PBR protocol between BD and i

  28. Analysis so far • The DB cannot invert projections. • Nodes in the path know nothing about queries • DB and nodes in the path knows nothing about the selected answer. • The last node in the path do knows which DB answers.

  29. Epidemic DB protection • Distributed Private Block Retrieval system: • Bloom filters to remove duplicates • Local permutations in each DB to prevent identification

  30. Distributed Private Block Retrieval

  31. Are there enough DBs?

  32. Open questions • Number or different profiles in the cluster? • DPBR vs Efficiency? • Downloading?

More Related