110 likes | 125 Views
Deniable and Traceable Anonymity. Andrew Bortz Joint work with: Luis von Ahn Nick Hopper Kevin O’Neill (Cornell). Anonymous Communication. Allow parties to communicate without anyone, including the two parties, knowing who is talking to whom
E N D
Deniable and Traceable Anonymity Andrew Bortz Joint work with: Luis von Ahn Nick Hopper Kevin O’Neill (Cornell) Aladdin Center, Carnegie Mellon University
Anonymous Communication • Allow parties to communicate without anyone, including the two parties, knowing who is talking to whom • We can imagine many different levels of anonymity, in many different models • Incredibly useful for privacy preservation in an increasingly digital world Aladdin Center, Carnegie Mellon University
Motivation • So, great stuff! It would be great if we could use it, but: • Very complex • Very inefficient • Not even secure • Fix all of this! Aladdin Center, Carnegie Mellon University
Previous Work • Onion Routing (Chaum) • DC-Nets (Chaum) • k-AMT (von Ahn, Bortz, Hopper) • DC-Nets Revisited (Juels, Golle) • And many more… Aladdin Center, Carnegie Mellon University
Unfinished Business • We use models that simplify the world that these protocols operate in. • Approximate the real world • Easy to analyze • But we have found holes in these models where real-life problems are not analyzed correctly, and thus the protocols are insecure Aladdin Center, Carnegie Mellon University
Deniability • Parties could be forced to prove they didn’t send a particular message • Even worse, can be done in zero-knowledge, so there is no plausible reason to refuse such a proof • Ideally, we’d like it to be impossible to prove that you didn’t send a message* Aladdin Center, Carnegie Mellon University
Is Anything Deniable? • Well… yes: • DC-Nets and Onion Routing • And for two different reasons! • But interestingly: • k-AMT and DC-Nets Revisited are not! • And unfortunately it doesn’t seem easy at all to correct this • Very hard, but we’re working on it Aladdin Center, Carnegie Mellon University
Traceability • Allow the group to vote to reveal the identity of the sender of a message • Useful in the case of particularly bad messages • Governments might prohibit truly anonymous communication unless it is traceable Aladdin Center, Carnegie Mellon University
First Attempts • Use group signatures! • Members of the group can sign, no one can tell which signed unless the anonymity of a signature is revoked • Sign every message that is sent through the anonymous protocol, and when receiving a message, throw out those that don’t have a signature • Does anyone see the problem? Aladdin Center, Carnegie Mellon University
Overall Goals • Theme of these two properties: • No one should know anything about the sender and receiver except • If a threshold has been reached, and then only precisely what the group votes to reveal • Very precise revelation of information Aladdin Center, Carnegie Mellon University
Questions? Aladdin Center, Carnegie Mellon University