Abstract
An increasing number of web-sites require users to establish an account before they can access the information stored on that site (“personalized web browsing”). Typically, the user is required to provide at least a unique username, a secret password and an e-mail address. Establishing accounts at multiple web-sites is a tedious task. A security-and privacy-aware user may have to invent a distinct username and a secure password, both unrelated to his/her identity, for each web-site. The user may also desire mechanisms for anonymous e-mail. Besides the information that the user supplies voluntarily to the web-site, additional information about the user may flow (involuntarily) from the user's site to the web-site, due to the nature of the HTTP protocol and the cookie mechanism.
This paper describes the Janus Personalized Web Anonymizer, which makes personalized web browsing simple, secure and anonymous by providing convenient solutions to each of the above problems. Janus serves as an intermediary entity between a user and a web-site. Given a user and a web-site, Janus automatically generates an alias - typically a username, a password and an e-mail address - that can be used to establish an anonymous account at the web-site. Different aliases are generated for each user, web-site pair; however the same alias is presented whenever a particular user visits a particular web-site. Janus frees the user from the burden of inventing and memorizing distinct usernames and secure passwords for each web-site, and guarantees that an alias (including an e-mail address) does not reveal the true identity of the user. Janus also provides mechanisms to complete an anonymous e-mail exchange from a web-site to a user, and filters the information-flow of the HTTP protocol to preserve user privacy. Thus Janus provides simultaneous user identification and user privacy, as required for anonymous personalized web browsing.
Preview
Unable to display preview. Download preview PDF.
References
The Anonymizer. http://www.anonymizer.com
S. Brands, Untraceable off-line cash in wallet with observer. Crypto'93, Springer-Verlag LNCS 773, pp. 302–318.
D. Bleichenbacher, E. Gabber, P. B. Gibbons, Y. Matias, A. Mayer, On personalized yet anonymous interaction. Technical report, Bell Laboratories, April 1997.
Cybercash. http://ww.cybercash.com
D. Chaum, Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28(10), October 1985, pp. 1030–1044.
L. Cottrell, Mixmaster and remailer attacks. http://obsucra.com/ loki/ remailer/remailer-essay.html.
D. Chaum, A. Fiat, M. Naor, Untraceable electronic cash. Crypto'88, Springer-Verlag LNCS 403, pp. 319–327.
B. Cox, J.D. Tygar, M. Sirbu, NetBill security and transaction protocol. 1st Usenix Workshop on Electronic Commerce, July 1995.
An introduction to ecash. http://AAA.digicash.com/publish/ecashintro/ ecash-intro.html.
M. Franklin, M. Yung, Secure and efficient offline digital money.20th ICALP, Springer-Verlag LNCS 700, 1993, pp. 265–276.
O. Goldreich, S. Goldwasser, S. Micam, How to construct random functions. J. of the ACM, 33(4), 1986, pp. 210–217.
C. Gulcu, G. Tsudik, Mixing email with babel. ISOC Symposium on Network and Distributed System Security, 1996.
I. Goldberg, D. Wagner, E. Brewer, Privacy-enhancing technologies for the internet. Compcon'97.
R. T. Fielding, J. Gettys, J. Mogul, H. Frystik Nielsen, T. Berners-Lee, HTTP/1.1., Internet RFC 2068, 1996.
JEPI. AAA. w3. org/pub/WWW/Payments/
S. Low, N. Maxemchuk, S. Paul, Anonymous credit cards. 2nd ACM Conf. on Computer and Communications Security, 1994, pp. 108–117.
A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.
T. Okamoto, K. Ohta, Universal electronic cash. Crypto'91, Springer-Verlag LNCS 576, pp. 324–337.
A. Pfitzmann, M. Waidner, Networks without user observability-design options. Eurocrypt'85, Springer-Verlag LNCS 219, pp. 245–253.
D. Simon, Anonymous communication and anonymous cash. Crypto'96, Springer Verlag LNCS 1109, pp. 61–73.
P. Syverson, D. Goldschlag, M. Reed, Anonymous connections and onion routing. IEEE Symposium on Security and Privacy, 1997, to appear.
P. Karlton, A. Freier, P. Kocher, The SSL Protocol, 3.0. Internet Draft, March 1996.
D. Taylor, “The Webmaster: Web Site Memory with Cookies” ;login. (Usenix newsletter), October 1996, pp. 32–35.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gabber, E., Gibbons, P.B., Matias, Y., Mayer, A. (1997). How to make personalized web browsing simple, secure, and anonymous. In: Hirschfeld, R. (eds) Financial Cryptography. FC 1997. Lecture Notes in Computer Science, vol 1318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-63594-7_64
Download citation
DOI: https://doi.org/10.1007/3-540-63594-7_64
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-63594-9
Online ISBN: 978-3-540-69607-0
eBook Packages: Springer Book Archive