ABSTRACT
In addition to their common use for private online communication, anonymous communication networks can also be used to circumvent censorship. However, it is difficult to determine the extent to which they are actually used for this purpose without violating the privacy of the networks' users. Knowing this extent can be useful to designers and researchers who would like to improve the performance and privacy properties of the network. To address this issue, we propose a statistical data collection system, PrivEx, for collecting egress traffic statistics from anonymous communication networks in a secure and privacy-preserving manner. Our solution is based on distributed differential privacy and secure multiparty computation; it preserves the security and privacy properties of anonymous communication networks, even in the face of adversaries that can compromise data collection nodes or coerce operators to reveal cryptographic secrets and keys.
- M. Alsabah, K. Bauer, T. Elahi, and I. Goldberg. The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting. In Proceedings of the 13th Privacy Enhancing Technologies Symposium (PETS ), pages 143--163. Springer, July 2013.Google ScholarCross Ref
- Anonymizer Inc. Anonymizer. https://www.anonymizer.com/index.html, 2013. Retrieved May 2014.Google Scholar
- G. Barthe, G. Danezis, B. Grégoire, C. Kunz, and S. Zanella-Béguelin. Verified computational differential privacy with applications to smart metering. In 26th IEEE Computer Security Foundations Symposium (CSF), pages 287--301, 2013. Google ScholarDigital Library
- A. Beimel, K. Nissim, and E. Omri. Distributed private data analysis: Simultaneously solving how and what. In Advances in Cryptology-CRYPTO 2008, pages 451--468. Springer, 2008. Google ScholarDigital Library
- J. Benaloh. Dense probabilistic encryption. In Proceedings of the Workshop on Selected Areas in Cryptography, pages 120--128, 1994.Google Scholar
- M. Burkhart, M. Strasser, D. Many, and X. Dimitropoulos. SEPIA: Privacy-preserving aggregation of multi-domain network events and statistics. In 19th USENIX Security Symposium, August 2010. Google ScholarDigital Library
- C. Diaz, L. Sassaman, and E. Dewitte. Comparison between two practical mix designs. In ESORICS 2004, pages 141--159. Springer, 2004.Google ScholarCross Ref
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 2004. Google ScholarDigital Library
- C. Dwork. Differential privacy. In Automata, languages and programming, pages 1--12. Springer, 2006. Google ScholarDigital Library
- C. Dwork, K. Kenthapadi, F. McSherry, I. Mironov, and M. Naor. Our data, ourselves: Privacy via distributed noise generation. In Advances in Cryptology-EUROCRYPT 2006, pages 486--503. Springer, 2006. Google ScholarDigital Library
- C. Dwork, G. N. Rothblum, and S. Vadhan. Boosting and differential privacy. In 51st IEEE Symposium on Foundations of Computer Science (FOCS), pages 51--60. IEEE, 2010. Google ScholarDigital Library
- T. Elahi, G. Danezis, and I. Goldberg. PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks. Technical Report 2014-08, CACR, 2014. http://cacr.uwaterloo.ca/ techreports/2014/cacr2014-08.pdf. Google ScholarDigital Library
- V. Goyal, I. Mironov, O. Pandey, and A. Sahai. Accuracy-privacy tradeoffs for two-party differentially private protocols. In Advances in Cryptology-CRYPTO 2013, pages 298--315. Springer, 2013.Google ScholarCross Ref
- M. Hardt and A. Roth. Beating randomized response on incoherent matrices. In 44th Symposium on Theory of Computing (STOC), pages 1255--1268. ACM, 2012. Google ScholarDigital Library
- M. Jawurek and F. Kerschbaum. Fault-tolerant privacy-preserving statistics. In 12th Privacy Enhancing Technologies Symposium (PETS), pages 221--238. Springer, 2012. Google ScholarDigital Library
- JonDo Inc. JonDonym. http://anonymous-proxy-servers.net/, 2013. retrieved May 2014.Google Scholar
- jrandom (Pseudonym). Invisible internet project (i2p) project overview. https://geti2p.net/_static/pdf/i2p_philosophy.pdf, August 2003. Retrieved May2014.Google Scholar
- S. P. Kasiviswanathan, K. Nissim, S. Raskhodnikova, and A. Smith. Analyzing graphs with node differential privacy. In Theory of Cryptography, pages 457--476. Springer, 2013. Google ScholarDigital Library
- S. Köpsell and U. Hillig. How to Achieve Blocking Resistance for Existing Systems Enabling Anonymous Web Surfing. In Workshop on Privacy in the Electronic Society (WPES), Washington, DC, USA, October 2004. Google ScholarDigital Library
- K. Kursawe, G. Danezis, and M. Kohlweiss. Privacy-friendly aggregation for the smart-grid. In 11th Privacy Enhancing Technologies Symposium (PETS), pages 175--191. Springer, 2011. Google ScholarDigital Library
- K. Loesing. Measuring the Tor Network. https://research.torproject.org/techreports/ directory-requests-2009-06--25.pdf, 2009. Retrieved August 2014.Google Scholar
- D. McCoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker. Shining light in dark places: Understanding the Tor network. In 8th Privacy Enhancing Technologies Symposium (PETS), pages 63--76. Springer, 2008. Google ScholarDigital Library
- A. McGregor, I. Mironov, T. Pitassi, O. Reingold, K. Talwar, and S. Vadhan. The limits of two-party differential privacy. In 51st IEEE Symposium on Foundations of Computer Science (FOCS), pages 81--90. IEEE, 2010. Google ScholarDigital Library
- I. Mironov. On significance of the least significant bits for differential privacy. In 2012 ACM Conference on Computer and Communications Security (CCS), pages 650--661. ACM, 2012. Google ScholarDigital Library
- I. Mironov, O. Pandey, O. Reingold, and S. Vadhan. Computational differential privacy. In Advances in Cryptology-CRYPTO 2009, pages 126--142. Springer, 2009. Google ScholarDigital Library
- S. J. Murdoch and G. Danezis. Low-cost traffic analysis of Tor. In 2005 IEEE Symposium on Security and Privacy. IEEE, May 2005. Google ScholarDigital Library
- L. Øverlier and P. Syverson. Locating hidden servers. In 2006 IEEE Symposium on Security and Privacy. IEEE, May 2006. Google ScholarDigital Library
- J. M. Pollard. Monte carlo methods for index computation (mod p). Mathematics of computation, 32(143):918--924, 1978.Google Scholar
- K. Poulsen. Edward Snowden's Email Provider Shuts Down Amid Secret Court Battle. http://www.wired.com/2013/08/lavabit-snowden/, 2013. Retrieved May 2014.Google Scholar
- D. Shanks. Class number, a theory of factorization, and genera. In Proc. Symp. Pure Math, volume 20, pages 415--440, 1971.Google Scholar
- E. Shi, T.-H. H. Chan, E. G. Rieffel, R. Chow, and D. Song. Privacy-preserving aggregation of time-series data. In Network and Distributed System Security Symposium (NDSS), 2011.Google Scholar
- R. Singel. Encrypted E-Mail Company Hushmail Spills to Feds. http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/, 2007. Retrieved May 2014.Google Scholar
- C. Soghoian. Enforced Community Standards for Research on Users of the Tor Anonymity Network. In 2nd Workshop on Ethics in Computer Security Research (WECSR), pages 146--153, 2011. Google ScholarDigital Library
- The Tor Project. Tor Mertics Portal: Network, Advertised bandwidth distribution. https://metrics.torproject.org/network.html, 2014. Retrieved May 2014.Google Scholar
- The Tor Project. Tor Mertics Portal: Users. https://metrics.torproject.org/users.html, 2014. Retrieved May 2014.Google Scholar
- P. Winter. Towards a Tor Censorship Analysis Tool. https://blog.torproject.org/category/tags/measurement, 2013. Retrieved August 2014.Google Scholar
Index Terms
- PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks
Recommendations
A Decentralized Information Marketplace Preserving Input and Output Privacy
DEC '23: Proceedings of the Second ACM Data Economy WorkshopData-driven applications are engines of economic growth and essential for progress in many domains. The data involved is often of a personal nature. We propose a decentralized information marketplace where data held by data providers, such as ...
Safely Measuring Tor
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityTor is a popular network for anonymous communication. The usage and operation of Tor is not well-understood, however, because its privacy goals make common measurement approaches ineffective or risky. We present PrivCount, a system for measuring the Tor ...
Collaborative Search Log Sanitization: Toward Differential Privacy and Boosted Utility
Severe privacy leakage in the AOL search log incident has attracted considerable worldwide attention. However, all the web users' daily search intents and behavior are collected in such data, which can be invaluable for researchers, data analysts and law ...
Comments