| 1. |
- Bosk, Daniel, et al.
(author)
-
Applying privacy-enhancing technologies : One alternative future of protests
- 2018
-
In: Protests in the Information Age. - : Taylor & Francis. - 9781351815437 - 9780415791403 ; , s. 73-94
-
Book chapter (peer-reviewed)abstract
- While current technologies, such as online social networks, can facilitate coordination and communication for protest organization, they can also endanger political activists when the control over their data is ceded to third parties. For technology to be useful for activism, it needs to be trustworthy and protect the users’ privacy; only then can it be viewed as a potential improvement over more traditional, offline methods. Here, we discuss a selection of such privacy-enhancing technologies from a Computer Science perspective in an effort to open a dialogue and elicit input from other perspectives.
|
|
| 2. |
- Greschbach, Benjamin, 1983-, et al.
(author)
-
Design of a Privacy-Preserving Document Submission and Grading System
- 2015
-
In: Secure IT Systems. - Cham : Springer Berlin/Heidelberg. - 9783319265018 - 9783319265025 ; , s. 64-71
-
Conference paper (peer-reviewed)abstract
- Documentsubmissionandgradingsystemsarecommonlyused in educational institutions. They facilitate the hand-in of assignments by students, the subsequent grading by the course teachers and the management of the submitted documents and corresponding grades. But they might also undermine the privacy of students, especially when documents and related data are stored long term with the risk of leaking to malicious parties in the future. We propose a protocol for a privacy- preserving, anonymous document submission and grading system based on blind signatures. Our solution guarantees the unlinkability of a document with the authoring student even after her grade has been reported, while the student can prove that she received the grade assigned to the document she submitted. We implemented a prototype of the proposed protocol to show its feasibility and evaluate its privacy and security properties.
|
|
| 3. |
|
|
| 4. |
- Greschbach, Benjamin, 1983-, et al.
(author)
-
Friendly Surveillance : A New Adversary Model for Privacy in Decentralized Online Social Networks
- 2012
-
In: Current Issues in IT Security 2012, 5th interdisciplinary Conference, Freiburg, Germany, May 08-10, 2012. Proceedings. - Berlin, Germany : Duncker & Humblot. - 9783861131151 - 9783428138876 ; , s. 195-206
-
Conference paper (peer-reviewed)abstract
- In pace with the ever increasing popularity of Social Network Services (SNS) the critical privacy flaws of these applications got into focus of media as well as research interest in the last decade. The centralized aggregation of personal user data has been identified as a fundamental problem of popular services such as Facebook or Google+.To mitigate this shortcoming the concept of a Decentralized OnlineSocial Network (DOSN) has evolved, where users form a peer-to-peer (P2P) network to corporately operate the service. While this architectural shift immediately eliminates the threat of a central provider adversary, new challenges to protect the users’ privacy arise.In this paper we focus on the friend adversary model – that is an attacker that exploits the social relationship status established to the target user. We examine the properties of a friend adversary in a decentralized system by analyzing its capabilities, attack impacts as well as incentives and compare the results to the centralized case. We identify several implementation issues of DOSNs that can alleviate illegitimate data collection for a friend adversary. Furthermore, background knowledge abouta user may complement this information to mount relevant and privacy invading attacks. We conclude that friend adversaries can be powerful attackers indeed and propose to consider this hitherto less emphasized threat for DOSN implementations.
|
|
| 5. |
- Greschbach, Benjamin, 1983-
(author)
-
Privacy Analysis and Protocols for Decentralized Online Social Networks
- 2015
-
Licentiate thesis (other academic/artistic)abstract
- Decentralized Online Social Networks (DOSNs) are evolving as a promising approach to mitigate design-inherent privacy flaws of logically centralized services such as Facebook, Google+ or Twitter. Common approaches to implement a DOSN build upon a peer-to-peer (P2P) architecture in order to avoid the central aggregation of sensitive user data at one provider-controlled location.While the absence of a single point of data aggregation strikes the most powerful attacker from the list of adversaries, the decentralization also removes some privacy protection afforded by the provider's intermediation of all communication in a centralized Online Social Network (OSN). As content storage, access right management, retrieval and other administrative tasks of the service become the obligation of the users, it is non-trivial to hide the metadata of objects and information flows, even when the content itself is encrypted. Such metadata is, deliberately or as a side effect, hidden by the provider in a centralized system.Implementing the different features of a privacy-presvering DOSN does not only face these general challenges but must also cope with the absence of a trusted agent with full access to all data. For example user authentication should provide the same usabilty known from common centralized OSN services, such as ease of changing a password, revoking the access of a stolen device or resetting a forgotten password via e-mail or security questions. All this without relying on a trusted third party such as an identity provider. Another example is user search, where the challenge is to protect user data while making user findable at the same time. An implementation of such a feature in a DOSN has to work without assuming a trusted provider having access to all user profiles maintaining a global search index.In this work we analyze the general privacy-problems in a DOSN, especially those arising from metadata. Furthermore, we suggest two privacy-preserving implementations of standard OSN features, i.e., user authentication via password-login and user search via a knowledge threshold. Both implementations do not rely on a trusted, central provider and are therefore applicable in a DOSN cenario but can be applied in other P2P or low-trust environments as well.
|
|
| 6. |
- Greschbach, Benjamin, 1983-
(author)
-
Privacy Issues in Decentralized Online Social Networks and other Decentralized Systems
- 2016
-
Doctoral thesis (other academic/artistic)abstract
- Popular Online Social Networks (OSNs), such as Facebook or Twitter, are logically centralized systems. The massive information aggregation of sensitive personal data at the central providers of these services is an inherent threat to the privacy of the users. Leakages of these data collections happen regularly – both intentionally, for example by selling of user data to third parties and unintentionally, for example when outsiders successfully attack a provider.Motivated by this insight, the concept of Decentralized Online Social Networks (DOSNs) has emerged. In these proposed systems, no single, central provider keeps a data collection of all users. Instead, the data is spread out across multiple servers or is distributed completely among user devices that form a peer-to-peer (P2P) network. Encryption is used to enforce access rights of shared content and communication partners ideally connect directly to each other. DOSNs solve one of the biggest privacy concerns of centralized OSNs in a quite forthright way – by getting rid of the central provider. Furthermore, these decentralized systems can be designed to be more immune to censorship than centralized services. But when decentralizing OSNs, two main challenges have to be met: to provide user privacy under a significantly different threat model, and to implement equal usability and functionality without centralized components.In this work we analyze the general privacy-problems in DOSNs, especially those arising from the more exposed metadata in these systems. Furthermore, we suggest three privacy-preserving implementations of standard OSN features, i.e. user authentication via password-login, user search via a knowledge threshold and an event invitation system with fine-grained privacy-settings. These implementations do not rely on a trusted, central provider and are therefore applicable in a DOSN scenario but can be applied in other P2P or low-trust environments as well. Finally, we analyze a concrete attack on a specific decentralized system, the Tor anonymization network, and suggest improvements for mitigating the identified threats.
|
|
| 7. |
- Greschbach, Benjamin, 1983-, et al.
(author)
-
The Effect of DNS on Tor’s Anonymity
- 2017
-
In: 24th Annual Network and Distributed System Security Symposium (NDSS 2017). - Reston, VA : Internet Society.
-
Conference paper (peer-reviewed)abstract
- Previous attacks that link the sender and receiver oftraffic in the Tor network (“correlation attacks”) have generally relied on analyzing traffic from TCP connections. The TCP connections of a typical client application, however, are often accompanied by DNS requests and responses. This additional traffic presents more opportunities for correlation attacks. This paper quantifies how DNS traffic can make Tor users more vulnerable to correlation attacks. We investigate how incorporating DNS traffic can make existing correlation attacks more powerful and how DNS lookups can leak information to third parties about anonymous communication. We (i) develop a method to identify the DNS resolvers of Tor exit relays; (ii) develop a new set of correlation attacks (DefecTor attacks) that incorporate DNS traffic to improve precision; (iii) analyze the Internet-scale effects of these new attacks on Tor users; and (iv) develop improved methods to evaluate correlation attacks. First, we find that there exist adversaries that can mount DefecTor attacks: for example, Google's DNS resolver observes almost 40% of all DNS requests exiting the Tor network. We also find that DNS requests often traverse ASes that the corresponding TCP connections do not transit, enabling additional ASes to gain information about Tor users' traffic. We then show that an adversary that can mount a DefecTor attack can often determine the website that a Tor user is visiting with perfect precision, particularly for less popular websites where the set of DNS names associated with that website may be unique to the site. We also use the Tor Path Simulator (TorPS) in combination with traceroute data from vantage points co-located with Tor exit relays to estimate the power of AS-level adversaries that might mount DefecTor attacks in practice.
|
|
| 8. |
- Greschbach, Benjamin, 1983-, et al.
(author)
-
User Search with Knowledge Threshold in Decentralized Online Social Networks
- 2013
-
In: Proceedings of the 8th International IFIP Summer School on Privacy and Identity Management for Emerging Services and Technologies.
-
Conference paper (peer-reviewed)abstract
- User search is one fundamental functionality of an Online Social Network (OSN). When building privacy-preserving Decentralized Online Social Networks (DOSNs), the challenge of protecting user data and making users findable at the same time has to be met. We propose a user-defined knowledge threshold ("find me if you know enough about me") to balance the two requirements. We present and discuss protocols for this purpose that do not make use of any centralized component. An evaluation using real world data suggests that there is a promising compromise with good user performance and high adversary costs.
|
|
| 9. |
- Paul, Thomas, et al.
(author)
-
Exploring Decentralization Dimensions of Social Networking Services : Adversaries and Availability
- 2012
-
In: Proceedings of the 1st ACM International Workshop on Hot Topics on Interdisciplinary Social Networks Researc. - New York, NY, USA : ACM. - 9781450315494 ; , s. 49-56
-
Conference paper (peer-reviewed)abstract
- Current online Social Networking Services (SNS) are orga-nized around a single provider and while storage and func-tionality can be distributed, the control over the service be-longs to one central entity. This structure raises privacy con-cerns over the handling of large-scale and at least logicallycentralized collections of user data. In an effort to protectuser privacy and decrease provider dependence, decentral-ization has been proposed for SNS. This decentralization haseffects on availability, opportunities for traffic analysis, re-source requirements, cooperation and incenctives, trust andaccountability for different entities, and performance.In this paper, we explore the spectrum of SNS implemen-tations from centralized to fully decentralized and severalhybrid constellations in between. Taking a systematic ap-proach of SNS layers, decentralization classes, and replica-tion strategies, we investigate the design space and focus ontwo issues as concrete examples where the contrast of ex-treme ends of the decentralization spectrum is illustrative,namely potential adversaries and churn-related profile avail-ability. In general, our research indicates that hybrid ap-proaches deserve more attention as both centralized as wellas entirely decentralized systems suffer from severe draw-backs.
|
|
