DC-Area Anonymity, Privacy, and Security Seminar
Fall 2017 SeminarFriday, October 20th, 2017
9:00 a.m. - 12:30 p.m.
Lunch afterward nearby Location: A.V. Williams Building, Room 4172
University of Maryland, College Park
Host: Jonathan Katz
9:00 a.m. - 9:25 a.m.
Speaker: Seung Geol Choi (U.S. Naval Academy)
Title: Deterministic, Stash-Free Write-Only ORAM [slides]
Abstract: Write-Only Oblivious RAM (WoORAM) protocols provide privacy by encrypting the contents of data and also hiding the pattern of write operations over that data. WoORAMs provide better privacy than plain encryption and better performance than more general ORAM schemes (which hide both writing and reading access patterns), and the write-oblivious setting has been applied to important applications of cloud storage synchronization and encrypted hidden volumes. In this paper, we introduce an entirely new technique for Write-Only ORAM, called DetWoORAM. Unlike previous solutions, DetWoORAM uses a deterministic, sequential writing pattern without the need for any "stashing" of blocks in local state when writes fail. Our protocol, while conceptually simple, provides substantial improvement over prior solutions, both asymptotically and experimentally. In particular, under typical settings the DetWoORAM writes only 2 blocks (sequentially) to backend memory for each block written to the device, which is optimal. We have implemented our solution using the BUSE (block device in user-space) module and tested DetWoORAM against both an encryption only baseline of dm-crypt and prior, randomized WoORAM solutions, measuring only a 3x-14x slowdown compared to an encryption-only baseline and around 6x-19x speedup compared to prior work. This is joint work with Daniel S. Roche, Adam J. Aviv, and Travis Mayberry (US Naval Academy).
9:25 a.m. - 9:50 a.m.
Speaker: Sahar Mazloom (George Mason University)
Title: Differentially Private Access Patterns in Secure Computation [slides]
Abstract: We present a new tradeoff between privacy and efficiency in secure computation by defining a new security model in which the adversary is provided some leakage that is proven to preserve differential privacy. We show that this leakage allows us to construct a more efficient protocol for a broad class of computations: those that can be computed in graph-parallel frameworks such as MapReduce. We have evaluated the impact of our relaxation by comparing the performance of our protocol with the best prior implementation of secure computation for graph-parallel frameworks. Our work demonstrates that differentially private leakage is useful, in that it provides opportunity for more efficient protocols. The protocol we present has broad applicability, but we leave open the very interesting question of determining, more precisely, for which class of computations this leakage might be helpful.
Coffee Break
10:20 a.m. - 10:45 a.m.
Speaker: Ellis Fenske (Tulane University)
Title: Distributed Measurement with Private Set-Union Cardinality [slides]
Abstract: This paper introduces a cryptographic protocol for efficiently aggregating a count of unique items across a set of data parties privately - that is, without exposing any information other than the count. Our protocol allows for more secure and useful statistics gathering in privacy-preserving distributed systems such as anonymity networks; for example, it allows operators of anonymity networks such as Tor to securely answer the questions: how many unique users are using the distributed service? and how many hidden services are being accessed?. We formally prove the correctness and security of our protocol in the Universal Composability framework against an active adversary that compromises all but one of the aggregation parties. We also show that the protocol provides security against adaptive corruption of the data parties, which prevents them from being victims of targeted compromise. To ensure safe measurements, we also show how the output can satisfy differential privacy.
We present a proof-of-concept implementation of the private set-union cardinality protocol (PSC) and use it to demonstrate that PSC operates with low computational overhead and reasonable bandwidth. In particular, for reasonable deployment sizes, the protocol run at timescales smaller than the typical measurement period would be and thus is suitable for distributed measurement.
10:45 a.m. - 11:10 a.m.
Speaker: Simson Garfinkel (U.S. Census Bureau)
Title: Modernizing Disclosure Avoidance: Report on the 2020 Disclosure Avoidance System as Implemented for the 2018 End-to-End Test [slides]
Abstract: Database reconstruction (Dinur and Nissim 2003) is a serious disclosure threat that all statistical tabulation systems from confidential data must acknowledge. The confidentiality edits applied to the 2010 Census were not designed to defend against this kind of attack. The Disclosure Avoidance Subsystem (DAS) implements the privacy protections for the decennial Census. The 2000 and 2010 Disclosure Avoidance Systems relied on swapping households.
The 2020 Census disclosure avoidance system will use differential privacy to defend against a reconstruction attack. Some queries must be privacy preserving. Some queries must be exact ("invariant"). We are creating A framework for Disclosure Avoidance Systems, Testing Systems, and an Operational System. The 2018 end-to-end test will incorporate differential privacy - likely the "bottom-up" algorithm. No decisions yet regarding the privacy-loss budget or accuracy level.
Coffee Break
11:40 a.m. - 12:05 p.m.
Speaker: Ryan Wails (U.S. Naval Research Laboratory)
Title: Tempest: Temporal Dynamics in Anonymity Systems [slides]
Abstract: Many recent proposals for anonymous communication omit from their security analyses a consideration of the effects of time on important system components. In practice, many components of anonymity systems, such as the client location and network structure, exhibit changes and patterns over time. In this paper, we focus on the effect of such on the security of anonymity networks. We present Tempest, a suite of novel attacks based on (1) client mobility, (2) usage patterns, and (3) changes in the underlying network routing. Using experimental analysis on real-world datasets, we demonstrate that these temporal attacks degrade user privacy across a wide range of anonymity networks, including deployed systems such as Tor; path-selection protocols for Tor such as DeNASA, TAPS, and Counter-RAPTOR; and network-layer anonymity protocols for Internet routing such as Dovetail and HORNET. The degradation is in some cases surprisingly severe. For example, a single server failure or network route change can immediately and completely identify the client's ISP to the server or destination ISP. The adversary behind each attack is relatively weak - generally passive and in control of one network location or host. Our findings suggest that designers of anonymity systems should rigorously consider the impact of temporal dynamics when analyzing system security.
12:05 p.m. - 12:30 p.m.
Speaker: Wei Bai (University of Maryland, College Park)
Title: Understanding User Tradeoffs for Search in Encrypted Communication [slides]
Abstract: End-to-end message encryption is the only way to achieve absolute message privacy. However, searching over end-to-end encrypted messages is complicated. Several popular communication tools (e.g., WhatsApp, iMessage) circumvent this inconvenience by storing the search index locally on the devices. Another approach, called searchable encryption, allows users to search encrypted messages without storing the search index locally. These approaches have inherent tradeoffs between usability and security properties, yet little is known about how general users value these tradeoffs. In this paper, we systematize these tradeoffs in order to identify key feature differences. We use these differences as the basis for a choice-based conjoint analysis experiment (n=160), in which participants make a series of choices between email services with competing features. The results allow us to quantify the relative importance of each feature. We find that users indicate high importance for increasing privacy and minimizing local storage requirements. While privacy is more important overall, local storage is more important than adding additional marginal privacy after an initial improvement. These results suggest the potential for searchable encryption to fill an important niche in meeting users' communication needs.
Driving: The closest visitor parking is in the Regents Drive Garage or the Xfinity Visitor Lot (both about a 5-minute walk from the AV Williams building). You need to pay at the meter. See campus map for locations of those lots. Metro: Take the Metro to the College Park stop on the Green line. Then take the free College Park Metro campus shuttle (#104), and get off at the stop at Campus Drive at M-Circle. You can find a detailed schedule and map for shuttle #104 here. Also, several public buses also bring you quite close to the A.V. Williams building, and they all take Metro Smart Cards.