[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[freehaven-cvs] add slides from wupss04 talk

To: freehaven-cvs@freehaven.net
Subject: [freehaven-cvs] add slides from wupss04 talk
From: arma@seul.org (Roger Dingledine)
Date: Fri, 24 Sep 2004 02:04:38 -0400 (EDT)
Delivered-to: archiver@seul.org
Delivered-to: freehaven-cvs-outgoing@seul.org
Delivered-to: freehaven-cvs@seul.org
Delivery-date: Fri, 24 Sep 2004 02:05:17 -0400
Reply-to: freehaven-dev@freehaven.net
Sender: owner-freehaven-cvs@freehaven.net
Update of /home/freehaven/cvsroot/doc/wupss04
In directory moria.mit.edu:/home2/arma/work/freehaven/doc/wupss04

Added Files:
	F5.eps wupss.mgp 
Log Message:
add slides from wupss04 talk


--- NEW FILE: F5.eps ---
%!PS-Adobe-2.0 EPSF-2.0
%%Title: F5
%%Creator: Dia v0.90
%%CreationDate: Fri May  9 01:15:00 2003
%%For: root
%%Magnification: 1.0000
%%Orientation: Portrait
%%BoundingBox: 0 0 473 309
%%Pages: 1
%%EndComments
%%BeginProlog
/cp {closepath} bind def
/c {curveto} bind def
/f {fill} bind def
/a {arc} bind def
/ef {eofill} bind def
/ex {exch} bind def
/gr {grestore} bind def
/gs {gsave} bind def
/sa {save} bind def
/rs {restore} bind def
/l {lineto} bind def
/m {moveto} bind def
/rm {rmoveto} bind def
/n {newpath} bind def
/s {stroke} bind def
/sh {show} bind def
/slc {setlinecap} bind def
/slj {setlinejoin} bind def
/slw {setlinewidth} bind def
/srgb {setrgbcolor} bind def
/rot {rotate} bind def
/sc {scale} bind def
/sd {setdash} bind def
/ff {findfont} bind def
/sf {setfont} bind def
/scf {scalefont} bind def
/sw {stringwidth pop} bind def
/tr {translate} bind def

/ellipsedict 8 dict def
ellipsedict /mtrx matrix put
/ellipse
{ ellipsedict begin
   /endangle exch def
   /startangle exch def
   /yrad exch def
   /xrad exch def
   /y exch def
   /x exch def   /savematrix mtrx currentmatrix def
   x y tr xrad yrad sc
   0 0 1 startangle endangle arc
   savematrix setmatrix
   end
} def

/mergeprocs {
dup length
3 -1 roll
dup
length
dup
5 1 roll
3 -1 roll
add
array cvx
dup
3 -1 roll
0 exch
putinterval
dup
4 2 roll
putinterval
} bind def
%%EndProlog

%%BeginSetup
%%EndSetup
28.346000 -28.346000 scale
-1.650000 -13.200295 translate

0.000000 0.000000 0.000000 srgb
1.000000 1.000000 1.000000 srgb
n 10.550000 7.550000 m 10.550000 10.400000 l 13.550000 10.400000 l 13.550000 7.550000 l f
0.100000 slw
[] 0 sd
[] 0 sd
0 slj
0.000000 0.000000 0.000000 srgb
n 10.550000 7.550000 m 10.550000 10.400000 l 13.550000 10.400000 l 13.550000 7.550000 l cp s
0.100000 slw
[] 0 sd
[] 0 sd
0 slc
n 5.200000 8.937850 m 10.550000 8.975000 l s
0.100000 slw
[] 0 sd
0 slj
0 slc
n 9.747242 9.369435 m 10.550000 8.975000 l 9.752797 8.569455 l s
0.100000 slw
[] 0 sd
[] 0 sd
0 slc
n 13.730800 9.037850 m 16.830800 9.087850 l s
0.100000 slw
[] 0 sd
0 slj
0 slc
n 16.024453 9.474896 m 16.830800 9.087850 l 16.037355 8.675000 l s
 [ /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /A /B /E /parenleft /period /M /comma /parenright /xi /xi /i /x /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
 /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi /xi
] /e0 exch def
/Courier-Bold_e0 undefinefont
/Courier-Bold_e0
  /Courier-Bold findfont
  dup length dict begin
  {1 index /FID ne {def} {pop pop} ifelse} forall
  /Encoding e0 def
  currentdict end
definefont pop
/Courier-Bold_e0 ff 2.500000 scf sf
( ) sw
2 div 4.500000 ex sub 9.600000 m ( )
 gs 1 -1 sc sh gr
/Courier-Bold_e0 ff 2.500000 scf sf
(!) sw
2 div 17.325000 ex sub 12.250000 m (!)
 gs 1 -1 sc sh gr
/Courier-Bold_e0 ff 0.800000 scf sf
("#$$$%&!') sw
2 div 7.700000 ex sub 8.475000 m ("#$$$%&!')
 gs 1 -1 sc sh gr
/Courier-Bold_e0 ff 0.800000 scf sf
(%) sw
2 div 15.192900 ex sub 10.472200 m (%)
 gs 1 -1 sc sh gr
0.100000 slw
[] 0 sd
[] 0 sd
0 slc
n 7.670000 5.950000 m 10.550000 7.550000 l s
0.100000 slw
[] 0 sd
0 slj
0 slc
n 9.656417 7.511149 m 10.550000 7.550000 l 10.044931 6.811823 l s
/Courier_e0 undefinefont
/Courier_e0
  /Courier findfont
  dup length dict begin
  {1 index /FID ne {def} {pop pop} ifelse} forall
  /Encoding e0 def
  currentdict end
definefont pop
/Courier_e0 ff 0.800000 scf sf
($$$) sw
2 div 6.920000 ex sub 5.950000 m ($$$)
 gs 1 -1 sc sh gr
0.100000 slw
[] 0 sd
[] 0 sd
0 slc
n 7.287720 10.717700 m 10.520000 9.500000 l s
0.100000 slw
[] 0 sd
0 slj
0 slc
n 9.912381 10.156353 m 10.520000 9.500000 l 9.630346 9.407716 l s
0.100000 slw
[] 0 sd
[] 0 sd
0 slc
n 7.184420 11.534000 m 10.550000 10.400000 l s
0.100000 slw
[] 0 sd
0 slj
0 slc
n 9.919599 11.034503 m 10.550000 10.400000 l 9.664157 10.276381 l s
/Courier_e0 ff 0.800000 scf sf
($$$) sw
2 div 6.320000 ex sub 11.800000 m ($$$)
 gs 1 -1 sc sh gr
/Courier_e0 ff 0.800000 scf sf
($$$) sw
2 div 6.509600 ex sub 10.767100 m ($$$)
 gs 1 -1 sc sh gr
0.100000 slw
[] 0 sd
[] 0 sd
0 slc
n 13.588000 9.867990 m 16.468000 11.468000 l s
0.100000 slw
[] 0 sd
0 slj
0 slc
n 15.574417 11.429146 m 16.468000 11.468000 l 15.962933 10.729821 l s
0.100000 slw
[] 0 sd
[] 0 sd
0 slc
n 13.584400 8.233990 m 16.816700 7.016260 l s
0.100000 slw
[] 0 sd
0 slj
0 slc
n 16.209085 7.672616 m 16.816700 7.016260 l 15.927046 6.923982 l s
0.100000 slw
[] 0 sd
[] 0 sd
0 slc
n 13.550000 7.550000 m 16.866700 6.216260 l s
0.100000 slw
[] 0 sd
0 slj
0 slc
n 16.273702 6.885852 m 16.866700 6.216260 l 15.975228 6.143616 l s
/Courier_e0 ff 0.800000 scf sf
($$$) sw
2 div 17.570000 ex sub 7.075000 m ($$$)
 gs 1 -1 sc sh gr
/Courier_e0 ff 0.800000 scf sf
($$$) sw
2 div 17.718500 ex sub 9.155310 m ($$$)
 gs 1 -1 sc sh gr
/Courier_e0 ff 0.800000 scf sf
($$$) sw
2 div 17.709600 ex sub 6.367140 m ($$$)
 gs 1 -1 sc sh gr
/Courier-Bold_e0 ff 0.800000 scf sf
(%*+) sw
2 div 11.960700 ex sub 9.182860 m (%*+)
 gs 1 -1 sc sh gr
showpage

--- NEW FILE: wupss.mgp ---
%deffont "standard" xfont "Arial:style=Regular"
%deffont "thick" xfont "Arial:style=Bold"
%deffont "typewriter" xfont "Courier New:style=Regular"
%deffont "italic" xfont "Arial:style=Italic"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%deffont "standard" xfont "comic sans ms-medium-r"
%%deffont "thick" xfont "arial black-medium-r"
%%deffont "typewriter" xfont "courier new-bold-r"
%%deffont "type2writer" xfont "arial narrow-bold-r"
%%deffont "standard"   tfont "standard.ttf",   tmfont "kochi-mincho.ttf"
%%deffont "thick"      tfont "thick.ttf",      tmfont "goth.ttf"
%%deffont "typewriter" tfont "typewriter.ttf", tmfont "goth.ttf"
%%deffont "standard" xfont "helvetica-medium-r", tfont "arial.ttf", tmfont "times.ttf"
%%deffont "thick" xfont "helvetica-bold-r", tfont "arialbd.ttf", tmfont "hoso6.ttf"
%%deffont "italic" xfont "helvetica-italic-r", tfont "ariali.ttf", tmfont "hoso6.ttf"
%%deffont "typewriter" xfont "courier-medium-r", tfont "typewriter.ttf", tmfont "hoso6.ttf"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%
%% Default settings per each line numbers.
%%
%default 1 leftfill, size 8, fore "black", back "white", font "thick", hgap 1
%default 2 size 8, vgap 10, prefix " ", ccolor "black"
%default 3 size 6, bar "gray70", vgap 0
%default 4 size 6, fore "black", vgap 0, prefix " ", font "standard"
%%
%%default 1 area 90 90, leftfill, size 9, fore "yellow", back "blue", font "thick"
%%default 2 size 9, vgap 10, prefix " "
%%default 3 size 7, bar "gray70", vgap 10
%%default 4 size 7, vgap 30, prefix " ", font "standard"
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%
%% Default settings that are applied to TAB-indented lines.
%%
%tab 1 size 5, vgap 40, prefix "     ", icon arc "red" 50
%tab 2 size 4, vgap 35, prefix "            ", icon delta3 "blue" 40
%tab 3 size 3, vgap 35, prefix "                        ", icon dia "DarkViolet" 40
%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
%nodefault
%center, size 8, font "thick", back "white", fore "black"

Anonymity loves company:
usability as a security parameter


%size 7
Roger Dingledine

The Free Haven Project
%font "typewriter", fore "blue"
http://freehaven.net/

%font "thick", fore "black"
WUPSS, July 2004
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

Outline

%leftfill
Anonymity is a network effect

Usability: "whether it does what people want"

Theory: How to align usability with security

Practice: The deployed systems don't match up so well with the theory

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

Anonymity: Who needs it?

Private citizens
	advocacy, counseling, whistleblowing, reporting, ...
%size 6
Government applications
	research, law enforcement, tip lines, security
%size 6
Business applications
%size 5
(hide relationships and volumes of communication)
	Who is visiting job sites?
	Which groups are talking to patent lawyers?
	Who are your suppliers and customers?
	Is the CEO talking to a buyout partner?

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

Anonymous transport, not data

I'm talking here about the low level transport.

By default the transport should leak no information, and then the user can choose from there what to disclose.

Cookie scrubbing, etc needs to happen too, but at a higher layer.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

Mixing with other messages
%newimage -xscrzoom 75 "F5.eps"

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

Anonymity is a network effect

Unlike encryption, it's not enough for just one person to want anonymity

Usability affects security!

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

Distributed trust

An anonymity system can't be just for one entity

(even a large corporation or government)

You must carry traffic for others to protect yourself

But those others don't want to trust their traffic to just one entity either

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
The Economics of Anonymity,
Financial Crypto 2003

Anonymity requires _inefficiencies_ in computation, bandwidth, storage

Issue one: enough traffic to create anonymity

Issue two: enough capacity to handle users

Result: there is an equilibrium!
High-sensitivity users run nodes,
low-sensitivity users provide cover traffic

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

Wait, this is only high-latency traffic.

Most users prefer faster traffic, and also streams.
(interactive speeds: web browsing, AIM, ssh, etc)

We can crank down the latency -- which attracts more users, but alas they mix less well.

So we want it faster, to get better security.
And we want it slower, to get better security.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

One analogy

Securing all the machines on the Internet

If other people have lax security, this impacts my spam, distributed denial-of-service, etc.

Security is a network effect here too.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
Practice: Mixminion
http://mixminion.net/

Deployed high-latency system. Paper at IEEE Security&Privacy 2002.

We talked about high-sensitivity users running nodes. In reality,
	The high-sensitivity people don't want people to realize even that they care.
	The people who run nodes do it to help the world (human rights, civil liberties, ...)

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page
Practice: Tor
http://freehaven.net/tor/

Deployed low-latency system. Paper at Usenix Security 2004.


	Many many more users.
	Also nicer because it's easier to integrate with a web browser than a mailer.
	If we made it usable for file-sharing, we'd have even more. Not sure that we want that though.

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%page

More issues

Hard to get people to run exit nodes.
Hard to safely accept arbitrary servers.
Some attacks on anonymity still work.
Many users will be happy with a single-hop proxy.
Socks proxy (dns problems) vs VPN/IP tunnel (install problems).
Packages (apparently) mean the logs are hidden.


***********************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe freehaven-cvs       in the body. http://freehaven.net/
Prev by Author: [freehaven-cvs] Directory /home/freehaven/cvsroot/doc/wupss04 added ...
Next by Author: [freehaven-cvs] preliminary notes and outline for usability chapter
Previous by thread: [freehaven-cvs] Directory /home/freehaven/cvsroot/doc/wupss04 added ...
Next by thread: [freehaven-cvs] preliminary notes and outline for usability chapter
Index(es):
- Author
- Thread