privacy-preserving attribution and provenance
DESCRIPTION
Privacy-Preserving Attribution and Provenance. UC San Diego & University of Washington Alex C. Snoeren & Yoshi Kohno, PIs. Stefan Savage, Amin Vahdat, Geoff Voelker (UCSD). Privacy-respecting forensics. Privacy : No extra information to “bad guys”. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/1.jpg)
Privacy-PreservingAttribution and
ProvenanceUC San Diego & University of Washington
Alex C. Snoeren & Yoshi Kohno, PIs
Stefan Savage, Amin Vahdat, Geoff Voelker (UCSD)
![Page 2: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/2.jpg)
Privacy-respecting forensics
Privacy: No extra information to “bad guys”.
Attributable / trackable: Can track the “bad guys” with special “properties”
Violate privacy: “Bad guys” can “track” the “good guys” without intended “special properties”
Avoid attribution / tracking: “Bad guys” can circumvent “tracking”
![Page 3: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/3.jpg)
Evidence-based security research
Pursue a two-pronged research agenda Long-term “clean slate” architectural design, grounded in Principled work on today’s concrete security environment
Obvious analogy to the medical field Ongoing, fundamental research into biological processes Continuously developing treatments for prevalent disease Each independent process informs and guides the other
![Page 4: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/4.jpg)
A vision for a future Internet
Strong anonymity Strong forensics
We are hereCan we get here and here
simultaneously?
![Page 5: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/5.jpg)
What we have today
Each hop and destination might: Inspect/influence payload Fingerprint OS Fingerprint application Fingerprint physical device
Ad hoc; easy to fool if skilled attacker; but loss of privacy if average user
A
B
![Page 6: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/6.jpg)
A
B
A
Attributable: Trusted third party can attribute physical origin of every single packet
Verifiable: Every hop and destination can verify that the trusted third party can attribute origin
Anonymous: Unauthorized parties cannot attribute physical origin of packets
What we want
![Page 7: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/7.jpg)
Our System: Clue
Dual Pentium 3.4GHz, 4GB RAM;Dual Pentium 3GHz, 1GB RAM
![Page 8: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/8.jpg)
CSI/FBI Computer Crime and Security Survey: Laptop and mobile device theft prevalent
and expensive problem: $30k per incident
10% of laptops are lost or stolen in first year
97% of lost or stolen laptops never recovered
Lost/stolen Internet devices
![Page 9: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/9.jpg)
Privacy-respecting recovery
Goal: Recover locations of lost or stolen devices
Timeline Owner possession (not lost nor stolen) Lost or stolen but unmodified State erased or reset Machine destroyed
Recoverability: Loss or flea market thief
Location privacy: Tracking service, thief, outsider
![Page 10: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/10.jpg)
Lookup IKi(T) IKi(T),EKi(LocationInfo)
Adeona
Forward secure PRG to evolve keys over time
Use shared key to compute indices as well as encrypt data
Use DHT to prevent traffic profiling
![Page 11: Privacy-Preserving Attribution and Provenance](https://reader036.vdocuments.us/reader036/viewer/2022062321/56813d04550346895da6a91c/html5/thumbnails/11.jpg)
Our goal: Determine feasibility of putting privacy-respecting attribution into the network
But lots of issues, including: Who should be the trusted third pary?
Internet is multi-national Remember the Clipper Chip? Intel’s Processor Serial Number?
Politics and technology