Conscript Your Friends into Larger Anonymity Sets with JavaScript - - PowerPoint PPT Presentation

▶

Jun 27, 2023 281 likes •563 views

Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs Bryan Ford Stanford Yale ACM Workshop on Privacy in the Electronic Society 4 November 2013 New Anonymity Systems Have a

SLIDE 1

Conscript Your Friends into Larger Anonymity Sets with JavaScript

ACM Workshop on Privacy in the Electronic Society

4 November 2013

Henry Corrigan-Gibbs Stanford Bryan Ford Yale

SLIDE 2

New Anonymity Systems Have a “Chicken-and-Egg” Problem

Few   users Small anonymity sets

SLIDE 3

SLIDE 4

SLIDE 5

Emacs rulz!!

Overthrow the regime!!

Start the revolution!!

Adversary could just arrest all three participants

SLIDE 6

SLIDE 7

Overthrow the regime!!

Start the revolution!! Emacs rulz!!

??

SLIDE 8

Idea

“Conscript” casual Internet users into an

anonymity system using JavaScript

– Casual users submit null messages – Savvy users use a browser plug-in to swap

ut the null messages with real ones
Compatible with a number of

existing anonymity systems

SLIDE 9

Outline

Motivation
Architecture
Attacks and Defenses
Evaluation

SLIDE 10

000

GET /index.html <html><script>...

E1(E2(E3(000))) Using a randomized encryption scheme

SLIDE 11

GET /index.html <html><script>...

Plugin

E1(E2(E3(m))) E1(E2(E3(000)))

m 000

SLIDE 12

The Adversary Sees

SLIDE 13

The Adversary Sees

SLIDE 14

The Adversary Sees

Start the revolution! 00000000

SLIDE 15

Security Property

Casual users’ messages indistinguishable 
from savvy users’ messages

THEN Conscripting increases the size of  

the savvy users’ anonymity set

≈ ¡

Casual Savvy

SLIDE 16

Compatible Anonymity Systems

1. Monotonic anonymity set size
2. Possible to simulate traffic streams
3. Easy to identify malformed messages
Yes: Timed mix cascade, verifiable shuffles,

remailers (maybe), verifiable DC-nets No: Tor, batching mix net

SLIDE 17

The ConScript Script

E.g., for a mix-net

The JavaScript application sends

– RSA encryption routines, – server public keys, and – code to POST ciphertext to mix-server.

Mix servers uses 
Access-Control-Allow-Origin header

SLIDE 18

Outline

Motivation
Architecture
Attacks and Defenses
Evaluation

SLIDE 19

Web server can serve malicious JavaScript User can submit incorrect messages Vulnerabilities of the underlying anonymity system

Threats

SLIDE 20

JavaScript Attack

Plugin

Plugin only swaps  

ut msg if scripts

match exactly

SLIDE 21

More Attacks

Side-channel attack
Selective DoS attack (“trickle attack”)
Distribution point monitoring

– Who downloads the plug-in?

User-counting attack
[…]
Even if adversary can distinguish:

Anonymity provided ≥ | Savvy users |

SLIDE 22

Outline

Motivation
Architecture
Attacks and Defenses
Evaluation

SLIDE 23

Proof-of-Concept Evaluation

  Device   Mix-net Verifiable DC-net Workstation 81 156 Laptop 133 231 iPhone 4 9 009 62 973 Milestone – 63 504

Time (ms) to generate a dummy message on different

devices. OpenPGP.js for RSA encryption, SJCL for ECC.

SLIDE 24

Related Work

AdLeaks [Roth et al., FC‘13]

– Similar idea: JS for dummy messages – Works with one particular anonymity system – Vulnerable to active attacks by browsers

FlashProxy [Fifield et al., PETS‘12]

– Use JavaScript to “conscript” browsers into acting as Tor bridges

Bauer [WPES ‘03]

– Covert channel between mix servers

SLIDE 25

Conclusion

Conscripted anonymity is one possible

way to address the chicken-and-egg problem in online anonymity

Ongoing work on in-browser crypto could

have benefits for anonymity systems too

– e.g., W3C Crypto API standard

SLIDE 26

Questions?

Henry Corrigan-Gibbs henrycg@stanford.edu

Thanks to David Fifield and

David Wolinsky for their comments.

SLIDE 27