Publius a robust tamper evident censorship resistant www based publishing system
This presentation is the property of its rightful owner.
Sponsored Links
1 / 31

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System PowerPoint PPT Presentation


  • 59 Views
  • Uploaded on
  • Presentation posted in: General

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System. Lorrie Cranor AT&T Research. Aviel Rubin AT&T Research. Marc Waldman NYU – CS Dept. Publius. Pen name used by authors of Federalist Papers

Download Presentation

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Publius a robust tamper evident censorship resistant www based publishing system

PubliusA Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System

Lorrie Cranor

AT&T Research

Aviel Rubin

AT&T Research

Marc Waldman

NYU – CS Dept.


Publius

Publius

  • Pen name used by authors of Federalist Papers

  • Federalist Papers influential in convincing NY state voters to ratify US constitution.


Why publish anonymously

Why Publish Anonymously?

  • Political Dissent

  • “Whistleblowing”

  • Radical Ideas

  • Human Rights Reports


Publius design goals

Publius Design Goals

  • Censorship Resistant

  • Tamper Evident

  • Source Anonymous

  • Updateable

  • Host Content Deniability

  • Persistent

  • Extensible

  • Freely Available


Related work

Related Work

  • Connection Based Anonymity

    Hide identity of requestor

  • Location or Author Based Anonymity

    Hide identity of author or WWW server


Connection based anonymity

Connection Based Anonymity

  • Anonymizer

    HTTP proxy

    URL rewrite

  • Proxymate

    Formerly LPWA

    HTTP Proxy

    Pseudonym generation

www.anonymizer.com

www.proxymate.com


Connection based anonymity1

Connection Based Anonymity

  • Onion Router

    Mix Network

    HTTP Proxy Developed

  • Crowds

    HTTP request via Crowd

    Dynamic Path generation

www.onion-router.net

www.research.att.com/projects/crowds


Onion routing

Onion Routing

Onion 1

Onion 2

Onion 3

Onion 4

“Hello World”


Connection based anonymity2

Connection Based Anonymity

  • Freedom

    Similar to Onion Routing

    Implemented at transport layer

    Nym creation – allows multiple pseudonyms

    Supports HTTP, NNTP, POP3, Telnet , etc.

http://www.freedom.net


Location based anonymity

Location Based Anonymity

  • Rewebber (aka Janus) www.rewebber.de

    Author & Connection Based Tool

    HTTP Proxy

    URL Rewrite using public key crypto

    U=http://www.cs.nyu.edu/~waldman/publius.html

    Ek (M)=Encrypt message M with public key k

    http://www.rewebber.com/surf-encrypted/Ek(U)


Location based anonymity1

Location Based Anonymity

  • Taz & Rewebber

    Computers with public/private key pair

    Each runs HTTP proxy server

    Encryption similar to onion-routing

    TAZ servers translate name.taz to address

    Down server = document irretrievable

www.firstserver.com:100/STOPREADINGTHISANDPAYATTENTIONTOTHESPEAKER


Eternity service

Eternity Service

  • Ross Anderson (Univ. of Cambridge)

  • Network of servers – resists DOS attacks

  • Fee based

  • Files cannot be removed or updated

  • Digital Libraries


Eternity systems

Eternity Systems

  • Usenet Eternity

    Scaled Down Eternity System

    Usenet is storage medium

    Formatting using PGP, SHA1

    Send to alt.anonymous.messages

    Server caches and performs updates

    Connect via WWW browser


Eternity inspired systems

Eternity Inspired Systems

  • Freenet

    “Adaptive Network”

    Local caching

    Anonymous query, retrieval

  • Intermemory

    Self-replicating persistant RAM

    Donate hard disk space


File sharing systems

File Sharing Systems

  • Napster

    Peer-to-peer file sharing

    Peers can capture IP address or peer

  • Gnutella

    Anonymous query

    Peer to peer file transfer, IP capture


Publius overview

Publius Overview

Publius Content – Static content (HTML, images, PDF, etc) with desired properties.

  • Publishers – Post Publius content

  • Servers – Host Publius content

  • Retrievers – Browse Publius content


Publius servers

Publius Servers

Publius Server Table

www.redcross.org

whitehouse.gov

whitehouse.gov

www.redcross.org

library.fr

library.fr

www.nyu.edu

www.nyu.edu

publius.uk

publius.uk


Publish operation

Publish Operation

D = Document To Publish K=Key

Shamir Secret Sharing

K

Share1

Share2

Share3

Share4

MD5 ( D . Sharei ) / Mod 5 = Index Into Server Table

Index 0 = www.redcross.org Index 3 = www.nyu.edu

Store D encrypted under K, and one Share on Server


Publish overview

Publish Overview

  • Servers available to store content

  • Encrypt document with secret key K

  • Secret split key K into (m,k) shares (Shamir)

  • Store encrypted document and share on m servers

  • Form URL cryptographically tied to document

  • Distribute URL – Publius URL

    http://!publius!/1e6adsg673h0=hgj7889340=yareyoureadingthis=12asbnm8945


Retrieve overview

Retrieve Overview

  • Break apart URL to discover document locations

  • Retrieve encrypted document and share from k locations

  • Reassemble Key K from shares

  • Decrypt retrieved document

  • Check for tampering

  • View in WWW browser


Retrieve operation

http://!publius!/MD5(D.Share1 )MD5 (D.Share2)…

http://!publius!/unReaDableUrL

Index = MD5(D.Share1) Mod Table_Size

From www.redcross.org Get Encrypted File, Share

Key = combine Shares

D = Decrypt File with Key

Tamper Check = MD5(D.Share1) = value in URL

Retrieve Operation


Tradeoffs

Tradeoffs

  • N = # servers with Content & Share

  • K = # Shares needed to reconstruct the Key

  • Higher N

    Greater availability

    Harder to censor

  • Higher K

    Decreased performance

    Greater tamper protection

    Possibly Easier To Censor


Update and delete operations

Update and Delete Operations

  • Update – “update” file, MD5(password.IP)

  • Delete – MD5(password .IP)

  • Threats – Place update file on server

    Brute force to delete files

  • URL contains update bit - Don’t accept updates

  • Publish Option – No Delete or Update


Mutually hyperlinked content

Mutually Hyperlinked Content

A

B

Publish B, Modify A, Publish A

A

B

Publish B First – Invalid A Link

Publish A First – Invalid B Link

Problem: Content cryptographically tied to URL


Hyperlinked content solution

Hyperlinked Content Solution

Hyperlink

A

AU

Publish A, B

Modify A, B

Update

Hyperlink

Hyperlink

Republish A,B

B

BU

Update A,B

Update


User interface

User Interface

Browser Based GUI

Publius Proxy

Internet

http://!publius!/URLhttp://!publius!/PUBLISH

http://!publius!/UPDATEhttp://!publius!/DELETE

Store MIME type in first three bytes of file

Send correct Content-Type to browser


Threats limitations

Threats & Limitations

  • Share Deletion or Corruption

  • Update File Deletion or Corruption

  • Denial of Service Attacks

  • Threats to Publisher Anonymity

  • “Rubber-Hose Cryptanalysis”


Live trial 8 7 2000

  • 3 Week Server Recruitment Period

  • 100 Volunteers, Test Script distributed

  • 53 successfully installed test script

  • 44 successfully installed.

  • Proxy - server version of client, 9 volunteers

  • Must trust proxy – see file, password for Publish

  • Sees URL for retrieve

  • Over 550 client requests

Live Trial (8/7/2000)


Contributions availability

Contributions & Availability

  • Automatic Tamper Checking Mechanism

  • Update / Delete Method

  • Publishing Mutually Hyperlinked Content

  • 1500 Lines of Perl

  • Uses Crypto++ 3.2 – Crypto Library (C++)


Future work

Future Work

  • Remove dependence on server list

    - URL encodes locations, tamper check

  • Split content

    - Krawczyk – Information Dispersal

  • CPU payment scheme (Dwork, Naor)

  • Automatic replication across servers

    - Intermemory model


Publius www site

Publius WWW Site

Source Code & Technical Paper

http://cs.nyu.edu/waldman/publius


  • Login