Publius a robust tamper evident censorship resistant www based publishing system
Sponsored Links
This presentation is the property of its rightful owner.
1 / 31

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System PowerPoint PPT Presentation


  • 67 Views
  • Uploaded on
  • Presentation posted in: General

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System. Lorrie Cranor AT&T Research. Aviel Rubin AT&T Research. Marc Waldman NYU – CS Dept. Publius. Pen name used by authors of Federalist Papers

Download Presentation

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


PubliusA Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System

Lorrie Cranor

AT&T Research

Aviel Rubin

AT&T Research

Marc Waldman

NYU – CS Dept.


Publius

  • Pen name used by authors of Federalist Papers

  • Federalist Papers influential in convincing NY state voters to ratify US constitution.


Why Publish Anonymously?

  • Political Dissent

  • “Whistleblowing”

  • Radical Ideas

  • Human Rights Reports


Publius Design Goals

  • Censorship Resistant

  • Tamper Evident

  • Source Anonymous

  • Updateable

  • Host Content Deniability

  • Persistent

  • Extensible

  • Freely Available


Related Work

  • Connection Based Anonymity

    Hide identity of requestor

  • Location or Author Based Anonymity

    Hide identity of author or WWW server


Connection Based Anonymity

  • Anonymizer

    HTTP proxy

    URL rewrite

  • Proxymate

    Formerly LPWA

    HTTP Proxy

    Pseudonym generation

www.anonymizer.com

www.proxymate.com


Connection Based Anonymity

  • Onion Router

    Mix Network

    HTTP Proxy Developed

  • Crowds

    HTTP request via Crowd

    Dynamic Path generation

www.onion-router.net

www.research.att.com/projects/crowds


Onion Routing

Onion 1

Onion 2

Onion 3

Onion 4

“Hello World”


Connection Based Anonymity

  • Freedom

    Similar to Onion Routing

    Implemented at transport layer

    Nym creation – allows multiple pseudonyms

    Supports HTTP, NNTP, POP3, Telnet , etc.

http://www.freedom.net


Location Based Anonymity

  • Rewebber (aka Janus) www.rewebber.de

    Author & Connection Based Tool

    HTTP Proxy

    URL Rewrite using public key crypto

    U=http://www.cs.nyu.edu/~waldman/publius.html

    Ek (M)=Encrypt message M with public key k

    http://www.rewebber.com/surf-encrypted/Ek(U)


Location Based Anonymity

  • Taz & Rewebber

    Computers with public/private key pair

    Each runs HTTP proxy server

    Encryption similar to onion-routing

    TAZ servers translate name.taz to address

    Down server = document irretrievable

www.firstserver.com:100/STOPREADINGTHISANDPAYATTENTIONTOTHESPEAKER


Eternity Service

  • Ross Anderson (Univ. of Cambridge)

  • Network of servers – resists DOS attacks

  • Fee based

  • Files cannot be removed or updated

  • Digital Libraries


Eternity Systems

  • Usenet Eternity

    Scaled Down Eternity System

    Usenet is storage medium

    Formatting using PGP, SHA1

    Send to alt.anonymous.messages

    Server caches and performs updates

    Connect via WWW browser


Eternity Inspired Systems

  • Freenet

    “Adaptive Network”

    Local caching

    Anonymous query, retrieval

  • Intermemory

    Self-replicating persistant RAM

    Donate hard disk space


File Sharing Systems

  • Napster

    Peer-to-peer file sharing

    Peers can capture IP address or peer

  • Gnutella

    Anonymous query

    Peer to peer file transfer, IP capture


Publius Overview

Publius Content – Static content (HTML, images, PDF, etc) with desired properties.

  • Publishers – Post Publius content

  • Servers – Host Publius content

  • Retrievers – Browse Publius content


Publius Servers

Publius Server Table

www.redcross.org

whitehouse.gov

whitehouse.gov

www.redcross.org

library.fr

library.fr

www.nyu.edu

www.nyu.edu

publius.uk

publius.uk


Publish Operation

D = Document To Publish K=Key

Shamir Secret Sharing

K

Share1

Share2

Share3

Share4

MD5 ( D . Sharei ) / Mod 5 = Index Into Server Table

Index 0 = www.redcross.org Index 3 = www.nyu.edu

Store D encrypted under K, and one Share on Server


Publish Overview

  • Servers available to store content

  • Encrypt document with secret key K

  • Secret split key K into (m,k) shares (Shamir)

  • Store encrypted document and share on m servers

  • Form URL cryptographically tied to document

  • Distribute URL – Publius URL

    http://!publius!/1e6adsg673h0=hgj7889340=yareyoureadingthis=12asbnm8945


Retrieve Overview

  • Break apart URL to discover document locations

  • Retrieve encrypted document and share from k locations

  • Reassemble Key K from shares

  • Decrypt retrieved document

  • Check for tampering

  • View in WWW browser


http://!publius!/MD5(D.Share1 )MD5 (D.Share2)…

http://!publius!/unReaDableUrL

Index = MD5(D.Share1) Mod Table_Size

From www.redcross.org Get Encrypted File, Share

Key = combine Shares

D = Decrypt File with Key

Tamper Check = MD5(D.Share1) = value in URL

Retrieve Operation


Tradeoffs

  • N = # servers with Content & Share

  • K = # Shares needed to reconstruct the Key

  • Higher N

    Greater availability

    Harder to censor

  • Higher K

    Decreased performance

    Greater tamper protection

    Possibly Easier To Censor


Update and Delete Operations

  • Update – “update” file, MD5(password.IP)

  • Delete – MD5(password .IP)

  • Threats – Place update file on server

    Brute force to delete files

  • URL contains update bit - Don’t accept updates

  • Publish Option – No Delete or Update


Mutually Hyperlinked Content

A

B

Publish B, Modify A, Publish A

A

B

Publish B First – Invalid A Link

Publish A First – Invalid B Link

Problem: Content cryptographically tied to URL


Hyperlinked Content Solution

Hyperlink

A

AU

Publish A, B

Modify A, B

Update

Hyperlink

Hyperlink

Republish A,B

B

BU

Update A,B

Update


User Interface

Browser Based GUI

Publius Proxy

Internet

http://!publius!/URLhttp://!publius!/PUBLISH

http://!publius!/UPDATEhttp://!publius!/DELETE

Store MIME type in first three bytes of file

Send correct Content-Type to browser


Threats & Limitations

  • Share Deletion or Corruption

  • Update File Deletion or Corruption

  • Denial of Service Attacks

  • Threats to Publisher Anonymity

  • “Rubber-Hose Cryptanalysis”


  • 3 Week Server Recruitment Period

  • 100 Volunteers, Test Script distributed

  • 53 successfully installed test script

  • 44 successfully installed.

  • Proxy - server version of client, 9 volunteers

  • Must trust proxy – see file, password for Publish

  • Sees URL for retrieve

  • Over 550 client requests

Live Trial (8/7/2000)


Contributions & Availability

  • Automatic Tamper Checking Mechanism

  • Update / Delete Method

  • Publishing Mutually Hyperlinked Content

  • 1500 Lines of Perl

  • Uses Crypto++ 3.2 – Crypto Library (C++)


Future Work

  • Remove dependence on server list

    - URL encodes locations, tamper check

  • Split content

    - Krawczyk – Information Dispersal

  • CPU payment scheme (Dwork, Naor)

  • Automatic replication across servers

    - Intermemory model


Publius WWW Site

Source Code & Technical Paper

http://cs.nyu.edu/waldman/publius


  • Login