Publius a robust tamper evident censorship resistant www based publishing system
Sponsored Links
This presentation is the property of its rightful owner.
1 / 31

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System. Lorrie Cranor AT&T Research. Aviel Rubin AT&T Research. Marc Waldman NYU – CS Dept. Publius. Pen name used by authors of Federalist Papers

Download Presentation

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Publius a robust tamper evident censorship resistant www based publishing system

PubliusA Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System

Lorrie Cranor

AT&T Research

Aviel Rubin

AT&T Research

Marc Waldman

NYU – CS Dept.



  • Pen name used by authors of Federalist Papers

  • Federalist Papers influential in convincing NY state voters to ratify US constitution.

Why publish anonymously

Why Publish Anonymously?

  • Political Dissent

  • “Whistleblowing”

  • Radical Ideas

  • Human Rights Reports

Publius design goals

Publius Design Goals

  • Censorship Resistant

  • Tamper Evident

  • Source Anonymous

  • Updateable

  • Host Content Deniability

  • Persistent

  • Extensible

  • Freely Available

Related work

Related Work

  • Connection Based Anonymity

    Hide identity of requestor

  • Location or Author Based Anonymity

    Hide identity of author or WWW server

Connection based anonymity

Connection Based Anonymity

  • Anonymizer

    HTTP proxy

    URL rewrite

  • Proxymate

    Formerly LPWA

    HTTP Proxy

    Pseudonym generation

Connection based anonymity1

Connection Based Anonymity

  • Onion Router

    Mix Network

    HTTP Proxy Developed

  • Crowds

    HTTP request via Crowd

    Dynamic Path generation

Onion routing

Onion Routing

Onion 1

Onion 2

Onion 3

Onion 4

“Hello World”

Connection based anonymity2

Connection Based Anonymity

  • Freedom

    Similar to Onion Routing

    Implemented at transport layer

    Nym creation – allows multiple pseudonyms

    Supports HTTP, NNTP, POP3, Telnet , etc.

Location based anonymity

Location Based Anonymity

  • Rewebber (aka Janus)

    Author & Connection Based Tool

    HTTP Proxy

    URL Rewrite using public key crypto


    Ek (M)=Encrypt message M with public key k

Location based anonymity1

Location Based Anonymity

  • Taz & Rewebber

    Computers with public/private key pair

    Each runs HTTP proxy server

    Encryption similar to onion-routing

    TAZ servers translate name.taz to address

    Down server = document irretrievable

Eternity service

Eternity Service

  • Ross Anderson (Univ. of Cambridge)

  • Network of servers – resists DOS attacks

  • Fee based

  • Files cannot be removed or updated

  • Digital Libraries

Eternity systems

Eternity Systems

  • Usenet Eternity

    Scaled Down Eternity System

    Usenet is storage medium

    Formatting using PGP, SHA1

    Send to alt.anonymous.messages

    Server caches and performs updates

    Connect via WWW browser

Eternity inspired systems

Eternity Inspired Systems

  • Freenet

    “Adaptive Network”

    Local caching

    Anonymous query, retrieval

  • Intermemory

    Self-replicating persistant RAM

    Donate hard disk space

File sharing systems

File Sharing Systems

  • Napster

    Peer-to-peer file sharing

    Peers can capture IP address or peer

  • Gnutella

    Anonymous query

    Peer to peer file transfer, IP capture

Publius overview

Publius Overview

Publius Content – Static content (HTML, images, PDF, etc) with desired properties.

  • Publishers – Post Publius content

  • Servers – Host Publius content

  • Retrievers – Browse Publius content

Publius servers

Publius Servers

Publius Server Table

Publish operation

Publish Operation

D = Document To Publish K=Key

Shamir Secret Sharing






MD5 ( D . Sharei ) / Mod 5 = Index Into Server Table

Index 0 = Index 3 =

Store D encrypted under K, and one Share on Server

Publish overview

Publish Overview

  • Servers available to store content

  • Encrypt document with secret key K

  • Secret split key K into (m,k) shares (Shamir)

  • Store encrypted document and share on m servers

  • Form URL cryptographically tied to document

  • Distribute URL – Publius URL


Retrieve overview

Retrieve Overview

  • Break apart URL to discover document locations

  • Retrieve encrypted document and share from k locations

  • Reassemble Key K from shares

  • Decrypt retrieved document

  • Check for tampering

  • View in WWW browser

Retrieve operation

http://!publius!/MD5(D.Share1 )MD5 (D.Share2)…


Index = MD5(D.Share1) Mod Table_Size

From Get Encrypted File, Share

Key = combine Shares

D = Decrypt File with Key

Tamper Check = MD5(D.Share1) = value in URL

Retrieve Operation



  • N = # servers with Content & Share

  • K = # Shares needed to reconstruct the Key

  • Higher N

    Greater availability

    Harder to censor

  • Higher K

    Decreased performance

    Greater tamper protection

    Possibly Easier To Censor

Update and delete operations

Update and Delete Operations

  • Update – “update” file, MD5(password.IP)

  • Delete – MD5(password .IP)

  • Threats – Place update file on server

    Brute force to delete files

  • URL contains update bit - Don’t accept updates

  • Publish Option – No Delete or Update

Mutually hyperlinked content

Mutually Hyperlinked Content



Publish B, Modify A, Publish A



Publish B First – Invalid A Link

Publish A First – Invalid B Link

Problem: Content cryptographically tied to URL

Hyperlinked content solution

Hyperlinked Content Solution




Publish A, B

Modify A, B




Republish A,B



Update A,B


User interface

User Interface

Browser Based GUI

Publius Proxy




Store MIME type in first three bytes of file

Send correct Content-Type to browser

Threats limitations

Threats & Limitations

  • Share Deletion or Corruption

  • Update File Deletion or Corruption

  • Denial of Service Attacks

  • Threats to Publisher Anonymity

  • “Rubber-Hose Cryptanalysis”

Live trial 8 7 2000

  • 3 Week Server Recruitment Period

  • 100 Volunteers, Test Script distributed

  • 53 successfully installed test script

  • 44 successfully installed.

  • Proxy - server version of client, 9 volunteers

  • Must trust proxy – see file, password for Publish

  • Sees URL for retrieve

  • Over 550 client requests

Live Trial (8/7/2000)

Contributions availability

Contributions & Availability

  • Automatic Tamper Checking Mechanism

  • Update / Delete Method

  • Publishing Mutually Hyperlinked Content

  • 1500 Lines of Perl

  • Uses Crypto++ 3.2 – Crypto Library (C++)

Future work

Future Work

  • Remove dependence on server list

    - URL encodes locations, tamper check

  • Split content

    - Krawczyk – Information Dispersal

  • CPU payment scheme (Dwork, Naor)

  • Automatic replication across servers

    - Intermemory model

Publius www site

Publius WWW Site

Source Code & Technical Paper

  • Login