Publius a robust tamper evident censorship resistant www based publishing system
1 / 31

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System - PowerPoint PPT Presentation

  • Uploaded on

Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System. Lorrie Cranor AT&T Research. Aviel Rubin AT&T Research. Marc Waldman NYU – CS Dept. Publius. Pen name used by authors of Federalist Papers

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System' - gage-newman

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Publius a robust tamper evident censorship resistant www based publishing system

PubliusA Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System

Lorrie Cranor

AT&T Research

Aviel Rubin

AT&T Research

Marc Waldman

NYU – CS Dept.


  • Pen name used by authors of Federalist Papers

  • Federalist Papers influential in convincing NY state voters to ratify US constitution.

Why publish anonymously
Why Publish Anonymously?

  • Political Dissent

  • “Whistleblowing”

  • Radical Ideas

  • Human Rights Reports

Publius design goals
Publius Design Goals

  • Censorship Resistant

  • Tamper Evident

  • Source Anonymous

  • Updateable

  • Host Content Deniability

  • Persistent

  • Extensible

  • Freely Available

Related work
Related Work

  • Connection Based Anonymity

    Hide identity of requestor

  • Location or Author Based Anonymity

    Hide identity of author or WWW server

Connection based anonymity
Connection Based Anonymity

  • Anonymizer

    HTTP proxy

    URL rewrite

  • Proxymate

    Formerly LPWA

    HTTP Proxy

    Pseudonym generation

Connection based anonymity1
Connection Based Anonymity

  • Onion Router

    Mix Network

    HTTP Proxy Developed

  • Crowds

    HTTP request via Crowd

    Dynamic Path generation

Onion routing
Onion Routing

Onion 1

Onion 2

Onion 3

Onion 4

“Hello World”

Connection based anonymity2
Connection Based Anonymity

  • Freedom

    Similar to Onion Routing

    Implemented at transport layer

    Nym creation – allows multiple pseudonyms

    Supports HTTP, NNTP, POP3, Telnet , etc.

Location based anonymity
Location Based Anonymity

  • Rewebber (aka Janus)

    Author & Connection Based Tool

    HTTP Proxy

    URL Rewrite using public key crypto


    Ek (M)=Encrypt message M with public key k

Location based anonymity1
Location Based Anonymity

  • Taz & Rewebber

    Computers with public/private key pair

    Each runs HTTP proxy server

    Encryption similar to onion-routing

    TAZ servers translate name.taz to address

    Down server = document irretrievable

Eternity service
Eternity Service

  • Ross Anderson (Univ. of Cambridge)

  • Network of servers – resists DOS attacks

  • Fee based

  • Files cannot be removed or updated

  • Digital Libraries

Eternity systems
Eternity Systems

  • Usenet Eternity

    Scaled Down Eternity System

    Usenet is storage medium

    Formatting using PGP, SHA1

    Send to alt.anonymous.messages

    Server caches and performs updates

    Connect via WWW browser

Eternity inspired systems
Eternity Inspired Systems

  • Freenet

    “Adaptive Network”

    Local caching

    Anonymous query, retrieval

  • Intermemory

    Self-replicating persistant RAM

    Donate hard disk space

File sharing systems
File Sharing Systems

  • Napster

    Peer-to-peer file sharing

    Peers can capture IP address or peer

  • Gnutella

    Anonymous query

    Peer to peer file transfer, IP capture

Publius overview
Publius Overview

Publius Content – Static content (HTML, images, PDF, etc) with desired properties.

  • Publishers – Post Publius content

  • Servers – Host Publius content

  • Retrievers – Browse Publius content

Publius servers
Publius Servers

Publius Server Table

Publish operation
Publish Operation

D = Document To Publish K=Key

Shamir Secret Sharing






MD5 ( D . Sharei ) / Mod 5 = Index Into Server Table

Index 0 = Index 3 =

Store D encrypted under K, and one Share on Server

Publish overview
Publish Overview

  • Servers available to store content

  • Encrypt document with secret key K

  • Secret split key K into (m,k) shares (Shamir)

  • Store encrypted document and share on m servers

  • Form URL cryptographically tied to document

  • Distribute URL – Publius URL


Retrieve overview
Retrieve Overview

  • Break apart URL to discover document locations

  • Retrieve encrypted document and share from k locations

  • Reassemble Key K from shares

  • Decrypt retrieved document

  • Check for tampering

  • View in WWW browser

Retrieve operation

http://!publius!/MD5(D.Share1 )MD5 (D.Share2)…


Index = MD5(D.Share1) Mod Table_Size

From Get Encrypted File, Share

Key = combine Shares

D = Decrypt File with Key

Tamper Check = MD5(D.Share1) = value in URL

Retrieve Operation


  • N = # servers with Content & Share

  • K = # Shares needed to reconstruct the Key

  • Higher N

    Greater availability

    Harder to censor

  • Higher K

    Decreased performance

    Greater tamper protection

    Possibly Easier To Censor

Update and delete operations
Update and Delete Operations

  • Update – “update” file, MD5(password.IP)

  • Delete – MD5(password .IP)

  • Threats – Place update file on server

    Brute force to delete files

  • URL contains update bit - Don’t accept updates

  • Publish Option – No Delete or Update

Mutually hyperlinked content
Mutually Hyperlinked Content



Publish B, Modify A, Publish A



Publish B First – Invalid A Link

Publish A First – Invalid B Link

Problem: Content cryptographically tied to URL

Hyperlinked content solution
Hyperlinked Content Solution




Publish A, B

Modify A, B




Republish A,B



Update A,B


User interface
User Interface

Browser Based GUI

Publius Proxy


http://!publius!/URL http://!publius!/PUBLISH

http://!publius!/UPDATE http://!publius!/DELETE

Store MIME type in first three bytes of file

Send correct Content-Type to browser

Threats limitations
Threats & Limitations

  • Share Deletion or Corruption

  • Update File Deletion or Corruption

  • Denial of Service Attacks

  • Threats to Publisher Anonymity

  • “Rubber-Hose Cryptanalysis”

Live trial 8 7 2000

  • 3 Week Server Recruitment Period

  • 100 Volunteers, Test Script distributed

  • 53 successfully installed test script

  • 44 successfully installed.

  • Proxy - server version of client, 9 volunteers

  • Must trust proxy – see file, password for Publish

  • Sees URL for retrieve

  • Over 550 client requests

Live Trial (8/7/2000)

Contributions availability
Contributions & Availability

  • Automatic Tamper Checking Mechanism

  • Update / Delete Method

  • Publishing Mutually Hyperlinked Content

  • 1500 Lines of Perl

  • Uses Crypto++ 3.2 – Crypto Library (C++)

Future work
Future Work

  • Remove dependence on server list

    - URL encodes locations, tamper check

  • Split content

    - Krawczyk – Information Dispersal

  • CPU payment scheme (Dwork, Naor)

  • Automatic replication across servers

    - Intermemory model

Publius www site
Publius WWW Site

Source Code & Technical Paper