Skip to main content

Entry 5 - Protecting Anonymity

Terminology

TOR- "the onion router" or the idea of wrapping a communication in several layers of encryption

Mixnet - series of servers that changes the order in which messages are sent and received before being delivered

Staying under the radar

Privacy comes in many different forms when we think of the internet. Most people are probably familiar with the idea of private accounts on social media, being able to restrict who sees what you post, and private browsing options on things like Google Chrome and Safari. The word privacy in these cases is a matter of personal comfort and a sense of security, but what if your actual safety depended on this privacy? Would you trust Facebook, or your favorite web browser to safeguard your anonymity? Probably not.

Countries around the world practicing internet censorship obviously don't support internet privacy and so anyone interested in skirting these censors has to find another, safer way to achieve privacy, or risk heavy penalties and potentially even their life. Privacy in this context is more than hiding your embarrassing photos from potential employers.

One well known and popular option for internet anonymity is the Tor browser. With Tor, a message is essentially unwrapped by a series of servers until reaching its destination where it can be completely deciphered. Only the problem with this is that lately researchers have proved it possible to "fingerprint" Tor circuits using machine learning algorithms and a little luck to identify servers hosting hidden services. (1)

In order to defend against the possibility of a single server along the 'onion route' being malicious, reshuffling messages and verifying their authenticity in a system called "Riffle." Riffle makes sure that at every handoff between servers the message it sends is a valid manipulation of the one it received. (2) In practice, as long as one server remains safe from adversaries, the message is still secure. This could have massive applications in countries with less internet freedom, or in nations battling censorship.

Relation to Computer Science

As seen in prior cyber security related topics I've covered, the use of randomization is a powerful technique in preventing easy access to sensitive information and securing all sorts of information. Communications, infrastructure, and sensitive data are all potential target for cybercriminals, so implementing computer principles of computer science is now more than ever, a crucial aspect of both public and private security. There are plenty of tools and techniques to safeguard or systems, we just need the minds to implement them for the good guys.

Resources

(1) http://news.mit.edu/2015/tor-vulnerability-0729
(2) http://news.mit.edu/2016/stay-anonymous-online-0711

Comments

  1. UnknownNovember 20, 2017 at 4:08 PM

    I like the explanation you have given about TOR. This is something I have never heard about and your explanation of the concept was easy to follow. You also mention some things that would be interesting topics to further research. For example, I would like to hear about the work of the researchers who discovered the "fingerprints" you mentioned. Overall, this is a very interesting blogpost.

    ReplyDelete
  2. Laughlin AsheNovember 20, 2017 at 8:15 PM

    As an everyday user who is not familiar with TOR or Riffle, I have to put a certain amount of trust in the system because in a sense the privacy is out of my hands. When I send an email on Google, I am putting my faith in Google keeping that message private, but in reality I have no control over whether or not they do. Will we ever be able to achieve true privacy online? Will large companies monitor us for targeted advertising or sell our information for profits? It seems to me that Google, Apple, Facebook, etc. have such a dominant market share that they can do whatever they want without anyone being able to do anything about it.

    ReplyDelete
  3. Maggie KaneNovember 21, 2017 at 5:22 PM

    I completely agree with Laughlin. A majority of people put a blind trust on the internet and the safety/privacy of the information we provide on social media and other sources. I, too, was not familiar with TOR or Riffle. The randomization technique is definitely a very successful approach for security, however it seems like there will always be some way to beat the system and find anything you want on the internet. It's hard to imagine a time where personal information will be completely private.

    ReplyDelete

Post a Comment

Popular posts from this blog

Entry 4 - Location, location, location...

The Anonymity of Location Services The advent of the cell phone and subsequently the smartphone has put a world of knowledge at our fingertips. Recipes, maps, music and much more are just a few clicks away, whenever we want them, wherever we want them. This is great for productivity and connectivity, but herein lies the danger to our privacy. Location services drive much of the functionality and enhance the user's experience on many of today's most popular apps, specifically social media applications. Apps encourage "checking in" and "tagging" people and locations attached to posts, and users often accept the risk of sharing their information because of " hyperbolic discounting" , where people focus on the immediate benefit and discount future risk. (3) Some users chose to disable location services, an option that should t heoretically make a user's location private, but recent studies show that this might be a false sense of security.
2 comments
Read more

Entry 3: Rerandomizing to beat cyberattacks

WannaCry Ransomware Terms ASLR- address space layout randomization: diversifying memory locations for an application TASR- timely address space randomization: randomization occurring alongside input-output pairs The Threat Modern IT specialists are constantly on the defense against hackers and are often at a disadvantage due to the arsenal of tools at the disposal of their rivals. Hackers just need to find a single solution to crack into a network or a device, while the good guys have to anticipate and protect against a plethora of vulnerabilities. (1) It has been estimated that malware attacks cost companies an average of $2.5 million and that in the United States the average cyber crime costs companies $21.22 million. (2) With the prevalence and severity of such crimes on the rise, the job of defending against such attacks has also become a top priority for both public and private industry alike. IT specialists have traditionally fallen back on a technique called ran
1 comment
Read more

Entry 2 - China's Quest for Quantum Computing

NSA Headquarters Quantum- not just a buzz word Traditional computing encodes information with the use of bits, that is a series of ones and zeroes. The quickly emerging field of quantum computing makes use of quantum bits, differing in nature from binary bits in that they can be ones and zeroes simultaneously. Quantum processors are still in development, but because of their massive computing potential both private industry and governments around the world are racing to champion the technology. Applications in computer science Math and science fields would probably be the most obvious benefactors of a breakthrough in quantum computing, by enabling faster computations and more intricate modeling. A lesser known, yet equally exciting application is known as quantum metrology. By measuring small gravitational changes, this technology would enable self contained navigational systems for use in autonomous vehicles of all sorts, without the need for traditional GPS. (1) What
1 comment
Read more