Pudding: Private User Discovery in Anonymity Networks
- URL: http://arxiv.org/abs/2311.10825v1
- Date: Fri, 17 Nov 2023 19:06:08 GMT
- Title: Pudding: Private User Discovery in Anonymity Networks
- Authors: Ceren Kocaoğullar, Daniel Hugenroth, Martin Kleppmann, Alastair R. Beresford,
- Abstract summary: Pudding is a novel private user discovery protocol.
It hides contact relationships between users, prevents impersonation, and conceals which usernames are registered on the network.
Pudding can be deployed on Loopix and Nym without changes to the underlying anonymity network protocol.
- Score: 9.474649136535705
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Anonymity networks allow messaging with metadata privacy, providing better privacy than popular encrypted messaging applications. However, contacting a user on an anonymity network currently requires knowing their public key or similar high-entropy information, as these systems lack a privacy-preserving mechanism for contacting a user via a short, human-readable username. Previous research suggests that this is a barrier to widespread adoption. In this paper we propose Pudding, a novel private user discovery protocol that allows a user to be contacted on an anonymity network knowing only their email address. Our protocol hides contact relationships between users, prevents impersonation, and conceals which usernames are registered on the network. Pudding is Byzantine fault tolerant, remaining available and secure as long as less than one third of servers are crashed, unavailable, or malicious. It can be deployed on Loopix and Nym without changes to the underlying anonymity network protocol, and it supports mobile devices with intermittent network connectivity. We demonstrate the practicality of Pudding with a prototype using the Nym anonymity network. We also formally define the security and privacy goals of our protocol and conduct a thorough analysis to assess its compliance with these definitions.
Related papers
- The Key to Deobfuscation is Pattern of Life, not Overcoming Encryption [0.7124736158080939]
We present a novel methodology that is effective at deobfuscating sources by synthesizing measurements from key locations along protocol transaction paths.
Our approach links online personas with their origin IP addresses based on a Pattern of Life (PoL) analysis.
We show that, when monitoring in the correct places on the Internet, DNS over HTTPS (DoH) and DNS over TLS (DoT) can be deobfuscated with up to 100% accuracy.
arXiv Detail & Related papers (2023-10-04T02:34:29Z) - AnoFel: Supporting Anonymity for Privacy-Preserving Federated Learning [4.086517346598676]
Federated learning enables users to collaboratively train a machine learning model over their private datasets.
Secure aggregation protocols are employed to mitigate information leakage about the local datasets.
This setup, however, still leaks the participation of a user in a training iteration, which can also be sensitive.
We introduce AnoFel, the first framework to support private and anonymous dynamic participation in federated learning.
arXiv Detail & Related papers (2023-06-12T02:25:44Z) - Privacy Explanations - A Means to End-User Trust [64.7066037969487]
We looked into how explainability might help to tackle this problem.
We created privacy explanations that aim to help to clarify to end users why and for what purposes specific data is required.
Our findings reveal that privacy explanations can be an important step towards increasing trust in software systems.
arXiv Detail & Related papers (2022-10-18T09:30:37Z) - Cross-Network Social User Embedding with Hybrid Differential Privacy
Guarantees [81.6471440778355]
We propose a Cross-network Social User Embedding framework, namely DP-CroSUE, to learn the comprehensive representations of users in a privacy-preserving way.
In particular, for each heterogeneous social network, we first introduce a hybrid differential privacy notion to capture the variation of privacy expectations for heterogeneous data types.
To further enhance user embeddings, a novel cross-network GCN embedding model is designed to transfer knowledge across networks through those aligned users.
arXiv Detail & Related papers (2022-09-04T06:22:37Z) - Learnable Privacy-Preserving Anonymization for Pedestrian Images [27.178354411900127]
This paper studies a novel privacy-preserving anonymization problem for pedestrian images.
It preserves personal identity information (PII) for authorized models and prevents PII from being recognized by third parties.
We propose a joint learning reversible anonymization framework, which can reversibly generate full-body anonymous images.
arXiv Detail & Related papers (2022-07-24T07:04:16Z) - SPAct: Self-supervised Privacy Preservation for Action Recognition [73.79886509500409]
Existing approaches for mitigating privacy leakage in action recognition require privacy labels along with the action labels from the video dataset.
Recent developments of self-supervised learning (SSL) have unleashed the untapped potential of the unlabeled data.
We present a novel training framework which removes privacy information from input video in a self-supervised manner without requiring privacy labels.
arXiv Detail & Related papers (2022-03-29T02:56:40Z) - Sphynx: ReLU-Efficient Network Design for Private Inference [49.73927340643812]
We focus on private inference (PI), where the goal is to perform inference on a user's data sample using a service provider's model.
Existing PI methods for deep networks enable cryptographically secure inference with little drop in functionality.
This paper presents Sphynx, a ReLU-efficient network design method based on micro-search strategies for convolutional cell design.
arXiv Detail & Related papers (2021-06-17T18:11:10Z) - Experimental implementation of secure anonymous protocols on an
eight-user quantum network [2.5516484173114855]
We experimentally demonstrate 5 information-theoretically secure anonymity protocols on an 8 user city-wide quantum network.
For a network of $n$ users, the protocols retain anonymity for the sender, given less than $n-2$ users are dishonest.
arXiv Detail & Related papers (2020-11-18T19:00:01Z) - Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy.
We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z) - Decentralized Privacy-Preserving Proximity Tracing [50.27258414960402]
DP3T provides a technological foundation to help slow the spread of SARS-CoV-2.
System aims to minimise privacy and security risks for individuals and communities.
arXiv Detail & Related papers (2020-05-25T12:32:02Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.