Publius A Robust Tamper Evident Censorship Resistant WWW
Publius A Robust, Tamper Evident, Censorship Resistant WWW Based Publishing System Lorrie Cranor AT&T Research Aviel Rubin AT&T Research Marc Waldman NYU – CS Dept.
Publius ¨ Pen name used by authors of Federalist Papers ¨ Federalist Papers influential in convincing NY state voters to ratify US constitution.
Why Publish Anonymously? ¨ Political Dissent ¨ “Whistleblowing” ¨ Radical Ideas ¨ Human Rights Reports
Publius Design Goals ¨ Censorship Resistant ¨ Tamper Evident ¨ Source Anonymous ¨ Updateable ¨ Host Content Deniability ¨ Persistent ¨ Extensible ¨ Freely Available
Related Work ¨ Connection Based Anonymity Hide identity of requestor ¨ Location or Author Based Anonymity Hide identity of author or WWW server
Connection Based Anonymity ¨ Anonymizer HTTP proxy URL rewrite www. anonymizer. com ¨ Proxymate Formerly LPWA HTTP Proxy Pseudonym generation www. proxymate. com
Connection Based Anonymity ¨ Onion Router Mix Network www. onion-router. net HTTP Proxy Developed ¨ Crowds HTTP request via Crowd Dynamic Path generation www. research. att. com/projects/crowds
Onion Routing Onion 1 Onion 2 Onion 3 Onion 4 “Hello World”
Connection Based Anonymity http: //www. freedom. net ¨ Freedom Similar to Onion Routing Implemented at transport layer Nym creation – allows multiple pseudonyms Supports HTTP, NNTP, POP 3, Telnet , etc.
Location Based Anonymity ¨ Rewebber (aka Janus) www. rewebber. de Author & Connection Based Tool HTTP Proxy URL Rewrite using public key crypto U=http: //www. cs. nyu. edu/~waldman/publius. html Ek (M)=Encrypt message M with public key k http: //www. rewebber. com/surf-encrypted/Ek(U)
Location Based Anonymity ¨ Taz & Rewebber Computers with public/private key pair Each runs HTTP proxy server Encryption similar to onion-routing TAZ servers translate name. taz to address Down server = document irretrievable www. firstserver. com: 100/STOPREADINGTHISANDP AYATTENTIONTOTHESPEAKER
Eternity Service ¨ Ross Anderson (Univ. of Cambridge) ¨ Network of servers – resists DOS attacks ¨ Fee based ¨ Files cannot be removed or updated ¨ Digital Libraries
Eternity Systems ¨ Usenet Eternity Scaled Down Eternity System Usenet is storage medium Formatting using PGP, SHA 1 Send to alt. anonymous. messages Server caches and performs updates Connect via WWW browser
Eternity Inspired Systems ¨ Freenet “Adaptive Network” Local caching Anonymous query, retrieval ¨ Intermemory Self-replicating persistant RAM Donate hard disk space
File Sharing Systems ¨ Napster Peer-to-peer file sharing Peers can capture IP address or peer ¨ Gnutella Anonymous query Peer to peer file transfer, IP capture
Publius Overview Publius Content – Static content (HTML, images, PDF, etc) with desired properties. ¨ Publishers – Post Publius content ¨ Servers – Host Publius content ¨ Retrievers – Browse Publius content
Publius Servers Publius Server Table www. redcross. org whitehouse. gov library. fr www. nyu. edu publius. uk
Publish Operation D = Document To Publish K Share 1 K=Key Shamir Secret Sharing Share 2 Share 3 Share 4 MD 5 ( D. Sharei ) / Mod 5 = Index Into Server Table Index 0 = www. redcross. org Index 3 = www. nyu. edu Store D encrypted under K, and one Share on Server
Publish Overview ¨ Servers available to store content ¨ Encrypt document with secret key K ¨ Secret split key K into (m, k) shares (Shamir) ¨ Store encrypted document and share on m servers ¨ Form URL cryptographically tied to document ¨ Distribute URL – Publius URL http: //!publius!/1 e 6 adsg 673 h 0=hgj 7889340=yareyou readingthis=12 asbnm 8945
Retrieve Overview ¨ Break apart URL to discover document locations ¨ Retrieve encrypted document and share from k locations ¨ Reassemble Key K from shares ¨ Decrypt retrieved document ¨ Check for tampering ¨ View in WWW browser
Retrieve Operation http: //!publius!/MD 5(D. Share 1 )MD 5 (D. Share 2)… http: //!publius!/un. Rea. Dable. Ur. L Index = MD 5(D. Share 1) Mod Table_Size From www. redcross. org Get Encrypted File, Share Key = combine Shares D = Decrypt File with Key Tamper Check = MD 5(D. Share 1) = value in URL
Tradeoffs ¨ N = # servers with Content & Share ¨ K = # Shares needed to reconstruct the Key ¨ Higher N Greater availability Harder to censor ¨ Higher K Decreased performance Greater tamper protection Possibly Easier To Censor
Update and Delete Operations ¨ Update – “update” file, MD 5(password. IP) ¨ Delete – MD 5(password. IP) ¨ Threats – Place update file on server Brute force to delete files ¨ URL contains update bit - Don’t accept updates ¨ Publish Option – No Delete or Update
Mutually Hyperlinked Content Publish B, Modify A, Publish A Publish B First – Invalid A Link Publish A First – Invalid B Link Problem: Content cryptographically tied to URL
Hyperlinked Content Solution Hyperlink Publish A, B Update Modify A, B Hyperlink Republish A, B Hyperlink Update A, B Update
User Interface Browser Based GUI Publius Proxy Internet http: //!publius!/URL http: //!publius!/PUBLISH http: //!publius!/UPDATE http: //!publius!/DELETE Store MIME type in first three bytes of file Send correct Content-Type to browser
Threats & Limitations • Share Deletion or Corruption • Update File Deletion or Corruption • Denial of Service Attacks • Threats to Publisher Anonymity • “Rubber-Hose Cryptanalysis”
Live Trial (8/7/2000) • 3 Week Server Recruitment Period • 100 Volunteers, Test Script distributed • 53 successfully installed test script • 44 successfully installed. • Proxy - server version of client, 9 volunteers Must trust proxy – see file, password for Publish Sees URL for retrieve • Over 550 client requests
Contributions & Availability • Automatic Tamper Checking Mechanism • Update / Delete Method • Publishing Mutually Hyperlinked Content • 1500 Lines of Perl • Uses Crypto++ 3. 2 – Crypto Library (C++)
Future Work ¨ Remove dependence on server list - URL encodes locations, tamper check ¨ Split content - Krawczyk – Information Dispersal ¨ CPU payment scheme (Dwork, Naor) ¨ Automatic replication across servers - Intermemory model
Publius WWW Site Source Code & Technical Paper http: //cs. nyu. edu/waldman/publius
- Slides: 31