Crypto-Book: An Architecture for Privacy Preserving Online Identities

John Maheswaran, David Isaac Wolinsky, Bryan Ford

HotNets ’13 (11/22/2013)

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Cross-site Authentication

Cross-site Authentication

Cross-site Authentication

Cross-site Authentication

Cross-site AuthenticationTr

acki

ng in

fo Tracking info

Tracking info

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Privacy and Security Concerns

Privacy and Security Concerns

Privacy and Security Concerns

Privacy and Security Concerns

Privacy and Security Concerns

Privacy and Security Concerns

Privacy and Security Concerns

Privacy and Security Concerns

Problem Summary• Increasingly use of cross-site authentication– OAuth, OpenID, Facebook/Twitter/Google+ login

• Use social network for online IDs– Convenient, easy to use

• Using these IDs brings privacy/tracking risks– Cross-site tracking, browsing history, actions across

different sites

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Goals

• Crypto-Book aims to– Allow users to use social network IDs– Provide better privacy between social network

and third party sides

Crypto-Book

Personally identifiable social networking ID

Crypto-Book

Personally identifiable social networking ID

Crypto-Book Layer

Personally identifiable social networking ID

Crypto-Book privacy preserving layer

Crypto-Book Layer

Personally identifiable social networking ID

Crypto-Book privacy preserving layer

Crypto-Book Layer

Personally identifiable social networking ID

Anonymized IDs – one pseudonym per site

Crypto-Book privacy preserving layer

Crypto-Book Layer

Crypto-Book privacy preserving layer

Crypto-Book Layer

Crypto-Book privacy preserving layer

Not linkable by Facebook, Crypto-Book or by third party sites

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Key Assignment

• Cross-site authentication often relies on OAuth/OpenID

• Crypto-Book fits into OAuth protocol to isolate third party site from social network– Protects cross-site privacy– Assigns key pairs to social network IDs

OAuth

OAuth

Give me a limited scope OAuth access token

OAuth

Give me a limited scope OAuth access token Issue me an OAuth

access token with requested scope

OAuth

Give me a limited scope OAuth access token Issue me an OAuth

access token with requested scope

OAuth

Give me a limited scope OAuth access token Issue me an OAuth

access token with requested scope

Key Assignment

• To use privacy preserving cryptographic techniques– have to assign public/private keypairs to users

• Cloud of key servers with split trust• Clients do not provide own key– Allows us to conscript users into anonymity sets

without their knowledge/permission

OAuth

Give me a limited scope OAuth access token Issue me an OAuth

access token with requested scope

OAuth

Crypto-Book Workflow

Crypto-Book Workflow

Crypto-Book Workflow

Crypto-Book Workflow

Crypto-Book Workflow

Crypto-Book Workflow

Crypto-Book Workflow

abuse resistant anonymous 1-to-1 mapping

Anytrust key servers• An anytrust cloud is:– a decentralized client/server network model– trust there is at least one honest server

• Anytrust cloud of key servers– assigns key pairs to each social network user– Run by various privacy advocates e.g. EFF

Anytrust key servers

Key Server

Key Server

Key Server

Anytrust key servers

Key Server

Key Server

Key Server

Anytrust key servers

Key Server

Key Server

Key Server

Anytrust key servers

Key Server

Key Server

Key Server

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Anonymity set conscription

Anonymity set conscription

Anonymity set conscription

Anonymity set conscription

Anonymity set conscription

Anonymity set conscription

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution– Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Balancing Anonymity with Accountability

• Need to balance:– Supporting free speech, free expression of opinion– Improving the quality of public discourse. By

allowing people to fully hide anonymously, they may do things they would not otherwise• e.g. Wikipedia sock-puppetry, vandalism

Balancing Anonymity with Accountability

• Solution needs to provide both– Anonymity– Accountability

• Wikipedia would like to allow users to remain anonymous, but are worried about vandalism– Users need to be anonymous yet accountable

Digital Signature

Digital Signature

Digital Signature

Digital Signature

Linkable Ring Signature (LRS)

Linkable Ring Signature (LRS)

Linkable Ring Signature (LRS)

Linkable Ring Signature (LRS)

Linkable Ring Signature (LRS)

• Created by member of a group of users (each have keys)

• Third party can verify:– Some member of the group signed something– If two signatures are by same member

• Third party cannot discover– Which specific user created the signature

Privacy Preserving Crypto Layer

• LRS has linkage tag– If a client generates two LRSs, they will have the

same linkage tag– Means LRSs can be linked across time

• Linkage tag provides accountability– 1-to-1 mapping between Facebook users and

anonymized identities

Crypto-Book Summary

Crypto-Book Summary

abuse resistant anonymous 1-to-1 mapping

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution – Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Talk Overview

• The problem– Cross-site Authentication– Social network privacy concerns

• Solution – Overview– Key assignment– Conscripting an anonymity set– Anonymous login

• Conclusions and future work

Future Work

• Provide OAuth/OpenID API– Integration with more third party sites

• Deploy Crypto-Book key servers at various host institutions

• Abuse resistant way of using anonymous systems such as Tor

• Investigation of anonymity set selection

Conclusion

• Crypto-Book provides privacy preserving online identities – anonymous – abuse resistant

• www.crypto-book.com– Demo video– More info, SOSP’13 poster, more talk slides– Link to source code on GitHub

Questions?

www.crypto-book.com