A Universally Composable Framework for the Privacy of Email Ecosystems

Email communication is amongst the most prominent online activities, and as such, can put sensitive information at risk. It is thus of high importance that internet email applications are designed in a privacy-aware manner and analyzed under a rigorous threat model. The Snowden revelations (2013) suggest that such a model should feature a global adversary, in light of the observational tools available. Furthermore, the fact that protecting metadata can be of equal importance as protecting the communication context implies that end-to-end encryption may be necessary, but it is not sufficient. With this in mind, we utilize the Universal Composability framework [Canetti, 2001] to introduce an expressive cryptographic model for email ``ecosystems\u27\u27 that can formally and precisely capture various well-known privacy notions (unobservability, anonymity, unlinkability, etc.), by parameterizing the amount of leakage an ideal-world adversary (simulator) obtains from the email functionality. Equipped with our framework, we present and analyze the security of two email constructions that follow different directions in terms of the efficiency vs. privacy tradeoff. The first one achieves optimal security (only the online/offline mode of the users is leaked), but it is mainly of theoretical interest; the second one is based on parallel mixing [Golle and Juels, 2004] and is more practical, while it achieves anonymity with respect to users that have similar amount of sending and receiving activity

Privacy Enhanced Technologies: Methods – Markets – Misuse

Research in Privacy Enhancing Technologies has a tradition of about 25 years. The basic technologies and ideas were found until 1995 while the last decade was dominated by the utilisation of such technologies. The question arises if there is a market for Privacy Enhanced Technology. The answer is yes, however Privacy Enhancing Technology may not have been broadly known yet in order to make it profitable. The governments or non-profit organisations must therefore run such systems or at least promote their further development and deployment. Especially governments have however conflicting interests: While governments of democratic nations are responsible to keep the freedom of citizens (and privacy as a part of it), governments also need instruments to prosecute criminal activities. Subsequently, Privacy Enhancing Technologies have to consider law enforcement functionality in order to balance these different targets

Individual Management of Personal Reachability in Mobile Communication

This paper describes a concept for controlling personal reachability while maintaining a high degree of privacy and data protection. By easy negotiation of their communication requests users can reach others without disturbing the called partners and without compromising their own privacy

The Hitting Set Attack on Anonymity Protocols

A passive attacker can compromise a generic anonymity protocol by applying the so called disclosure attack, i.e. a special traffic analysis attack. In this work we present a more efficient way to accomplish this goal, i.e. we need less observations by looking for unique minimal hitting sets. We call this the hitting set attack or just HS-attack. In general, solving the minimal hitting set problem is NP-hard. Therefore, we use frequency analysis to enhance the applicability of our attack. It is possible to apply highly efficient backtracking search algorithms. We call this approach the statistical hitting set attack or SHS-attack. However, the statistical hitting set attack is prone to wrong solutions with a given small probability. We use here duality checking algorithms to resolve this problem. We call this final exact attack the HS*-attack

Mobility Management in Third Generation Mobile Networks

With the increasing use of mobile and nomadic communication devices requirements for security and privacy are rising as well. Following brief surveys of existing approaches to mobility management, general security considerations for UMTS and confidential storing of location information we introduce the ideas and concepts behind the new ‘anonymous subscriber ’ method for UMTS, largely based on extended MIX networks. Finally, an application of this method conveniently employing the X.500 directory service infrastructure is described in some detail

Message splitting against the partial adversary

We review threat models used in the evaluation of anonymity systems ’ vulnerability to traffic analysis. We then suggest that, under the partial adversary model, if multiple packets have to be sent through these systems, more anonymity can be achieved if senders route the packets via different paths. This is in contrast to the normal technique of using the same path for them all. We comment on the implications of this for message-based and connection-based anonymity systems. We then proceed to examine the only remaining traffic analysis attack – one which considers the entire system as a black box. We show that it is more difficult to execute than the literature suggests, and attempt to empirically estimate the parameters of the Mixmaster and the Mixminion systems needed in order to successfully execute the attack