1 Security and Cryptography II Anonymous & Unobservable Communication Stefan Köpsell (Slides [mainly] created by Andreas Pfitzmann) Technische Universität Dresden, Faculty of Computer Science, D-01187 Dresden Nöthnitzer Str. 46, Room 3067 hone: +49 351 463-38272, e-mail: sk13 @inf.tu-dresden.de , https:// dud.inf.tu-dresden.de
39
Embed
1 Security and Cryptography II Anonymous & Unobservable Communication Stefan Köpsell (Slides [mainly] created by Andreas Pfitzmann) Technische Universität.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Security and Cryptography II
Anonymous & Unobservable Communication
Stefan Köpsell(Slides [mainly] created by Andreas Pfitzmann)
Technische Universität Dresden, Faculty of Computer Science, D-01187 DresdenNöthnitzer Str. 46, Room 3067
100 Video-8 tapes (or in 2014: 1 hard drive disk with 500 GByte for ≈ 35 EUR) store all telephone calls of one year:
Who with whom ?When ?How long ?From where ?
Reality or fiction?
With the development of television, and the technical advance which made it possible to receive and transmit simultaneously on the same instrument, private life came to an end.
George Orwell, 1948
Excerpt from: 1984
Examples of changes w.r.t.anonymity and privacy
Broadcast allows recipient anonymity — it is not detectable who is interested in which programme and information
Examples of changes w.r.t.anonymity and privacy
Internet-Radio, IPTV, Video on Demand etc.support profiling
Remark: Plain old letter post has shown its dangers, but nobody demands full traceability of them …
Anonymous plain old letter post is substituted by „surveillanceable“ e-Mails
The massmedia „newspaper“ will be personalised by means of Web, elektronic paper and print on demand
Privacy and the Cloud?
[http://www.apple.com/icloud/]
Mechanisms to protect traffic data
Protection outside the network
Public terminals– use is cumbersome
Temporally decoupled processing– communications with real time properties
Local selection– transmission performance of the network– paying for services with fees
…at least two different problems: 1. Information leakage by (more or less)
intentionally published (Profil-)data(E-Mail) Contact listFace recognitation
2. Profiling of every Internet user„Like“-Button
developed 1997 by Netscape original purpose: enable sessions (transactions) on the Web
small amount of data, sent from the Web server to the Browser will be:
stored by the Browser automatically transmitted with every visit of the Web server
usual content: unique identifier for re-identification (tracking)
Cookies – served on the Web
Nutzer Web-Server
➀ Anfrage des Nutzers
➋ Antwort des Web-Servers
1st visit of a Web-site
2nd and further visits of that Web-site
Cookies – served on the Web
Nutzer Web-Server
➀ Anfrage des Nutzers
➋ Antwort des Web-Servers
Nutzer Web-Server
➀ Anfrage des Nutzers
➋ Antwort des Web-Servers
besides Cookies many other tracking mechanisms exist in modern BrowsersFlash-Cookies, DOM-StorageGEO-Location, Web-BugsList of Fonts, List of Plugins, …
Tracking Profiling, especially: group profilesGoal: Link a person to a group of persons to derive unknown attributes
of that person“behavioural targeting / advertising”
„to be ‚read‘ out“
Why?Make money!“If you are not paying for it, you're not the customer; you're the
product being sold.” [post on MetaFilter.com, August 26, 2010]
To be tracked or not to be tracked?
Google‘s Revenue in Million Dollar
0
500
1000
1500
2000
2500
3000
35004/
03
2/04
4/04
2/05
4/05
2/06
4/06
2/07
4/07
2/08
4/08
2/09
4/09
2/10
4/10
2/11
4/11
2/12
4/12
Facebook-“Like“-Button
small picture, embedded into many Web sites>350000 Web-Sites
if a Facebook user clicks on the Like-Button, his friends will be informedFacebook learns, which sites a user likes