ETH Library Deniable Upload and Download via Passive Participation

Downloading or uploading controversial information can put users at risk, making them hesitant to access or share such information. While anonymous communication networks (ACNs) are designed to hide communication meta-data, already connecting to an ACN can raise suspicion. In order to enable plausible deniability while providing or accessing controversial information, we design CoverUp: a system that enables users to asynchronously upload and download data. The key idea is to involve visitors from a collaborating website. This website serves a JavaScript snippet, which, after user’s consent produces cover traffic for the controversial site / content. This cover traffic is indistinguishable from the traffic of participants interested in the controversial content; hence, they can deny that they actually upor downloaded any data. CoverUp provides a feed-receiver that achieves a downlink rate of 10 to 50 Kbit/s. The indistinguishability guarantee of the feed-receiver holds against strong global networklevel attackers who control everything except for the user’s machine. We extend CoverUp to a full upload and download system with a rate of 10 up to 50 Kbit/s. In this case, we additionally need the integrity of the JavaScript snippet, for which we introduce a trusted party. The analysis of our prototype shows a very small timing leakage, even after half a year of continual observation. Finally, as passive participation raises ethical and legal concerns for the collaborating websites and the visitors of the collaborating website, we discuss these concerns and describe how they can be addressed.

[1]  Susan Landau,et al.  Making Sense from Snowden: What's Significant in the NSA Surveillance Revelations , 2013, IEEE Security & Privacy.

[2]  Vern Paxson,et al.  Blocking-resistant communication through domain fronting , 2015, Proc. Priv. Enhancing Technol..

[3]  A. Houmansadr,et al.  : Using Live Streaming to Evade Internet Censorship , 2016 .

[4]  Paul Francis,et al.  Towards efficient traffic-analysis resistant anonymity networks , 2013, SIGCOMM.

[5]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[6]  Matthias Bauer New covert channels in HTTP: adding unwitting Web browsers to anonymity sets , 2003, WPES '03.

[7]  Devavrat Shah,et al.  ARQ for network coding , 2008, 2008 IEEE International Symposium on Information Theory.

[8]  Dan Boneh,et al.  Evading Censorship with Browser-Based Proxies , 2012, Privacy Enhancing Technologies.

[9]  J. Dumortier Directive 98/48/EC of the European Parliament and of the Council , 2006 .

[10]  Srinath T. V. Setty,et al.  Unobservable Communication over Fully Untrusted Infrastructure , 2016, OSDI.

[11]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[12]  Michel Beaudouin-Lafon,et al.  Designing interaction, not interfaces , 2004, AVI.

[13]  Joseph Bonneau,et al.  Finite-State Security Analysis of OTR Version 2 , 2006 .

[14]  Nicholas Hopper,et al.  Cover your ACKs: pitfalls of covert channel censorship circumvention , 2013, CCS.

[15]  Song Li,et al.  (Cross-)Browser Fingerprinting via OS and Hardware Level Features , 2017, NDSS.

[16]  Victor Boyko,et al.  On the Security Properties of OAEP as an All-or-Nothing Transform , 1999, CRYPTO.

[17]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.

[18]  Bernd Girod,et al.  Communications approach to image steganography , 2002, IS&T/SPIE Electronic Imaging.

[19]  Ronald L. Rivest,et al.  All-or-Nothing Encryption and the Package Transform , 1997, FSE.

[20]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[21]  Andrew S. Patrick,et al.  From Privacy Legislation to Interface Design: Implementing Information Privacy in Human-Computer Interactions , 2003, Privacy Enhancing Technologies.

[22]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[23]  Lem Ma,et al.  The Federal Constitution of the Swiss Confederation , 2016 .

[24]  Mária Bieliková,et al.  Tabbed Browsing Behavior as a Source for User Modeling , 2013, UMAP.

[25]  Bryan Ford,et al.  Conscript your friends into larger anonymity sets with JavaScript , 2013, WPES.

[26]  Nikita Borisov,et al.  SWEET: Serving the Web by Exploiting Email Tunnels , 2012, IEEE/ACM Transactions on Networking.

[27]  Mr.Pravin R. Kamble,et al.  Steganography Techniques: A Review , 2013 .

[28]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[29]  D. Artz,et al.  Digital steganography: hiding data within data , 2001 .

[30]  Vitaly Shmatikov,et al.  CloudTransport: Using Cloud Storage for Censorship-Resistant Networking , 2014, Privacy Enhancing Technologies.

[31]  Mayank Bakshi,et al.  Reliable deniable communication: Hiding messages in noise , 2013, 2013 IEEE International Symposium on Information Theory.

[32]  David Wolinsky,et al.  Dissent in Numbers: Making Strong Anonymity Scale , 2012, OSDI.

[33]  Alessandro Acquisti,et al.  Nudging Privacy: The Behavioral Economics of Personal Information , 2009, IEEE Security & Privacy.

[34]  Volker Roth,et al.  A Secure Submission System for Online Whistleblowing Platforms , 2013, Financial Cryptography.

[35]  Vitaly Shmatikov,et al.  CovertCast: Using Live Streaming to Evade Internet Censorship , 2016, Proc. Priv. Enhancing Technol..

[36]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.

[37]  Nikita Borisov,et al.  I want my voice to be heard: IP over Voice-over-IP for unobservable censorship circumvention , 2013, NDSS.