PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks

In addition to their common use for private online communication, anonymous communication networks can also be used to circumvent censorship. However, it is difficult to determine the extent to which they are actually used for this purpose without violating the privacy of the networks' users. Knowing this extent can be useful to designers and researchers who would like to improve the performance and privacy properties of the network. To address this issue, we propose a statistical data collection system, PrivEx, for collecting egress traffic statistics from anonymous communication networks in a secure and privacy-preserving manner. Our solution is based on distributed differential privacy and secure multiparty computation; it preserves the security and privacy properties of anonymous communication networks, even in the face of adversaries that can compromise data collection nodes or coerce operators to reveal cryptographic secrets and keys.

[1]  Stefan Köpsell,et al.  How to achieve blocking resistance for existing systems enabling anonymous web surfing , 2004, WPES '04.

[2]  Amit Sahai,et al.  Accuracy-Privacy Tradeoffs for Two-Party Differentially Private Protocols , 2013, CRYPTO.

[3]  Omer Reingold,et al.  Computational Differential Privacy , 2009, CRYPTO.

[4]  Aaron Roth,et al.  Beating randomized response on incoherent matrices , 2011, STOC '12.

[5]  George Danezis,et al.  Privacy-Friendly Aggregation for the Smart-Grid , 2011, PETS.

[6]  Guy N. Rothblum,et al.  Boosting and Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[7]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[8]  Eran Omri,et al.  Distributed Private Data Analysis: On Simultaneously Solving How and What , 2008, CRYPTO.

[9]  Ilya Mironov,et al.  On significance of the least significant bits for differential privacy , 2012, CCS.

[10]  Christopher Soghoian Enforced Community Standards for Research on Users of the Tor Anonymity Network , 2011, Financial Cryptography Workshops.

[11]  George Danezis,et al.  Verified Computational Differential Privacy with Applications to Smart Metering , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[12]  Dirk Grunwald,et al.  Shining Light in Dark Places: Understanding the Tor Network , 2008, Privacy Enhancing Technologies.

[13]  Claudia Díaz,et al.  Comparison Between Two Practical Mix Designs , 2004, ESORICS.

[14]  Moni Naor,et al.  Our Data, Ourselves: Privacy Via Distributed Noise Generation , 2006, EUROCRYPT.

[15]  Toniann Pitassi,et al.  The Limits of Two-Party Differential Privacy , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[16]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[17]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[18]  George Danezis,et al.  Low-cost traffic analysis of Tor , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[19]  D. Shanks Class number, a theory of factorization, and genera , 1971 .

[20]  Paul F. Syverson,et al.  Locating hidden servers , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[21]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[22]  Ian Goldberg,et al.  The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitting , 2013, Privacy Enhancing Technologies.

[23]  Sofya Raskhodnikova,et al.  Analyzing Graphs with Node Differential Privacy , 2013, TCC.

[24]  Josh Benaloh,et al.  Dense Probabilistic Encryption , 1999 .

[25]  Helger Lipmaa,et al.  On the CCA1-Security of Elgamal and Damgård's Elgamal , 2010, Inscrypt.

[26]  Florian Kerschbaum,et al.  Fault-Tolerant Privacy-Preserving Statistics , 2012, Privacy Enhancing Technologies.

[27]  Xenofontas A. Dimitropoulos,et al.  SEPIA: Privacy-Preserving Aggregation of Multi-Domain Network Events and Statistics , 2010, USENIX Security Symposium.