A Universally Composable Framework for the Privacy of Email Ecosystems

Email communication is amongst the most prominent online activities, and as such, can put sensitive information at risk. It is thus of high importance that internet email applications are designed in a privacy-aware manner and analyzed under a rigorous threat model. The Snowden revelations (2013) suggest that such a model should feature a global adversary, in light of the observational tools available. Furthermore, the fact that protecting metadata can be of equal importance as protecting the communication context implies that end-to-end encryption may be necessary, but it is not sufficient.

[1]  George Danezis,et al.  Mixminion: design of a type III anonymous remailer protocol , 2003, 2003 Symposium on Security and Privacy, 2003..

[2]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[3]  Srinivas Devadas,et al.  Riffle: An Efficient Communication System With Strong Anonymity , 2016, Proc. Priv. Enhancing Technol..

[4]  Dan Boneh,et al.  Riposte: An Anonymous Messaging System Handling Millions of Users , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  Dogan Kesdogan,et al.  Stop-and-Go-MIXes Providing Probabilistic Anonymity in an Open System , 1998, Information Hiding.

[6]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[7]  Vitaly Shmatikov,et al.  Timing Analysis in Low-Latency Mix Networks: Attacks and Defenses , 2006, ESORICS.

[8]  S. Fischer-Hübner,et al.  Anonymity , Unlinkability , Unobservability , Pseudonymity , and Identity Management – A Consolidated Proposal for Terminology , 2002 .

[9]  Aniket Kate,et al.  AnoA: A Framework for Analyzing Anonymous Communication Protocols , 2013, 2013 IEEE 26th Computer Security Foundations Symposium.

[10]  Johan Håstad,et al.  The square lattice shuffle , 2006, Random Struct. Algorithms.

[11]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[12]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[13]  Panayiotis Kotzanikolaou,et al.  Broadcast anonymous routing (BAR): scalable real-time anonymous communication , 2017, International Journal of Information Security.

[14]  George Danezis,et al.  Towards an Information Theoretic Metric for Anonymity , 2002, Privacy Enhancing Technologies.

[15]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[16]  George Danezis,et al.  Sphinx: A Compact and Provably Secure Mix Format , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[17]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[18]  George Danezis,et al.  The Loopix Anonymity System , 2017, USENIX Security Symposium.

[19]  Douglas Wikström,et al.  A Universally Composable Mix-Net , 2004, TCC.

[20]  Srinath T. V. Setty,et al.  Unobservable Communication over Fully Untrusted Infrastructure , 2016, OSDI.

[21]  Ari Juels,et al.  Parallel mixing , 2004, CCS '04.

[22]  Jan Camenisch,et al.  A Formal Treatment of Onion Routing , 2005, CRYPTO.

[23]  Bart Preneel,et al.  Towards Measuring Anonymity , 2002, Privacy Enhancing Technologies.

[24]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[25]  David Chaum,et al.  cMix: Mixing with Minimal Real-Time Asymmetric Cryptographic Operations , 2017, ACNS.

[26]  Micah Sherr,et al.  Users get routed: traffic correlation on tor by realistic adversaries , 2013, CCS.

[27]  Srinivas Devadas,et al.  Atom: Horizontally Scaling Strong Anonymity , 2016, SOSP.

[28]  Michael T. Goodrich,et al.  Anonymous Card Shuffling and Its Applications to Parallel Mixnets , 2012, ICALP.

[29]  Aggelos Kiayias,et al.  MCMix: Anonymous Messaging via Secure Multiparty Computation , 2017, USENIX Security Symposium.

[30]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[31]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[32]  Gene Tsudik,et al.  Towards an Analysis of Onion Routing Security , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[33]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[34]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[35]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[36]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[37]  Nickolai Zeldovich,et al.  Vuvuzela: scalable private messaging resistant to traffic analysis , 2015, SOSP.