Laura Roberts will present her Pre FPO on Tuesday, December 3, 2019 at 2:30pm in CS 402. 

The members of her committee are as follows: Ed Felten (adviser); Readers:  Prateek Mittal and Jonathan Mayer; Examiners:  Jennifer Rexford and Arvind Narayanan

Everyone is invited to attend her talk.  The talk title and abstract follow below.

Title: Prevention and Detection of Internet Surveillance

If you believe that privacy is important in a free and democratic society, then you are surely worried about the enormous surveillance system that is the Internet. In this talk, I present practical ways to prevent being watched while using the Internet by plugging holes in Tor and a practical way to watch who’s watching you.

First, we investigate the effect of DNS on Tor’s anonymity. Previous work had not analyzed DNS’s role in deanonymizing Tor users. We discovered that DNS exposes Tor users’ behavior to more adversaries than previously thought, we discovered that Google gets to learn a lot about what websites Tor users are visiting via DNS, we performed simulations at Internet-scale in order to understand how our proof-of-concept attacks could affect real people, and finally, we provided recommendations to Tor operators on how they should be handling DNS in Tor.

Next, we analyzed millions of RSA keys in Tor relays in search of anomalies. Previous work has shown how weak cryptographic keys can compromise users’ safety by allowing adversaries to compute the all-important private key. We indeed found anomalous keys and demonstrated that they were indicative of suspicious behavior. Our results led to The Tor Project’s taking action to develop tools that catch these anomalous keys.

Finally, Internet users and providers of services don't know who's watching their Internet traffic. We desire a way to detect who is monitoring Internet traffic and to determine where that traffic might be monitored. Thus, we present NOISE, the Nonce Observatory for Inverse Surveillance of Eavesdroppers, a method and system to detect eavesdroppers remotely that involves disseminating nonces--unique, pseudorandom values--in traffic and seeing if they are observed elsewhere, indicating they must have been "eavesdropped" and acted upon unexpectedly.

We take advantage of IPv6's large address space and embed 64-bit nonces innocuously into IPv6 addresses. We disseminate these "nonced" addresses via Internet-wide, traceroute-like active measurement campaigns to approx. 15.2M targets as unique source addresses in each outbound probe. We monitor for subsequent interest in these nonces via packet capture on our system's infrastructure and inspection of system logs, email, and a third-party passive DNS database. Disseminating ~1.2 billion nonces, we detect eavesdropping more than 200k times, involving 268 networks, for probes destined for 437 networks. These observations reveal: (a) data collection for security incident handling, (b) traffic information being shared with third parties, and (c) man-in-the-middle monitoring in one of the world's largest commercial peering exchanges.