[talks] I Davey generals

Melissa M. Lawson mml at CS.Princeton.EDU
Fri May 11 11:24:01 EDT 2012

Ian Davey will present his research seminar/general exam on Friday May 18 
at 10AM in Room 302 (note room!). The members of his committee are: 
Ed Felten (advisor), Michael Freedman, and Zeev Dvir. Everyone is invited 
to attend his talk, and those faculty wishing to remain for the oral exam following 
are welcome to do so. His abstract and reading list follow below. 

----- Original Message -----

During the recent wave of popular uprisings, dissidents in droves used social media to organize against repressive regimes. The dictators who remain standing, however, tend to be the ones with the network infrastructure capable of inspecting traffic for forbidden material, logging it, and in some cases even censoring it in-flight. Previous work such as [6] has focused on circumventing these types of systems by simply ignoring their methods, but this essentially creates an arms race; preventing the adversary from noticing forbidden material altogether would be more effective. The approach in [1] might avoid deep packet inspection, allowing users to browse web pages unhindered, but this hardly helps when users ultimately wish to post items on a public forum equally accessible to the adversary. 
We approach this problem by embracing the fact that it ultimately seems at its core a key distribution problem - how can Alice share information with several others confidentially with no means to exchange or distribute key material out-of-band? We take advantage of the fact that in our case there is a large number of principals in the system but only one adversary. First, we borrow ideas from [8], and have Alice broadcast large amounts of pseudorandom data over time, with which she can derive part of a key. This pseudorandom string is small enough for Bob, one of her followers, to store and use later to derive the same key, but if the adversary wishes to successfully watch an entire nation of Alices, it will need to be able to store everything. Second, we have Alice secretly (and randomly) choose the last few bits of the aforementioned key, effectively creating a client puzzle such as that in [3]. Brute-forcing these bits should only take Bob a few seconds, but the adversary will need a prohibitive amount of processing power to keep up with everybody. 
In this talk, we will present the proofs and performance measurements for our scheme. We will also address some of the practical design considerations by presenting a mobile Twitter client which uses this scheme. 

[1] E. Wustrow, S. Wolchok, I. Goldberg, and J. Halderman. Telex: Anticensorship in the network infrastructure. USENIX Security 2011. 
[2] C. Dwork and M. Naor. Pricing via processing or combatting junk mail. CRYPTO 1992. 
[3] D. Dean and A. Stubblefield. Using client puzzles to protect TLS. USENIX Security 2001. 
[4] A. Narayanan and V. Shmatikov. Obfuscated databases and group privacy. CCS 2005. 
[5] R. Canetti, Y. Dodis, S. Halevi, E. Kushilevitz, and A. Sahai. Exposure-resilient functions and all-or-nothing transformations. EUROCRYPT 2000. 
[6] R. Clayton, S. Murdoch, and R. Watson. Ignoring the great firewall of China. PET 2006. 
[7] Y. Dodis and D. Wichs. Non-malleable extractors and symmetric key cryptography from weak secrets. STOC 2009. 
[8] Y. Aumann, Y. Ding, and M. Rabin. Everlasting security in the bounded storage model. IEEE Trans Inf Theory, June 2002. 
[9] B. Waters, A. Juels, J. Halderman, and E. Felten. New client puzzle outsourcing techniques for DoS resistance. CCS 2004. 
[10] N. Ferguson, B. Schneier, and T. Kohno. Cryptography engineering: design principles and practical applications. 2010. 
[11] R. Anderson. Security engineering: a guide to building dependable distributed systems (2nd ed.). 2008. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cs.princeton.edu/pipermail/talks/attachments/20120511/cb575dd4/attachment.html>

More information about the talks mailing list