Anonymity and Privacy -- Spring '06
Thu 04:10P-06:00 PM
Computer Science Conference Room (CSB 453)
TA: None yet
"Anonymity and Privacy" will be taught as a seminar class. Students
will be expected to read a wide variety of papers; these will include
technical papers, statutes, court opinions, and the like. Prerequisites
include reasonable familiarity with networking and cryptography.
Grading will be based on class presentations of these papers -- the
exact number will depend on the total enrollment --class
discussion, and on two
one in lieu of the midterm and one in lieu of the final.
There will be no exams.
Topics will include:
- Legal framework (US and European)
- Data mining and databases
- Anonymous commerce (digital cash)
- Anonymous use of the Internet (onion routing, anonymous browsing, P3P)
- Traffic analysis
- Biometrics and authentication
- Policy and national security considerations
The reading list is subject to change in response to current events.
Please subscribe to the class mailing list via the web
p>Homework assignments should be submitted by emailing them to
smb+6184 at the obvious domain name.
Background Reading on Cryptographic Protocols
Those who have no background in cryptographic protocols should
- Chapters 2-4 of Applied Cryptography, Bruce Schneier, Wiley
1996, available in the SEAS library.
- "Using encryption
for authentication in large networks of computers",
R. Needham and M. Schroeder,
Communications of the ACM 21:12 (Dec 1978). This is the
first cryptographic protocol published in the open literature
(available via the CU library network).
- "Timestamps in key
distribution protocols", D. Denning and G. Sacco,
Communications of the ACM 24:8 (Aug 1981). A bug and a fix in the
Needham-Schroeder protocol. Note: the fix is buggy, too; see if you can
find the problem. There's also another bug in Needham-Schroeder
that wasn't found until 1995.
(available via the CU library network).
The final paper
must be submitted by Thursday, May 11, at 7:00 pm.
which is when the final for this class would be held.
- Jan 19
- Introduction: What is Privacy?
- Jan 26
- The Web: Cookies
The first reading item is technical background to understand the
how the privacy threats are implemented. The second is a description
of how Doubleclick works. Today, they have a very complete privacy
policy; years ago, they were a poster child for privacy misbehavior.
The third section is to analyze the privacy policies of two different
pairs of major Internet sites, Google and Amazon/A9.
- Feb 2
- The Web: Protecting Privacy on the Web
- Platform for Privacy Preferences (P3P) Project (CACM article)
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (optional;
skim this, and don't worry about syntactic details)
- Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine, Byers, Cranor, Kormann, McDaniel
- Crowds: Anonymity for Web Transactions,
Reiter and Rubin
- Design and
implementation of the Lucent Personalized Web Assistant (LPWA),
Kristol, Gabber, Gibbons, Matias, and Mayer.
There are many more links about P3P at
- Feb 9
- Anonymous Connectivity
For more papers, see http://www.onion-router.net/.
- Untraceable electronic
mail, return addresses, and digital pseudonyms, David Chaum, CACM 24:2,
The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson,
and Paul Syverson,
Proceedings of the 13th USENIX Security Symposium, August 2004.
Re-encryption for Mixnets,
Philippe Golle, Markus Jakobsson, Ari Juels, Paul Syverson,
The Cryptographers' Track at the RSA Conference, 2004.
- Feb 16
- Traffic Analysis
Processing to Analyze Wireless Data Traffic,
Craig Partridge, Davis Cousins, Alden Jackson, Rajesh Krishnan, Tushar
Saxena, and W. Timothy Strayer.
International Conference on Mobile Computing and Networking, 2002.
Traffic Analysis of Tor,
Steven J. Murdoch and George Danezis.
Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 2005.
Practical Traffic Analysis: Extending and Resisting Statistical Disclosure,
Nick Mathewson and Roger Dingledine.
Proceedings of Privacy Enhancing Technologies workshop (PET 2004).
"Locating Hidden Servers",
Lasse Øverlier and Paul Syverson, 2006. DRAFT.
- Feb 23
- Side Channels
Analysis of Keystrokes and Timing Attacks on SSH.
Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
10th USENIX Security Symposium, 2001.
Timing Attacks are Practical.
D. Boneh and D. Brumley,
Proceedings of the 12th Usenix Security Symposium, 2003.
for Counting NATted Hosts.
Steven Bellovin, Proc. Second Internet Measurement Workshop, November
Physical Device Fingerprinting.
Tadayoshi Kohono, Andre Broido, and KC Claffy.
IEEE Symposium on Security and Privacy, May 8-11, 2005.
(Note: read the conference version.)
- March 2
- Legal Foundations of Privacy
- Mar 9
- Legal Foundations; Wiretapping
- Mar 23
- Database Nation; Link Analysis
Read chapter 4 of
Nation, by Simson Garfinkel, O'Reilly and Associates, 2000.
The link to the book is via the Columbia library network; full text
is available. However... they seem to limit the number of simultanous
readers; do not wait until the night before.
(In fact, you may wish to read more; it's a fast read. Chapter 9
is prescient and scary --- and it was written before the terrorist
attacks of 9/11.)
Methods for Dynamic Graphs, C.Cortes, D. Pregibon, and C. Volinsky,
Journal of Computational and Graphical Statistics,
Vol 12 pp 950-970 (2003).
Mining Social Network from Spatio-Temporal Events,
Hady W. Lauw, Ee-Peng Lim, Teck-Tim Tan, and Hwee-Hwa Pang.
Workshop on Link Analysis, Counterterrorism and Security,
- Mar 30
- Privacy and Data Mining (technical)
Analysis of Privacy-Preserving Statistics Computation",
Subramaniam, Rebecca N. Wright, and Zhiqiang Yang,
Proceedings of the Workshop on Secure
Data Management (held in conjunction with VLDB'04), Springer LNCS 3178,
Engineering in Digital Rights Management Systems," in Proceedings
of the 2001 ACM Workshop on Security and Privacy in Digital Rights
Management, Lecture Notes in Computer Science, vol. 2320, Springer,
Berlin, 2002, pp. 76-105.
(Joan Feigenbaum, Michael Freedman, Tomas Sander, and Adam Shostack)
Data Mining Using Multi-Group Randomized Response Techniques".
Zhijun Zhan and Wenliang Du.
Technical Report, June 2003.
- April 6
- Digital Cash
- April 13
- Marco Gruteser and Dirk Grunwald,
Usage of Location-Based Services through Spatial
and Temporal Cloaking",
Proceedings of First ACM/USENIX International
Conference on Mobile Systems, Applications, and Services (MobiSys),
San Francisco, CA, May 2003.
- Bamba Gueye, Artur Ziviani, Mark Crovella, and Serge Fdida,
Geolocation of Internet Hosts,
IMC '04, October 25-27, 2004, Taormina, Sicily, Italy.
- Richard Clayton,
and Traceability in Cyberspace,
Ph.D. dissertation, University of Cambridge, Computer Laboratory
Technical Report UCAM-CL-TR-653, November 2005. Read Chapter 3
- Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones,
Fabrice Tchakountio, Beverly Schwartz, Stephen T. Kent, and W. Timothy
IP Traceback, IEEE/ACM Transactions on Networking (ToN), Volume 10,
Number 6, December 2002.
- April 20
- April 27