Anonymity and Privacy — Spring '08
Mon 04:10P-06:00 PM
Computer Science Conference Room (CSB 453)
TA: Binh Vo
"Anonymity and Privacy" will be taught as a seminar class. Students
will be expected to read and
present a wide variety of papers; these will include
technical papers, statutes, court opinions, and the like. Prerequisites
include reasonable familiarity with networking and cryptography.
Grading will be based on class presentations of these papers — the
exact number will depend on the total enrollment — class
discussion, and on two
one in lieu of the midterm and one in lieu of the final.
There will be no exams.
Topics will include:
- Legal framework (US and European)
- Data mining and databases
- Anonymous commerce (digital cash)
- Anonymous use of the Internet (onion routing, anonymous browsing, P3P)
- Traffic analysis
- Biometrics and authentication
- Policy and national security considerations
The reading list is subject to change in response to current events.
Background Reading on Cryptographic Protocols
Those who have no background in cryptographic protocols should
- Chapters 2-4 of Applied Cryptography, Bruce Schneier, Wiley
1996, available in the SEAS library.
- "Using encryption
for authentication in large networks of computers",
R. Needham and M. Schroeder,
Communications of the ACM 21:12 (Dec 1978). This is the
first cryptographic protocol published in the open literature
(available via the CU library network).
- "Timestamps in key
distribution protocols", D. Denning and G. Sacco,
Communications of the ACM 24:8 (Aug 1981). A bug and a fix in the
Needham-Schroeder protocol. Note: the fix is buggy, too; see if you can
find the problem. There's also another bug in Needham-Schroeder
that wasn't found until 1995.
(available via the CU library network).
- Jan 28
- Introduction: What is Privacy?
Please read the following before the first class session.
- Monday, February 04
- Legal Foundations of Privacy
- Katz v U.S. 389 US 347 (1967)
Smith v Maryland 442 US 735 (1979)
18 USC 2510-2522, 2701-2712: wiretap law; Stored Communications Act (recommended)
18 USC 3121-3127: pen registers and trap-and-trace devices (recommended)
50 USC 1801-1811: Foreign Intelligence Surveillance Act (recommended)
- REGULATION (EC) No 45/2001 OF THE EUROPEAN
PARLIAMENT AND OF THE COUNCIL
of 18 December2000
on the protection of individuals with regard to the processing of personal
data by the Community
institutions and bodies and on the free movement of such data
on the Line: the Politics of Wiretapping and Encryption, Chapter 7.
Whit Diffie and Susan Landau, MIT Press, 1998, first edition.
Click on "Table of Contents"
and then on Chapter 7.
- Monday, February 11
Background reading on
CALEA — don't prepare
anything on this.
- The Athens Affair,
Vassilis Prevelakis and Diomidis Spinellis, IEEE Spectrum, July 2007.
Implications of Applying the Communications Assistance to Law
Enforcement Act to Voice over IP, Steven Bellovin, Matt Blaze, Ernest
Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon
Peterson, and John Treichler, June 2006.
- Cisco Architecture
for Lawful Intercept in IP Networks,
RFC 3924, October 2004.
- Monday, February 18
- The Web: Cookies
Midterm paper topic approval deadline
- HTTP State Management
Mechanism (RFC 2965). Also see
- Google privacy
- Monday, February 25
- The Web: Protecting Privacy
- Platform for Privacy Preferences (P3P) Project (CACM article)
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (optional;
skim this, and don't worry about syntactic details)
for Privacy: Design and Implementation of a P3P-Enabled Search Engine,
Byers, Cranor, Kormann, McDaniel,
Proceedings of 2004 Workshop on Privacy Enhancing Technologies (PETS),
- Crowds: Anonymity for Web Transactions,
Reiter and Rubin,
ACM Transactions on Information and System Security, vol. 1, no. 1, 1998.
- Design and
implementation of the Lucent Personalized Web Assistant (LPWA),
Kristol, Gabber, Gibbons, Matias, and Mayer,
Bell Labs TR, 1998.
There are many more links about P3P at
- Monday, March 03
- Database Nation; Link Analysis
Read chapter 4 of
Nation, by Simson Garfinkel, O'Reilly and Associates, 2000.
The link to the book is via the Columbia library network; full text
is available. However... they seem to limit the number of simultanous
readers; do not wait until the night before.
(In fact, you may wish to read more; it's a fast read. Chapter 9
is prescient and scary --- and it was written before the terrorist
attacks of 9/11.)
of Interest, C.Cortes, D. Pregibon, and C. Volinsky,
Proceedings of IDA 2001 - Intelligent Data Analysis,
Mining Social Network from Spatio-Temporal Events,
Hady W. Lauw, Ee-Peng Lim, Teck-Tim Tan, and Hwee-Hwa Pang.
Workshop on Link Analysis, Counterterrorism and Security,
- Monday, March 10
- Privacy and Data Mining
Midterm papers due
Analysis of Privacy-Preserving Statistics Computation",
Subramaniam, Rebecca N. Wright, and Zhiqiang Yang,
Proceedings of the Workshop on Secure
Data Management (held in conjunction with VLDB'04), Springer LNCS 3178,
Engineering in Digital Rights Management Systems," in Proceedings
of the 2001 ACM Workshop on Security and Privacy in Digital Rights
Management, Lecture Notes in Computer Science, vol. 2320, Springer,
Berlin, 2002, pp. 76-105.
(Joan Feigenbaum, Michael Freedman, Tomas Sander, and Adam Shostack)
Data Mining Using Multi-Group Randomized Response Techniques".
Zhijun Zhan and Wenliang Du.
Technical Report, June 2003.
- Monday, March 17
- Spring Break
- Monday, March 24
- Anonymous Connectivity
For more papers, see http://www.onion-router.net/.
- Untraceable electronic
mail, return addresses, and digital pseudonyms, David Chaum,
The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson,
and Paul Syverson,
Proceedings of the 13th USENIX Security Symposium, August 2004.
Re-encryption for Mixnets,
Philippe Golle, Markus Jakobsson, Ari Juels, Paul Syverson,
The Cryptographers' Track at the RSA Conference, 2004.
- Monday, March 31
- Traffic Analysis
Final paper topic approval deadline
Processing to Analyze Wireless Data Traffic,
Craig Partridge, Davis Cousins, Alden Jackson, Rajesh Krishnan, Tushar
Saxena, and W. Timothy Strayer.
International Conference on Mobile Computing and Networking, 2002.
Language Identification of Encrypted VoIP Traffic:
Alejandra y Roberto or Alice and Bob?,
Charles Wright, Lucas Ballard, Fabian Monrose, and Gerald Masson,
Proceedings of the 16th USENIX Security Symposium, Boston, August, 2007.
Practical Traffic Analysis: Extending and Resisting Statistical Disclosure,
Nick Mathewson and Roger Dingledine.
Proceedings of Privacy Enhancing Technologies workshop (PET 2004).
Anonymous Peer-to-Peer VoIP Calls on the Internet, Xinyuan Wang,
Shiping Chen, and Sushil Jajodia, ACM CCS '05, 2005.
- Monday, April 07
- Side Channels
Analysis of Keystrokes and Timing Attacks on SSH.
Dawn Xiaodong Song, David Wagner, and Xuqing Tian.
10th USENIX Security Symposium, 2001.
for Counting NATted Hosts.
Steven Bellovin, Proc. Second Internet Measurement Workshop, November
Physical Device Fingerprinting.
Tadayoshi Kohono, Andre Broido, and KC Claffy.
IEEE Symposium on Security and Privacy, May 8-11, 2005.
(Note: read the conference version.)
- Monday, April 14
- Digital Cash
Electronic Cash. David Chaum, Amos Fiat and Moni Naor, Crypto 1988.
and Versatile Electronic Money.
Markus Jakobsson, Moti Yung, ACM CCS, 1996.
Anonymous Credit Cards,
Steven H. Low, Nicholas F. Maxemchuk, and Sanjoy Paul,
IEEE Symposium on Research in Security and Privacy, 1994.
- Monday, April 21
- Marco Gruteser and Dirk Grunwald,
Usage of Location-Based Services through Spatial
and Temporal Cloaking",
Proceedings of First ACM/USENIX International
Conference on Mobile Systems, Applications, and Services (MobiSys),
San Francisco, CA, May 2003.
- Richard Clayton,
and Traceability in Cyberspace,
Ph.D. dissertation, University of Cambridge, Computer Laboratory
Technical Report UCAM-CL-TR-653, November 2005. Read Chapter 3
- Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones,
Fabrice Tchakountio, Beverly Schwartz, Stephen T. Kent, and W. Timothy
IP Traceback, IEEE/ACM Transactions on Networking (ToN), Volume 10,
Number 6, December 2002.
- Monday, April 28
- Presentations I
- Monday, May 05
- Presentations II
- Monday, May 12
- Final paper due at noon