1. Crypto-Book:
An Architecture for Privacy
Preserving Online Identities
John Maheswaran, David Isaac Wolinsky, Bryan Ford
HotNets ’13 (11/22/2013)
2. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
3. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
9. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
10. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
19. Problem Summary
• Increasingly use of cross-site authentication
– OAuth, OpenID, Facebook/Twitter/Google+ login
• Use social network for online IDs
– Convenient, easy to use
• Using these IDs brings privacy/tracking risks
– Cross-site tracking, browsing history, actions across
different sites
20. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
21. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
22. Goals
• Crypto-Book aims to
– Allow users to use social network IDs
– Provide better privacy between social network
and third party sides
30. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
31. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
32. Key Assignment
• Cross-site authentication often relies on
OAuth/OpenID
• Crypto-Book fits into OAuth protocol to isolate
third party site from social network
– Protects cross-site privacy
– Assigns key pairs to social network IDs
35. OAuth
Give me a limited
scope OAuth
access token
Issue me an OAuth
access token with
requested scope
36. OAuth
Give me a limited
scope OAuth
access token
Issue me an OAuth
access token with
requested scope
37. OAuth
Give me a limited
scope OAuth
access token
Issue me an OAuth
access token with
requested scope
38. Key Assignment
• To use privacy preserving cryptographic
techniques
– have to assign public/private keypairs to users
• Cloud of key servers with split trust
• Clients do not provide own key
– Allows us to conscript users into anonymity sets
without their knowledge/permission
39. OAuth
Give me a limited
scope OAuth
access token
Issue me an OAuth
access token with
requested scope
48. Anytrust key servers
• An anytrust cloud is:
– a decentralized client/server network model
– trust there is at least one honest server
• Anytrust cloud of key servers
– assigns key pairs to each social network user
– Run by various privacy advocates e.g. EFF
53. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
54. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
61. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
62. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
63. Balancing Anonymity with
Accountability
• Need to balance:
– Supporting free speech, free expression of
opinion
– Improving the quality of public discourse. By
allowing people to fully hide anonymously, they
may do things they would not otherwise
• e.g. Wikipedia sock-puppetry, vandalism
64. Balancing Anonymity with
Accountability
• Solution needs to provide both
– Anonymity
– Accountability
• Wikipedia would like to allow users to remain
anonymous, but are worried about vandalism
– Users need to be anonymous yet accountable
73. Linkable Ring Signature (LRS)
• Created by member of a group of users (each
have keys)
• Third party can verify:
– Some member of the group signed something
– If two signatures are by same member
• Third party cannot discover
– Which specific user created the signature
74. Privacy Preserving Crypto Layer
• LRS has linkage tag
– If a client generates two LRSs, they will have the
same linkage tag
– Means LRSs can be linked across time
• Linkage tag provides accountability
– 1-to-1 mapping between Facebook users and
anonymized identities
77. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
78. Talk Overview
• The problem
– Cross-site Authentication
– Social network privacy concerns
• Solution
– Overview
– Key assignment
– Conscripting an anonymity set
– Anonymous login
• Conclusions and future work
79. Future Work
• Provide OAuth/OpenID API
– Integration with more third party sites
• Deploy Crypto-Book key servers at various
host institutions
• Abuse resistant way of using anonymous
systems such as Tor
• Investigation of anonymity set selection
80. Conclusion
• Crypto-Book provides privacy preserving
online identities
– anonymous
– abuse resistant
• www.crypto-book.com
– Demo video
– More info, SOSP’13 poster, more talk slides
– Link to source code on GitHub