Anonymity and Privacy -- Spring '06

COMS E6184
Thu 04:10P-06:00 PM
Computer Science Conference Room (CSB 453)
TA: None yet
Courseworks page

"Anonymity and Privacy" will be taught as a seminar class. Students will be expected to read a wide variety of papers; these will include technical papers, statutes, court opinions, and the like. Prerequisites include reasonable familiarity with networking and cryptography. Grading will be based on class presentations of these papers -- the exact number will depend on the total enrollment --class discussion, and on two papers, one in lieu of the midterm and one in lieu of the final. There will be no exams.

Topics will include:

Legal framework (US and European)
Data mining and databases
Anonymous commerce (digital cash)
Anonymous use of the Internet (onion routing, anonymous browsing, P3P)
Traffic analysis
Biometrics and authentication
Policy and national security considerations

The reading list is subject to change in response to current events.

Please subscribe to the class mailing list via the web at lists.cs.columbia.edu/mailman/listinfo/anon-priv p>Homework assignments should be submitted by emailing them to smb+6184 at the obvious domain name.

Background Reading on Cryptographic Protocols

Those who have no background in cryptographic protocols should read

Chapters 2-4 of Applied Cryptography, Bruce Schneier, Wiley 1996, available in the SEAS library.
"Using encryption for authentication in large networks of computers", R. Needham and M. Schroeder, Communications of the ACM 21:12 (Dec 1978). This is the first cryptographic protocol published in the open literature (available via the CU library network).
"Timestamps in key distribution protocols", D. Denning and G. Sacco, Communications of the ACM 24:8 (Aug 1981). A bug and a fix in the Needham-Schroeder protocol. Note: the fix is buggy, too; see if you can find the problem. There's also another bug in Needham-Schroeder that wasn't found until 1995. (available via the CU library network).

Jan 19

Introduction: What is Privacy?
Reading:

Chapter 3 of Who Goes There? Authentication Through the Lens of Privacy. (The HTML version is free.)
The Transparent Society, David Brin, Wired Magazine 4:12, Dec. 1996.
Cyberspace Privacy: A Primer and Proposal, Jerry Kang, Human Rights Magazine 26:1, Winter 1999.
The Right to Privacy, Samuel Warren and Louis D. Brandeis, 4 Harvard Law Review 193 (1890)
Dr. Fun

Jan 26

The Web: Cookies
Reading:

HTTP State Management Mechanism (RFC 2965)
Doubleclick's Privacy Policy. Important -- follow the links on the left.
EPIC Complaint Against DoubleClick
Googe Privacy Center. (Again, follow the links on the left.)
Amazon Privacy Policy
A9 Privacy policy. (A9 is a subsidiary of Amazon.)

The first reading item is technical background to understand the how the privacy threats are implemented. The second is a description of how Doubleclick works. Today, they have a very complete privacy policy; years ago, they were a poster child for privacy misbehavior. The third section is to analyze the privacy policies of two different pairs of major Internet sites, Google and Amazon/A9.

Feb 2

The Web: Protecting Privacy on the Web
Reading:

Platform for Privacy Preferences (P3P) Project (CACM article)
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (optional; skim this, and don't worry about syntactic details)
Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine, Byers, Cranor, Kormann, McDaniel
Crowds: Anonymity for Web Transactions, Reiter and Rubin
Design and implementation of the Lucent Personalized Web Assistant (LPWA), Kristol, Gabber, Gibbons, Matias, and Mayer.

There are many more links about P3P at http://www.w3.org/P3P/.

Feb 9

Anonymous Connectivity

Untraceable electronic mail, return addresses, and digital pseudonyms, David Chaum, CACM 24:2, February 1981.
Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson, Proceedings of the 13th USENIX Security Symposium, August 2004.
Universal Re-encryption for Mixnets, Philippe Golle, Markus Jakobsson, Ari Juels, Paul Syverson, The Cryptographers' Track at the RSA Conference, 2004.

For more papers, see http://www.onion-router.net/.

Feb 16

Traffic Analysis

Using Signal Processing to Analyze Wireless Data Traffic, Craig Partridge, Davis Cousins, Alden Jackson, Rajesh Krishnan, Tushar Saxena, and W. Timothy Strayer. International Conference on Mobile Computing and Networking, 2002.
Low-Cost Traffic Analysis of Tor, Steven J. Murdoch and George Danezis. Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 2005.
Practical Traffic Analysis: Extending and Resisting Statistical Disclosure, Nick Mathewson and Roger Dingledine. Proceedings of Privacy Enhancing Technologies workshop (PET 2004).
"Locating Hidden Servers", Lasse Řverlier and Paul Syverson, 2006. DRAFT.

Feb 23

Side Channels

Timing Analysis of Keystrokes and Timing Attacks on SSH. Dawn Xiaodong Song, David Wagner, and Xuqing Tian. 10th USENIX Security Symposium, 2001.
Remote Timing Attacks are Practical. D. Boneh and D. Brumley, Proceedings of the 12th Usenix Security Symposium, 2003.
A Technique for Counting NATted Hosts. Steven Bellovin, Proc. Second Internet Measurement Workshop, November 2002.
Remote Physical Device Fingerprinting. Tadayoshi Kohono, Andre Broido, and KC Claffy. IEEE Symposium on Security and Privacy, May 8-11, 2005. (Note: read the conference version.)

March 2

Legal Foundations of Privacy
Reading:

Katz v U.S. 389 US 347 (1967)
Smith v Maryland 442 US 735 (1979)
18 USC 2510-2522, 2701-2712
18 USC 3121-3127
Privacy on the Line: the Politics of Wiretapping and Encryption, Chapter 7. Whit Diffie and Susan Landau, MIT Press, 1998. Click on "Table of Contents" and then on Chapter 7.

Mar 9

Legal Foundations; Wiretapping
Reading:

European Union Data Protection Directive, 1995 — Chatper II only.
Communications Assistance for Law Enforcement Act. Note: this is necessary background for understanding the next two documents; those are the primary focus of this section. Don't prepare anything on this document.
FCC First Report and Order and Further Notice of Proposed Rulemaking
AMERICAN COUNCIL ON EDUCATION, et al., Petitioners v. FEDERAL COMMUNICATIONS COMMISSION, et al., Respondents
Cisco Architecture for Lawful Intercept in IP Networks (RFC 3924)
I, Cringely on CALEA
Greek Wiretapping (optional, but follow the links)

Mar 23

Database Nation; Link Analysis

Read chapter 4 of Database Nation, by Simson Garfinkel, O'Reilly and Associates, 2000. The link to the book is via the Columbia library network; full text is available. However... they seem to limit the number of simultanous readers; do not wait until the night before. (In fact, you may wish to read more; it's a fast read. Chapter 9 is prescient and scary --- and it was written before the terrorist attacks of 9/11.)
Computational Methods for Dynamic Graphs, C.Cortes, D. Pregibon, and C. Volinsky, Journal of Computational and Graphical Statistics, Vol 12 pp 950-970 (2003).
Mining Social Network from Spatio-Temporal Events, Hady W. Lauw, Ee-Peng Lim, Teck-Tim Tan, and Hwee-Hwa Pang. Workshop on Link Analysis, Counterterrorism and Security, 2005.

Mar 30

Privacy and Data Mining (technical)

"Experimental Analysis of Privacy-Preserving Statistics Computation", Hiranmayee Subramaniam, Rebecca N. Wright, and Zhiqiang Yang, Proceedings of the Workshop on Secure Data Management (held in conjunction with VLDB'04), Springer LNCS 3178, 2004.
"Privacy Engineering in Digital Rights Management Systems," in Proceedings of the 2001 ACM Workshop on Security and Privacy in Digital Rights Management, Lecture Notes in Computer Science, vol. 2320, Springer, Berlin, 2002, pp. 76-105. (Joan Feigenbaum, Michael Freedman, Tomas Sander, and Adam Shostack)
Privacy-Preserving Data Mining Using Multi-Group Randomized Response Techniques". Zhijun Zhan and Wenliang Du. Technical Report, June 2003.

April 6

Digital Cash

Untraceable Electronic Cash. David Chaum, Amos Fiat and Moni Naor, Crypto 1988.
Revokable and Versatile Electronic Money. Markus Jakobsson, Moti Yung, ACM CCS 1996.
Anonymous Credit Cards, Steven H. Low, Nicholas F. Maxemchuk, and Sanjoy Paul, IEEE Symposium on Research in Security and Privacy, 1994.

April 13

Traceability

Marco Gruteser and Dirk Grunwald, "Anonymous Usage of Location-Based Services through Spatial and Temporal Cloaking", Proceedings of First ACM/USENIX International Conference on Mobile Systems, Applications, and Services (MobiSys), San Francisco, CA, May 2003.
Bamba Gueye, Artur Ziviani, Mark Crovella, and Serge Fdida, Constraint-Based Geolocation of Internet Hosts, IMC '04, October 25-27, 2004, Taormina, Sicily, Italy.
Richard Clayton, Anonymity and Traceability in Cyberspace, Ph.D. dissertation, University of Cambridge, Computer Laboratory Technical Report UCAM-CL-TR-653, November 2005. Read Chapter 3 ("Traceability Failures").
Alex C. Snoeren, Craig Partridge, Luis A. Sanchez, Christine E. Jones, Fabrice Tchakountio, Beverly Schwartz, Stephen T. Kent, and W. Timothy Strayer. Single-Packet IP Traceback, IEEE/ACM Transactions on Networking (ToN), Volume 10, Number 6, December 2002.

April 20

Presentations

April 27

Presentations

Final paper The final paper must be submitted by Thursday, May 11, at 7:00 pm. which is when the final for this class would be held.