Blog‎ > ‎

Privacy Paradox, Riffle, Server Security

posted Aug 14, 2016, 3:28 AM by Sami Lehtinen   [ updated Aug 14, 2016, 3:28 AM ]
  • Studied Privacy Paradox. Well, yes. It's hard to tell people about something which is private and isn't being told to anyone.
  • Read Riffle paper [PDF] - Verifiable shuffle technique, which is supposed to provide bandwidth and computation-efficient anonymous communication. Interesting. Let's see. Riffle requires the servers in Riffle Group to have high bandwidth interconnects. Only client-server communication is 'bandwidth-efficient'.  Of course: "variable-length messages must be subdivided into fixed-length blocks and/or padded to prevent privacy leakage through message size". And as expected: "each client must perform PIR every round to remain resistant to traffic analysis attacks even if the client is not interested in any message". And naturally: "the total grows linearly with the number of clients" Leading to: " the primary limitation is the server to server bandwidth". Summary: Nothing new, just combining old stuff, very nice academic work, tinfoil hat stuff, not practical even in theory. For everyone else except cryptography & anonymization theory geeks this isn't interesting at all. No practical use whatsoever. kw: Dining-Cryptographer Networks (DC-Nets), verifiable mixnet, cover traffic, delays, mixnets, mixes, deanonymize, anonymize, anonymity, Aqua, anytrust, Riposte, Dissent, private information retrieval (PIR), clients, servers, client server, authenticated and encrypted channels, confidentiality, anonymity, authenticity, end-to-end encryption (E2EE), correctness, honest, adversary , power, security critical information, sensitive, sender, recipient, receiver, publisher, architecture, protocol, protocols, cryptographic, ciphertexts, plaintexts, algorithm, broadcast, trap protocols, trap bits, attack surface, rounds, accusation process, misbehaving server / client, accountable, malicious, secret key, zero-knowledge, plaintext, ciphertext, forgery, tamper, nonce, DeDiS Advanced Crypto library, ElGamal, Curve25519, Neff’s shuffle, Chaum-Pederson proof, Secretbox implementation, Salsa20 encryption, Poly1305 authentication, Herbivore, Intersection attacks, correlate, networking, network, internet, privacy.
  • Deep breath, deep breath. It seems that some system administrators prefer to configure servers bit differently than I do... They disable firewall completely, because it causes problems. As well as they do disable all automatic updates, because those cause problems. Aheem... Well, everyone got their own style. Actually that might be a good thing, it prevents most of 'problems' caused by updates and firewall. But might cause major backfire at some point of time in future. Who knows. I don't have statistics, maybe things would be just simpler that way. Or maybe not, because these servers are directly facing the Internet with standard Windows Server Services.
  • Something really different? Cookiecutter Shark