I am currently at ACM CCS 2008 listening to the talk on “Dependent link padding algorithms for low latency anonymity systems” by Wei Wang, Mehul Motani and Vikram Srinivasan (the pdf does not seem to be on-line yet). They propose a scheme to provably defeat all packet matching attacks against low-latency anonymity systems, by introducing the minimal amount of cover traffic. The results are theoretically well founded, and of great practical importance since they show how one could provide strong anonymity without “constant rate” padding (as it is often assumed necessary.)

Advertisements

Shishir Nagaraja has posted on his research web-site his latest work on “The Economics of Covert Community Detection and Hiding“. This extends the line of research myself and Bettina Wittneben started with our paper “The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications“, where we showed that anonymous communications themselves are not preventing target selection. Shishir’s work shows that simple covertness strategies can instead make the job of the surveillance analyst much harder.

The full abstract reads:

“We present a model of surveillance based on the detection of community structure in social networks. We examine the extent of network topology information an adver sary is required to gather in order to obtain high quality intelligence about community membership. We show that selective surveillance strategies can improve the adversary’s resource efficiency. However, the use of counter-surveillance defence strategies can signifficantly reduce the adversary’s capability. We analyze two adversary models drawn from contemporary computer security literature, and explore the dynamics of community detection and hiding in these settings. Our results show that in the absence of counter-surveillance moves, placing a mere 8% of the network under surveillance can uncover the community membership of as much as 50% of the network. Uncovering all community information with targeted selection requires half the surveillance budget where parties use anonymous channels to communicate. Finally, the most determined covert community can escape detection by adopting decentralized counter-surveillance techniques even while facing an adversary with full topology knowledge – by investing in a small counter-surveillance budget, a rebel group can induce a steep increase in the false negative ratio.”

Luke O’Connor has uploaded on the cryptology eprint archive a manuscript providing analytical bounds for the Hitting Set Attack. The paper entitled “Entropy Bounds for Traffic Confirmation” [PDF] demonstrates that after O(m log N) messages from Alice (where N is the number of all receivers and m the number of friends of Alice) the hitting set attack failure probability becomes negligible.

Highly recomended reading!

There is something very broken with computer security research in Europe. While EU funding is pouring in for many years through successive FPs, it seems that European research groups and institutions are systematically underrepresented in terms of Program Committee participation to the top-tier conferences. (Individual researchers of European origin, based abroad, are actually doing quite fine.)

The following graph illustrates the fraction of European researchers in some top-tier computer security conferences over the past decade. Core security conferences are chosen, namely IEEE S&P, ACM CCS, ISOC NDSS and USENIX SEC, as compared with more crypto conferences like CRYPTO, or EUROCRYPT (where European research seems to be quite competitive.) As we can see on average this fraction is less than 20%, with some venues like USENIX SEC and NDSS often figuring next to no European researcher on their PC.

Fraction of European PC members in security conferences

Fraction of European PC members in security conferences

Even this graph says only half the story. Within Europe there is a tremendous variability in PC membership of these conferences, with few individual researchers from specific groups being invited repeatedly. One example is illustrative: the IEEE S&P committee for 2009 is composed of 48 members; 8 of them from Europe; 4 of them from Cambridge; 3 of them from Microsoft Research, Cambridge (a US company, by the way.)

What is going on? Systematic bias in the chair’s selection (unlikely), or a structural problem in the European security research field (much more likely)?