asymmetric message franking
play

Asymmetric Message Franking Content Moderation for Metadata-Private - PowerPoint PPT Presentation

Dec 01, 2023 •239 likes •1k views

Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan Tyagi Paul Grubbs Julia Len Ian Miers Tom Ristenpart CRYPTO 2019 1 Setting: End-to-end encrypted messaging Hello From: Alice To: Bob

  1. Asymmetric Message Franking Content Moderation for Metadata-Private End-to-End Encryption Nirvan Tyagi Paul Grubbs Julia Len Ian Miers Tom Ristenpart CRYPTO 2019 1

  2. Setting: End-to-end encrypted messaging Hello From: Alice To: Bob Alice Bob Platform 2

  3. Setting: End-to-end encrypted messaging - Confidentiality and Integrity Hello From: Alice To: Bob Alice Bob Platform 3

  4. Setting: End-to-end encrypted messaging “Public” - Confidentiality and Integrity - Deniability Hello - Alice Hello From: Alice To: Bob Alice Bob Platform [OTR BGB ’04], [Signal X3DH ’16] 4

  5. Setting: End-to-end encrypted messaging - Confidentiality and Integrity - Deniability - Metadata privacy From: ? ? To: Alice Bob Platform 5 [Dissent OSDI’12], [Riposte S&P’15], [Vuvuzela SOSP’15], [Pung OSDI’16] . . .

  6. Setting: End-to-end encrypted messaging - Confidentiality and Integrity - Deniability - Metadata privacy From: ? To: Bob Alice Bob Platform 6 [Dissent OSDI’12], [Riposte S&P’15], [Vuvuzela SOSP’15], [Pung OSDI’16] . . .

  7. What about abuse? From: ? To: Bob Alice Bob Platform 7

  8. What about abuse? $#@%! From: ? To: Bob Alice Bob Platform 8

  9. What about abuse? Online bully Abusive partner Spammer Misinformation $#@%! From: ? To: Bob Alice Bob Platform 9

  10. What about abuse? Moderator Online bully $#@%! Abusive partner Spammer Misinformation $#@%! From: ? To: Bob Alice Bob Platform 10

  11. What about abuse? Moderation is a big priority: Facebook employs ≈15K content moderators* Moderator Online bully $#@%! Abusive partner Spammer Misinformation $#@%! From: ? To: Bob Alice Bob Platform 11 * “The secret lives of Facebook moderators in America” [The Verge 2019]

  12. What about abuse? Moderation is a big priority: Facebook employs ≈15K content moderators* Moderator Online bully $#@%! Abusive partner ? ? Spammer Misinformation Privacy complicates abuse moderation! $#@%! From: ? To: Bob Alice Bob Platform 12 * “The secret lives of Facebook moderators in America” [The Verge 2019]

  13. What about abuse? Moderation is a big priority: Facebook employs ≈15K content moderators* Moderator Online bully $#@%! Abusive partner ? ? Spammer Misinformation Privacy complicates abuse moderation! $#@%! Can we balance need for accountability via moderation From: ? To: Bob with privacy goals? Alice Bob Platform 13 * “The secret lives of Facebook moderators in America” [The Verge 2019]

  14. Our contributions Asymmetric Message Franking (AMF) : a new cryptographic ● primitive for content moderation Metadata-privacy : message sender and/or recipient identities ○ hidden Third-party moderation : moderator decoupled from ○ message-delivery platform Formal accountability and deniability security notions for content ● moderation Construction inspired by “designated-verifier” signatures ● Implementation and proof-of-concept deployment ● [TGLMR CRYPTO’19] 14

  15. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption 15

  16. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Moderator m Alice Bob From: Alice To: Bob Platform 16

  17. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Symmetric encryption Moderator following key agreement [Signal X3DH ‘16] m Alice Bob From: Alice To: Bob Platform 17

  18. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Moderator m Identities authenticated by platform Alice Bob From: Alice To: Bob Platform 18

  19. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Moderator m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 19

  20. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption Moderator k m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 20

  21. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) Alice sent Bob m Moderator k m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 21

  22. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) Alice sent Bob m Moderator k m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 22

  23. Prior work on moderation in E2E encryption Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) Alice sent Bob m Moderator k m Alice Bob From: Alice To: Bob Platform Alice, Bob, ct 23

  24. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) ? sent Bob m Moderator k m Alice Bob From: ? To: Bob Platform ? , Bob, ct 24

  25. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m = Dec k ( ct) ? sent Bob m Moderator k m Alice Bob From: ? To: Bob Platform ? , Bob, ct 25

  26. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m , Alice = Dec k ( ct) Alice sent Bob m Can we patch by including Alice’s identity in commitment? Moderator k m , Alice Alice Bob From: ? To: Bob Platform ? , Bob, ct 26

  27. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m , Alice = Dec k ( ct) Alice sent Bob m Can we patch by including Alice’s identity in commitment? Moderator k m , Alice Charlie Bob From: ? To: Bob Platform ? , Bob, ct 27

  28. Message franking for metadata-private setting? Message franking [FB white paper ‘17], [GLR CRYPTO‘17], [DGRW CRYPTO‘18] - Content-based moderation of encryption that is NOT metadata-private - Compactly-committing authenticated encryption m , Alice = Dec k ( ct) Alice sent Bob m Can we patch by including Alice’s identity in commitment? Moderator k m , Alice Charlie Bob Core problem: Alice’s identity not cryptographically From: ? To: Bob bound to message content Platform ? , Bob, ct 28

  29. AMFs: High level idea Specialized digital signature scheme that provides: - Accountability - Deniability 29

  30. AMFs: High level idea Specialized digital signature scheme that provides: - Accountability - Deniability Moderator Alice Bob ? From: ? To: Platform 30

  31. AMFs: High level idea Specialized digital signature scheme that provides: - Accountability - Deniability Moderator m , σ m , σ Alice Bob ? From: ? sk A , pk A To: σ = Sign( sk A , m ) Platform 31

  32. AMFs: High level idea Specialized digital signature scheme that provides: - Accountability Standard digital signatures provide - Deniability accountability …but not deniability Verify( pk A , m , σ ) Moderator m , σ m , σ Alice Bob ? From: ? sk A , pk A To: σ = Sign( sk A , m ) Platform 32

  33. AMFs: High level idea “Public” Specialized digital signature scheme that provides: - Accountability Standard digital signatures provide - Deniability accountability …but not deniability Verify( pk A , m , σ ) Moderator m , σ m , σ Alice Bob ? From: ? sk A , pk A To: σ = Sign( sk A , m ) Platform 33

Recommend

Fast Message Franking: From Invisible Salamanders to Encryptment Yevgeniy Dodis, Paul Grubbs ,

Fast Message Franking: From Invisible Salamanders to Encryptment Yevgeniy Dodis, Paul Grubbs ,

Fast Message Franking: From Invisible Salamanders to Encryptment Yevgeniy Dodis, Paul Grubbs , Thomas Ristenpart, Joanne Woodage End-to-end encrypted messaging Message Message Authenticated Authenticated Encryption Encryption Service

546 views • 36 slides
Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y:

Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y:

Pre-WWI: India mixed country franking postal history Pr Prese sente nted B d By: y: Ravi V vi Vor ora 26 Ma May 2 y 2018 ROMPEX, OMPEX, DEN ENVER VER. C . COL OLOR ORADO O ORGANIZATION AROUND THE WORLD VIA INDIA

584 views • 31 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

1 Message Encryption- see Table 11.1 in the book Message Encryption if public-key encryption

Message Authentication CPE 542: CRYPTOGRAPHY & NETWORK SECURITY message authentication is concerned with: protecting the integrity of a message Chapter 11 Message Authentication and validating identity of originator Hash

462 views • 6 slides
Overview What is an Asymmetric Barrier? Median barrier with unbalanced roadway elevations

Overview What is an Asymmetric Barrier? Median barrier with unbalanced roadway elevations

Asymmetric Barrier Design 2/16/2017 Asymmetric Barriers Pete White, PE Systems Assessment Manager - Greenfield, INDOT February 16, 2017 Overview What is an Asymmetric Barrier? Median barrier with unbalanced roadway elevations

706 views • 19 slides
Asymmetric Graphical Models Guy Van den Broeck and Mathias Niepert Jan 28, 2015, AAAI Take-Away

Asymmetric Graphical Models Guy Van den Broeck and Mathias Niepert Jan 28, 2015, AAAI Take-Away

Lifted Probabilistic Inference for Asymmetric Graphical Models Guy Van den Broeck and Mathias Niepert Jan 28, 2015, AAAI Take-Away Message Two problems: 1. Lifted inference gives exponential speedups in symmetric graphical models. But what

807 views • 16 slides
Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical

Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical

Lecture Notes: Message Management 1 Slide 1: Message Management Message Management A critical aspect of successful advocacy is the ability to create and deliver a message. While your passion matters greatly, your coalitions make the work

487 views • 15 slides
Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies,

Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies,

Topic 11: A message What Is a Message in Communication? In rhetorical and communication studies, a message is defined as information conveyed by words (in speech or writing), and/or other signs and symbols. A message (verbal or nonverbal, or

485 views • 17 slides
GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message

GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message

National Taiwan University Department of Computer Science and Information Engineering GSM Short Message Service GSM Short Message Service GSM Short Message Service GSM Short Message Service Phone Lin Phone Lin Ph.D. Ph.D. Email:

360 views • 13 slides
ping Program ICMP Message Format Available at /usr/sbin/ping Test whether another host is

ping Program ICMP Message Format Available at /usr/sbin/ping Test whether another host is

ICMP Internet Control Message Protocol ICMP is a protocol used for exchanging control messages. CSCE 515: Two main categories Query message Computer Network Error message Programming Usage of an ICMP message is determined by

474 views • 10 slides
Message integrity Message Auth. Codes Dan Boneh Message

Message integrity Message Auth. Codes Dan Boneh Message

Online Cryptography Course

556 views • 52 slides
Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header

Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header

Structure of HTTP Messages Web Engineering HTTP-message = Request | Response generic-message = start-line *message-header Prof. Dr. Dr. h.c. mult. Gerhard Krger, Albrecht Schmidt CRLF [ message-body ] Universitt Karlsruhe start-line =

289 views • 12 slides
MPI - Message Passing Interface MPI is the mostly used message passing-standard By

MPI - Message Passing Interface MPI is the mostly used message passing-standard By

MPI - Message Passing Interface MPI is the mostly used message passing-standard By using MPI you obtain portable programs MPI is based on earlier message passing libraries Lecture 7: NX, MPL, PVM, P4, TCGMSH, PARMACS, ...

360 views • 9 slides
Message Passing Concepts Message Passing Model The message passing model is based on the

Message Passing Concepts Message Passing Model The message passing model is based on the

Message Passing Concepts Message Passing Model The message passing model is based on the notion of processes can think of a process as an instance of a running program, together with the programs data In the message passing model,

601 views • 16 slides
GIVING A PRESENTATION The Core structure Introduction Message 1 Message 2 Message 3

GIVING A PRESENTATION The Core structure Introduction Message 1 Message 2 Message 3

GIVING A PRESENTATION The Core structure Introduction Message 1 Message 2 Message 3 Conclusion INTRODUCTION Introduce yourself Summary of the messages USEFUL PHRASES: USEFUL PHRASES: Good morning/afternoon everyone. Im

772 views • 8 slides
What was your message? what were you trying to achieve, your goal? what was your core message?

What was your message? what were you trying to achieve, your goal? what was your core message?

PRESENTATION TO CHILDREN YOUTH AND FAMILIES FORUM FOR YR IN MAY 2011 AT THEIR ADVOCACY PLANNING DAY I PRESENTED OUR AAA PROJECT AT THAT TIME. What was your message? what were you trying to achieve, your goal? what was your core message?

193 views • 5 slides
IP Datagram ICMP Message Format 1 byte 1 byte 1 byte 1 byte VERS HL Service Total Length

IP Datagram ICMP Message Format 1 byte 1 byte 1 byte 1 byte VERS HL Service Total Length

ICMP Internet Control Message Protocol ICMP is a protocol used for exchanging control messages. CSCE 515: Two main categories Query message Computer Network Error message Programming Usage of an ICMP message is determined by

261 views • 12 slides
Message Passing Programming with MPI Message Passing Programming with MPI 1 What is MPI?

Message Passing Programming with MPI Message Passing Programming with MPI 1 What is MPI?

Message Passing Programming with MPI Message Passing Programming with MPI 1 What is MPI? Message Passing Programming with MPI 2 MPI Forum First message-passing interface standard. Sixty people from forty different organisations.

1.61k views • 113 slides
Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will

Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will

Message-Passing Programming with MPI Message-Passing Concepts Overview This lecture will cover message passing model SPMD communication modes collective communications Programming Models Message-Passing Serial Programming

406 views • 28 slides
Open to public submission of BATs (Benchmarkable Which public-key systems Asymmetric Tools).

Open to public submission of BATs (Benchmarkable Which public-key systems Asymmetric Tools).

Open to public submission of BATs (Benchmarkable Which public-key systems Asymmetric Tools). are smallest? Fastest? e.g. submit encrypting BAT eBATS (ECRYPT Benchmarking with three functions: of Asymmetric Systems): keypair() to generate

386 views • 9 slides
Bioresource management problem with asymmetric players A.N. Rettieva Institute of Applied

Bioresource management problem with asymmetric players A.N. Rettieva Institute of Applied

Bioresource management problem with asymmetric players A.N. Rettieva Institute of Applied Mathematical Research Karelian Research Center of RAS Petrozavodsk OUTLINE 1. History of the models of "fish wars" 2. Model with asymmetric

857 views • 61 slides
Directed connected operators: Asymmetric hierarchies for image filtering and segmentation

Directed connected operators: Asymmetric hierarchies for image filtering and segmentation

Belo Horizonte December 2014 Directed connected operators: Asymmetric hierarchies for image filtering and segmentation Benjamin Perret Benjamin.perret@esiee.fr 1 Pitch Before After Symmetric adjacency: undirected graph Asymmetric

683 views • 21 slides
ROI HSP Design Clarification Recipient ID in Message must match the physical Message recipient

ROI HSP Design Clarification Recipient ID in Message must match the physical Message recipient

ROI HSP Design Clarification Recipient ID in Message must match the physical Message recipient IGG 04-04-2012 Recipient ID in Message must match the physical Message recipient Background Message routing in the new Tibco-based environment will

79 views • 3 slides
Renormalisation of asymmetric interval maps Kozlovski & van Strien March 24, 2019 1 / 26

Renormalisation of asymmetric interval maps Kozlovski & van Strien March 24, 2019 1 / 26

Renormalisation of asymmetric interval maps Kozlovski & van Strien March 24, 2019 1 / 26 Symmetric vs Asymmetric Maps There is an increasing interest in understanding families of maps of the form f c : R R , defined by | x | + c

842 views • 49 slides

More recommend