CIS-700: Topics on privacy and anonymity

Spring 2019

Instructor: Sebastian Angel

Room: Towne 305

Time: Tu/Th 12:00 - 1:30 PM

Email: sebastian.angel at cis.upenn.edu

Discussion: Piazza

Office hours: By appointment

Course Description

This course will cover selected topics on privacy-preserving technologies and anonymity. Some of the works that this course studies include the Tor anonymity network, Bitcoin, and the privacy-focused cryptocurrency zCash. The first half of each class will consist of a lecture providing the historical context and the general ideas of the papers assigned. The second half of each class will consist of a detailed discussion of the techniques, tradeoffs, and potential extentions of the papers assigned. Each student is expected to lead at least one discussion. In addition to lectures and discussions, this course includes a research project.

Research project

Propose and complete a research project in a related area (can be done in groups of at most 3 students). Example projects include (but are not limited to):

For those who prefer finding vulnerabilities in systems and protocols:

For those who prefer building systems:

For those who prefer the more theoretical aspects:

Students should submit a project proposal by February 14, and are encouraged to discuss with me their ideas prior to selecting a project. Students are expected to give an oral presentation of their project in class and turn in a final report by May 1.

Prerequisites

While a large part of the material in this course is accessible to someone with a general CS background, familiarity with the content of either CIS 331, CIS 505, CIS 551, CIS 553, or CIS 556 (or their equivalent) is recommended.

Grading

Tentative Schedule

Date Topic Required reading
Jan. 17 Course overview and intro to anonymity Anonymity terminology by Andreas Pfitzmann and Marit Hansen
Jan. 22 Mix networks

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms by David Chaum

Stop-and-Go-MIXes by Dogan Kesdogan, Jan Egner, and Roland Büschkes

Jan. 24 Traffic analysis attacks

The disadvantages of free MIX routes and how to overcome them by Oliver Berthold, Andreas Pfitzmann, and Ronny Standtke

Statistical Disclosure Attacks: Traffic Confirmation in Open Environments by George Danezis

Jan. 29 Peer-to-peer routing

Crowds: Anonymity for Web Transactions by Michael K. Reiter and Aviel D. Rubin

Jan. 31 Attacks on peer-to-peer systems

The Sybil attack by John R. Douceur

Eclipse Attacks on Overlay Networks by Singh et al.

Feb. 5 Onion routing Tor: The Second-Generation Onion Router by Roger Dingledine, Nick Mathewson, and Paul Syverson
Feb. 7 Attacks on onion routing RAPTOR: Routing Attacks on Privacy in Tor by Sun et al.
Feb. 12 Mix networks (malicious mixes)

Atom: Horizontally Scaling Strong Anonymity by Kwon et al.

Feb. 14 Dining cryptographer networks

Project proposal due

The Dining Cryptographers Problem by David Chaum

Dissent in Numbers: Making Strong Anonymity Scale by Wolinsky et al.

Feb. 19 Metadata-private messaging Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis by van den Hooff et al.
Feb. 21 Dialing your friends

Alpenhorn: Bootstrapping Secure Communication Without Leaking Metadata by David Lazar and Nickolai Zeldovich

What's a little leakage between friends? by Sebastian Angel, David lazar, and Ioanna Tzialla

Feb. 26 Deniable participation Deniable Upload and Download via Passive Participation by Sommer et al.
Feb. 28 Public key lookup and verification CONIKS: Bringing Key Transparency to End Users by Melara et al.
Mar. 5 Spring break
Mar. 7 Spring break
Mar. 12 Secure two-party computation A Gentle Introduction to Yao's Garbled Circuits by Sophia Yakoubov
Mar. 14 Censorship resistance Blocking-resistant communication through domain fronting by Fifield et al.
Mar. 19 What does privacy mean to you? Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration by Oates et al.
Mar. 21 Privacy in online advertising Privad: Practical Privacy in Online Advertising by Saikat Guha, Bin Cheng, and Paul Francis
Mar. 26 Work on project (no lecture)
Mar. 28 Work on project (no lecture)
Apr. 2 Privacy in social networks Persona: An Online Social Network with User-Defined Privacy by Baden et al.
Apr. 4 Privacy in location services A Survey of Computational Location Privacy by John Krumm
Apr. 9 Privacy in media streaming services Scalable and private media consumption with Popcorn by Gupta et al.
Apr. 11 Privacy in law enforcement Open, privacy-preserving protocols for lawful surveillance by Aaron Segal, Joan Feigenbaum, and Bryan Ford
Apr. 16 Cryptocurrency

Bitcoin by Satoshi Nakamoto

SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies by Bonneau et al.

Apr. 18 Zero knowledge proofs

Zero Knowledge proofs: An illustrated primer by Matthew Green

Zero Knowledge proofs: An illustrated primer, Part 2 by Matthew Green

Apr. 23 Project presentations
Apr. 25 Project presentations
Apr. 30 Project presentations
May 1 Project report due