anonymity on web transaction department of computer science ball state university research methods -...
TRANSCRIPT
Anonymity on Web Anonymity on Web TransactionTransaction
Department of Computer Department of Computer ScienceScience
Ball State UniversityBall State UniversityResearch Methods - CS Research Methods - CS
689689Uday AdhikariUday Adhikari77thth Dec. 2000 Dec. 2000
ContentsContents IntroductionIntroduction Problem DescriptionProblem Description Research ObjectivesResearch Objectives Literature ReviewLiterature Review Research designResearch design Data AnalysisData Analysis ScheduleSchedule Facilities and ResourcesFacilities and Resources DeliverablesDeliverables ReferencesReferences
IntroductionIntroduction
My system consists of a dynamic My system consists of a dynamic collection of users, called a collection of users, called a group, group, for for users’ anonymity on the web transactions. users’ anonymity on the web transactions.
GroupGroup is a collection of large number of is a collection of large number of users from different geographical regions users from different geographical regions that collectively issues requests on behalf that collectively issues requests on behalf of its members. of its members.
Web transactionWeb transaction is a set of is a set of request, asking the web request, asking the web server for some service, and server for some service, and acknowledgment, which is the acknowledgment, which is the response to the request.response to the request.
With anonymity guaranteed, With anonymity guaranteed, individuals would be able to individuals would be able to participate in the Internetparticipate in the Internet
contd….contd….
revolution without being in fear revolution without being in fear that their every move was being that their every move was being recorded and information about recorded and information about them accumulated which might them accumulated which might be used at a later date. be used at a later date.
Problem Description
In certain situation the need for anonymity in the Internet is considered to be entirely necessary, for example when a person who are trying to withdraw from social stigma like, victim of a sexual offense or alcoholic person or drug abuser wishing to share
contd…
experiences with others, where an individual contemplating suicide wishing to consult specialist on-line help, or where person wishing to report a crime without any fear of being identified.
Research Objective:
Users’ anonymity from the world-Users’ anonymity from the world-wide-web.wide-web.
Freedom of speech and expression.Freedom of speech and expression.
Literature Review:Literature Review:
The basic approach previously The basic approach previously proposed for achieving proposed for achieving anonymous web transactions was anonymous web transactions was to interpose an additional party (a to interpose an additional party (a proxy) between the sender and proxy) between the sender and the receiver to hide the sender’s the receiver to hide the sender’s identity from the receiver. identity from the receiver.
contd…contd…
Examples of such proxies Examples of such proxies include the Anonymizer (include the Anonymizer (http://www.http://www.anonymizeranonymizer.com.com) ) and the Lucent Personalized and the Lucent Personalized Web Assistant Web Assistant http://http://lpwalpwa.com.com). ).
Research DesignResearch Design
As mention above As mention above groupgroup is a is a collection of users. A user is collection of users. A user is represented in a represented in a groupgroup by a process by a process in their own computer. When the in their own computer. When the process is started, it contacts the process is started, it contacts the server to request admittance to the server to request admittance to the groupgroup. If admitted, the server. If admitted, the server
contd…contd…
reports to the process the current reports to the process the current membership of the membership of the groupgroup and and information that enables the information that enables the process to participate in the process to participate in the groupgroup..
The user selects this process as The user selects this process as his/her web proxy by specifying its his/her web proxy by specifying its
contd…contd…
host name and port number in host name and port number in his/her web browser as the proxy his/her web browser as the proxy for all services. Thus, any request for all services. Thus, any request coming from the browser is sent coming from the browser is sent directly to the process on the directly to the process on the user’s computer. user’s computer.
contd…contd…
contd…contd…
In the figure previous slide the In the figure previous slide the possible paths are 1possible paths are 15 5 server; server; 226622server; 3server; 31166server; server; 4444server; 5server; 54466server; and server; and 6633server. Subsequent requests server. Subsequent requests initiated at the same process follow initiated at the same process follow the same path (except going to a the same path (except going to a different end server), and server different end server), and server replies traverse the same path as replies traverse the same path as
the requests, only in reverse.the requests, only in reverse.
contd…contd…
Group Membership:Group Membership: The The membership maintenance membership maintenance procedures of a procedures of a groupgroup are those are those procedures that determine who can procedures that determine who can join the join the groupgroup and when they can and when they can join, and that inform members of join, and that inform members of the the groupgroup membership. membership.
contd…contd…
Mechanism:Mechanism: To make use of the To make use of the server and the server and the groupgroup the user the user must establish an account with must establish an account with the server, i.e., an account name the server, i.e., an account name and password that the server and password that the server stores. stores.
contd…contd…
When the user starts a process, the When the user starts a process, the process and the server use this process and the server use this shared password to authenticate shared password to authenticate each other’s communication. As a each other’s communication. As a result of that communication (and result of that communication (and if the server accepts the process if the server accepts the process into the into the groupgroup) the server adds the ) the server adds the new process (i.e., its IP address, new process (i.e., its IP address, port number, and account name) port number, and account name) to its list of members, and reports to its list of members, and reports this list back to the process. this list back to the process.
Data Analysis:Data Analysis:
Table next page shows the Table next page shows the results of performance tests on results of performance tests on implementation. It shows the implementation. It shows the mean latency in milliseconds of mean latency in milliseconds of retrieving web pages of various retrieving web pages of various sizes for various path lengths. sizes for various path lengths.
contd…contd…
Path Path LengtLengt
hh
Page Size (Kbytes)Page Size (Kbytes)
0 1 2 3 4 50 1 2 3 4 5
11 282888
247247 264264 294294 393393 386386
22 575733
700700 900900 11571157 13691369 13841384
33 696922
945945 11131113 13161316 16121612 17481748
44 818144
10041004 11911191 14211421 16231623 17741774
55 999922
12051205 14461446 16201620 18701870 20072007
Schedule:Schedule:
Literature review for Literature review for groupgroup, network , network privacy - about three months privacy - about three months
Design of code to Implementation users Design of code to Implementation users in the in the groupgroup - another two months - another two months
Testing the performance for different Testing the performance for different paths and for different browsers - paths and for different browsers - another two months another two months
Facilities and Facilities and Special Special Resources:Resources:
Web server that can maintain large number of members of the group. A good compiler language such as C to implement the code which is used to accept or reject the users into the group.
Deliverable:Deliverable:
A novel approach to protecting users’ privacy while retrieving information on the world-wide-web is presented.
Includes a project, which gives design of the group, collection of web users from diverse geographical region which retrieves information on its users’ behalf.
References:References:
BRIER, S. 1997. How to keep your BRIER, S. 1997. How to keep your privacy: Battle lines get clearer. privacy: Battle lines get clearer. New York Times (Jan. 13).New York Times (Jan. 13). CHAUM, D. 1981. Untraceable CHAUM, D. 1981. Untraceable electronic mail, return addresses, electronic mail, return addresses, and digital pseudonyms.and digital pseudonyms.
contd…contd…
CRISTIAN, F. 1991. Reaching CRISTIAN, F. 1991. Reaching agreement on processor group agreement on processor group membership in synchronous membership in synchronous distributed systems.distributed systems.
GABBER, E GIBBONS, P., MAITIAS, GABBER, E GIBBONS, P., MAITIAS, Y., AND MAYER, A. 1997. How to Y., AND MAYER, A. 1997. How to make personalized web browsing make personalized web browsing simple, secure, and anonymous.simple, secure, and anonymous.
Questions?Questions?