Paper 2017/191

CoverUp: Privacy Through "Forced" Participation in Anonymous Communication Networks

David Sommer, Aritra Dhar, Luka Malisa, Esfandiar Mohammadi, Daniel Ronzani, and Srdjan Capkun

Abstract

The privacy guarantees of anonymous communication networks (ACNs) are bounded by the number of participants. As a consequence, an ACN can only achieve strong privacy guarantees if it succeeds in attracting a large number of active users. Vice versa, weak privacy guarantees renders an ACN unattractive, leading to a low number of users. In this work, we show how to break this vicious circle. We develop CoverUp, a system that "forces" visitors of highly accessed websites to become involuntary participants of an ACN. CoverUp leverages basic browser functionality to execute server-served JavaScript code and to open remote connections to connect all website visitors to an ACN (which we instantiate by a mix server). We build two applications on top of CoverUp: an anonymous feed and a chat. We show that both achieve practical performance and strong privacy guarantees. Towards a network-level attacker, CoverUp makes voluntary and involuntary participants indistinguishable, thereby providing an anonymity set that includes all voluntary and involuntary participants (i.e., all website visitors). Given this, CoverUp provides even more than mere anonymity: the voluntary participants can hide the very intention to use the ACN. As the concept of forced participation raises ethical and legal concerns, we discuss these concerns and describe how these can be addressed.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
anonymous communicationprivacy enhancing technologies
Contact author(s)
mohammadi @ inf ethz ch
History
2017-02-28: received
Short URL
https://ia.cr/2017/191
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/191,
      author = {David Sommer and Aritra Dhar and Luka Malisa and Esfandiar Mohammadi and Daniel Ronzani and Srdjan Capkun},
      title = {{CoverUp}: Privacy Through "Forced" Participation in Anonymous Communication Networks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/191},
      year = {2017},
      url = {https://eprint.iacr.org/2017/191}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.