A considerable and growing fraction of servers, especially of web servers, is hosted in compute clouds. In this paper we opportunistically leverage this trend to improve privacy of clients from network attackers residing between the clients and the cloud: We design a system that can be deployed by the cloud operator to prevent a network adversary from determining which of the cloud’s tenant servers a client is accessing. The core innovation in our design is a PoPSiCl (pronounced “popsicle”), a persistent pseudonym for a tenant server that can be used by a single client to access the server, whose real identity is protected by the cloud from both passive and active network attackers. When instantiated for TLS-based access to web servers, our design works with all major browsers and requires no additional client-side software and minimal changes to the client user experience. Moreover, changes to tenant servers can be hidden in supporting software (operating systems and web-programming frameworks) without imposing on web-content development. Perhaps most notably, our system boosts privacy with minimal impact to web-browsing performance, after some initial setup during a user’s first access to each web server.
Gilad Asharov, Daniel Demmler, Michael Schapira, Thomas Schneider, Gil Segev, Scott Shenker and Michael Zohner
The Border Gateway Protocol (BGP) computes routes between the organizational networks that make up today’s Internet. Unfortunately, BGP suffers from deficiencies, including slow convergence, security problems, a lack of innovation, and the leakage of sensitive information about domains’ routing preferences. To overcome some of these problems, we revisit the idea of centralizing and using secure multi-party computation (MPC) for interdomain routing which was proposed by Gupta et al. (ACM HotNets’12). We implement two algorithms for interdomain routing with state-of-the-art MPC protocols. On an empirically derived dataset that approximates the topology of today’s Internet (55 809 nodes), our protocols take as little as 6 s of topology-independent precomputation and only 3 s of online time. We show, moreover, that when our MPC approach is applied at country/region-level scale, runtimes can be as low as 0.17 s online time and 0.20 s pre-computation time. Our results motivate the MPC approach for interdomain routing and furthermore demonstrate that current MPC techniques are capable of efficiently tackling real-world problems at a large scale.
rd Innovations in Theoretical Computer Science Conference , ITCS ‘12, pages 203–213, New York, NY, USA, 2012. ACM.
 K. Nissim, S. Vadhan, and D. Xiao. Redrawing the boundaries on purchasing data from privacy-sensitive individuals. In Proceedings of the 5th Conference on Innovations in Theoretical Computer Science , ITCS ‘14, pages 411–422, New York, NY, USA, 2014. ACM.
 Progressive. Snapshot plug-in device terms and conditions. www.progressive.com/auto/discounts/snapshot/snapshot-terms-conditions/ , Last updated: 5/11/2017.
 P. A
Frederick Douglas, Rorshach, Weiyang Pan and Matthew Caesar
, J. A., and Levchenko, K. Proximax: Fighting censorship with an adaptive system for distribution of open proxies. In Proceedings of the International Conference on Financial Cryptography and Data Security (St Lucia, February 2011).
 Miller, B., Pearce, P., Grier, C., Kreibich, C., and Paxson, V. What’s clicking what? techniques and innovations of today’s clickbots. In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 2011, pp. 164-183.
 Mohajeri Moghaddam, H., Li, B., Derakhshani, M., and Goldberg
Dominik Leibenger, Frederik Möllers, Anna Petrlic, Ronald Petrlic and Christoph Sorge
] runtastic GmbH. Facts About Runtastic. Available at https://www.runtastic.com/mediacenter/corporate-assets/english/company-overview/facts-about-runtastic_en_may2016.pdf, May 2016.
 Samsung. Intelligence for smarter health. Webpage. http://www.samsung.com/us/ssic/innovation_areas/#digitalhealth.
 P. M. Schwartz. The eu-u.s. privacy collision: A turn to institutions and procedures. Harvard Law Review, 126:1966-2009, 2013.
 J. Y. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The effect of online privacy information
, and Joseph H. Silverman. United States Patent: 6081597 - Public key cryptosystem method and apparatus. https://www.google.com/patents/US6081597, June 2000.
 Jeffrey Hoffstein and Joseph H. Silverman. United States Patent: 7031468 - Speed enhanced cryptographic method and apparatus. https://www.google.com/patents/US7031468, April 2006.
 Security Innovation. libntruencrypt: NTRUEncrypt reference implementation. https://github.com/NTRUOpenSourceProject/ntru-crypto, 2015. Version 1.0.1.
 Tibor Jager, Florian
Georgia Fragkouli, Katerina Argyraki and Bryan Ford
) , volume 4004, page 486–503, Saint Petersburg, Russia, May 2006. Springer Verlag.
 Cynthia Dwork, Frank McSherry, Kobbi Nissim, and Adam Smith. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference , pages 265–284. Springer, 2006.
 Cynthia Dwork, Moni Naor, Toniann Pitassi, Guy Rothblum, and Sergey Yekhanin. Pan-private streaming algorithms. In Proceedings of The First Symposium on Innovations in Computer Science (ICS 2010) . Tsinghua University Press, January 2010.
 Tariq Elahi, George Danezis
Natã M. Barbosa, Joon S. Park, Yaxing Yao and Yang Wang
experiment on willingness-to-sell and willingness-to-protect personal information. In WEIS 2007 .
 Jason Hong. 2017. The privacy landscape of pervasive computing. IEEE Pervasive Computing 16, 3 (2017), 40–48.
 Xiaodong Jiang, Jason I Hong, and James A Landay. 2002. Approximate information flows: Socially-based modeling of privacy in ubiquitous computing. In UbiComp 2002 . Springer, 176–193.
 Juniper 2017. Juniper - digital voice assistants. (2017). https://www.juniperresearch.com/researchstore/innovation
 E lison , M. Santander and Reisebank both recognized for innovation. Ripple Inc. https://ripple.com/insights/bankawards .
 F ugger , R. Money as IOUs in social trust networks & a proposal for a decentralized currency network protocol. http://archive.ripple-project.org/decentralizedcurrency.pdf , 2004.
 G avin W ood . Ethereum: a secure decentralised generalised transaction ledger. http://gavwood.com/paper.pdf .
 G hosh , A., M ahdian , M., R eeves , D. M., P ennock , D. M., and F ugger , R. Mechanism design on trust networks
Susan E. McGregor, Franziska Roesner and Kelly Caine
-generation onion router,” in Proceedings of the 13th USENIX Security Symposium, 2004.
 N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith, “SoK: Secure Messaging,” in Proceedings of the IEEE Symposium on Security and Privacy, 2015.
 M. Brennan, K. Metzroth, and R. Stafford, “Building Effective Internet Freedom Tools: Needfinding with the Tibetan Exile Community,” in 7th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2014.
 Internews Center for Innovation & Learning