Abstract
Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BBC News. Chinese man ‘jailed due to Yahoo’ (February 2006), http://news.bbc.co.uk/2/hi/asia-pacific/4695718.stm
BitTorrent, http://www.bittorrent.com
Butler, K., Enck, W., Plasterr, J., Traynor, P., McDaniel, P.: Privacy Preserving Web-based Email. Technical report, Technical Report NAS-TR-0009-2005, Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, University Park, PA (June 2005)
Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: a distributed anonymous information storage and retrieval system. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 46–66. Springer, Heidelberg (2001)
Costales, B., Allman, E.: Sendmail, 2nd edn. O’Reilly & Associates, Inc, Sebastopol (1997)
Dingledine, R., Freedman, M.J., Molnar, D.: The Free Haven Project: Distributed Anonymous Storage Service. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 67–95. Springer, Heidelberg (2001)
Electronic Frontier Foundation, http://www.eff.org
Ellison, C.M., Schneier, B.: Ten Risks of PKI: What You’re Not Being Told About Public-Key Infrastructure. Computer Security Journal 16(1), 1–7 (1999)
Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private Internet connections. Commun. ACM 42(2), 39–41 (1999)
Henry, P., Luo, H.: Off-the-record email system. In: Proceedings of IEEE INFOCOM 2001, Anchorage, AK, USA, April 2001, pp. 869–877 (2001)
Jordan, E., Becker, A.: Princeton officials broke into Yale online admissions decisions (July 25, 2002), http://www.yaledailynews.com/article.asp?AID=19454
Kent, S.T.: Internet privacy enhanced mail. Commun. ACM 36(8), 48–60 (1993)
Marc Waldman, A.D.R., Cranor, L.F.: Publius: A robust, tamper-evident, censorship-resistant, web publishing system. In: Proc. 9th USENIX Security Symposium, August 2000, pp. 59–72 (2000)
Mcarthur, R.L.: Reasonable expectations of privacy. Ethics and Inf. Tech. 3(2), 123–128 (2001)
Palen, L., Dourish, P.: Unpacking “privacy” for a networked world. In: CHI 2003: Proceedings of the SIGCHI conference on Human factors in computing systems, pp. 129–136. ACM Press, New York (2003)
Peppers, D., Rogers, M.: The One to One Future: Building Relationships One Customer at a Time. Doubleday (1993)
Ramsdell, B.: S/MIME version 3 message specification. RFC 2633, IETE (June 1999)
Reiter, M.K., Rubin, A.D.: Crowds: anonymity for Web transactions. ACM Transactions on Information and System Security 1(1), 66–92 (1998)
Reporters Without Borders. Information supplied by Yahoo! helped journalist Shi Tao get 10 years in prison (September 2005), http://www.rsf.org/article.php3?id_article=14884
Rivest, R.L.: Chaffing and Winnowing: Confidentiality without Encryption. RSA CryptoBytes 4(1) (Summer 1998)
Roger, W.: Surfer beware: Advertiser’s on your trail, DoubleClick tracks online movements. USA Today, p. 01.B (January 26, 2000)
Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.: Stronger Password Authentication Using Browser Extensions. In: Proceedings of the 14th USENIX Security Symposium (2005)
SAFe-mail.net. SAFe-Mail features (May 2005), http://www.safe-mail.net/help/SAFeMailFeatures.html
Saunders, G.: Samizdat: Voices of the Soviet Opposition. Pathfinder Press, Atlanta (1974)
Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)
SNOW. The SNOW Home Page, http://www.darkside.com.au/snow/
The Anonymizer, http://www.anonymizer.com
Zimmermann, P.R.: The official PGP user’s guide. MIT Press, Cambridge (1995)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Butler, K., Enck, W., Plasterr, J., Traynor, P., McDaniel, P. (2006). Privacy Preserving Web-Based Email. In: Bagchi, A., Atluri, V. (eds) Information Systems Security. ICISS 2006. Lecture Notes in Computer Science, vol 4332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11961635_8
Download citation
DOI: https://doi.org/10.1007/11961635_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68962-1
Online ISBN: 978-3-540-68963-8
eBook Packages: Computer ScienceComputer Science (R0)