Saturday, September 7, 2013

SIGCOMM'13: Expressive Privacy Control with Pseudonyms

Authors: Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter,
Thomas Anderson, Arvind Krishnamurthy, David Wetherall

Authors have designed a cross-layer architecture that provides users with a pseudonym abstraction. Pseudonym represents a set of activities that the user is fine with linking. Pseudonym gives the illusion of a single machine. They are able to provide pseudonyms without modification to the browser, operating system, or network. But it is to be noted that IP address separation across pseudonyms only works when the destination server is using IPv6 addresses; however, cookie separation works even with IPv4 servers.

The number of pseudonyms supported by the system is limited by the number of IP addresses we can assign concurrently to a network interface without performance degradation. For example, the Linux operating system enforces a configurable default limit of 4096 addresses. Each privacy policy results in a different number of generated pseudonyms.

Thus, this paper presents an abstraction called a pseudonym, where each device and therefore users are able to control and use many, indistinguishable identities. The pseudonym abstraction gives users
control over which activities can be linked at remote services and which cannot. The authors have designed a cross-layer architecture that exploits the ample IPv6 address space and provides application layer  mechanisms for management. The given design provides the ability for users to choose expressive policies for controlling the privacy/functionality tradeoff on the web. Thus, proposed prototype system consists of a browser extension and a gateway proxy.