Emiliano De Cristofaro Steven J. Murdoch (Eds.) 5 Privacy Enhancing 5 5 8 S Technologies C N L 14th International Symposium, PETS 2014 Amsterdam, The Netherlands, July 16–18, 2014 Proceedings 123 Lecture Notes in Computer Science 8555 CommencedPublicationin1973 FoundingandFormerSeriesEditors: GerhardGoos,JurisHartmanis,andJanvanLeeuwen EditorialBoard DavidHutchison LancasterUniversity,UK TakeoKanade CarnegieMellonUniversity,Pittsburgh,PA,USA JosefKittler UniversityofSurrey,Guildford,UK JonM.Kleinberg CornellUniversity,Ithaca,NY,USA AlfredKobsa UniversityofCalifornia,Irvine,CA,USA FriedemannMattern ETHZurich,Switzerland JohnC.Mitchell StanfordUniversity,CA,USA MoniNaor WeizmannInstituteofScience,Rehovot,Israel OscarNierstrasz UniversityofBern,Switzerland C.PanduRangan IndianInstituteofTechnology,Madras,India BernhardSteffen TUDortmundUniversity,Germany DemetriTerzopoulos UniversityofCalifornia,LosAngeles,CA,USA DougTygar UniversityofCalifornia,Berkeley,CA,USA GerhardWeikum MaxPlanckInstituteforInformatics,Saarbruecken,Germany EmilianoDeCristofaro StevenJ.Murdoch(Eds.) Privacy Enhancing Technologies 14th International Symposium, PETS 2014 Amsterdam, The Netherlands, July 16-18, 2014 Proceedings 1 3 VolumeEditors EmilianoDeCristofaro UniversityCollegeLondon,DepartmentofComputerScience GowerStreet,LondonWC1E6BT,UK E-mail:[email protected] StevenJ.Murdoch UniversityofCambridge,ComputerLaboratory 15JJThomsonAvenue,CambridgeCB30FD,UK E-mail:[email protected] ISSN0302-9743 e-ISSN1611-3349 ISBN978-3-319-08505-0 e-ISBN978-3-319-08506-7 DOI10.1007/978-3-319-08506-7 SpringerChamHeidelbergNewYorkDordrechtLondon LibraryofCongressControlNumber:2014941760 LNCSSublibrary:SL4–SecurityandCryptology ©byAuthors2014 SpringerInternationalPublishingSwitzerlandholdstheexclusiverightofdistributionandreproductionof thiswork,foraperiodofthreeyearsstartingfromthedateofpublication. Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation, inistcurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution undertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication, neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe materialcontainedherein. Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) Preface Either through a deliberate desire for surveillance or an accidental consequence of design, there are a growing number of systems and applications that record and process sensitive information. As a result, the role of privacy-enhancing technologies becomes increasingly crucial, whether adopted by individuals to avoidintrusionintheir private life, orby systemdesignersto offer protectionto their users. The 14th Privacy Enhancing Technologies Symposium (PETS 2014) ad- dressed the need for better privacy by bringing together experts in privacy and systems research, cryptography, censorship resistance, and data protection, fa- cilitating the collaboration needed to tackle the challenges faced in designing and deploying privacy technologies. There were 86 papers submitted to PETS 2014, which were all assigned to be reviewed by at least four members of the ProgramCommittee (PC). Follow- ing intensive discussion among the reviewers, other PC members, and external experts,16paperswereacceptedforpresentation,oneofwhichwastheresultof twomergedsubmissions.Topicsaddressedbythe paperspublishedinthesepro- ceedingsinclude study ofprivacyerosion,designsofprivacy-preservingsystems, censorship resistance, social networks, and location privacy. PETS continues to widen its scope by appointing PC members with more diverse areas of exper- tise and encouragingthe submissionof high-quality papers outside of the topics traditionally forming the PETS program. Wealsocontinuetohosttheone-dayWorkshoponHotTopicsonPrivacyEn- hancingTechnologies(HotPETs),nowinitsseventhyear.Thisvenueencourages the lively discussion of exciting but possibly preliminary ideas. The HotPETS keynote was given by William Binney, a prominent whistleblower and advocate for privacy, previously employed by the US National Security Agency. As with previousyearstherearenopublishedproceedingsforHotPETs,allowingauthors to refine their work basedon feedback receivedandsubsequently publish it at a future PETS or elsewhere. PETSalsoincludedakeynotebyMartinOrtlieb(asocialanthropologistand senioruserexperienceresearcheratGoogle),apaneldiscussingsurveillance,and a rump session with brief presentations on a variety of topics. This year, PETS was co-located with the First Workshop on Genome Privacy, which set out to explore the privacy challenges faced by advances in genomics. We wouldliketo thankall the PETSandHotPETsauthors,especiallythose whopresentedtheirworkthatwasselectedfortheprogram,aswellasthe rump session presenters, keynote speakers, and panelists. We are very grateful to the PC members and additional reviewers, who contributed to editorial decisions with thoroughreviewsandactivelyparticipatedinthe PCdiscussions, ensuring a high quality of all accepted papers. We owe special thanks to the following VI Preface PC members and reviewers who volunteered to shepherd some of the accepted papers:KellyCaine,ClaudeCastelluccia,RobertoDiPietro,ClaudiaDiaz,Paolo Gasti, Amir Houmansadr,Rob Jansen, Negar Kiyavash,MicahSherr, andReza Shokri. We gratefully acknowledge the outstanding contributions of the PETS 2014 generalchair,HindetenBerge,andpublicitychair,CarmelaTroncoso,aswellas thePETSwebmasterofeightyears,JeremyClark.Moreover,ourgratitudegoes to the HotPETs2014chairs,Kelly Caine, PrateekMittal, andReza Shokri who put together an excellent program. Last but not least, we would like to thank our sponsors, Google, Silent Circle, and the Privacy & Identity Lab, for their generous support, as well as Microsoft for its continued sponsorshipof the PET award and travel stipends. May 2014 Emiliano De Cristofaro Steven J. Murdoch Organization Program Committee Alessandro Acquisti Carnegie Mellon University, USA Erman Ayday EPFL, Switzerland Kelly Caine Clemson University, USA Jan Camenisch IBM Research – Zurich, Switzerland Srdjan Capkun ETH Zurich, Switzerland Claude Castelluccia Inria Rhone-Alpes, France Kostas Chatzikokolakis CNRS, LIX, Ecole Polytechnique, France Graham Cormode University of Warwick, UK Emiliano De Cristofaro University College London, UK Roberto Di Pietro Universit`a di Roma Tre, Italy Claudia Diaz KU Leuven, Belgium Cynthia Dwork Microsoft Research, USA Zekeriya Erkin Delft University of Technology, The Netherlands Paul Francis MPI-SWS, Germany Paolo Gasti New York Institute of Technology, USA Ian Goldberg University of Waterloo, Canada Rachel Greenstadt Drexel University, USA Amir Herzberg Bar-Ilan University, Israel Nicholas Hopper University of Minnesota, USA Amir Houmansadr University of Texas at Austin, USA Rob Jansen U.S. Naval Research Laboratory, USA Mohamed Ali Kaafar NICTA, Australia Apu Kapadia Indiana University, USA Stefan Katzenbeisser TU Darmstadt, Germany Negar Kiyavash UniversityofIllinois,UrbanaChampaign,USA Markulf Kohlweiss Microsoft Research, USA Adam J. Lee University of Pittsburgh, USA Brian N. Levine University of Massachusetts Amherst, USA Marc Liberatore University of Massachusetts Amherst, USA Benjamin Livshits Microsoft Research Nick Mathewson The Tor Project, USA Prateek Mittal Princeton University, USA Steven Murdoch University of Cambridge, UK Arvind Narayanan Princeton, USA Claudio Orlandi Aarhus University, Denamrk Micah Sherr Georgetown University, USA VIII Organization Reza Shokri ETH Zurich, Switzerland Radu Sion Stony Brook University, USA Paul Syverson U.S. Naval Research Laboratory, USA Gene Tsudik University of California, Irvine, USA Eugene Vasserman Kansas State University, USA Matthew Wright University of Texas at Arlington, USA Additional Reviewers Abdelberi, Chaabane Haque, S.M. Taiabul Acar, Gunes Harvey, Sarah Achara, Jagdish Hoyle, Roberto Acs, Gergely Jagdish, Achara Afroz, Sadia Johnson, Aaron Almishari, Mishari Kaizer, Andrew Balsa, Ero Knijnenburg, Bart Bordenabe, Nicolas Kostiainen, Kari Caliskan-Islam, Aylin Krol, Kat Chaabane, Abdelberi Nguyen, Lan Chan, T-H. Hubert Nilizadeh, Shirin Chen, Rafi Norcie, Greg Cunche, Mathieu Oguz, Ekin de Hoogh, Sebastiaan Ohrimenko, Olga Elahi, Tariq Orlov, Ilan Faber, Sky Papillon, Serge Farnan, Nicholas Procopiuc, Cecilia Freudiger, Julien Qiao, Yechen Gambs, Sebastien Sedenka, Jaroslav Garg, Vaibhav Seneviratne, Suranga Garrison III, William C Shen, Entong Gelernter, Nethanel Tan, Zhi Da Henry Ghali, Cesar Veugen, Thijs Gilad, Yossi Washington, Gloria Gong, Xun Yu, Ge Gurses, Seda Zeilemaker, Niels Table of Contents CloudTransport: Using Cloud Storage for Censorship-Resistant Networking ..................................................... 1 Chad Brubaker, Amir Houmansadr, and Vitaly Shmatikov A Predictive Differentially-Private Mechanism for Mobility Traces...... 21 Konstantinos Chatzikokolakis, Catuscia Palamidessi, and Marco Stronati On the Effectiveness of Obfuscation Techniques in Online Social Networks ....................................................... 42 Terence Chen, Roksana Boreli, Mohamed-Ali Kaafar, and Arik Friedman The Best of Both Worlds: Combining Information-Theoretic and Computational PIR for Communication Efficiency.................... 63 Casey Devet and Ian Goldberg Social Status and the Demand for Security and Privacy............... 83 Jens Grossklags and Nigel J. Barradale C3P: Context-Aware Crowdsourced Cloud Privacy ................... 102 Hamza Harkous, Rameez Rahman, and Karl Aberer Forward-Secure Distributed Encryption............................. 123 Wouter Lueks, Jaap-Henk Hoepman, and Klaus Kursawe I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis.................................................. 143 Brad Miller, Ling Huang, A.D. Joseph, and J.D. Tygar I Know What You’re Buying: Privacy Breaches on eBay .............. 164 Tehila Minkus and Keith W. Ross Quantifying the Effect of Co-location Information on Location Privacy......................................................... 184 Alexandra-Mihaela Olteanu, K´evin Huguenin, Reza Shokri, and Jean-Pierre Hubaux Do Dummies Pay Off? Limits of Dummy Traffic Protection in Anonymous Communications ...................................... 204 Simon Oya, Carmela Troncoso, and Fernando P´erez-Gonz´alez X Table of Contents Exploiting Delay Patterns for User IPs Identification in Cellular Networks ....................................................... 224 Vasile Claudiu Perta, Marco Valerio Barbera, and Alessandro Mei Why Doesn’t Jane Protect Her Privacy? ............................ 244 Karen Renaud, Melanie Volkamer, and Arne Renkema-Padmos Measuring Freenet in the Wild: Censorship-Resilience under Observation ..................................................... 263 Stefanie Roos, Benjamin Schiller, Stefan Hacker, and Thorsten Strufe Dovetail: Stronger Anonymity in Next-Generation Internet Routing .... 283 Jody Sankey and Matthew Wright Spoiled Onions: Exposing Malicious Tor Exit Relays.................. 304 Philipp Winter, Richard K¨ower, Martin Mulazzani, Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, and Edgar Weippl Author Index.................................................. 333