CIS-700: Topics on privacy and anonymity

Spring 2021

Instructor: Sebastian Angel

Room: Zoom

Time: M/W 10:30 AM - 12:00 PM

Email: sebastian.angel at cis.upenn.edu

Discussion: Piazza

Office hours: By appointment

Course Description

This course will cover selected topics on anonymous communication systems and other privacy-preserving technologies. Some of the works that this course studies include the Tor anonymity network, pivate chat systems, and studies on the privacy implication of online dating, among others. The first half of each class will consist of a lecture providing the historical context and the general ideas of the papers assigned. The second half of each class will consist of a detailed discussion of the techniques, tradeoffs, and potential extentions of the papers assigned. Each student is expected to lead at least one discussion. In addition to lectures and discussions, this course includes 3 reading comprehension assignments and a research project.

Reading assignments

Provide a written critique of 3 of the assigned readings. Each critique consits of a summary of the assigned paper, a discussion of its limitations, a list of applications, and extensions. It is expected that one of the reading assignments corresponds to the reading for which you will be leading a discussion.

Research project

Propose and complete a research project in a related area (can be done in groups of at most 3 students). Example projects include (but are not limited to):

For those who prefer finding vulnerabilities in systems and protocols:

For those who prefer building systems:

For those who prefer the more theoretical aspects:

Students should submit a project proposal by March 3, and are encouraged to discuss with me their ideas prior to selecting a project. Students are expected to give an oral presentation of their project in class and turn in a final report by April 29.

Prerequisites

Most of the material in this course is accessible to someone with a general CS background. However, familiarity with the content of any of these classes (or their equivalent) is recommended: CIS 331, CIS 505, CIS 551, CIS 553, CIS 556

.

Grading

If you are taking this class P/F, you cannot obtain a passing grade without completing and presenting your project.

Schedule

Date Topic Required reading
Jan. 20 Course overview and intro to anonymity Anonymity terminology by Andreas Pfitzmann and Marit Hansen
Jan. 25 Mix networks

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms by David Chaum

Stop-and-Go-MIXes by Dogan Kesdogan, Jan Egner, and Roland Büschkes

Jan. 27 Traffic analysis attacks

The disadvantages of free MIX routes and how to overcome them by Oliver Berthold, Andreas Pfitzmann, and Ronny Standtke

Statistical Disclosure Attacks: Traffic Confirmation in Open Environments by George Danezis

Feb. 1 Peer-to-peer routing

Crowds: Anonymity for Web Transactions by Michael K. Reiter and Aviel D. Rubin

Feb. 3 Attacks on peer-to-peer systems

The Sybil attack by John R. Douceur

Eclipse Attacks on Overlay Networks by Singh et al.

Feb. 8 Onion routing Tor: The Second-Generation Onion Router by Roger Dingledine, Nick Mathewson, and Paul Syverson
Feb. 10 Dining cryptographer networks

The Dining Cryptographers Problem by David Chaum

Elluding Carnivores by Gün Sirer et al.

Feb. 15 ENIAC Day Attend ENIAC Day Symposium
Feb. 17 Metadata-private messaging Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis by van den Hooff et al.
Feb. 22 What does privacy mean to you? Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration by Oates et al.
Feb. 24 Privacy in online dating How Public Is My Private Life? Privacy in Online Dating by Camille Cobb and Tadayoshi Kohno
Mar. 1 Privacy in status indicators A Privacy-Focused Systematic Analysis of Online Status Indicators by Cobb et al.
Mar. 3

Privacy of bystanders in pictures

Project proposal due

Automatically Detecting Bystanders in Photos toReduce Privacy Risks by Hasan et al.
Mar. 8 Spring break
Mar. 10 Spring break
Mar. 15 Privacy in online advertising Privad: Practical Privacy in Online Advertising by Saikat Guha, Bin Cheng, and Paul Francis
Mar. 17 Privacy in social networks Persona: An Online Social Network with User-Defined Privacy by Baden et al.
Mar. 22 Privacy in location services A Survey of Computational Location Privacy by John Krumm
Mar. 24 Privacy in media streaming services Scalable and private media consumption with Popcorn by Gupta et al.
Mar. 29 Privacy in reputation systems SoK: Privacy-Preserving Reputation Systems by Stan Gurtler and Ian Goldberg
Mar. 31 Privacy in law enforcement Open, privacy-preserving protocols for lawful surveillance by Aaron Segal, Joan Feigenbaum, and Bryan Ford
Apr. 5 Privacy in free and paid apps The Price is (Not) Right: Comparing Privacy in Free and Paid Apps by Han et al.
Apr. 7 Privacy in voice activated devices When Speakers Are All Ears: Characterizing Misactivations of IoT Smart Speakers by Dubois et al.
Apr. 12 Work on project (no lecture)
Apr. 14 Work on project (no lecture)
Apr. 19 Privacy for authors and developers Git Blame Who?: Stylistic Authorship Attribution of Small, Incomplete Source Code Fragments by Dauber et al.
Apr. 21 Project presentations
Apr. 26 Project presentations
Apr. 28 Project presentations
Apr. 29 Project report due