HisTorε: Differentially Private and Robust Statistics Collection for Tor
نویسندگان
چکیده
A large volume of existing research attempts to understand who uses Tor and how the network is used (and misused). However, conducting measurements on the live Tor network, if done improperly, can endanger the security and anonymity of the millions of users who depend on the network to enhance their online privacy. Indeed, several existing measurement studies of Tor have been heavily criticized for unsafe research practices. Tor needs privacy-preserving methods of gathering statistics. The recently proposed PrivEx system demonstrates how data can be safely collected on Tor using techniques from differential privacy. However, as we demonstrate in this paper, the integrity of the statistics reported by PrivEx is brittle under realistic deployment conditions. An adversary who operates even a single relay in the volunteer-operated anonymity network can arbitrarily influence the result of PrivEx queries. We argue that a safe and useful data collection mechanism must provide both privacy and integrity protections. This paper presents HisTor , a privacy-preserving statistics collection scheme based on ( , δ)-differential privacy that is robust against adversarial manipulation. We formalize the security guarantees of HisTor and show using historical data from the Tor Project that HisTor provides useful data collection and reporting with low bandwidth and processing overheads.
منابع مشابه
Privacy-preserving Anomaly Detection in Tor
This extended abstract presents our vision of PrivEy, a distributed data collection and anomaly detection framework for the Tor network. PrivEy builds on the general framework of PrivEx (CCS 2014), a system for privately collecting statistics about traffic egressing the Tor network; however, PrivEy extends PrivEx in several important respects: (i) it supports the collection of a wider array of ...
متن کاملEfficient Private Statistics with Succinct Sketches
Large-scale collection of contextual information is often essential in order to gather statistics, train machine learning models, and extract knowledge from data. The ability to do so in a privacy-preserving way – i.e., without collecting finegrained user data – enables a number of additional computational scenarios that would be hard, or outright impossible, to realize without strong privacy g...
متن کاملPreamble of Constitution VS Govt.'s Policy to Promote Private Higher Educational Institutions in India: A Mathematical Model for Solution
متن کامل
Convergence Rates for Differentially Private Statistical Estimation
Differential privacy is a cryptographically-motivated definition of privacy which has gained significant attention over the past few years. Differentially private solutions enforce privacy by adding random noise to a function computed over the data, and the challenge in designing such algorithms is to control the added noise in order to optimize the privacy-accuracy-sample size tradeoff. This w...
متن کاملDifferentially Private Local Electricity Markets
Privacy-preserving electricity markets have a key role in steering customers towards participation in local electricity markets by guarantying to protect their sensitive information. Moreover, these markets make it possible to statically release and share the market outputs for social good. This paper aims to design a market for local energy communities by implementing Differential Privacy (DP)...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017