LNCS 8555 Emiliano De Cristofaro Steven J Murdoch (Eds.) Privacy Enhancing Technologies 14th International Symposium, PETS 2014 Amsterdam, The Netherlands, July 16–18, 2014 Proceedings 123 Lecture Notes in Computer Science Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen Editorial Board David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen TU Dortmund University, Germany Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max Planck Institute for Informatics, Saarbruecken, Germany 8555 Emiliano De Cristofaro Steven J Murdoch (Eds.) Privacy Enhancing Technologies 14th International Symposium, PETS 2014 Amsterdam, The Netherlands, July 16-18, 2014 Proceedings 13 Volume Editors Emiliano De Cristofaro University College London, Department of Computer Science Gower Street, London WC1E 6BT, UK E-mail: e.decristofaro@ucl.ac.uk Steven J Murdoch University of Cambridge, Computer Laboratory 15 JJ Thomson Avenue, Cambridge CB3 0FD, UK E-mail: steven.murdoch@cl.cam.ac.uk ISSN 0302-9743 e-ISSN 1611-3349 ISBN 978-3-319-08505-0 e-ISBN 978-3-319-08506-7 DOI 10.1007/978-3-319-08506-7 Springer Cham Heidelberg New York Dordrecht London Library of Congress Control Number: 2014941760 LNCS Sublibrary: SL – Security and Cryptology © by Authors 2014 Springer International Publishing Switzerland holds the exclusive right of distribution and reproduction of this work, for a period of three years starting from the date of publication This work is subject to copyright All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in ist current version, and permission for use must always be obtained from Springer Permissions for use may be obtained through RightsLink at the Copyright Clearance Center Violations are liable to prosecution under the respective Copyright Law The use of general descriptive names, registered names, trademarks, service marks, etc in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made The publisher makes no warranty, express or implied, with respect to the material contained herein Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com) Preface Either through a deliberate desire for surveillance or an accidental consequence of design, there are a growing number of systems and applications that record and process sensitive information As a result, the role of privacy-enhancing technologies becomes increasingly crucial, whether adopted by individuals to avoid intrusion in their private life, or by system designers to offer protection to their users The 14th Privacy Enhancing Technologies Symposium (PETS 2014) addressed the need for better privacy by bringing together experts in privacy and systems research, cryptography, censorship resistance, and data protection, facilitating the collaboration needed to tackle the challenges faced in designing and deploying privacy technologies There were 86 papers submitted to PETS 2014, which were all assigned to be reviewed by at least four members of the Program Committee (PC) Following intensive discussion among the reviewers, other PC members, and external experts, 16 papers were accepted for presentation, one of which was the result of two merged submissions Topics addressed by the papers published in these proceedings include study of privacy erosion, designs of privacy-preserving systems, censorship resistance, social networks, and location privacy PETS continues to widen its scope by appointing PC members with more diverse areas of expertise and encouraging the submission of high-quality papers outside of the topics traditionally forming the PETS program We also continue to host the one-day Workshop on Hot Topics on Privacy Enhancing Technologies (HotPETs), now in its seventh year This venue encourages the lively discussion of exciting but possibly preliminary ideas The HotPETS keynote was given by William Binney, a prominent whistleblower and advocate for privacy, previously employed by the US National Security Agency As with previous years there are no published proceedings for HotPETs, allowing authors to refine their work based on feedback received and subsequently publish it at a future PETS or elsewhere PETS also included a keynote by Martin Ortlieb (a social anthropologist and senior user experience researcher at Google), a panel discussing surveillance, and a rump session with brief presentations on a variety of topics This year, PETS was co-located with the First Workshop on Genome Privacy, which set out to explore the privacy challenges faced by advances in genomics We would like to thank all the PETS and HotPETs authors, especially those who presented their work that was selected for the program, as well as the rump session presenters, keynote speakers, and panelists We are very grateful to the PC members and additional reviewers, who contributed to editorial decisions with thorough reviews and actively participated in the PC discussions, ensuring a high quality of all accepted papers We owe special thanks to the following VI Preface PC members and reviewers who volunteered to shepherd some of the accepted papers: Kelly Caine, Claude Castelluccia, Roberto Di Pietro, Claudia Diaz, Paolo Gasti, Amir Houmansadr, Rob Jansen, Negar Kiyavash, Micah Sherr, and Reza Shokri We gratefully acknowledge the outstanding contributions of the PETS 2014 general chair, Hinde ten Berge, and publicity chair, Carmela Troncoso, as well as the PETS webmaster of eight years, Jeremy Clark Moreover, our gratitude goes to the HotPETs 2014 chairs, Kelly Caine, Prateek Mittal, and Reza Shokri who put together an excellent program Last but not least, we would like to thank our sponsors, Google, Silent Circle, and the Privacy & Identity Lab, for their generous support, as well as Microsoft for its continued sponsorship of the PET award and travel stipends May 2014 Emiliano De Cristofaro Steven J Murdoch Organization Program Committee Alessandro Acquisti Erman Ayday Kelly Caine Jan Camenisch Srdjan Capkun Claude Castelluccia Kostas Chatzikokolakis Graham Cormode Emiliano De Cristofaro Roberto Di Pietro Claudia Diaz Cynthia Dwork Zekeriya Erkin Paul Francis Paolo Gasti Ian Goldberg Rachel Greenstadt Amir Herzberg Nicholas Hopper Amir Houmansadr Rob Jansen Mohamed Ali Kaafar Apu Kapadia Stefan Katzenbeisser Negar Kiyavash Markulf Kohlweiss Adam J Lee Brian N Levine Marc Liberatore Benjamin Livshits Nick Mathewson Prateek Mittal Steven Murdoch Arvind Narayanan Claudio Orlandi Micah Sherr Carnegie Mellon University, USA EPFL, Switzerland Clemson University, USA IBM Research – Zurich, Switzerland ETH Zurich, Switzerland Inria Rhone-Alpes, France CNRS, LIX, Ecole Polytechnique, France University of Warwick, UK University College London, UK Universit`a di Roma Tre, Italy KU Leuven, Belgium Microsoft Research, USA Delft University of Technology, The Netherlands MPI-SWS, Germany New York Institute of Technology, USA University of Waterloo, Canada Drexel University, USA Bar-Ilan University, Israel University of Minnesota, USA University of Texas at Austin, USA U.S Naval Research Laboratory, USA NICTA, Australia Indiana University, USA TU Darmstadt, Germany University of Illinois, Urbana Champaign, USA Microsoft Research, USA University of Pittsburgh, USA University of Massachusetts Amherst, USA University of Massachusetts Amherst, USA Microsoft Research The Tor Project, USA Princeton University, USA University of Cambridge, UK Princeton, USA Aarhus University, Denamrk Georgetown University, USA VIII Organization Reza Shokri Radu Sion Paul Syverson Gene Tsudik Eugene Vasserman Matthew Wright ETH Zurich, Switzerland Stony Brook University, USA U.S Naval Research Laboratory, USA University of California, Irvine, USA Kansas State University, USA University of Texas at Arlington, USA Additional Reviewers Abdelberi, Chaabane Acar, Gunes Achara, Jagdish Acs, Gergely Afroz, Sadia Almishari, Mishari Balsa, Ero Bordenabe, Nicolas Caliskan-Islam, Aylin Chaabane, Abdelberi Chan, T-H Hubert Chen, Rafi Cunche, Mathieu de Hoogh, Sebastiaan Elahi, Tariq Faber, Sky Farnan, Nicholas Freudiger, Julien Gambs, Sebastien Garg, Vaibhav Garrison III, William C Gelernter, Nethanel Ghali, Cesar Gilad, Yossi Gong, Xun Gurses, Seda Haque, S.M Taiabul Harvey, Sarah Hoyle, Roberto Jagdish, Achara Johnson, Aaron Kaizer, Andrew Knijnenburg, Bart Kostiainen, Kari Krol, Kat Nguyen, Lan Nilizadeh, Shirin Norcie, Greg Oguz, Ekin Ohrimenko, Olga Orlov, Ilan Papillon, Serge Procopiuc, Cecilia Qiao, Yechen Sedenka, Jaroslav Seneviratne, Suranga Shen, Entong Tan, Zhi Da Henry Veugen, Thijs Washington, Gloria Yu, Ge Zeilemaker, Niels Table of Contents CloudTransport: Using Cloud Storage for Censorship-Resistant Networking Chad Brubaker, Amir Houmansadr, and Vitaly Shmatikov A Predictive Differentially-Private Mechanism for Mobility Traces Konstantinos Chatzikokolakis, Catuscia Palamidessi, and Marco Stronati On the Effectiveness of Obfuscation Techniques in Online Social Networks Terence Chen, Roksana Boreli, Mohamed-Ali Kaafar, and Arik Friedman The Best of Both Worlds: Combining Information-Theoretic and Computational PIR for Communication Efficiency Casey Devet and Ian Goldberg 21 42 63 Social Status and the Demand for Security and Privacy Jens Grossklags and Nigel J Barradale 83 C3P: Context-Aware Crowdsourced Cloud Privacy Hamza Harkous, Rameez Rahman, and Karl Aberer 102 Forward-Secure Distributed Encryption Wouter Lueks, Jaap-Henk Hoepman, and Klaus Kursawe 123 I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis Brad Miller, Ling Huang, A.D Joseph, and J.D Tygar I Know What You’re Buying: Privacy Breaches on eBay Tehila Minkus and Keith W Ross Quantifying the Effect of Co-location Information on Location Privacy Alexandra-Mihaela Olteanu, K´evin Huguenin, Reza Shokri, and Jean-Pierre Hubaux Do Dummies Pay Off? Limits of Dummy Traffic Protection in Anonymous Communications Simon Oya, Carmela Troncoso, and Fernando P´erez-Gonz´ alez 143 164 184 204 X Table of Contents Exploiting Delay Patterns for User IPs Identification in Cellular Networks Vasile Claudiu Perta, Marco Valerio Barbera, and Alessandro Mei Why Doesn’t Jane Protect Her Privacy? Karen Renaud, Melanie Volkamer, and Arne Renkema-Padmos Measuring Freenet in the Wild: Censorship-Resilience under Observation Stefanie Roos, Benjamin Schiller, Stefan Hacker, and Thorsten Strufe 224 244 263 Dovetail: Stronger Anonymity in Next-Generation Internet Routing Jody Sankey and Matthew Wright 283 Spoiled Onions: Exposing Malicious Tor Exit Relays Philipp Winter, Richard Kă ower, Martin Mulazzani, Markus Huber, Sebastian Schrittwieser, Stefan Lindskog, and Edgar Weippl 304 Author Index 333 ... De Cristofaro Steven J Murdoch (Eds.) Privacy Enhancing Technologies 14th International Symposium, PETS 2014 Amsterdam, The Netherlands, July 16- 18, 2014 Proceedings 13 Volume Editors Emiliano... designers to offer protection to their users The 14th Privacy Enhancing Technologies Symposium (PETS 2014) addressed the need for better privacy by bringing together experts in privacy and systems research,... from the prior, and as a result, the utility of the independent mechanism (using the Laplace as the underlying noise mechanism) is also prior-independent On the other hand, the utility of the