Claimchain: Improving the Security and Privacy of In-Band Key Distribution for Messaging

Total Page:16

File Type:pdf, Size:1020Kb

Claimchain: Improving the Security and Privacy of In-Band Key Distribution for Messaging ClaimChain: Improving the Security and Privacy of In-band Key Distribution for Messaging Bogdan Kulynych Wouter Lueks Marios Isaakidis EPFL SPRING Lab EPFL SPRING Lab University College London [email protected] [email protected] [email protected] George Danezis Carmela Troncoso University College London EPFL SPRING Lab [email protected] [email protected] ABSTRACT collaboration of the service providers. The Autocrypt approach is 3 The social demand for email end-to-end encryption is barely sup- supported by key e-mail clients such as Thunderbird+Enigmail, ported by mainstream service providers. Autocrypt is a new commu- K-9 mail, and Mailpile, as well as a new messaging application for nity-driven open specification for e-mail encryption that attempts Android, DeltaChat. to respond to this demand. In Autocrypt the encryption keys are Similarly to in-band PGP [24], Autocrypt embeds the encryption attached directly to messages, and thus the encryption can be imple- keys into the e-mail messages, but uses pre-defined headers instead mented by email clients without any collaboration of the providers. of attachments. Furthermore, in the spirit of the PGP Web of Trust, The decentralized nature of this in-band key distribution, however, these headers also contain cross-references to the keys of other makes it prone to man-in-the-middle attacks and can leak the social users. The cross-references implicitly endorse the binding between graph of users. To address this problem we introduce ClaimChain, these keys and the corresponding user identities. a cryptographic construction for privacy-preserving authentica- This decentralized approach alleviates the privacy problem of 4 tion of public keys. Users store claims about their identities and centralized certification authorities, such as SKS Keyservers for keys, as well as their beliefs about others, in ClaimChains. These PGP keys, which can observe users’ key look-ups, and thus can infer chains form authenticated decentralized repositories that enable their communication patterns. However, since no one has a global users to prove the authenticity of both their keys and the keys of view of all the bindings in Autocrypt’s decentralized approach, ma- their contacts. ClaimChains are encrypted, and therefore protect licious users or providers can supply different user-to-key bindings the stored information, such as keys and contact identities, from to different recipients, effectively opening the doors to man-in-the- prying eyes. At the same time, ClaimChain implements mecha- middle attacks. nisms to provide strong non-equivocation properties, discouraging This attack, whereby Alice can show to Carol and Donald differ- malicious actors from distributing conflicting or inauthentic claims. ent versions of Bob’s key to manipulate encryption in her advantage, We implemented ClaimChain and we show that it offers reasonable is commonly known as equivocation. A solution to render equiv- performance, low overhead, and authenticity guarantees. ocation detectable and accountable could be to use CONIKS [15]. However, CONIKS’ transparency logs are maintained by providers, KEYWORDS and thus the scheme is not compatible with the Autocrypt principle of not requiring provider collaboration. E-mail encryption; Decentralization; Key distribution; Privacy In this paper we present ClaimChain, a cryptographic construc- tion that alleviates the authenticity and privacy problems of in-band 1 INTRODUCTION key distribution in the setting of Autocrypt.5 Similarly to CONIKS, Following the Snowden revelations it became clear that, given the ClaimChains consist of chained blocks. Instead of a global log, how- dependence of citizens, governments, and corporations on elec- ever, each user has their own ClaimChain that contains all the arXiv:1707.06279v6 [cs.CR] 12 Oct 2018 tronic communications, there is a strong need for highly secure information necessary to represent her claims about her own keys, end-to-end encrypted communications. That is, the content of com- and her beliefs about other users’ keys, i.e., her cross-references. munications must not be accessed by third parties, so as to shield Chaining of blocks enables tracking and authenticating the evolu- them from mass surveillance systems, domestic or foreign. Yet, so tion of beliefs and keys. Cross-references enable users to combine far we have only seen feeble and largely unsuccessful attempts by their contacts’ beliefs—represented by their ClaimChains—to estab- mainstream service providers such as GMail and Yahoo to support lish evidence about the binding between identities and keys. fully encrypted e-mail [1, 8, 13]. Only a few minor e-mail providers To address the privacy issues of the Web of Trust cross-reference 12 embrace end-to-end encryption. sharing model, ClaimChains use cryptographic access tokens to To fill this void, a recently launched community-driven initia- provide fine-grained control on who is allowed to read which claims. tive, Autocrypt, is developing a new open specification for e-mail Moreover, ClaimChains’ claim encoding schemes make it hard to encryption. The goal is to facilitate key handling by mail user agents so that encryption can be deployed without the need for 3https://github.com/autocrypt/autocrypt/blob/master/doc/install.rst 4https://sks-keyservers.net 1https://mailfence.com 5ClaimChains are currently being tested by the Autocrypt team (https://py-autocrypt. 2https://protonmail.com readthedocs.io/en/latest/) infer how users’ beliefs change over time. Finally, ClaimChains suitable for integrating with in-band key distribution. The purpose include mechanisms to reliably and efficiently prevent equivocation of the structure is to support key validation, i.e., help users estab- within a block, and a mechanism to detect equivocation across lish the authenticity of user-key bindings, as long as some users in blocks. In doing so, ClaimChains ensure non-equivocation while the system are honest. Furthermore, it must protect users’ privacy minimizing the leakage of users’ friendship networks. without relying on centralized parties. We prove the security and privacy properties provided by Claim- More concretely, we aim at providing the following properties. Chains. We also provide an implementation of ClaimChains and First, the structure must guarantee the integrity and authenticity of show that it scales to accommodate the needs of large groups identity-key bindings, i.e., it should not be possible to replace or at an acceptable overhead cost. We also simulate the usage of inject bindings without being detected. Second, we want to preserve ClaimChains for in-band key distribution using the Enron e-mail the privacy of cross-referenced information and the privacy of the dataset6 in a privacy-preserving way: ClaimChain owners reveal social graph. These properties ensure that only authorized users cross-references only if that does not leak more information about can access the key material in the structure and the identities of their social graph than is already revealed by the e-mails them- the bindings being distributed. Third, the structure must prevent selves. We quantify the degree to which in-band key distribution users from equivocating other users with respect to the identity-key can protect communication. We show that ClaimChains improve bindings that they share. That is, a user Owen should not be able privacy, without diminishing considerably the ability to encrypt to show to Alice and Bob different versions of a Charlie’s key, even e-mail, and enable the detection of incorrect key information. Our if he withdraws Alice’s access to see Charlie’s keys. In the latter main contributions are: case if Alice ever regains access, she must be able to detect Owen’s – We introduce ClaimChain, a cryptographic construction based misbehavior. Finally, our construction should not entail significant on authenticated data structures. ClaimChains store claims about computational or communication overhead for the end users and keys, thereby supporting key authentication in decentralized providers to enable adoption at large scale. environments in a secure and privacy-preserving way. – We define the properties that a decentralized and privacy-pre- Non-goals. In-band key distribution cannot ensure full availability serving key distribution system should offer and we formally of public encryption keys. The keys of one or more recipients may model them for ClaimChain. not be available to a sender at a time of sending a message, and thus, – We show that owners cannot equivocate about contact keys because of the opportunistic encryption operation, the message within blocks. Moreover, we provide a novel mechanism that would be sent in the clear. We are therefore not concerned with enables ClaimChain owners to prove that they have not equiv- ensuring 100% availability of keys. Instead, our goal is to secure the ocated across different blocks about a particular contact key. keys that are distributed without harming privacy. If guaranteeing Unlike other transparency-backed solutions [15], auditing the encrypted communication is absolutely necessary, parties must consistency of contact keys is possible without revealing their exchange keys in a reliable way, e.g. through a centralized service actual values in the ClaimChain history. or an out-of-band mechanism. – We provide an implementation of ClaimChain and show that its Furthermore, throughout this paper we consider that users have computation and bandwidth requirements are
Recommended publications
  • MASTERCLASS GNUPG MASTERCLASS You Wouldn’T Want Other People Opening Your Letters and BEN EVERARD Your Data Is No Different
    MASTERCLASS GNUPG MASTERCLASS You wouldn’t want other people opening your letters and BEN EVERARD your data is no different. Encrypt it today! SECURE EMAIL WITH GNUPG AND ENIGMAIL Send encrypted emails from your favourite email client. our typical email is about as secure as a The first thing that you need to do is create a key to JOHN LANE postcard, which is good news if you’re a represent your identity in the OpenPGP world. You’d Ygovernment agency. But you wouldn’t use a typically create one key per identity that you have. postcard for most things sent in the post; you’d use a Most people would have one identity, being sealed envelope. Email is no different; you just need themselves as a person. However, some may find an envelope – and it’s called “Encryption”. having separate personal and professional identities Since the early 1990s, the main way to encrypt useful. It’s a personal choice, but starting with a single email has been PGP, which stands for “Pretty Good key will help while you’re learning. Privacy”. It’s a protocol for the secure encryption of Launch Seahorse and click on the large plus-sign email that has since evolved into an open standard icon that’s just below the menu. Select ‘PGP Key’ and called OpenPGP. work your way through the screens that follow to supply your name and email address and then My lovely horse generate the key. The GNU Privacy Guard (GnuPG), is a free, GPL-licensed You can, optionally, use the Advanced Key Options implementation of the OpenPGP standard (there are to add a comment that can help others identify your other implementations, both free and commercial – key and to select the cipher, its strength and set when the PGP name now refers to a commercial product the key should expire.
    [Show full text]
  • Mesačný Prehľad Kritických Zraniteľností Máj 2018
    Mesačný prehľad kritických zraniteľností Mesačný prehľad kritických zraniteľností Máj 2018 1. Operačné systémy Microsoft Windows V máji spoločnosť Microsoft opravila 4 kritické zraniteľnosti operačného systému Microsoft Windows. Zraniteľnosti CVE-2018-0959 a CVE-2018-0961 môžu spôsobiť vykonanie škodlivého kódu na diaľku. Prvá z nich je spôsobená nesprávnym overovaním vstupu Windows Hyper-V na serveri od autentifikovaného používateľa na hostiteľskom operačnom systéme. Druhá sa týka overovania paketových dát v SMB protokole systému Windows Hyper-V. Na zneužitie týchto zraniteľností musí útočník spustiť špeciálne vytvorenú aplikáciu, ktorá umožní zneužitie týchto zraniteľností. Úspešný útočník následne môže vykonať ľubovoľný kód pomocou Windows Hyper-V. Našli sa aj zraniteľnosti CVE-2018-8120 a CVE-2018-8174 taktiež umožňujúce vzdialené vykonávanie kódu či zvýšenie privilégií, ktoré sú bližšie popísané aj v našom varovaní. Zraniteľné systémy: Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems. Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows
    [Show full text]
  • Securing Email Through Online Social Networks
    SECURING EMAIL THROUGH ONLINE SOCIAL NETWORKS Atieh Saberi Pirouz A thesis in The Department of Concordia Institute for Information Systems Engineering (CIISE) Presented in Partial Fulfillment of the Requirements For the Degree of Master of Applied Science (Information Systems Security) at Concordia University Montreal,´ Quebec,´ Canada August 2013 © Atieh Saberi Pirouz, 2013 Concordia University School of Graduate Studies This is to certify that the thesis prepared By: Atieh Saberi Pirouz Entitled: Securing Email Through Online Social Networks and submitted in partial fulfillment of the requirements for the degree of Master of Applied Science (Information Systems Security) complies with the regulations of this University and meets the accepted standards with respect to originality and quality. Signed by the final examining commitee: Dr. Benjamin C. M. Fung Chair Dr. Lingyu Wang Examiner Dr. Zhenhua Zhu Examiner Dr. Mohammad Mannan Supervisor Approved Chair of Department or Graduate Program Director 20 Dr. Christopher Trueman, Dean Faculty of Engineering and Computer Science Abstract Securing Email Through Online Social Networks Atieh Saberi Pirouz Despite being one of the most basic and popular Internet applications, email still largely lacks user-to-user cryptographic protections. From a research perspective, designing privacy preserving techniques for email services is complicated by the re- quirement of balancing security and ease-of-use needs of everyday users. For example, users cannot be expected to manage long-term keys (e.g., PGP key-pair), or under- stand crypto primitives. To enable intuitive email protections for a large number of users, we design Friend- lyMail by leveraging existing pre-authenticated relationships between a sender and receiver on an Online Social Networking (OSN) site, so that users can send secure emails without requiring direct key exchange with the receiver in advance.
    [Show full text]
  • A History of End-To-End Encryption and the Death of PGP
    25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment".
    [Show full text]
  • Building Resilience & Confronting Risk In
    BUILDING RESILIENCE & CONFRONTING RISK IN THE COVID-19 ERA A PARENTS & CAREGIVERS GUIDE TO ONLINE RADICALIZATION POLARIZATION AND EXTREMISM RESEARCH AND INNOVATION LAB (PERIL) PERIL brings the resources and expertise of the university sector to bear CONTENTS on the problem of growing youth polarization and extremist radicalization, through scalable research, intervention, and public education ideas to PARENT & CAREGIVER GUIDE 3 reduce rising polarization and hate. WHAT IS ONLINE RADICALIZATION? WHY SHOULD YOU CARE? 4 SOUTHERN POVERTY LAW CENTER NEW RISKS IN THE COVID-19 ERA 5 The SPLC seeks to be a catalyst for racial justice in the South and RECOGNIZING WARNING SIGNS 6 beyond, working in partnership with communities to dismantle white UNDERSTANDING THE DRIVERS 7 supremacy, strengthen intersectional movements, and advance the ENGAGE AND EMPOWER 9 human rights of all people. RESPONDING TO HATE 11 HOW TO GET HELP 12 APPENDIX: STAYING ALERT TO SITES, PLATFORMS AND APPS FREQUENTLY EXPLOITED BY EXTREMISTS 17 ENDNOTES 19 CREDITS 20 ILLUSTRATIONS BY CLAUDIA WHITAKER PARENT & CAREGIVER GUIDE Who is this guide for? We wrote this guide with a wide Whether you live with a young person, or work virtually range of caregivers in mind. with youth, radicalization to extremism is something we all should be concerned about. Extremists looking Caregivers living with children and young adults. This to recruit and convert children are predatory. Like all includes parents, grandparents, foster parents, extended forms of child exploitation, extremist recruitment drives families, and residential counselors who are the a wedge between young people and the adults they would guardians and caregivers of children and youth living typically trust.
    [Show full text]
  • MTA STS Improving Email Security.Pdf
    Improving Email Security with the MTA-STS Standard By Brian Godiksen An Email Best Practices Whitepaper CONTENTS Executive Overview 03 Why Does Email Need Encryption in Transit? 04 The Problem with “Opportunistic Encryption” 07 The Anatomy of a Man-in-the-Middle Attack 08 The Next Major Step with Email Encryption: MTA-STS 10 What Steps Should Senders Take to Adopt MTA-STS? 11 About SocketLabs 12 Brian Godiksen Brian has been helping organizations optimize email deliverability since joining SocketLabs in 2011. He currently manages a team of deliverability analysts that consult with customers on best infrastructure practices, including email authentication implementation, bounce processing, IP address warm-up, and email marketing list management. Brian leads the fight against spam and email abuse at SocketLabs by managing compliance across the platform. He is an active participant in key industry groups such as M3AAWG and the Email Experience Council. You can read more of Brian’s content here on the SocketLabs website. ©2019 SocketLabs 2 Executive The Edward Snowden leaks of 2013 opened many peoples’ eyes to the fact that mass surveillance was possible by Overview intercepting and spying on email transmissions. Today, compromised systems, database thefts, and technology breaches remain common fixtures in news feeds around the world. As a natural response, the technology industry is rabidly focused on improving the security and encryption of communications across all platforms. Since those early days of enlightenment, industry experts have discussed and attempted a variety of new strategies to combat “pervasive monitoring” of email channels. While pervasive monitoring assaults can take many forms, the most prominent forms of interference were man-in-the-middle (MitM) attacks.
    [Show full text]
  • Implementation and Analysis of Key Reinstallation Attack
    International Journal of Innovations in Engineering and Technology (IJIET) http://dx.doi.org/10.21172/ijiet.133.21 Implementation and Analysis of Key Reinstallation Attack Saba Khanum1, Ishita kalra2 1Department of Information Technology, MSIT, Janakpuri, New Delhi, India 2Department of Computer Science and Engineering, MSIT, Janakpuri, New Delhi, India Abstract- The objective of the paper is to implement and analyzed the impact of Key Reinstallation Attack (popularly dubbed as KRACK) on debian based machines. The paper elucidates on the capture of packets through the attack without being a part of the network and affecting the target machines with the help of an attack machine placed inside the network. It basically exploits the nonce of the network which ultimately paves way to the execution of the attack. The issue tends to gather more eyeballs as it affects all devices using Wi-Fi through WPA2 protocol. Hence, the catastrophe complimented along the attack is severe. The analysis of the impact is carried on by analyzing the type of packets visible as well as captured during the course of the implementation. Here, we have created a python script which identifies whether the targeted machine is vulnerable to KRACK or not and corresponding to that the packet capture starts and ultimately, the impact is measured. Keywords – KRACK, weakness, WPA2, attack, security I. INTRODUCTION The presence of the bug has been detected in the cryptographic nonce of the WPA2 and can be used to clone a connected party to reinstall a used key. The presence of the nonce is specifically intended to prevent reuse, but in this particular case, it gives malicious users the opportunity to replay, decrypt, or forge packets, ultimately enabling them to access all previously considered encrypted information without actually being part of the network.
    [Show full text]
  • Zix Wins 5-Vendor Email Encryption Shootout Email Encryption Has Come a Long Way Since Our Last Review
    Reprint THE CONNECTED ENTERPRISE MARCH 13, 2017 Zix wins 5-vendor email encryption shootout Email encryption has come a long way since our last review BY DAVID STROM, NETWORK WORLD terms of the flexibility of various encryption While these personal encryption products protocols used, along with DLP features that are improvements, there are also steps mail encryption products have are built-in along with a simple and single forward for the enterprise encryption email made major strides since we last pricing structure -- all things that Zix excels. user. Some products, such as Zix, hide the looked at them nearly two years All of these encryption products will cost encryption key process entirely from the ago. They have gotten easier you a few dollars a month per user. While user, so well that you might not even know to use and deploy, thanks to a that doesn’t sound like much, if you have that an encrypted message has passed from Ecombination of user interface and encryption an installation of several thousand users, sender to recipient. key management improvements, and are at the price tag could add up. However, the Others, such as Virtru and HPE/Voltage, the point where encryption can almost be alternative is having your email stream use identity-based encryption management called effortless on the part of the end user. available to anyone with a simple collection to verify a new recipient in their systems. Our biggest criticism in 2015 was that the of tools that even teens can master. Once a user new to these products products couldn’t cover multiple use cases, clicks on a confirmation email, they are such as when a user switches from reading Trends and bright spots forever allowed access, their emails are emails on their smartphone to moving to a In 2015, we said that gateways may have automatically decrypted, and there is no webmailer to composing messages on their fallen out of favor, but that trend has been need for any further effort to keep track of or Outlook desktop client.
    [Show full text]
  • MEMO. Nº. 52/2017 – SCOM
    00100.096648/2017-00 MEMO. nº. 52/2017 – SCOM Brasília, 21 de junho de 2017 A Sua Excelência a Senhora SENADORA REGINA SOUSA Assunto: Ideia Legislativa nº. 76.334 Senhora Presidente, Nos termos do parágrafo único do art. 6º da Resolução do Senado Federal nº. 19 de 2015, encaminho a Vossa Excelência a Ideia Legislativa nº. 76.334, sob o título de “Criminalização Da Apologia Ao Comunismo”, que alcançou, no período de 09/06/2017 a 20/06/2017, apoiamento superior a 20.000 manifestações individuais, conforme a ficha informativa em anexo. Respeitosamente, Dirceu Vieira Machado Filho Diretor da Secretaria de Comissões Senado Federal – Praça dos Três Poderes – CEP 70.165-900 – Brasília DF ARQUIVO ASSINADO DIGITALMENTE. CÓDIGO DE VERIFICAÇÃO: CE7C06D2001B6231. CONSULTE EM http://www.senado.gov.br/sigadweb/v.aspx. 00100.096648/2017-00 ANEXO AO MEMORANDO Nº. 52/2017 – SCOM - FICHA INFORMATIVA E RELAÇÃO DE APOIADORES - Senado Federal – Praça dos Três Poderes – CEP 70.165-900 – Brasília DF ARQUIVO ASSINADO DIGITALMENTE. CÓDIGO DE VERIFICAÇÃO: CE7C06D2001B6231. CONSULTE EM http://www.senado.gov.br/sigadweb/v.aspx. 00100.096648/2017-00 Ideia Legislativa nº. 76.334 TÍTULO Criminalização Da Apologia Ao Comunismo DESCRIÇÃO Assim como a Lei já prevê o "Crime de Divulgação do Nazismo", a apologia ao COMUNISMO e seus símbolos tem que ser proibidos no Brasil, como já acontece cada vez mais em diversos países, pois essa ideologia genocida causou males muito piores à Humanidade, massacrando mais de 100 milhões de inocentes! (sic) MAIS DETALHES O art. 20 da Lei 7.716/89 estabeleceu o "Crime de Divulgação do Nazismo": "§1º - Fabricar, comercializar, distribuir ou veicular, símbolos, emblemas, ornamentos, distintivos ou propaganda que utilizem a cruz suástica ou gamada, para fins de divulgação do nazismo.
    [Show full text]
  • 2.3 Blockchain
    POLITECNICO DI TORINO Corso di Laurea Magistrale in Ingegneria Informatica - Data Science Tesi di Laurea Magistrale Supporting the portability of profiles using the blockchain in the Mastodon social network Relatore Candidato prof. Giovanni Squillero Alessandra Rossaro Anno Accademico 2018-2019 École polytechnique de Louvain Supporting the portability of profiles using the blockchain in the Mastodon social network Authors: Alessandra ROSSARO, Corentin SURQUIN Supervisors: Etienne RIVIERE, Ramin SADRE Readers: Lionel DRICOT, Axel LEGAY, Giovanni SQUILLERO Academic year 2018–2019 Master [120] in Computer Science Acknowledgements We would like to thank anyone who made the writing of this thesis possible, directly or indirectly. First of all, we would like to thank our supervisors, Prof. Etienne Riviere and Prof. Ramin Sadre for their continous support and advice during the year. We would never have gone this far without them. Secondly, we thank Lionel Dricot, Prof. Axel Legay and Prof. Giovanni Squillero for accepting to be the readers of this thesis. Alessandra First of all, I would like to thank my family, my parents Claudia and Alberto, my brother Stefano and my sister Eleonora, that from the beginning of my studies believed in me, every time urging me to give more and sustaining me each time that I had difficulties. They are my strength and I feel really lucky to have them in my life. Another thanks is to my friends, to Soraya, Beatrice, Sinto and Stefano and especially to Matteo and Edoardo that each time that I needed, remember me to believe in myself and don’t give up. Thank you, sincerely! I would like to thank also my partner, Corentin, because we were a great team, sometimes with some misunderstandings, but I appreciated to work at this project with him! Corentin I must express my deep gratitude to my family and friends for their moral support.
    [Show full text]
  • Are Cookie Banners Indeed Compliant with the Law? Cristiana Santos, Nataliia Bielova, Célestin Matte
    Are cookie banners indeed compliant with the law? Cristiana Santos, Nataliia Bielova, Célestin Matte To cite this version: Cristiana Santos, Nataliia Bielova, Célestin Matte. Are cookie banners indeed compliant with the law?: Deciphering EU legal requirements on consent and technical means to verify compli- ance of cookie banners. Technology and Regulation, Tilburg University, 2020, 2020, pp.91-135. 10.26116/TECHREG.2020.009. hal-02875447v2 HAL Id: hal-02875447 https://hal.inria.fr/hal-02875447v2 Submitted on 23 Sep 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Are cookie banners indeed compliant with the law? Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners Cristiana Santos, Nataliia Bielova, Célestin Matte Inria, France [email protected] [email protected] [email protected] Abstract In this paper, we describe how cookie banners, as a consent mechanism in web applications, should be designed and implemented to be compliant with the ePrivacy Directive and the GDPR, defining 22 legal requirements. While some are provided by legal sources, others result from the domain expertise of computer scientists. We perform a technical assessment of whether technical (with computer science tools), manual (with a human operator) or user studies verification is needed.
    [Show full text]
  • Digital Security for Activists
    Training the Motivated: Digital Security for Activists Glencora Borradaile Kelsy Kretschmer Abstract School of Electrical Engineering School of Public Policy The state of global surveillance and the political and Computer Science Sociology Program environment has many activists caring more about their Oregon State University Oregon State University online security culture. We report on the initiation of a Corvallis, OR 97331, USA Corvallis, OR 97331, USA Digital Security for Activists program and a pilot study of an [email protected] [email protected] introductory seminar. Pre- and post-surveys of the seminar will form an initial assessment of what kind of intervention might increase the security practices of activists and to inform the design of program offerings. We report on the pre-surveys from three offerings of the seminar. Introduction In collaboration with the Civil Liberties Defense Center (CLDC), the first author had been offering informal digital security trainings for activists and their lawyers. After the fall elections in the U.S., requests for these trainings increased dramatically and shortly thereafter we launched a Digital Security for Activists (DSA) program. The DSA program’s intent is to align with the CLDC mission (“to defend and uphold civil liberties through education, outreach, litigation, legal support, and assistance”) and enable citizen activists to assert their constitutional rights while organizing online. Copyright is held by the author/owner. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee. Poster In order to provide trainings that are useful and effective, we presented at the 13th Symposium on Usable Privacy and Security (SOUPS 2017).
    [Show full text]