DOCSLIB.ORG

Political and Ethical Perspectives on Data Obfuscation 165

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Political and Ethical Perspectives on Data Obfuscation 165 1 7 2 Political and ethical perspectives 3 on data obfuscation 4 Finn Brunton and Helen Nissenbaum* 5 Asymmetries of data gathering and means 6 of redress: the warrant for obfuscation 7 Our chapter, like all the others gathered in this volume, is written in light 8 of the fact that computer-enabled data collection, aggregation and mining 9 dramatically change the nature of contemporary surveillance. Innocuous 10 traces of everyday life submitted to sophisticated analytics tools developed for 11 commerce and governance can become the keys for stitching disparate data- 12 bases together into unprecedented new wholes. This data is often gathered 13 under conditions of profound power imbalance. What can we do when faced 14 with these demands, which are often trivial but whose implications are pro- 15 found, and which we may not be in a position to refuse? 16 Being profi led is the condition of many essential transactions, from con- 17 necting with friends in online social networks to shopping, travelling and 18 engaging with institutions both public and private. Nor, as we shall discuss 19 below, can we rely on law, technology or the scruples of the data gatherers. 20 What we propose is an alternative strategy of informational self-defence, a 21 method that acts as informational resistance, disobedience, protest or even 22 covert sabotage – a form of redress in the absence of any other protection and 23 defence, and one which disproportionately aids the weak against the strong. 24 We call this method obfuscation and, in this chapter, we will argue for the 25 political and ethical philosophy it expresses and embodies. 26 Obfuscation is the production of misleading, ambiguous and plausible but 27 confusing information as an act of concealment or evasion. It is a term we use 28 to capture key commonalities in systems ranging from chaff, which fi lls radar’s 29 sweep with potential targets; to the circulating exchanges of supermarket loy- 30 alty cards that muddle the record of purchases; to peer-to-peer fi le sharing 31 systems such as BitTorrent, protecting their users from legal action by pro- 32 ducing records of many IP addresses, only a few of which may be engaged 33 in fi le sharing. Through these and other cases we can begin to clarify obfusca- 34 tion among the other forms of resistance to surveillance, whether that surveil- 35 lance takes the form of consumer data aggregation (for supermarkets, or by HHildebrandtildebrandt aandnd ddee VVries_Chap07.inddries_Chap07.indd 116464 224-12-20124-12-2012 110:43:390:43:39 Political and ethical perspectives on data obfuscation 165 1 companies such as Acxiom), monitoring for intellectual property violations 2 (at the behest of the Recording Industry Association of America (RIAA) and 3 the Motion Picture Association of America (MPAA)), targeted advertising (by 4 sites such as Google and Facebook) or police actions by repressive govern- 5 ments (which we will see addressed by obfuscation tactics within platforms 6 for secure private conversation such as Tor). 7 We distinguish and evaluate different modes of obfuscation as well as 8 motivations and power topologies of key actors: are obfuscation tactics typi- 9 cally the response of the weak against the strong, adopted by those outside 10 circles of power and infl uence, or vice versa? Our political analysis of obfusca- 11 tion also addresses normative questions of legitimacy, asking whether such 12 ‘smokescreens’ to avoid monitoring are morally defensible – ever, never or 13 sometimes? Under what conditions in the political landscape of surveillance 14 are obfuscation’s deceptive tactics acceptable? These can be deemed legitimate 15 assertions of autonomy or problematic instances of economic free ridership 16 (relying on others to be less conscientious in muddying their tracks and there- 17 fore better targets); they can be hailed as resistance to inappropriate monitor- 18 ing or damned as the poisoning of wells of collective data. Obfuscation, as a 19 tactic both personal and political, offers a platform for studying legitimate 20 and problematic aspects of both surveillance and its opposition in an age of 21 ubiquitous data capture. 22 In the context of this volume, we do not need to go out of our way to 23 describe the problematic state of contemporary data gathering and analysis, 24 but we do need to highlight the specifi c problems of asymmetry these prac- 25 tices, as a matter of fact, often involve. The most mundane points of contact 26 with contemporary life implicate the involuntary production of data on our 27 part: passing security cameras, withdrawing cash, making credit card pur- 28 chases, making phone calls, using transit (with electronic ticketing systems 29 such as MetroCards, FasTrak tags, Oyster, Octopus, Suica or E-ZPass) – to say 30 nothing of using the internet, where every click and page may be logged and 31 analysed, explicitly providing data to the organisations on whose systems we 32 interact, as well as their associates. This data can be repackaged and sold, col- 33 lected, sorted and acquired by a variety of means, and reused for purposes of 34 which we, the monitored, know nothing, much less endorse (Gonzalez Fuster 35 2009 ). The unreliability of the businesses and public-private partnerships in 36 the information industry gives data mobility still more sinister dimensions, as 37 materials are stolen, leaked, sold improperly or turned to very problematic ends 38 by governments – ChoicePoint’s sale of 145,000 records to identity thieves 1 39 being one particularly egregious example. The nature of these businesses, 40 acquiring new data sets to add to their existing collections, points to a fi nal area 41 of concern. Multiple databases consolidated and cross-referenced, with inciden- 42 tal details linking previously disconnected bodies of information, produce a far 43 more signifi cant whole than any one part would suggest: identities, tendencies, 2 44 groups and patterns with both historically revelatory and predictive power. HHildebrandtildebrandt aandnd ddee VVries_Chap07.inddries_Chap07.indd 116565 224-12-20124-12-2012 110:43:390:43:39 166 Privacy, due process and the computational turn 1 The asymmetry problems to which we alluded above are, fi rst, an asym- 2 metry of power: rarely do we get to choose whether or not we are monitored, 3 what happens to information about us and what happens to us because of this 4 information. We have little or no say when monitoring takes place in inap- 5 propriate contexts and is shared inappropriately with inappropriate others. 6 The second asymmetry, equally important, is epistemic: we are often not fully 7 aware of the monitoring, and do not know what will become of the informa- 8 tion produced by that monitoring, nor where it will go and what will be done 9 with it. 10 Your data is not accumulated in neutral circumstances, whether surveil- 11 lance occurs at the level of infrastructure with which you must participate, 12 through forms that must be completed to receive essential resources, or oner- 13 ous terms of service to which you must consent before you can use an online 14 product that has become vital to doing business. The context is often one of 15 major power imbalance, between individual consumers and major corpora- 16 tions, or citizens and governments. Obviously there is nothing inherently 17 wrong with gathering and aggregating data on individuals – it is the life- 18 blood of the work of the epidemiologist, for example, and the starting point 19 for many benefi ts of the networked society. It is in the combination of data 20 gathering with authority and its arbitrary interests where problems may 21 begin. 22 These problems continue once our data has been collected: we do not know 23 whether whoever gathers it will repackage and resell it, whether it will become 24 part of a schedule of assets after a bankruptcy or whether it will be collated by 25 a private party such as ChoicePoint with public records for reassembly and 26 used in a different context from the original point of provision. Data mining 27 and related disciplines are complex and intellectually demanding; they often 28 require resources of expertise, software and hardware that people outside large 29 institutions do not possess. We do not have access to the other databases, nor 30 the techniques and the training in mathematics and computer science, to 31 comprehend what can be done with seemingly trivial details from our lives 32 and activities, and how they can provide more powerful, total and revealing 33 analyses than we could have anticipated (Reiman 1995 ; Solove 2008 ). The 34 inconsequential and even benign can quickly become the problematic and 35 sinister. 36 Furthermore, we do not know what future techniques and databases will 37 enable. Opportunities for the correlation of information tend to increase with 38 time. Institutions very rarely voluntarily destroy materials with as much 39 potential as a rich database and, as Templeton ( 2009 ) points out, the mecha- 40 nisms to extract value from databases are only going to get better. Materials 41 from very different contexts, created in conditions of many different norms – 42 telephone call logs, geolocative data, purchase records whether in person or 43 online, demographic and personally identifying information, products of the HHildebrandtildebrandt aandnd ddee VVries_Chap07.inddries_Chap07.indd 116666 224-12-20124-12-2012 110:43:390:43:39 Political and ethical perspectives on data obfuscation 167 1 data generating machines that are social networking sites – can be combined, 2 correlated and cross-referenced with less and less effort. 3 Finally, the gravity of the potential consequences of this mass of data is not 4 easily perceived in the many small moments when we are faced with a deci- 5 sion about whether or not to comply, and give up information.
Load more

Recommended publications
  • BPGC at Semeval-2020 Task 11: Propaganda Detection in News Articles with Multi-Granularity Knowledge Sharing and Linguistic Features Based Ensemble Learning
    BPGC at SemEval-2020 Task 11: Propaganda Detection in News Articles with Multi-Granularity Knowledge Sharing and Linguistic Features based Ensemble Learning Rajaswa Patil1 and Somesh Singh2 and Swati Agarwal2 1Department of Electrical & Electronics Engineering 2Department of Computer Science & Information Systems BITS Pilani K. K. Birla Goa Campus, India ff20170334, f20180175, [email protected] Abstract Propaganda spreads the ideology and beliefs of like-minded people, brainwashing their audiences, and sometimes leading to violence. SemEval 2020 Task-11 aims to design automated systems for news propaganda detection. Task-11 consists of two sub-tasks, namely, Span Identification - given any news article, the system tags those specific fragments which contain at least one propaganda technique and Technique Classification - correctly classify a given propagandist statement amongst 14 propaganda techniques. For sub-task 1, we use contextual embeddings extracted from pre-trained transformer models to represent the text data at various granularities and propose a multi-granularity knowledge sharing approach. For sub-task 2, we use an ensemble of BERT and logistic regression classifiers with linguistic features. Our results reveal that the linguistic features are the reliable indicators for covering minority classes in a highly imbalanced dataset. 1 Introduction Propaganda is biased information that deliberately propagates a particular ideology or political orientation (Aggarwal and Sadana, 2019). Propaganda aims to influence the public’s mentality and emotions, targeting their reciprocation due to their personal beliefs (Jowett and O’donnell, 2018). News propaganda is a sub-type of propaganda that manipulates lies, semi-truths, and rumors in the disguise of credible news (Bakir et al., 2019).
    [Show full text]
  • Dataset of Propaganda Techniques of the State-Sponsored Information Operation of the People’S Republic of China
    Dataset of Propaganda Techniques of the State-Sponsored Information Operation of the People’s Republic of China Rong-Ching Chang Chun-Ming Lai [email protected] [email protected] Tunghai University Tunghai University Taiwan Taiwan Kai-Lai Chang Chu-Hsing Lin [email protected] [email protected] Tunghai University Tunghai University Taiwan Taiwan ABSTRACT ACM Reference Format: The digital media, identified as computational propaganda provides Rong-Ching Chang, Chun-Ming Lai, Kai-Lai Chang, and Chu-Hsing Lin. a pathway for propaganda to expand its reach without limit. State- 2021. Dataset of Propaganda Techniques of the State-Sponsored Informa- tion Operation of the People’s Republic of China. In KDD ’21: The Sec- backed propaganda aims to shape the audiences’ cognition toward ond International MIS2 Workshop: Misinformation and Misbehavior Min- entities in favor of a certain political party or authority. Further- ing on the Web, Aug 15, 2021, Virtual. ACM, New York, NY, USA, 5 pages. more, it has become part of modern information warfare used in https://doi.org/10.1145/nnnnnnn.nnnnnnn order to gain an advantage over opponents. Most of the current studies focus on using machine learning, quantitative, and qualitative methods to distinguish if a certain piece 1 INTRODUCTION of information on social media is propaganda. Mainly conducted Propaganda has the purpose of framing and influencing opinions. on English content, but very little research addresses Chinese Man- With the rise of the internet and social media, propaganda has darin content. From propaganda detection, we want to go one step adopted a powerful tool for its unlimited reach, as well as multiple further to providing more fine-grained information on propaganda forms of content that can further drive engagement online and techniques that are applied.
    [Show full text]
  • Skypemorph: Protocol Obfuscation for Tor Bridges
    SkypeMorph: Protocol Obfuscation for Tor Bridges Hooman Mohajeri Moghaddam Baiyu Li Mohammad Derakhshani Ian Goldberg Cheriton School of Computer Science University of Waterloo Waterloo, ON, Canada {hmohajer,b5li,mderakhs,iang}@cs.uwaterloo.ca ABSTRACT The Tor network is designed to provide users with low- latency anonymous communications. Tor clients build cir- cuits with publicly listed relays to anonymously reach their destinations. However, since the relays are publicly listed, they can be easily blocked by censoring adversaries. Con- sequently, the Tor project envisioned the possibility of un- listed entry points to the Tor network, commonly known as bridges. We address the issue of preventing censors from detecting the bridges by observing the communications be- tween them and nodes in their network. We propose a model in which the client obfuscates its mes- sages to the bridge in a widely used protocol over the Inter- net. We investigate using Skype video calls as our target protocol and our goal is to make it difficult for the censor- Figure 1: This graph from metrics.torproject.org shows the ing adversary to distinguish between the obfuscated bridge number of users directly connecting to the Tor network from connections and actual Skype calls using statistical compar- China, from mid-2009 to the present. It shows that, after isons. 2010, the Tor network has been almost completely blocked We have implemented our model as a proof-of-concept from clients in China who do not use bridges. [41] pluggable transport for Tor, which is available under an open-source licence. Using this implementation we observed the obfuscated bridge communications and compared it with attempts to block access to Tor by regional and state-level those of Skype calls and presented the results.
    [Show full text]
  • Global Manipulation by Local Obfuscation ∗
    Global Manipulation by Local Obfuscation ∗ Fei Liy Yangbo Songz Mofei Zhao§ August 26, 2020 Abstract We study information design in a regime change context. A continuum of agents simultaneously choose whether to attack the current regime and will suc- ceed if and only if the mass of attackers outweighs the regime’s strength. A de- signer manipulates information about the regime’s strength to maintain the status quo. The optimal information structure exhibits local obfuscation, some agents receive a signal matching the true strength of the status quo, and others receive an elevated signal professing slightly higher strength. Public signals are strictly sub- optimal, and in some cases where public signals become futile, local obfuscation guarantees the collapse of agents’ coordination. Keywords: Bayesian persuasion, coordination, information design, obfuscation, regime change JEL Classification: C7, D7, D8. ∗We thank Yu Awaya, Arjada Bardhi, Gary Biglaiser, Daniel Bernhardt, James Best, Jimmy Chan, Yi-Chun Chen, Liang Dai, Toomas Hinnosaar, Tetsuya Hoshino, Ju Hu, Yunzhi Hu, Chong Huang, Nicolas Inostroza, Kyungmin (Teddy) Kim, Qingmin Liu, George Mailath, Laurent Mathevet, Stephen Morris, Xiaosheng Mu, Peter Norman, Mallesh Pai, Alessandro Pavan, Jacopo Perego, Xianwen Shi, Joel Sobel, Satoru Takahashi, Ina Taneva, Can Tian, Kyle Woodward, Xi Weng, Ming Yang, Jidong Zhou, and Zhen Zhou for comments. yDepartment of Economics, University of North Carolina, Chapel Hill. Email: [email protected]. zSchool of Management and Economics, The Chinese University of Hong Kong, Shenzhen. Email: [email protected]. §School of Economics and Management, Beihang University. Email: [email protected]. 1 1 Introduction The revolution of information and communication technology raises growing con- cerns about digital authoritarianism.1 Despite their tremendous effort to establish in- formation censorship and to spread disinformation, full manipulation of information remains outside autocrats’ grasp in the modern age.
    [Show full text]
  • Improving Meek with Adversarial Techniques
    Improving Meek With Adversarial Techniques Steven R. Sheffey Ferrol Aderholdt Middle Tennessee State University Middle Tennessee State University Abstract a permitted host [10]. This is achieved by manipulating the Host header of the underlying encrypted HTTP payload in As the internet becomes increasingly crucial to distributing in- order to take advantage of cloud hosting services that forward formation, internet censorship has become more pervasive and HTTP traffic based on this header. Domain fronting exploits advanced. Tor aims to circumvent censorship, but adversaries censors’ unwillingness to cause collateral damage, as block- are capable of identifying and blocking access to Tor. Meek, ing domain fronting would require also blocking the typically a traffic obfuscation method, protects Tor users from censor- more reputable, permitted host. From the point of view of ship by hiding traffic to the Tor network inside an HTTPS an adversary using DPI and metadata-based filtering, there is connection to a permitted host. However, machine learning no difference between Meek and normal HTTPS traffic. All attacks using side-channel information against Meek pose unencrypted fields in Meek traffic that could indicate its true a significant threat to its ability to obfuscate traffic. In this destination such as DNS requests, IP addresses, and the Server work, we develop a method to efficiently gather reproducible Name Indication (SNI) inside HTTPS connection headers do packet captures from both normal HTTPS and Meek traffic. not reveal its true destination. We then aggregate statistical signatures from these packet However, recent work has shown that Meek is vulnerable captures. Finally, we train a generative adversarial network to machine learning attacks that use side-channel informa- (GAN) to minimally modify statistical signatures in a way tion such as packet size and timing distributions to differenti- that hinders classification.
    [Show full text]
  • The Production and Circulation of Propaganda
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by RMIT Research Repository The Only Language They Understand: The Production and Circulation of Propaganda A thesis submitted in fulfilment of the requirements for the degree of Doctor of Philosophy Christian Tatman BA (Journalism) Hons RMIT University School of Media and Communication College of Design and Social Context RMIT University February 2013 Declaration I Christian Tatman certify that except where due acknowledgement has been made, the work is that of the author alone; the work has not been submitted previously, in whole or in part, to qualify for any other academic award; the content of the thesis is the result of work which has been carried out since the official commencement date of the approved research program; any editorial work, paid or unpaid, carried out by a third party is acknowledged; and, ethics procedures and guidelines have been followed. Christian Tatman February 2013 i Acknowledgements I would particularly like to thank my supervisors, Dr Peter Williams and Associate Professor Cathy Greenfield, who along with Dr Linda Daley, have provided invaluable feedback, support and advice during this research project. Dr Judy Maxwell and members of RMIT’s Research Writing Group helped sharpen my writing skills enormously. Dr Maxwell’s advice and the supportive nature of the group gave me the confidence to push on with the project. Professor Matthew Ricketson (University of Canberra), Dr Michael Kennedy (Mornington Peninsula Shire) and Dr Harriet Speed (Victoria University) deserve thanks for their encouragement. My wife, Karen, and children Bethany-Kate and Hugh, have been remarkably patient, understanding and supportive during the time it has taken me to complete the project and deserve my heartfelt thanks.
    [Show full text]
  • Machine Learning Model That Successfully Detects Russian Trolls 24 3
    Human–machine detection of online-based malign information William Marcellino, Kate Cox, Katerina Galai, Linda Slapakova, Amber Jaycocks, Ruth Harris For more information on this publication, visit www.rand.org/t/RRA519-1 Published by the RAND Corporation, Santa Monica, Calif., and Cambridge, UK © Copyright 2020 RAND Corporation R® is a registered trademark. RAND Europe is a not-for-profit research organisation that helps to improve policy and decision making through research and analysis. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. Limited Print and Electronic Distribution Rights This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited. Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial use. For information on reprint and linking permissions, please visit www.rand.org/pubs/permissions. Support RAND Make a tax-deductible charitable contribution at www.rand.org/giving/contribute www.rand.org www.randeurope.org III Preface This report is the final output of a study proof-of-concept machine detection in a known commissioned by the UK Ministry of Defence’s troll database (Task B) and tradecraft analysis (MOD) Defence Science and Technology of Russian malign information operations Laboratory (Dstl) via its Defence and Security against left- and right-wing publics (Task C). Accelerator (DASA).
    [Show full text]
  • Propaganda Explained
    Propaganda Explained Definitions of Propaganda, (and one example in a court case) revised 10/21/14 created by Dale Boozer (reprinted here by permission) The following terms are defined to a student of the information age understand the various elements of an overall topic that is loosely called “Propaganda”. While some think “propaganda” is just a government thing, it is also widely used by many other entities, such as corporations, and particularly by attorney’s arguing cases before judges and specifically before juries. Anytime someone is trying to persuade one person, or a group of people, to think something or do something it could be call propagandaif certain elements are present. Of course the term “spin” was recently created to define the act of taking a set of facts and distorting them (or rearranging them) to cover mistakes or shortfalls of people in public view (or even in private situations such as being late for work). But “spin” and “disinformation” are new words referring to an old, foundational, concept known as propaganda. In the definitions below, borrowed from many sources, I have tried to craft the explanations to fit more than just a government trying to sell its people on something, or a political party trying to recruit contributors or voters. When you read these you will see the techniques are more universal. (Source, Wikipedia, and other sources, with modification). Ad hominem A Latin phrase that has come to mean attacking one’s opponent, as opposed to attacking their arguments. i.e. a personal attack to diffuse an argument for which you have no appropriate answer.
    [Show full text]
  • WEAPONS of MASS DISTRACTION: Foreign State-Sponsored Disinformation in the Digital Age
    WEAPONS OF MASS DISTRACTION: Foreign State-Sponsored Disinformation in the Digital Age MARCH 2019 PARK ADVISORS | Weapons of Mass Distraction: Foreign State-Sponsored Disinformation in the Digital Age Authored by Christina Nemr and William Gangware Acknowledgements The authors are grateful to the following subject matter experts who provided input on early drafts of select excerpts: Dr. Drew Conway, Dr. Arie Kruglanski, Sean Murphy, Dr. Alina Polyakova, and Katerina Sedova. The authors also appreciate the contributions to this paper by Andrew Rothgaber and Brendan O’Donoghue of Park Advisors, as well as the editorial assistance provided by Rhonda Shore and Ryan Jacobs. This report was produced with support from the US Department of State’s Global Engagement Center. Any views expressed in this report are those of the authors and do not necessarily reflect the views of the US State Department, Park Advisors, or its subject matter expert consultants. Any errors contained in this report are the authors’ alone. PARK ADVISORS | Weapons of Mass Distraction: Foreign State-Sponsored Disinformation in the Digital Age 0. Table of Contents 01 Introduction and contextual analysis 04 How do we define disinformation? 06 What psychological factors drive vulnerabilities to disinformation and propaganda? 14 A look at foreign state-sponsored disinformation and propaganda 26 Platform-specific challenges and efforts to counter disinformation 39 Knowledge gaps and future technology challenges PARK ADVISORS | Weapons of Mass Distraction: Foreign State-Sponsored Disinformation in the Digital Age 1 Introduction and 1. contextual analysis On July 12, 2014, viewers of Russia’s main state-run television station, Channel One, were shown a horrific story.
    [Show full text]
  • It's Only Wrong If It's Transactional: Moral Perceptions of Obfuscated
    ASRXXX10.1177/0003122418806284American Sociological ReviewSchilke and Rossman 8062842018 American Sociological Review 1 –29 It’s Only Wrong If It’s © American Sociological Association 2018 https://doi.org/10.1177/0003122418806284DOI: 10.1177/0003122418806284 Transactional: Moral journals.sagepub.com/home/asr Perceptions of Obfuscated Exchange Oliver Schilkea and Gabriel Rossmanb Abstract A wide class of economic exchanges, such as bribery and compensated adoption, are considered morally disreputable precisely because they are seen as economic exchanges. However, parties to these exchanges can structurally obfuscate them by arranging the transfers so as to obscure that a disreputable exchange is occurring at all. In this article, we propose that four obfuscation structures—bundling, brokerage, gift exchange, and pawning—will decrease the moral opprobrium of external audiences by (1) masking intentionality, (2) reducing the explicitness of the reciprocity, and (3) making the exchange appear to be a type of common practice. We report the results from four experiments assessing participants’ moral reactions to scenarios that describe either an appropriate exchange, a quid pro quo disreputable exchange, or various forms of obfuscated exchange. In support of our hypotheses, results show that structural obfuscation effectively mitigates audiences’ moral offense at disreputable exchanges and that the effects are substantially mediated by perceived attributional opacity, transactionalism, and collective validity. Keywords obfuscation, economic
    [Show full text]
  • HOP: Hardware Makes Obfuscation Practical∗
    HOP: Hardware makes Obfuscation Practical∗ Kartik Nayak1, Christopher W. Fletcher2, Ling Ren3, Nishanth Chandran4, Satya Lokam4, Elaine Shi5, and Vipul Goyal4 1UMD { [email protected] 2UIUC { [email protected] 3MIT { [email protected] 4Microsoft Research, India { fnichandr, satya, [email protected] 5Cornell University { [email protected] Abstract Program obfuscation is a central primitive in cryptography, and has important real-world applications in protecting software from IP theft. However, well known results from the cryptographic literature have shown that software only virtual black box (VBB) obfuscation of general programs is impossible. In this paper we propose HOP, a system (with matching theoretic analysis) that achieves simulation-secure obfuscation for RAM programs, using secure hardware to circumvent previous impossibility results. To the best of our knowledge, HOP is the first implementation of a provably secure VBB obfuscation scheme in any model under any assumptions. HOP trusts only a hardware single-chip processor. We present a theoretical model for our complete hardware design and prove its security in the UC framework. Our goal is both provable security and practicality. To this end, our theoretic analysis accounts for all optimizations used in our practical design, including the use of a hardware Oblivious RAM (ORAM), hardware scratchpad memories, instruction scheduling techniques and context switching. We then detail a prototype hardware implementation of HOP. The complete design requires 72% of the area of a V7485t Field Programmable Gate Array (FPGA) chip. Evaluated on a variety of benchmarks, HOP achieves an overhead of 8× ∼ 76× relative to an insecure system. Compared to all prior (not implemented) work that strives to achieve obfuscation, HOP improves performance by more than three orders of magnitude.
    [Show full text]
  • Dynamic Deception∗
    Dynamic Deception∗ Axel Anderson Lones Smith† Georgetown Michigan September 15, 2009 Abstract We model dynamic deception exercises in Ponzi schemes, war, terrorism, industrial/political espionage, and insider trading. We introduce a new class of competitive continuous time games with an informed player having an unbounded action intensity, whose actions are partially observed by a rival, or sequence of rivals. We find extremely strong square-root logarithm decreasing returns to deception. We provide economic formulations and analyses of espionage, disinformation, and obfuscation. Notably, we establish a globally concave value of information (espionage). Disinformation is always substantial, and pushes confidence in the wrong state above 86%. Finally, obfuscation rises as the public grows more uncertain. ∗This paper was begun when Axel was visiting the University of Michigan. We thank seminar participants at Texas, and especially Max Stinchcombe. Earlier less focused versions of this paper were presented at GAMES 2008, Decentralization (2008), Stoneybrook (2008), George Washington, Georgetown, Michigan, Toronto, and Western Ontario. †Lones thanks the NSF for research funding. 1 Introduction The most valuable commodity I know of is ‘information’. — Gordon Gekko (“Wall Street”, 1987) Deception is in the air: Our inboxes are swamped with spam Nigerian email schemes or other phishing emails that generate $20 billion a year. Political subterfuge and cover- ups persist around the world — like Iran’s falsified election outcome. On Wall Street, multi-billion
    [Show full text]