Master’s graduate Lindsey Tulloch and her advisor Professor Ian Goldberg have won one of three Andreas Pfitzmann Best Student Paper Awards for “Lox: Protecting the Social Graph in Bridge Distribution.” Their award-winning paper was presented at PETS 2023, the 23rd Privacy Enhancing Technologies Symposium, held this year from July 10–15 in Lausanne, Switzerland.
Named after Andreas Pfitzmann (1958–2010), a pioneer of technical privacy protection, the award is conferred for papers written solely or primarily by a student who is presenting the research at PETS. Selection is based on the scientific quality of the paper, the expected impact it will have on the field, and the quality of the presentation.
“Congratulations to Lindsey and Ian on their best student paper award at the Privacy Enhancing Technologies Symposium,” said Raouf Boutaba, Professor and Director of the Cheriton School of Computer Science. “This research is of great importance as it provides a mechanism for people to use the Internet privately, thereby evading Internet censorship and surveillance.”
L
to
R:
Lindsey
Tulloch
and
Professor
Ian
Goldberg
Lindsey
graduated
with
a
master’s
degree
in
Computer
Science
in
May
2022.
She
is
a
software
developer
on
Tor’s
anti-censorship
team.
The
Tor
Project
is
a
non-profit
organization
responsible
for
developing
and
maintaining
software
for
the
Tor
anonymity
network. The
award-winning
research
she
conducted
on
a
new
bridge
distribution
system
during
her
master’s
degree
is
now
being
developed
for
deployment
to
the
millions
of
users
of
the
Tor
network
to
protect
their
privacy
online.
Ian
Goldberg
is
the
Canada
Research
Chair
in
Privacy
Enhancing
Technologies
and
a
professor
at
the
Cheriton
School
of
Computer
Science.
His
main
research
interests
are
in
security
and
privacy,
and
specifically
in
creating
privacy
enhancing
technologies
—
PETs
—
for
the
Internet.
More about this award-winning research
In many regions across the globe, repressive governments censor the Internet to limit access to information, to prevent self-expression, to monitor the activity of Internet users, and to suppress dissent. Anti-censorship proxies — known as bridges — can provide journalists, activists, and individuals from marginalized groups a connection to the open Internet beyond the area of influence a censor controls.
However, bridge distribution systems, which are created to publicly distribute large pools of bridges to users in censored regions, may also inadvertently provide bridges to malicious users. If not designed with privacy in mind, bridge distribution systems can be overwhelmed by attacks from censors, undermining the integrity of the system and exposing its users.
For example, BridgeDB, the bridge distribution system currently used by the Tor Project, provides adequate privacy protection for some Tor users. But the passive and active detection techniques used by censors — such as traffic flow analysis, deep packet inspection, website fingerprinting, and active probing — can reveal Tor bridges, rendering Tor inaccessible for most users in some regions.
In their paper, Lindsey and Professor Goldberg describe Lox, a new bridge distribution system that prioritizes protecting privacy of users and their social graphs — the interconnections among people, groups and organizations in a social network. Lox also incorporates enumeration resistance mechanisms to improve access to bridges and limit the malicious behaviour of censors. The research employs an updated unlinkable multi-show anonymous credential scheme, suitable for a single credential issuer and verifier, to protect Lox bridge users and their social networks from being identified by censors. They formalize a trust level scheme that is compatible with anonymous credentials and effectively limits malicious behaviour while maintaining user anonymity.
Their work includes an open-sourced, Rust implementation of their Lox protocols as well as an evaluation of their performance. With reasonable performance and latency for the expected user base, they demonstrate Lox as a practical, social graph protective bridge distribution system. Measured performance shows that Lox can provide reasonable protection of the social graph for millions of users with even a single core.
Andreas Pfitzmann Best Student Paper Awards
This is the third time that a paper Professor Goldberg coauthored with graduate students has won an Andreas Pfitzmann Best Student Paper Award.
Previous awardees are —
- Alex Davidson, Ian Goldberg, Nick Sullivan, George Tankersley, and Filippo Valsorda for “Privacy Pass: Bypassing Internet Challenges Anonymously,” which received the 2018 Andreas Pfitzmann Best Student Paper Award
- Mashael AlSabah, Kevin Bauer, Tariq Elahi, and Ian Goldberg for “The Path Less Travelled: Overcoming Tor’s Bottlenecks with Traffic Splitting,” which received the 2013 Andreas Pfitzmann Best Student Paper Award