>> >=>
>>=> >> >=>
>> >=> >=> >=> >> >==> >=>
>=> >=> >> >=> >=> >=> >=>
>=====>>=> >> >=> >=> >=> >=>
>=> >=> >=> >=> >=> >=> >=>
=> >=> >=> >==> >=> >==>
>=>
TRAVEL
I participated in a workshop at the beginning of the month in DC. I
also taught
various people about Tor and GPG and Satori throughout the month, though
these
were usually one-on-one or one-on-five situations rather than events.
I'm strongly leaning towards restricting my travel for the next year.
CODE
Security audits & code review: I’ve enlisted outside help for security
audits,
static code analysis, and code review. To that end, I’m working with
Cure53 for
a full audit of Cupcake and Flashproxy (which is within scope because
Cupcake’s
code effectively acts as a wrapper for flashproxy). This will take
place the
first week of May.
Satori for Chrome, Windows desktop, and Android will be submitted for
audits
later in May. Stormy’s GUI code will be audited later in May, with
scripts
undergoing review likely in early June.
Began working with a press consultant/coordinator for Satori. Given how
difficult it is to juggle time-sensitive press activities with other
important
tasks, and considering my great reluctance to give interviews, I expect
that
this will be a major win.
I realized that certain environmental factors can cause Tails to fail
open --
which could de-anonymize some users if they are actively in the process
of
downloading something large. An attacker who suspects that an IP
address may be
using Tails to access the Tor network should be able to induce these
conditions
very easily. More experiments are needed in this area.
May (so far): In the process of hiring Kim Burton part-time to assist
with
writing and documentation. She is awesome.
Discussion is ongoing as to whether to rebrand Cupcake Bridge (the
project that
houses Cupcake and Satori) as Freya Labs. Freya is a viking warrior
goddess who
drives a chariot led by two enormous cats, so there's a lot to like
about that.
RESEARCH
The W2SP “Genuine Onion” paper is now public [1][2]. Paul was great to
write
with =)
I am writing a paper on guard exhaustion[3].
As mentioned previously, I’ve been working on automated content analysis
of
redacted documents. I wrote a paper/talk proposal for HotPETS, but it
was not
selected. However, I am continuing to work on it as it is very
fascinating to
me (and literally no one else).
This represents a major advancement over David Neccache and Claire
Whelan’s
initial analysis (Eurocrypt 2004), and also a dramatic step forward from
Lopresti and Spitz’s 2005 analysis of older-style redactions [4].
The conclusion was that in instances where the occlusion contained only
one
word, content was accurately guessed 100% of the time within a few
seconds in
the lab. As my work covers a lot of new ground in this area, I will
likely
write a longer paper to present my findings. This would seem to be the
largest
analysis of this type, and the first one targeting full documents in an
automated fashion.
Typographic considerations in document security is not a common research
topic,
so finding a good fit is proving tricky. The findings will at least be
in a
blog post at some point. The code created as part of this research
project will
be released with a restrictive license in the near future.
PERSONAL:
- I am moving to Cambridge, MA in June and am very excited =) So
everyone asking
me when I’m moving to Berlin, the answer is Never.
- I’ve been working on art more lately, producing many terrible cubist
doodles and
presumably equally terrible sculpture ideas. I find working with
pastels in
particular to be very relaxing. Later this summer I begin working in
earnest on
a fairly sizeable sculpture, with an eye towards completing it by March
2017.
- I’m weighing my options for different graduate school programs in
computer
science and psychology.
- Apologies to anyone affected by email latency.
[1] NRL’s page on Genuine Onion:
http://www.nrl.navy.mil/itd/chacs/syverson-genuine-onion-simple-fast-flexible-and-cheap-website-authentication
[2] The github repo where we wrote it:
https://github.com/saint/w2sp-2015
[3] Explanation of guard exhaustion:
https://github.com/saint/dcaps-winter2015
[4] http://www.cse.lehigh.edu/~lopresti/Publications/2005/spie05a.pdf
~Griffin
--
“Sometimes the questions are complicated and the answers are simple.”
― Dr. Seuss
_______________________________________________
tor-reports mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-reports
