Report CopyRight/DMCA Form For : Do You Believe In Tinker Bell The Social Externalities Of
1 Introduction, Children know the story of Tinker Bell from JM Barrie s 1904 play Peter Pan. or the boy who wouldn t grow up She is a fairy who is about to fade away and. die but is revived when the actors get the audience to declare their belief in her. The underlying idea goes back at least to ancient Greek mythology the Greek. gods power waxed and waned depending on the number of men who sacrificed. to them More modern references include Jean Ray s 1943 novel Malpertuis 21. puts it as translation from French Men are not born of the whim or will of. the gods on the contrary gods owe their existence to the belief of men Should. this belief wither the gods will die The same concept was used recently in the. 2012 movie Wrath of the Titans, The idea that authority emerges by consensus and evaporates when the con. sensus does is not restricted to mythology democratic institutions perform a. similar function In the context of a nation state or even a professional society. they are developed into a governance framework optimised for a combination of. stability responsiveness and the maintenance of trust. How are things online The honest answer is not good When talking of trust. online the first port of call is the Certification Authority CA infrastructure. which has many known failings A typical machine trusts several hundred CAs. and trusts them for just about everything if the Iranian secret police manage. to hack Comodo they can not only impersonate your bank or take over your. online banking session they can also upgrade your software Since an Iranian. compromise caused the browser vendors to close down Diginotar we have seen. corporates moving their certificate business to the two largest players Verisign. and Comodo in the belief that these firms are too big to fail or perhaps too. interconnected to fail Firms hope that even if these CAs are hacked as both. have been the browser vendors would never dare remove their root certs because. of the collateral damage this would cause As for ordinary users we trust Verisign. not because we decided to but because the merchants who operate websites we. use decided to This is a classic two sided market failure. Can we expect salvation from governments Probably not any time soon. Governments have tried to assume divine powers of their own first during the. crypto wars by attempting to mandate that they have master keys for all trust. services operating in their jurisdiction and second by trying to control authen. tication services Such initiatives tend to come from the more secret parts of. states rather than the most accountable parts, Can we users ourselves do better The SPKI SDSI proposal from Ellison. Rivest and Lampson attracted some research effort in the late 1990s and showed. how every individual user could act as their own trust anchor but the question. is how to deploy such a system and scale it up the one user based system. actually deployed in the 1990s PGP remains widely used in niche applications. such as CERTs and anti virus researchers but never scaled up to mass use The. application of encrypting email suffers from strong network externalities in that. I need my counterparties to encrypt their email too This has become the norm. in specific communities but did not happen for the general population. Can we scale up deployment in other applications from a club that provides. a small initial user base One case where this happens is in the Internet inter. connection ecosystem where trust among some 50 000 ASes is founded on the. relationships between about a dozen Tier 1 providers who form in effect a club. their chief engineers meet regularly at Nanog conferences and know each other. well But how could a service scale up from a few dozen users. 2 Motivation, In this paper we present another example for discussion We propose an anony. mous online reputation system whose goal is to let people get better quality of. service from a distributed proxy service such as Tor Our proposed new trust. service has limited scope if it works it can provide lower latency while if it. fails its failure should be evident The more people trust it the more effective. it becomes if people observe that it s not working and lose faith in it then it. will fade away and die What s more multiple such trust services can compete. as overlays on the same network, The Tor network 9 consists of volunteer relays mixing users traffic to pro. vide anonymity The list of relays is disseminated through a consensus file which. includes the IP addresses of all relays IP addresses are required to allow a. user s client Tor software to locally decide which relays to use to route traffic. However an attacker say a censor can also download the consensus file ex. tract relay addresses and block traffic by cooperating with local ISPs or using a. nation wide firewall Thus victims of a technically competent censor need pri. vate relays to connect to one of the publicly known relays The private relay must. not be known to the censor or it too will be blocked These private relays called. bridges act as transient proxies helping victims to connect to the Tor network. Bridges are a scarce resource yet play a critical role in connecting censorship. victims to the Tor network Therefore we want to incentivise Tor users to run. more bridges, The system proposed in this paper was originally designed to motivate non. malicious node interaction in anonymous remailer networks We then realised. that the design fits into the literary theme for the Twenty third International. Security Protocols Workshop Information Security in Fiction and in Fact. 3 System design, The system consists of competing clubs each is managed by a club secretary. This is a major design difference from using a quorum of Directory Authorities. DAs organised as a failover cluster as currently implemented in Tor The club. secretaries acting as Bridge Authorities BAs are responsible for disseminating. information regarding club members Each secretary is supported by a commu. nity of members who use its tokens as a currency to prioritise service Members. help censored users victims to circumvent censorship by volunteering their re. sources to act as bridges and can claim token rewards for their help To the. secretaries the performance of members is visible and measurable. Secretaries clear each others tokens just as banks clear each others notes. Through private token payments we can analyse the behaviour of nodes and. determine which are actively and correctly participating in the network Tokens. are blindly signed objects used to request services from other nodes Tokens lose. value over time to demotivate hoarding We discuss now the details of operation. 3 1 Member registration, Members can join any club they choose loyalty to a club is determined by the. incentives and performance it offers Members can participate in one club or. many volunteering for whoever provides reliable services Members offer service. to a club by broadcasting their services this is my key address etc and I ll. be available for contact between 11 00 and 11 30 send victims my way This. process can be automated using an uncensored and trusted means of commu. nication We assume that most members are outside the censor s jurisdiction. though some will have ties of family or friendship to the censor s victims Thus. some members may be motivated by the wish to help loved ones while others. are altruistic and others are revenue maximisers Some members will be within. the censored jurisdiction, We assume that keys can be exchanged successfully between members and. secretaries either the secretary publishes public keys somehow or passes them. on to new members as part of the recruitment process about which we are. agnostic Within the censored jurisdiction one or more designated scouts com. municate with victims we assume these are existing members We assume the. existence of innocuous store and forward communications channels such as email. or chat only a handful of censored jurisdictions ban Gmail and encrypted chat. completely,3 2 A simple threat model, Suppose that Alice and Bob belong to a club organised by Samantha to provide. bridge services Alice volunteers her IP address at time t to Samantha a victim. Victor contacts Sam to ask for a bridge Sam gives him Alice s IP address and. a short one time password NA Victor contacts Alice and presents NA Alice. shows NA to Sam who checks it and Alice connects Victor to the Tor network. The protocol runs, The first problem with this simple protocol is that Samantha has to be online. all the time as she s a bottleneck the censor can take down the system by. running a distributed denial of service attack on her and even without that we. have two messages more in the protocol than we probably need Our first attempt. at improvement is to make the nonce NA one that Alice can check Alice shares a. key KAS with Samantha and we construct the nonce NA by encrypting a counter. k with it The protocol is now,S V IP k KAS, Alice can now check the nonce directly so Samantha doesn t have to be. The next problem is harder it s that the censor s shill Vlad can also ask for. an IP address and if Samantha gives him one the censor will block it This is. the real attack right now on Tor bridges the censors pretend to be victims find. the bridges and block them Various mechanisms are used from restricting the. number of IP addresses given to any inquirer and trying to detect Sybil inquirers. using analytics but if you have a repressed population where one percent have. been coopted into working for the secret police then telling Vlad apart from. Victor is hard at least for Samantha who is sitting safely in New York. 3 3 A more realistic threat model, In what follows we assume that of the two representative club members Alice is. in the repressed country while Bob is sitting safely in exile Alice if honest and. competent is better than average at telling Victor from Vlad perhaps because of. family ties friends or ethnic or religious affiliations Alice might be undercover. or might have some form of immunity she might be a diplomat or religious. official or sports star She might hand over bridge contact details to victims. written on pieces of paper or on private Twitter messages to fans The full gamut. of human communications both online and offline are available for members who. act as scouts to get in touch with victims, We now introduce another layer of indirection into the protocol After Bob. volunteers to be a bridge Samantha gives the scout Alice a token for her to give. to a victim Victor constructed as k NAS KBS When this is presented to Bob. he can decrypt it and recognise the counter so he knows Samantha generated it. for him and grants bridge service to the victim He sends it to Samantha who. can recognise it as having been generated for Alice and can thus note that Alice. managed to recruit Victor or alternatively if Bob s IP address then ended up. on the blacklist that Alice recruited Vlad by mistake Formally. S A IP k NAS KBS,V B k NAS KBS, NAS can of course be constructed in turn by encrypting a counter but once. we start encrypting a block cipher output and a counter under a wider block. cipher we are starting to get to the usability limit of what can be done with. groups of digits written on a piece of paper As AES ciphertext plus an IP. address is about 50 decimal digits In some applications this may be all that s. possible In others we might assume that both scouts and victims can cut and. paste short strings so that digital coins and other public key mechanisms can. In a more general design we have to think not just about running scouts to. contact victims and tell victims apart from censors but also about scouts who. are eventually turned and about clubs that fail because the club organiser is. turned or has their computer hacked by the censor or is just incompetent We. also have to think about dishonesty about a bridge operator or scout who cheats. by inflating his score by helping nonexistent or Sybil victims How far can we. get with reasonably simple mechanisms,3 4 Payment system. We avoid using external payments as offering cash payments as incentives to. volunteers risks trashing the volunteer spirit this is why the Tor project has. always been reluctant to adopt any form of digital cash mechanism for service. provision volunteering is crucial for Tor s operation Furthermore we avoid. using complicated zero knowledge protocols or creating huge log files to protect. against double spending large audit trails cannot scale very well We prefer a. lightweight mechanism that uses blind signatures made with regularly chang. ing keys and member pseudonyms to provide privacy and unlinkability as well. as symmetric cryptography to create data blobs verifiable by the secretary or. bridge The token reward can then be used to pay for other services in Tor For. example club members who run successful bridge services might enjoy better. quality of service by using service tokens to get priority. We now sketch a design using blind signatures rather than just shared key. mechanisms, 3 4 1 Member identifier After registering a member the secretary creates a. series of data blobs as the member s identifiers An identifier can be the result of. encrypting the member s name plus a counter or random salt with a symmetric.