A Framework forDistributedAnonymous

Data Collectionand Feedback

Max Timchenko Ari Trachtenberg

Poster:

• ACM Systor 2015

• IEEE S&P 2015 (Oakland)

Modified Microsoft crash reporter message window showing potential forabuse of diagnostic data sent in plaintext. SPIEGEL ONLINE

Our system

Example use cases

• Malware detection from DNS queries

• Software popularity

• Traffic information

Wikipedia

... like waze

Analysis

Time for submission of report – queuing analysis.

(sec

)

Guarantees

Anonymity:against Eve• Cannot distinguish two reports• Can count reports per relay

• does not know where they originated

against relay compromise• Cannot recover plaintext• Can alter relay probabilities

• does not know for whom

against core compromise• See plaintext for one epoch

• Does not see originator• Cannot correlate against other epochs

Guarantees

Disruption:

Validity of feedback: