Aviary: Distributed, Tamper-Proof, Per-User Warrant CanariesReport as inadecuate

Aviary: Distributed, Tamper-Proof, Per-User Warrant Canaries - Download this document for free, or read online. Document in PDF available to download.

1 Duke university Durham

Abstract : Governments routinely claim the power to subject individuals to secret investigation, forcing technology Service Providers to divulge User data without notification. Warrant canaries invert the notification problem by telling a User each time a Service Provider has not received a secret request for their data. Current canaries suffer from non-standardization, poor granularity, and brittleness in the face of attacks, leading the Electronic Frontier Foundation and Berkman Center to discontinue their Canary Watch service, which previously aggregated and monitored Service Provider warrant canaries, in May 2016.Aviary is a distributed, tamper-proof, per-user warrant canary system intended to automate and replace obsolete canary practices. Aviary provides confidential, private, and secure warrant canaries with massively distributed auditing. This paper presents the Aviary system, analyzes it in the context of a threat model assuming a government-level adversary, and presents several mitigation strategies that inform the design of our distributed architecture. To our knowledge, Aviary is the first scheme for global, distributed, confidential per-user warrant canaries, and among the first works to model a distributed system explicitly against the pervasive adversary outlined in the Internet Architecture Board-s RFC 7624 -Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement.-

Keywords : warrant canary surveillance privacy

Author: Abhishek Bose-Kolanu -

Source: https://hal.archives-ouvertes.fr/


Related documents