Aaron Johnson
United States Naval Research Laboratory
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Aaron Johnson.
computer and communications security | 2013
Aaron Johnson; Chris Wacek; Rob Jansen; Micah Sherr; Paul F. Syverson
We present the first analysis of the popular Tor anonymity network that indicates the security of typical users against reasonably realistic adversaries in the Tor network or in the underlying Internet. Our results show that Tor users are far more susceptible to compromise than indicated by prior work. Specific contributions of the paper include(1)a model of various typical kinds of users,(2)an adversary model that includes Tor network relays, autonomous systems(ASes), Internet exchange points (IXPs), and groups of IXPs drawn from empirical study,(3) metrics that indicate how secure users are over a period of time,(4) the most accurate topological model to date of ASes and IXPs as they relate to Tor usage and network configuration,(5) a novel realistic Tor path simulator (TorPS), and(6)analyses of security making use of all the above. To show that our approach is useful to explore alternatives and not just Tor as currently deployed, we also analyze a published alternative path selection algorithm, Congestion-Aware Tor. We create an empirical model of Tor congestion, identify novel attack vectors, and show that it too is more vulnerable than previously indicated.
computer and communications security | 2011
Aaron Johnson; Paul F. Syverson; Roger Dingledine; Nick Mathewson
We introduce a novel model of routing security that incorporates the ordinarily overlooked variations in trust that users have for different parts of the network. We focus on anonymous communication, and in particular onion routing, although we expect the approach to apply more broadly. This paper provides two main contributions. First, we present a novel model to consider the various security concerns for route selection in anonymity networks when users vary their trust over parts of the network. Second, to show the usefulness of our model, we present as an example a new algorithm to select paths in onion routing. We analyze its effectiveness against deanonymization and other information leaks, and particularly how it fares in our model versus existing algorithms, which do not consider trust. In contrast to those, we find that our trust-based routing strategy can protect anonymity against an adversary capable of attacking a significant fraction of the network.
ACM Transactions on Information and System Security | 2014
Ewa Syta; Henry Corrigan-Gibbs; Shu-Chun Weng; David Isaac Wolinsky; Bryan Ford; Aaron Johnson
Users often wish to communicate anonymously on the Internet, for example, in group discussion or instant messaging forums. Existing solutions are vulnerable to misbehaving users, however, who may abuse their anonymity to disrupt communication. Dining Cryptographers Networks (DC-nets) leave groups vulnerable to denial-of-service and Sybil attacks; mix networks are difficult to protect against traffic analysis; and accountable voting schemes are unsuited to general anonymous messaging. dissent is the first general protocol offering provable anonymity and accountability for moderate-size groups, while efficiently handling unbalanced communication demands among users. We present an improved and hardened dissent protocol, define its precise security properties, and offer rigorous proofs of these properties. The improved protocol systematically addresses the delicate balance between provably hiding the identities of well-behaved users, while provably revealing the identities of disruptive users, a challenging task because many forms of misbehavior are inherently undetectable. The new protocol also addresses several nontrivial attacks on the original dissent protocol stemming from subtle design flaws.
computer and communications security | 2017
Ellis Fenske; Akshaya Mani; Aaron Johnson; Micah Sherr
This paper introduces a cryptographic protocol for efficiently aggregating a count of unique items across a set of data parties privately - that is, without exposing any information other than the count. Our protocol allows for more secure and useful statistics gathering in privacy-preserving distributed systems such as anonymity networks; for example, it allows operators of anonymity networks such as Tor to securely answer the questions: how many unique users are using the distributed service? and how many hidden services are being accessed?. We formally prove the correctness and security of our protocol in the Universal Composability framework against an active adversary that compromises all but one of the aggregation parties. We also show that the protocol provides security against adaptive corruption of the data parties, which prevents them from being victims of targeted compromise. To ensure safe measurements, we also show how the output can satisfy differential privacy. We present a proof-of-concept implementation of the private set-union cardinality protocol (PSC) and use it to demonstrate that PSC operates with low computational overhead and reasonable bandwidth. In particular, for reasonable deployment sizes, the protocol run at timescales smaller than the typical measurement period would be and thus is suitable for distributed measurement.
computer and communications security | 2018
Aaron Johnson; Ryan Henry
The 17th Workshop on Privacy in the Electronic Society (WPES 2018) was held on 15 October, 2018, in conjunction with the 25th ACM Conference on Computer and Communications Security (CCS 2018) in Toronto, Canada. The goal of WPES is to bring together privacy researchers and practitioners to discuss the privacy problems that arise in an interconnected society and solutions to those problems. The program for the workshop contains 11 full papers and 8 short papers selected from a total of 52 submissions. Specific topics covered in the program include but are not limited to: communication privacy, data anonymization, privacy engineering, secure computation, and Web privacy.
operating systems design and implementation | 2012
David Isaac Wolinsky; Henry Corrigan-Gibbs; Bryan Ford; Aaron Johnson
knowledge discovery and data mining | 2013
Aaron Johnson; Vitaly Shmatikov
network and distributed system security symposium | 2014
Rob Jansen; Florian Tschorsch; Aaron Johnson; Bjoern Scheuermann
Archive | 2012
David Isaac Wolinsky; Henry Corrigan-Gibbs; Bryan Ford; Aaron Johnson
computer and communications security | 2016
Rob Jansen; Aaron Johnson