Computer Science Thesis Oral

Friday, July 7, 2017 - 11:00am


8102 Gates Hillman Centers



Using a communication network entails an inherent privacy risk: packets cross an infrastructure maintained by a number of parties other than the sender and receiver, each of which has the opportunity to observe them as they are processed and forwarded. This poses a risk because packets carry information that users might rather keep private, namely: (1) the packet's source address, which exposes the sender, (2) the destination address, which exposes the recipient, and (3) the body, which can expose various pieces of user data. Beyond the information explicilty carried by the packet, observers can also learn things merely from the fact that a packet happened to be in a certain place at a certain time. All of this information is often divided into two categories: data (the actual message being communicated, like the contents of an email) and metadata (information about the communication, like "A emailed B at 12:07 today"). Fortunately, we have tools, widely used in practice, to protect this information. Unfortunately, they tend to make aggressive tradeoffs, sacrificing other desirable properties for the sake of privacy. For example, to protect data, the use of encryption is widespread–on the Web, for instance, many sites have switched from HTTP to HTTPS. Unfortunately, encryption blinds middleboxes-–devices in the network that process traffic beyond basic packet forwarding---which can lead to a loss of functionality, performance, and security. And to protect metadata, anonymous communication systems like Tor reduce accountability by preventing network operators from learning who sent a packet and often introduce performance overheads. These "privacy vs. X" tussles seem fundamental, because providing privacy requires hiding information like source addresses and payloads, while the other properties–performance, accountability, functionality, and security–require exposing that information. How can you do both? In this thesis, we argue first that a practical balance is possible if you carefully control access to packet data and metadata and second that this requires architectural support from the network. We present novel network architectures and protocols for managing some of the tradeoffs described above. Thesis Committee: Peter Steenkiste (Chair) Vyas Sekar Srini Seshan Dave Oran (Network Systems Research & Design, MIT Media Lab )Adrian Perrig (ETH Zürich)

For More Information, Contact:


Thesis Oral