As the world becomes more connected,
the importance of private communication
will continue to grow. The papers presented here are only a few examples of recent
works on the topic. Many other interesting
papers have been written about private communication. Pung (https://
for example, is another private point-to-point communication system that provides privacy under an even stronger
threat model at the cost of latency. Other anonymity networks such as Dissent
and Riffle ( https://dspace.mit.edu/
handle/1721.1/99859) provide anonymity guarantees similar to Riposte
but with different trade-offs.
Many important challenges remain,
however, to realize private communication for everyone. To list just a few:
How can we scale private communication to billions of users? How can we
hold users accountable without sacrificing their privacy and anonymity?
How do we make privacy user friendly?
Without a doubt, many more interesting works will come in the near future.
Highlights In Systems
By James R. Wilcox
Humanity now relies on
software in all aspects of
life, including safety-critical applications. Programmers use a
spectrum of techniques to ferret out
bugs, most commonly testing or static
analysis. At the most rigorous end of
this spectrum is formal verification,
which for decades has sought to guarantee the absence of bugs using mathematical proof.
In recent decades, the research
community has developed techniques
that allow one to verify important properties of real systems. When reviewing
this work, it is important to consider
not only the guarantees each system
makes, but also their assumptions;
these assumptions are known as the
trusted computing base, or TCB.
The remainder of this article highlights three applications of verification techniques to pervasive systems
infrastructure: compilers, operating
systems, and distributed systems.
These projects point to a future where
as a privacy provider. Vuvuzela users
send messages to other users in the
system through the Vuvuzela servers.
As each server routes the messages, it
also adds many dummy messages
(messages indistinguishable from
those sent by the real users) such that
no adversary can learn if two users are
communicating with each other, as
long as one of the servers remains
honest; a key insight of the paper is using differential privacy to determine
the quantity of dummy messages required to provide provable strong privacy guarantees. Vuvuzela can support
millions of users with commercially
available machines for SMS-style messaging, where the users can tolerate
some amount of latency. To my knowledge, this paper was one of the first
uses of differential privacy for private
communication, which is exciting in
its own right.
Corrigan-Gibbs, H. et al.
Riposte: An anonymous messaging system
handling millions of users. In Proceedings
of the 2015 IEEE Symposium on Security
and Privacy; http://dl.acm.org/citation.
Sometimes, one might also want to
hide his or her identity from the recipient of the message. A whistleblower,
for example, might wish to send a
message either to a large group or audience or a particular end point, without revealing the identity of the sender. Riposte is an anonymous
broadcasting system (think anonymous Twitter) that enables exactly
that for millions of users.
Similar to Vuvuzela, Riposte uses a
small number of servers, one of which
needs to be honest to guarantee anonymity. To send a message, a user
splits his or her message into multiple
shares, each of which is given to one of
the servers. Each server then stores
each share in a database. After a large
number of users submit their messages, the servers come together to reveal
all messages simultaneously without
revealing the senders of the messages
to anyone. The system can support
millions of Tweet-length messages
per day and is a great example of how
theory meets practice: the system has
a formal proof of security, a prototype
implementation, and evaluation.
JAMES R. WILCOX
In recent decades,
allow one to
of real systems.