W3C IAB STREWS

STRINT Workshop

A W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)

28 February – 1 March 2014, London

Navigation menu

Twitter tag

#strint

Host

IAB and W3C gratefully acknowledge the STREWS project for hosting this workshop

… and Telefónica Digital for providing the workshop facilities.

Report

The final version of the report will be available here soon. The following documents are available:

and some photos:

(foto: room full of sitting people) © Stonehouse Photographic

Plenary

(foto: people around a big table) © Stonehouse Photographic

Break out 1

(foto: people around a big table) © Stonehouse Photographic

Break out 2

(foto: the back of somebody looking at a whiteboard full of text and arrows) © Stonehouse Photographic

Whiteboard notes

(foto: view from the back of the room) © Stonehouse Photographic

Plenary

Papers

The following papers were submitted to the workshop. The versions here were frozen on January 21, 2014. Note that Internet-drafts can be separately updated.

Also available: all papers in a single compressed Tar file, (almost) all abstracts on one page and the same in PDF.

  1. Privacy Protected Email | Phillip Hallam-Baker
  2. Opportunistic Encryption for MPLS | Stephen Farrell, Adrian Farrrell
  3. Overcoming the Friend-or-Foe Paradigm in Secure Communication | Sebastian Gajek, Jan Seedorf, Marc Fischlin, Oezguer Dagdalen
  4. Flows and Pervasive Monitoring | Ted Hardie
  5. BetterCrypto.org Applied Crypto Hardening | Aaron Zauner, L. Aaron Kaplan
  6. A Complimentary Analysis | Andrei Robachevsky, Christine Runnegar, Karen O'Donoghue, Mat Ford
  7. Trust Issues with Opportunistic Encryption | Scott Rose, Stephen Nightingale, Doug Montgomery
  8. Challenges with End-to-End Email Encryption | Jiangshan Yu, Vincent Cheval, Mark Ryan
  9. Strengthening the path and strengthening the end-points | Xavier Marjou, Emile Stephan, Jean-Michel Combes, Iuniana Oprescu
  10. SIP is Difficult | Jon Peterson
  11. Thoughts of Strengthening Network Devices in the Face of Pervasive Surveillance | Dacheng Zhang, Fuyou Miao
  12. Opportunistic Encryption for HTTP URIs | Mark Nottingham
  13. Cyberdefense­Oriented Multilayer Threat Analysis | Yuji Sekiya, Daisuke Miyamoto, Hajime Tazaki
  14. A Threat Model for Pervasive Passive Surveillance | Brian Trammel, Daniel Borkmann, Christian Huitema
  15. Why Provable Transparency is Useful Against Surveillance | Ben Laurie
  16. Withheld
  17. Monitoring message size to break privacy - Current issues and proposed solutions | Alfredo Pironti
  18. Withheld
  19. Making The Internet Secure By Default | Michael H. Behringer, Max Pritkin, Steinthor Bjarnason
  20. Increasing HTTP Transport Confidentiality with TLS Based Alternate Services | Patrick McManus
  21. Balance - Societal security versus individual liberty | Scott Cadzow
  22. Strengthening the Extensible Messaging and Presence Protocol (XMPP) Peter Saint-Andre
  23. The Internet We Want or the Internet We Deserve? | David Rogers
  24. Beyond Encrypt Everything: Passive Monitoring | Mark Donnelly, Sam Hartman
  25. Examining Proxies to Mitigate Pervasive Surveillance | Eliot Lear, Barbara Fraser
  26. Spontaneous Wireless Networking to Counter Pervasive Monitoring | Emmanuel Baccelli, Oliver Hahm, Matthias Wählisch
  27. Is Opportunistic Encryption the Answer? Practical Benefits and Disadvantages | John Mattsson
  28. Clearing off the Cloud over the Internet of Things | Carsten Bormann, Stefanie Gerdes, Olaf Bergmann
  29. Withheld
  30. The Trust-to-Trust Model of Cloud Services | Alissa Cooper, Cullen Jennings
  31. Linkability Considered Harmful | Leif Johansson
  32. Simple Opportunistic Encryption | Andrea Bittau, Michael Hamburg, Mark Handley, David Mazières, Dan Boneh
  33. An Architecture for a Secure Cloud Collaboration System | Cullen Jennings, Suhas Nandakumar
  34. Security and Simplicity | Steven Bellovin
  35. Privacy at the Link Layer | Piers O’Hanlon, Joss Wright, Ian Brown
  36. Erosion of the moral authority of middleboxes | Joe Hildebrand
  37. Policy Responses, Implications and Opportunities | Joseph Lorenzo Hall
  38. Is it time to bring back the hosts file? | Peter Eckersley
  39. Service concentration | Larry Masinter
  40. Levels of Opportunistic Privacy Protection for Messaging-Oriented Architectures | Dave Crocker, Pete Resnick
  41. What is fingerprinting? | Nicholas Doty
  42. Eradicating Bearer Tokens for Session Management | Philippe De Ryck, Lieven Desmet, Frank Piessens, Wouter Joosen
  43. STREWS Web-platform security guide: security assessment of the Web ecosystem | Martin Johns, Lieven Desmet
  44. Pervasive Attack: A Threat Model and Problem Statement | Richard Barnes, Bruce Schneier, Cullen Jennings
  45. Cryptech - Building a More Assured HSM with a More Assured Tool-Chain | Randy Bush
  46. Replacing passwords on the Internet AKA post-Snowden Opportunistic Encryption | Ben Laurie, Ian Goldberg
  47. End-User Concerns about Pervasive Internet Monitoring: Principles and Practice | Tara Whalen, Stuart Cheshire, David Singer
  48. Developer-Resistant Cryptography | Kelsey Cairns, Graham Steel
  49. Kai Engert's Position Paper | Kai Engert
  50. Mike O'Neill's Position Paper | Mike O'Neill
  51. Detecting MITM Attacks on Ephemeral Diffie-Hellman without Relying on a PKI in Real-Time Communications | Alan Johnston
  52. Trust & Usability on the Web, a Social/Legal perspective | Rigo Wenning, Bert Bos
  53. Hardening Operations and Management Against Passive Eavesdropping | Bernard Aboba
  54. A few theses regarding privacy and security | Andreas Kuckartz
  55. Meet the new threat model, same as the old threat model | Eric Rescorla
  56. It’s Time for Application-Centric Security | Yuan Gu
  57. Sabatini Monatesti position paper | Sabatine Monatesti
  58. Trust problems in pervasive monitoring | Melinda Shore, Karen O'Donoghue
  59. Beyond “Just TLS Everywhere”: From Client-encrypted Messaging to Defending the Social Graph | Harry Halpin, George Danezis
  60. Network Security as a Public Good | Wendy Seltzer
  61. Statement of Interest on behalf of the W3C TAG | Dan Appelquist
  62. Improving Security on the Internet | Hannes Tschofenig
  63. Protecting customer data from government snooping | Orit Levin
  64. Privacy Aware Internet Development Initiative 2014 | Achim Klabunde
  65. The Internet is Broken: Idealistic Ideas for Building a NEWGNU Network | Christian Grothoff, Bartlomiej Polot, Carlo von Loesch
  66. Opportunistic Keying as a Countermeasure to Pervasive Monitoring | Stephen Kent