Change search
ReferencesLink to record
Permanent link

Direct link
Anonymous Javascript Cryptography and CoverTraffic in Whistleblowing Applications
KTH, School of Computer Science and Communication (CSC).
2016 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Anonym Javascript-kryptogra och täckningstrakför visselblåsarsystem (Swedish)
Abstract [en]

In recent years, whistleblowing has lead to big headlines aroundthe world. This thesis looks at whistleblower systems, which are systems specically created for whistleblowers to submit tips anonymously. The problem is how to engineer such a system asto maximize the anonymity for the whistleblower whilst at the same time remain usable.The thesis evaluates existing implementations for the whistle-blowing problem. Eleven Swedish newspapers are evaluated for potential threats against their whistleblowing service.I suggest a new system that tries to improve on existing systems. New features includes the introduction of JavaScript cryptography to lessen the reliance of trust for a hosted server. Use of anonymous encryption and cover traffic to partially anonymize the recipient, size and timing metadata on submissions sent by the whistleblowers. I explore the implementations of these features and the viability to address threats against JavaScript integrity by use of cover traffic.The results show that JavaScript encrypted submissions are viable. The tamper detection system can provide some integrity for the JavaScript client. Cover traffic for the initial submissions to the journalists was also shown to be feasible. However, cover traffic for replies sent back-and-forth between whistleblower and journalist consumed too much data transfer and was too slow to be useful.

Place, publisher, year, edition, pages
2016. , 63 p.
Keyword [en]
anonymity, whistleblowing, cryptography, tor, indistinguishability, anonymous encryption
National Category
Computer Science
URN: urn:nbn:se:kth:diva-190884OAI: diva2:953534
Subject / course
Computer Technology, Networks and Security
Educational program
Master of Science in Engineering - Computer Science and Technology
2016-06-20, 23:12 (English)
Available from: 2016-08-18 Created: 2016-08-17 Last updated: 2016-08-18Bibliographically approved

Open Access in DiVA

fulltext(690 kB)4 downloads
File information
File name FULLTEXT01.pdfFile size 690 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
School of Computer Science and Communication (CSC)
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 4 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 6 hits
ReferencesLink to record
Permanent link

Direct link