anonymous routing and mix nets (Tor) Yongdae Kim

Similar documents
Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

CE Advanced Network Security Anonymity II

Introduction to Privacy

CSE 461: Privacy. Ben Greenstein Jeremy Elson TAs: Ivan and Alper

A SIMPLE INTRODUCTION TO TOR

Anonymous communications: Crowds and Tor

0x1A Great Papers in Computer Security

Privacy defense on the Internet. Csaba Kiraly

Anonymity. Assumption: If we know IP address, we know identity

CS Paul Krzyzanowski

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols (continued)

CSE 461: Privacy. Ben Greenstein

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

Protocols for Anonymous Communication

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Anonymity Analysis of TOR in Omnet++

CS526: Information security

Tor: An Anonymizing Overlay Network for TCP

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Network Security. Thierry Sans

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

2 ND GENERATION ONION ROUTER

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

Anonymity on the Internet. Cunsheng Ding HKUST Hong Kong

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Crowds Anonymous Web Transactions. Why anonymity?

Internet Crimes Against Children:

CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Low-Cost Traffic Analysis of Tor

Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks

Computer Networks. Wenzhong Li. Nanjing University

CSC 4900 Computer Networks: Security Protocols (2)

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Anonymous Communication and Internet Freedom

Transport Level Security

surveillance & anonymity cs642 computer security adam everspaugh

Anonymous Communication and Internet Freedom

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Challenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London

Anonymity. With material from: Dave Levin and Michelle Mazurek

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

An Empirical Study of an Anonymity Metric for Data Networks. Abinash Vasudevan Bachelor of Engineering Saveetha Engineering College, 2009

CS 494/594 Computer and Network Security

CS232. Lecture 21: Anonymous Communications

Tor Networking Vulnerabilities and Breaches. Niketan Patel

CSC Network Security

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

The New Cell-Counting-Based Against Anonymous Proxy

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Introduction to Computer Security

Firewalls. IT443 Network Security Administration Slides courtesy of Bo Sheng

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Computer Security and Privacy

CS 134 Winter Privacy and Anonymity

What's the buzz about HORNET?

Privacy at the communication layer

CS6740: Network security

Anonymity and Privacy

4. The transport layer

Configure Basic Firewall Settings on the RV34x Series Router

Anonymity With material from: Dave Levin

Privacy SPRING 2018: GANG WANG

Internet Security: Firewall

Network Security Chapter 8

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

Information Security CS 526

Share Count Analysis HEADERS

Closed book. Closed notes. No electronic device.

Design and Analysis of Efficient Anonymous Communication Protocols

Security: Focus of Control. Authentication

How Alice and Bob meet if they don t like onions

Named Data Networking (NDN) CLASS WEB SITE: NDN. Introduction to NDN. Updated with Lecture Notes. Data-centric addressing

Onion services. Philipp Winter Nov 30, 2015

CNT Computer and Network Security: Privacy/Anonymity

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Chapter 8 roadmap. Network Security

Introduction to Cybersecurity Digital Signatures

Anonymous Network Concepts & Implementation

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

CSCE 463/612 Networks and Distributed Processing Spring 2018

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

Information Systems Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

IPv6 Security Vendor Point of View. Eric Vyncke, Distinguished Engineer Cisco, CTO/Consulting Engineering

Security: Focus of Control

Palo Alto Networks PAN-OS

CSCD 433/533 Advanced Networks

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

Secure Telephony Enabled Middle-box (STEM)

Transcription:

anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1

q Why? Anonymous web browsing 1. Discuss health issues or financial matters anonymously 2. Bypass Internet censorship in parts of the world 3. Conceal interaction with gambling sites 4. Law enforcement q Two goals: Hide user identity from target web site: (1), (4) Hide browsing pattern from employer or ISP: (2), (3) q Stronger goal: mutual anonymity (e.g. remailers) 2

Current state of the world I q ISPs tracking customer browsing habits: Sell information to advertisers Embed targeted ads in web pages (1.3%)» Example: MetroFi (free wireless) [Web Tripwires: Reis et al. 2008] q Several technologies used for tracking at ISP: NebuAd, Phorm, Front Porch Bring together advertisers, publishers, and ISPs» At ISP: inject targeted ads into non-ssl pages q Tracking technologies at enterprise networks: Vontu (symantec), Tablus (RSA), Vericept 3

Current state of the world II q EU directive 2006/24/EC: 3 year data retention For ALL traffic, requires EU ISPs to record:» Sufficient information to identify endpoints (both legal entities and natural persons)» Session duration but not session contents Make available to law enforcement» but penalties for transfer or other access to data q For info on US privacy on the net: privacy on the line by W. Diffie and S. Landau 4

Part 1: network-layer privacy Goals: Hide user s IP address from target web site Hide browsing destinations from network

1 st attempt: anonymizing proxy HTTPS:// anonymizer.com? URL=target User 1 Web 1 User 2 anonymizer.com Web 2 User 3 Web 3 6

Anonymizing proxy: security q Monitoring ONE link: eavesdropper gets nothing q Monitoring TWO links: Eavesdropper can do traffic analysis More difficult if lots of traffic through proxy q Trust: proxy is a single point of failure Can be corrupt or subpoenaed» Example: The Church of Scientology vs. anon.penet.fi q Protocol issues: Long-lived cookies make connections to site linkable 7

How proxy works q Proxy rewrites all links in response from web site Updated links point to anonymizer.com» Ensures all subsequent clicks are anonymized q Proxy rewrites/removes cookies and some HTTP headers q Proxy IP address: if a single address, could be blocked by site or ISP anonymizer.com consists of >20,000 addresses» Globally distributed, registered to multiple domains» Note: chinese firewall blocks ALL anonymizer.com addresses q Other issues: attacks (click fraud) through proxy 8

2 nd Attempt: MIX nets Goal: no single point of failure

MIX nets [Chaum 81] R 1 R 3 R 5 R 2 R 6 R 4 srvr q Every router has Sender knows all public keys q To send packet: Pick random route: Onion packet: public/private key pair E pk2 ( R 3, E pk3 ( R 6, R2 R3 R6 srvr E pk6 ( srvr, msg) 10

Eavesdropper s view at a single MIX user 1 R i batch user 2 user 3 q Eavesdropper observes incoming and outgoing traffic q Crypto prevents linking input/output pairs Assuming enough packets in incoming batch If variable length packets then must pad all to max len q Note: router is stateless 11

q Main benefit: Performance Privacy as long as at least one honest router on path R 2 R 3 R 6 srvr q Problems: High latency (lots of public key ops)» Inappropriate for interactive sessions» May be OK for email (e.g. Babel system) No forward security 12

3 rd Attempt: Tor MIX circuit-based method Goals: privacy as long as one honest router on path, and reasonable performance

The Tor design q Trusted directory contains list of Tor routers q User s machine preemptively creates a circuit Used for many TCP streams New circuit is created once a minute R 1 R 3 R 5 stream 1 srvr 1 R 2 R 4 R 6 stream 2 14 one minute later srvr 2

Creating circuits TLS encrypted TLS encrypted R 1 R 2 Create C 1 D-H key exchange K 1 K 1 Relay C 1 Extend R 2 Extend R 2 D-H key exchange K 2 K 2 15

Once circuit is created K 1, K 2, K 3, K 4 K 1 R 1 R 2 K 2 K 3 R 3 R 4 K 4 q User has shared key with each router in circuit q Routers only know ID of successor and predecessor 16

Sending Data R 1 R 2 K 1 K 2 Relay C 1 Begin site:80 Relay C 2 Begin site:80 TCP handshake Relay C 1 data HTTP GET Relay C 2 data HTTP GET HTTP GET Relay C 1 data resp Relay C 2 data resp resp 17

18 Complete View

q Performance: Properties Fast connection time: circuit is pre-established Traffic encrypted with AES: no pub-key on traffic q Tor crypto: provides end-to-end integrity for traffic Forward secrecy via TLS q Downside: Routers must maintain state per circuit Each router can link multiple streams via CircuitID» all steams in one minute interval share same CircuitID 19

Privoxy q Tor only provides network level privacy No application-level privacy» e.g. mail progs add From: email-addr to outgoing mail q Privoxy: Web proxy for browser-level privacy Removes/modifies cookies Other web page filtering 20

Anonymity attacks: watermarking R 1 R 2 R 3 q Goal: R 1 and R 3 want to test if user is communicating with server q Basic idea: R 1 and R 3 share sequence: Δ 1, Δ 2,, Δ n {-10,,10} R 1 : introduce inter-packet delay to packets leaving R 1 and bound for R 2. Packet i delayed by Δ i (ms) Detect signal at R 3 21

Anonymity attacks: congestion R 1 R 2 R 3 R 8 q Main idea: R 8 can send Tor traffic to R 1 and measure load on R 1 q Exploit: malicious server wants to identify user Server sends burst of packets to user every 10 seconds R 8 identifies when bursts are received at R 1 Follow packets from R 1 to discover user s ID 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback