Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

Similar documents
0x1A Great Papers in Computer Security

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Anonymous communications and systems

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

A SIMPLE INTRODUCTION TO TOR

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols (continued)

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Low-Cost Traffic Analysis of Tor

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Protocols for Anonymous Communication

Anonymity. Assumption: If we know IP address, we know identity

CS526: Information security

CE Advanced Network Security Anonymity II

Message Splitting Against the Partial Adversary

The Loopix Anonymity System

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

How Alice and Bob meet if they don t like onions

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

CS Paul Krzyzanowski

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

CS 134 Winter Privacy and Anonymity

Comprehensive Study of Traffic Analysis In MANET

Practical Anonymity for the Masses with MorphMix

Anonymous communications: Crowds and Tor

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

2 ND GENERATION ONION ROUTER

Heartbeat Traffic to Counter (n-1) Attacks

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Metrics for Security and Performance in Low-Latency Anonymity Systems

Tor: An Anonymizing Overlay Network for TCP

Stadium. A Distributed Metadata-private Messaging System. Matei Zaharia Nickolai Zeldovich SOSP 2017

Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks

Security. Communication security. System Security

Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Anonymity. Christian Grothoff.

Anonymity. With material from: Dave Levin and Michelle Mazurek

What's the buzz about HORNET?

Introduction Challenges with using ML Guidelines for using ML Conclusions

c 2007 by Parisa M. Tabriz. All rights reserved.

On Anonymity in an Electronic Society: A Survey of Anonymous Communication Systems

CPSC 467b: Cryptography and Computer Security

Privacy at the communication layer

CS6740: Network security

Extremely Sensitive Communication

The New Cell-Counting-Based Against Anonymous Proxy

CPSC 467: Cryptography and Computer Security

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Minx: A Simple and Efficient Anonymous Packet Format

A Privacy-Aware Service Protocol for Ubiquitous Computing Environments

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Anonymous Communications

Peer-to-Peer Networks 14 Security. Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

Core: A Peer-To-Peer Based Connectionless Onion Router

Low Latency Anonymity with Mix Rings

Anonymity and Privacy

Survey on Traffic Pattern Discovery System For MANETs

ANONYMOUS CONNECTIONS AND ONION ROUTING

Achieving Privacy in Mesh Networks

Secure Multiparty Computation

Defining Anonymity in Networked Communication, version 1

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

anonymous routing and mix nets (Tor) Yongdae Kim

Mixminion: Design of a Type III Anonymous R er Protocol

CS 332 Computer Networks Security

Anonymous Communication and Internet Freedom

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Persona: Network Layer Anonymity and Accountability for Next Generation Internet

Design and Analysis of Efficient Anonymous Communication Protocols

Anonymous Communication and Internet Freedom

Countering Statistical Disclosure with Receiver-bound Cover Traffic

2.1 Basic Cryptography Concepts

Dandelion: Privacy-Preserving Transaction Propagation in Bitcoin s P2P Network

CS232. Lecture 21: Anonymous Communications

Context-derived Pseudonyms for Protection of Privacy in Transport Middleware and Applications

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

CSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography

Mix-networks with Restricted Routes

Outline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing

An Innovative Approach Towards Applying Chaum Mixing to SMS

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

Privacy. CS Computer Security Profs. Vern Paxson & David Wagner

Pluggable Transports Roadmap

Challenges in Mobile Ad Hoc Network

Deanonymizing Tor. Colorado Research Institute for Security and Privacy. University of Denver

White-Box Cryptography State of the Art. Paul Gorissen

TRAFFIC ANALYSIS: or... encryption is not enough

CIS 4360 Secure Computer Systems Applied Cryptography

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

A Survey on Routing in Anonymous Communication Protocols

Introduction to Cybersecurity Digital Signatures

Mapping Internet Sensors with Probe Response Attacks

Nonesuch: a Mix Network with Sender Unobservability

Anonymity With material from: Dave Levin

Transcription:

Introduction to Traffic Analysis George Danezis University of Cambridge, Computer Laboratory

Outline Introduction to anonymous communications Macro-level Traffic Analysis Micro-level Traffic Analysis P2P Traffic Analysis `Extreme' Traffic Analysis Conclusions

Anonymous communications Abstract model Channel Objective: hide the identity of the sender (or receiver, or both) Senders (id, time, length,...) Anonymous Channel Receivers (id, time, length,...) Make the bit patterns of inputs and outputs different (bitwise unlinkability) Destroy the timing characteristics (traffic analysis resistance).

Anonymous communications (not so) Intimate Details Mix networks are an efficient solution to build such a blue box: Mix network Senders (id, time, length,...) Receivers (id, time, length,...) Use many mixes to relay messages or streams Distribute load and trust Each hides correspondence between input and output

Meet the Adversary Objective 1: Identification. For a given message find out who sent it. Objective 2: Linking/profiling. Two messages same (even unknown) sender? How: Observe all traffic, modify and inject any message, control some nodes (misbehave), destroy some node. Objective 3: Disrupt the network. (useability = security in anonymity)

The cryptanalysis of anon. comms. Input and output messages have to look different. Public key crypto used for mix packet formats: key distribution and distributed decoding. Adversary can try to replay, observe, modify (tag) messages to extract info about destination. As close as it gets to adaptive chosen ciphertext attacks: message is ciphertext, mix is decryption oracle. Don't reinvent: Mixmaster, Mixminion, Minx, Tor,...

What is traffic analysis Bit-patterns can be made not to leak any info. The art of using communication meta-data to infer information about network nodes identities or characteristics, their relations or actions in the network. Can be used: Radio comms, Trace IP traffic, HTTP log analysis, Spam filtering,... Compromise the security properties of hardened systems.

Statistical Disclosure Attacks - Intro. Lets first attack the abstract model no details. We consider an anonymous channel as a black box that works in rounds: it takes a batch of b messages, shuffles them and outputs them. Each round Alice sends a message to one of her friends with equal probability (prob 1/ m ). Others send to anyone with equal probability (1/N). Attacker: Who are Alice's friends?

SDA Usage model Alice and other correspondents: Senders Receivers Alice Others 1 message b-1 messages m N

SDA Usage model 2 Alice and other correspondents + anon. channel: Senders Receivers Alice 1 message Others b-1 messages Anonymous Channel m N

SDA How to do it Attacker objective: Determine the set of Alices friends m. How: Observe many rounds note that Alice's friends will appear more often. Quick attack relies on approximations: A(r) 1/N 1/b (b-1)/b Anonymous Channel Output distribution: o(r) = (1/b)A(r) + (1/N)(b-1)/b Treat all outputs as samples from that distribution. Estimate A(r)

SDA Analysis Could use bayes theorem. Can also analyse each receiver separately and classify them: Receiving from Alice: Binomial 1/bm + (b-1)/bn. Receiving only from others: Binomial (b-1)/bn See how the number of messages received compares with the expected number. Use the standard deviation to calculate false positive or negative probability (binomial).

Advanced SDA Real networks don't work in batches, messages are always in. Better modelled as pool mixes some fraction of the messages always stay in the mix. Again approximate the output of the pool mix as a sample from a distribution. Use bayes theorem to infer Alice's friends: analysis is much harder open problem!

Advanced SDA a peek

More on disclosure attacks The original disclosure attack (Kesdogan) Original model tied to the model. Computationally expensive attack. Hybrid statistical and combinatorial: hitting set. Statistical disclosure simulations (Mathewson) SDA works even with partial data (sampling). SDA works even with cover traffic. SDA works better with pseudonyms. Example of applying theory to practice (Mixminion)

SDA Conclusions Any anonymous communication channel will reveal long term relationships. Look at model carefully: unobservability might help (expensive, offline/online) A lot more to do: Analysis of pool mix SDA Collect real user profiles SDA takes time anonymity is tactical!

Tracing Streams of Data SDA looks at abstract model, a good network would not give more info. BUT difficult to mix streams of data without introducing a lot of latency. The `shape' of data streams is not changed much. Mix network Senders (id, time, length,...) Receivers (id, time, length,...)

Modelling anonymous streams Streams are not usually mixed amongst them, but delayed individually. Optimal strategy: exponential delay of each packet (mean is latency). Traffic analysis: Create a model of the stream. Try to detect it in the network.

In graphs

Analysis How well does this attack performs? Approximate again: Probability the traffic was generated by template Vs. it was random We use standard deviations to find out how likely false positives and negatives are. Can we do better?

Other Techniques Other stream analysis techniques: Interpacket delay (Umass) Packet Counting (Serjantov) Stop and start of stream (Pfitzmann) Active attacks: Induce pattern that is easy to detect/difficult to distort. Like active sonar: send a pulse. Very difficult to protect cover traffic is expensive. Conclusion: against GPA you lose.

P2P anonymizing systems P2P ethics: everyone is equal Crowds: pass the request Tarzan/MorphMix: everyone is a mix. Scaling issues: Node discovery Key distribution Attack these to reduce anonymity.

Predecessor attack Crowds security: you do not know if the previous node started the request. BUT the initiator is more likely to be on the path. Look for repeated communications again! Other systems relying on initiator anonymity can be attacked like that (Gnutella) The larger the Crowd the worse the attack!

Everyone is a mix. P2P mixing Good: large attack surface (no GPA?) Bad: Low traffic, key distribution, peer discovery. Attack 1: Route Capture You connect to a node and ask it for more nodes. As soon as you hit a bad node it only returns bad nodes. MorphMix: intrusion detection only works in the long run.

The young Tarzan Attack 2: Knowing only a subset of the peers Each participant discovers a subset of the network. Then chooses a number of nodes to relay messages. If a bad node is on the path it knows 3 nodes (itself, previous and next node). The probability more than one nodes know them is very small. Attack works better with larger networks! Analysis and countermeasures are available.

`Extreme' Traffic Analysis Impossible to protect against GPA. P2P systems make GPA very expensive. Tor: Moving beyond the GPA. Can an adversary with no access to any network links perform traffic analysis? Yes! (similar attacks would work on other low latency systems)

How to do TA from home The problem: how do you measure remotely the traffic volume on network links you have no access to? The setup:

Overall conclusions There are fundamental limits to the anonymity of repeated communications. Stream based protocols: Trivial traffic analysis attack defeat them cover traffic is expensive. P2P is no silver bullet: new attacks The GPA is everyone! Young field in need of serious research.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback