CNT Computer and Network Security: Privacy/Anonymity

Similar documents
Protocols for Anonymous Communication

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Anonymous communications: Crowds and Tor

0x1A Great Papers in Computer Security

Anonymity. Assumption: If we know IP address, we know identity

CS 134 Winter Privacy and Anonymity

Anonymous Communications

Anonymity With material from: Dave Levin

CS232. Lecture 21: Anonymous Communications

A SIMPLE INTRODUCTION TO TOR

ENEE 459-C Computer Security. Security protocols

Herbivore: An Anonymous Information Sharing System

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

ENEE 459-C Computer Security. Security protocols (continued)

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Anonymity. With material from: Dave Levin and Michelle Mazurek

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Privacy Enhancing Technologies CSE 701 Fall 2017

More crypto and security

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

IP address. When you connect to another computer you send it your IP address.

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Onion services. Philipp Winter Nov 30, 2015

Anonymity and Privacy

CS526: Information security

1 A Tale of Two Lovers

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

CS Final Exam

The Activist Guide to Secure Communication on the Internet. Introduction

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Anonymous Communication and Internet Freedom

Design and Analysis of Efficient Anonymous Communication Protocols

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

Security and Anonymity

Anonymous Communication and Internet Freedom

Tor: An Anonymizing Overlay Network for TCP

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

2 ND GENERATION ONION ROUTER

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23

You are the internet

DISSENT: Accountable, Anonymous Communication

How Alice and Bob meet if they don t like onions

Network Security. Thierry Sans

CS 161 Computer Security

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Privacy defense on the Internet. Csaba Kiraly

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

DC Networks The Protocol. Immanuel Scholz

anonymous routing and mix nets (Tor) Yongdae Kim

CSE 127: Computer Security Cryptography. Kirill Levchenko

Online Anonymity & Privacy. Andrew Lewman The Tor Project

The Dark Web. Steven M. Bellovin February 27,

Crowds Anonymous Web Transactions. Why anonymity?

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Deanonymizing Tor. Colorado Research Institute for Security and Privacy. University of Denver

Cryptography ThreeB. Ed Crowley. Fall 08

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

What did we talk about last time? Public key cryptography A little number theory

Pluggable Transports Roadmap

CPSC 467b: Cryptography and Computer Security

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Anonymity. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

UNIT - IV Cryptographic Hash Function 31.1

Outline. Traffic multipliers. DoS against network links. Smurf broadcast ping. Distributed DoS

CS6740: Network security

Introduction to Cybersecurity Digital Signatures

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Network Defenses 21 JANUARY KAMI VANIEA 1

Analysing Onion Routing Bachelor-Thesis

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

ANONYMOUS CONNECTIONS AND ONION ROUTING

Cryptanalysis. Ed Crowley

Symmetric-Key Cryptography Part 1. Tom Shrimpton Portland State University

Please ensure answers are neat and legible. Illegible answers may be given no points.

Extremely Sensitive Communication

Anonymity, Usability, and Humans. Pick Two.

CPSC 467: Cryptography and Computer Security

CE Advanced Network Security Anonymity II

FBI Tor Overview. Andrew Lewman January 17, 2012

CS Paul Krzyzanowski

Anonymous Connections and Onion Routing

Secure web proxy resistant to probing attacks

CSC 4900 Computer Networks: Security Protocols (2)

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

1 Introduction. Albert Kwon*, David Lazar, Srinivas Devadas, and Bryan Ford Riffle. An Efficient Communication System With Strong Anonymity

Anonymity Tor Overview

Cryptography CS 555. Topic 1: Course Overview & What is Cryptography

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

Dark Web. Ronald Bishof, MS Cybersecurity. This Photo by Unknown Author is licensed under CC BY-SA

Anonymity Questions. Leland Smith

BBC Tor Overview. Andrew Lewman March 7, Andrew Lewman () BBC Tor Overview March 7, / 1

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Transcription:

CNT 5410 - Computer and Network Security: Privacy/Anonymity Professor Kevin Butler Fall 2015

When Confidentiality is Insufficient 2

Privacy!= Confidentiality Confidentiality refers to the property of the content being unreadable from unauthorized readers. A man-in-the-middle can see ciphertexts fly by, but their contents are indistinguishable from random bits. Privacy refers to the awareness of the existence of communication between two or more parties. Do Alice and Bob talk to each other? How often? Are the messages indicative of their content? Note that these two are often used interchangeably in the vernacular, but should not be. 3

Questions Can we have confidentiality without privacy? Can we have privacy/anonymity without confidentiality? 4

Anonymity The purpose of anonymity is to protect identity. e.g.,an anonymous poster on a website wants you to read their comments. Their intended goal is to expose content without letting you know who revealed the content itself. You do not have to be anonymous to have privacy.you must maintain privacy to achieve anonymity. Ok, great. Can we do any better than just not logging into a webpage when posting contents? 5

Anonymous Publishing Goal: Publish The Graduate Student s Manifesto, a subversive guidebook to completing your Ph.D. without exposing your identity. Publius: Encrypted content is posted across multiple servers, readers must assemble a threshold number of key pieces to recover plaintext. Published content is cryptographically tied to the URL, meaning that changes can instantly be detected. 6

Private Browsing Most major browsers now provide Private Browsing Modes, that allow you to visit webpages while reducing the state you expose to the world. Does not record visited pages in your browsing history. Stores cookies while on a single site and deletes them when you leave that site. What protections are provided by these mechanisms? Who is the adversary? Try Panopticlick to see if you can be fingerprinted: https://panopticlick.eff.org/ 7

Anonymous Proxies Simplest architecture - redirect all traffic via an encrypted tunnel to some proxy in the Internet, which in turn forwards your traffic to its intended destination. e.g.,youhide.com, Proxify.com,The Anonymizer, Anonymouse.org, etc, etc... In their terms of service, many of these services note that they will not sell your information to third-parties. What protections are provided by these services? Who is the adversary? 8

Mixes Originally proposed by Chaum, a client selects a series of mix nodes called a cascade through which each message should pass. Messages are encrypted in reverse order of the cascade using the public key of each mix node. Messages are decrypted in each mix, which reveals the next hop along the cascade. Note that messages are stored, interleaved and eventually forwarded in a mix. 9

Mixes In Action File 10

Mixes: Limitations A simple, mechanism for providing privacy (and potentially anonymity) for store and forward-based communications. Where does that leave everything else? HTTP? SMTP? IMAP? SSH? 11

Tor Extends the mix concept to real-time traffic. Note that real-time is somewhat of a misnomer. Like in mix networks,tor wraps each message in multiple layers of encryption, from last to first hop. Tor specifically mandates three layers.why three? Upon receipt, each message is decrypted, placed into the outgoing queue and sent out as quickly as possible. 12

Tor in Action circid = 100 circid = 867 File circid = 5309 13

Tor: Details Mix networks are very much a uni-directional process. How does Tor get responses back to their sender? Tor relies on circuits, pre-established identifiers and keys to return such information. The exit node receives a response from a webpage and, knowing the ID of the previous hop (circid), encrypts the message. The previous node receives the message, looks up the corresponding circid for the next hop, encrypts and forwards. The originator eventually receives a thrice encrypted packet. 14

Tor: Hidden Services Tor also allows users to access hidden services. Services within the Tor network that do not want their identities revealed. Tor includes a rendezvous service to allow users to find registered services. Hidden services include: Anonymous publishing (think alternative to Publius) Black Markets (Silk Road) NGOs (Reporters Without Borders) 15

Tor: Limitations Tor is run on a series of nodes located throughout the world. The hope of this architecture is that not only can you pick a diverse route, but that you can also rely on servers in other countries if yours outlaws Tor. Problem: Everyone knows which nodes are running Tor, so if it is illegal, these nodes are already blocked. 16

Tor: Limitations Unlike mix networks,tor s lack of potentially infinite delay of packets makes it susceptible to timing attacks. Many of researchers have demonstrated the ability to add fingerprints to flows by changing the inter-packet timing. 17

Tor: Hidden Service Takedown In October 2013, Ross Ulbricht was arrested and the Silk Road was taken down. Ulbricht made a number of mistakes and deanonymized himself, leading to his ID and arrest. In November 2014, hundreds of hidden services were taken down by law enforcement worldwide. Sites included Silk Road v2.0. How was this done? What is the state of Hidden Service Security? 18

Additional Techniques Crowds: Clients join a jondo, a group that forwards messages to a random other member. Each receiver gets a message, it flips a biased coin and if heads, it forwards the message to another random node. If tails, it sends the message to the final destination. Hordes: Similar to Crowds, but assumes that that nodes share a multicast connection. 19

Proofs? Mix-based schemes are intuitive, and allow for relatively high throughput. Unfortunately, they do not offer strong, formally verifiable guarantees. How many mix nodes must you visit to achieve anonymity? What about insiders in each of these designs? 20

Dining Cryptographers Allows a sender to anonymously send a single bit: NSA Alice:A,B A,C = 1 0 = 1 Bob: A,B B,C = 1 1 = 0 Charles: A,C B,C = 0 1 = 1 A B C=0 Alice FlipA,B = 1 FlipA,C = 0 Bob Alice:A,B A,C = 1 0 = 1 Bob: A,B B,C = (1 1) = 1 Charles: A,C B,C = 0 1 = 1 A B C=1 FlipB,C = 1 Bob Charles 21

DC-net Protocols Various extensions to the basic DC-net model. e.g., Collision resistance, maliciousness, etc Take advantage of underlying broadcast or multicast network topologies. More recent schemes take advantage of emerging cryptographic primitives: pmixes (Melchor et al.) use Private Information Retrieval (PIR) to hide their queries. SFENets (Nipane et al.) use Secure Function Evaluation (SFE) 22

DC-nets: Limitations These systems have strong, provable properties. Based on certain assumptions (or varying strength), you can demonstrate that these systems provide certain properties. There is no such thing as a real-time DC-net. Some get close (SFENets show IM client working at practical speed), but operations are far too heavy for SSH, HTTP and VoIP. Most are significantly slower. 23

Other Application Spaces Wireless Spread spectrum techniques make communications indistinguishable from noise. Voting Traditional ballots are anonymous. Cryptographic techniques make this (and many other properties) possible in electronic voting systems. Money Cash is anonymous. Electronic forms of currency with similar features (e.g., ecash, BitCoin) are being investigated. 24

Conclusions Privacy and Anonymity are properties that go beyond confidentiality. Anonymous communications are generally broken down into two generally classes of solutions: Mixes and DC-nets One gives you quite strong guarantees, but at a cost.the other gives you reasonable performance, but with fuzzy guarantees. This is a very deep and complex field. There are many more techniques, and challenges facing them. Nothing yet provides us with everything that we need! 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback