CS 134 Winter Privacy and Anonymity

Similar documents
Protocols for Anonymous Communication

0x1A Great Papers in Computer Security

ENEE 459-C Computer Security. Security protocols (continued)

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

ENEE 459-C Computer Security. Security protocols

A SIMPLE INTRODUCTION TO TOR

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Tor: An Anonymizing Overlay Network for TCP

CS526: Information security

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Anonymity. Assumption: If we know IP address, we know identity

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

CS232. Lecture 21: Anonymous Communications

CE Advanced Network Security Anonymity II

Anonymity and Privacy

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

CS Paul Krzyzanowski

Anonymous communications: Crowds and Tor

Anonymity. With material from: Dave Levin and Michelle Mazurek

Privacy Enhancing Technologies CSE 701 Fall 2017

CPSC 467b: Cryptography and Computer Security

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

2 ND GENERATION ONION ROUTER

How Alice and Bob meet if they don t like onions

Anonymity on the Internet. Cunsheng Ding HKUST Hong Kong

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

ANET: An Anonymous Networking Protocol

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

CNT Computer and Network Security: Privacy/Anonymity

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Anonymity Analysis of TOR in Omnet++

Privacy defense on the Internet. Csaba Kiraly

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

Introduction to Cybersecurity Digital Signatures

2 Application Support via Proxies Onion Routing can be used with applications that are proxy-aware, as well as several non-proxy-aware applications, w

Anonymity With material from: Dave Levin

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Security and Anonymity

Analysing Onion Routing Bachelor-Thesis

Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

Introduction to Computer Security

DISSENT: Accountable, Anonymous Communication

Anonymous Communications

What's the buzz about HORNET?

Anonymous Connections and Onion Routing

Defining Anonymity in Networked Communication, version 1

CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23

ANONYMOUS CONNECTIONS AND ONION ROUTING

anonymous routing and mix nets (Tor) Yongdae Kim

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

Onion services. Philipp Winter Nov 30, 2015

Herbivore: An Anonymous Information Sharing System

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Tor: Online anonymity, privacy, and security.

Rendezvous Tunnel for Anonymous Publishing

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

The Design of an Anonymous and a Fair Novel E-cash System

CS6740: Network security

The New Cell-Counting-Based Against Anonymous Proxy

Addressing Privacy: Matching User Requirements with Implementation Techniques

Eating from the Tree of Ignorance Part 2

A simple approach of Peer-to-Peer E-Cash system

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

Peer-to-Peer Networks 14 Security. Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg

UNIT - IV Cryptographic Hash Function 31.1

Unit 8 Review. Secure your network! CS144, Stanford University

Anonymity. Christian Grothoff.

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Lecture 8: Privacy and Anonymity Using Anonymizing Networks. CS 336/536: Computer Network Security Fall Nitesh Saxena

Achieving Privacy in Mesh Networks

Anonymous Communication and Internet Freedom

Metrics for Security and Performance in Low-Latency Anonymity Systems

EEC-682/782 Computer Networks I

Anonymous Communication and Internet Freedom

Cryptanalysis of a fair anonymity for the tor network

Low Latency Anonymity with Mix Rings

Anonymity. MPRI Course on Concurrency. Lecture 14. Application of probabilistic process calculi to security. Anonymity: particular case of Privacy

Peer-to-Peer Systems and Security

A Quantitative Analysis of Anonymous Communications

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Solution of Exercise Sheet 10

CSC Network Security

Challenges in Mobile Ad Hoc Network

Social Networking for Anonymous Communication Systems: A Survey

The Loopix Anonymity System

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

CS Final Exam

Towards measuring anonymity

11:1 Anonymous Internet Access Method for Wireless Systems

Transcription:

CS 134 Winter 2016 Privacy and Anonymity 1

Privacy Privacy and Society Basic individual right & desire Relevant to corporations & government agencies Recently increased awareness However, general public s perception of privacy is fickle (Image from geekologie.com) Privacy and Technology in Recent Years >> Information disclosed on the Internet >> Handling and transfer of sensitive information << Privacy and accountability 2

Privacy on Public Networks The Internet is designed as a public network Machines on your LAN may see your traffic, network routers see all traffic that passes through them Routing information is public IP packet headers identify source and destination Even a passive observer can easily figure out who is talking to whom Encryption (e.g., SSL or IPSec) does not hide identities Encryption hides payload, not routing information Even IP-level encryption (tunnel-mode IPsec/ESP) reveals IP addresses of IPsec gateways 3

Applications of Anonymity (1) Privacy Hide online transactions, Web browsing, etc. from intrusive governments, marketers, archival/search entities (e.g., Google) as well as from criminals and snoops Untraceable Electronic Mail Corporate whistle-blowers Political dissidents in oppressive societies Socially sensitive communications (online AA or STD meeting) Confidential business negotiations Law Enforcement and Intelligence Sting operations and honeypots Secret communications on a public network Informers, secret agents, etc. 4

Applications of Anonymity (2) Digital/Electronic Cash Electronic currency with properties of paper money (online purchases unlinkable to buyer s identity) Anonymous Electronic Voting Censorship-Resistant Publishing Crypto-Anarchy Some people say that anarchy won't work. That's not an argument against anarchy; that's an argument against work. Bob Black J 5

Applications of Anonymity (3) Porn Libel Disinformation / Propaganda Sale of Illegal Substances (e.g., SilkRoad) Tax Avoidance (via Untraceable Payments) Incitement to Criminal Activity (e.g., Murder, Rioting, Genocide, Terrorism) 6

What is Anonymity? Anonymity: is the inability to identify someone within a set of subjects (size varies) Different from PRIVACY right to be left alone Hide your activities among similar activities by others One cannot be anonymous alone! Big difference between anonymity and confidentiality Unlinkability: of action and identity For example, sender and his email are no more related after observing communication than they were before Unobservability: (very hard to achieve) Observer cannot tell whether a certain action took place 7

Attacks on Anonymity Passive Traffic Analysis Infer from network traffic who is talking to whom To hide your traffic, must carry other people s traffic! Active Traffic Analysis Inject packets or put a timing signature on packet flow Compromise of Network Nodes (Routers) Not obvious which nodes have been compromised Attacker may be passively logging traffic It s better not to trust any individual node Assume that some fraction of nodes is good, but do not know which 8

Chaum s Mix Early proposal for anonymous email David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, February 1981. Public-key crypto + trusted re-mailer (Mix) Untrusted communication medium Public-keys used as persistent pseudonyms Before spam, people thought anonymous email was a good idea J Modern anonymity systems use Mix as the basic building block 9

Basic Mix Design B A C {r 1,{r 0,M} pk(b),b} pk(mix) {r 0,M} pk(b),b {r 5,M } pk(b),b E D {r 2,{r 3,M } pk(e),e} pk(mix) {r 4,{r 5,M } pk(b),b} pk(mix) Mix {r 3,M } pk(e),e Adversary knows all senders and all receivers, but cannot link a sent message with a received message 10

Anonymous Return Addresses M includes {K 1,A} pk(mix ), K 2 where K 2 is a fresh public key and MIX is possibly different from MIX {r 1,{r 0,M} pk(b),b} pk(mix) {r 0,M} pk(b),b MIX B A A,{{r 2,M } K 2 } K1 {K 1,A} pk(mix ), {r 2,M } K 2 Response MIX Secrecy without authentication (good for an online confession service J) 11

Mix Cascade Messages are sent through a sequence of mixes Can also form an arbitrary network of mixes ( mixnet ) Some mixes may be controlled by attacker, but even a single good mix guarantees some anonymity Pad and buffer traffic to foil correlation attacks 12

Disadvantages of Basic Mixnets Public-key encryption and decryption at each mix are computationally expensive Basic mixnets have high latency Ok for email, but not for anonymous Web browsing Challenge: low-latency anonymity network Use public-key cryptography to establish a circuit with pairwise symmetric keys between hops on the circuit Then use symmetric decryption and re-encryption to move data messages along the established circuits Each node behaves like a mix; anonymity is preserved even if some nodes are compromised 13

Another Idea: Randomized Routing Hide sources by routing messages randomly Popular technique: Crowds, Freenet, Onion routing Routers do not know if the apparent source of a message is the true sender or another router 14

Onion Routing [Reed, Syverson, Goldschlag 1997] Alice R R R 4 R 3 R 1 R R 2 R R Bob R Sender chooses a random sequence of routers Some routers are honest, some are not Sender controls path length 15

Route Establishment Alice R 1 R 2 R 3 R 4 Bob {M} pk(b) {B,k {R 4,k 3 } 4 } pk(r 4),{ } k 4 pk(r {R 3,k 2 } 3),{ } k 3 pk(r {R 2,k 1 } 2),{ } k 2 pk(r 1),{ } k 1 Routing info for each link encrypted with router s public key Each router learns only the identity of the next router 16

The Onion Router (Tor) Second-generation onion routing network http://tor.eff.org Specifically designed for low-latency anonymous Internet communications (e.g., Web browsing) Running since October 2003 Hundreds of nodes on all continents 1.5 million users as of 2016 Easy-to-use client proxy Freely available, can use it for anonymous browsing Available for smartphones and tablets too 17

Tor Circuit Setup (1) Client proxy establishes a symmetric session key and circuit with Onion Router #1 18

Tor Circuit Setup (2) Client proxy extends the circuit by establishing a symmetric session key with Onion Router #2 Tunnel through Onion Router #1 19

Tor Circuit Setup (3) Client proxy extends the circuit by establishing a symmetric session key with Onion Router #3 Tunnel through Onion Routers #1 and #2 20

Using a Tor Circuit Client applications connect and communicate over the established Tor circuit (also to multiple dst-s) Datagrams are decrypted and re-encrypted at each link 21

Tor Management Issues Many applications can share one circuit Multiple TCP streams over one anonymous connection Tor router do not need root privileges Encourages people to set up their own routers More participants = better anonymity for everyone Directory servers Maintain lists of active onion routers, their locations, current public keys, etc. Control how new routers join the network Sybil attack : attacker creates a large number of routers Directory servers keys ship with Tor code 22

Location Hidden Servers Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it Accessible from anywhere Resistant to censorship Can survive a full-blown DoS attack Resistant to physical attack Can not find the physical server! 23

Creating a Location Hidden Server Client obtains service descriptor and intro point address from directory Server creates circuits to introduction points Server gives intro points descriptors and addresses to service lookup directory 24

Using a Location Hidden Server Client creates a circuit to a rendezvous point Rendezvous point matches the circuits from client & server If server chooses to talk to client, connect to rendezvous point Client sends address of the rendezvous point and any authorization, if needed, to server through intro point 25

Deployed Anonymity Systems Free Haven project has an excellent bibliography on anonymity http://www.freehaven.net/anonbib Tor (http://tor.eff.org) Overlay circuit-based anonymity network Best for low-latency applications such as anonymous Web browsing Mixminion (http://www.mixminion.net) Network of mixes Best for high-latency applications such as anonymous email 26

Dining Cryptographers How to make a message public, but in a perfectly untraceable manner David Chaum. The dining cryptographers problem: unconditional sender and recipient untraceability. Journal of Cryptology, 1988. Guarantees information-theoretic anonymity for message senders VERY strong form of anonymity: defeats adversary who has unlimited computational power Difficult to make practical In group of size N, need N random bits to send 1 bit 27

Three-Person DC Protocol Three cryptographers are having dinner. Either NSA is paying for the dinner, or one of them is paying, but wishes to remain anonymous. 1. Each diner flips a coin and shows it to his left neighbor. Every diner sees two coins: his own and his right neighbor s 2. Each diner announces whether the two coins are the same. If he is the payer, he lies (says the opposite). 3. IF Number of same =1 or 3 Þ NSA is paying IF Number of same =0 or 2 Þ one of them is paying But a non-payer cannot tell which of the other two is paying! 28

Non-Payer s View: Same Coins same different same different?? payer payer Without knowing the coin toss between the other two, non-payer cannot tell which of them is lying 29

Non-Payer s View: Different Coins same same same same?? payer payer Without knowing the coin toss between the other two, non-payer cannot tell which of them is lying 30

Super-posed Sending This idea generalizes to any group of size N For each bit of the message, every user generates 1 random bit and sends it to ONE neighbor Every user learns 2 bits (his own and his neighbor s) Each user announces own bit XOR neighbor s bit Sender announces own bit XOR neighbor s bit XOR message bit XOR all announcements = message bit Every randomly generated bit occurs in this sum twice (and is canceled by XOR), message bit occurs once 31

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback