Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Similar documents
0x1A Great Papers in Computer Security

Protocols for Anonymous Communication

ENEE 459-C Computer Security. Security protocols (continued)

ENEE 459-C Computer Security. Security protocols

CS 134 Winter Privacy and Anonymity

Tor: An Anonymizing Overlay Network for TCP

A SIMPLE INTRODUCTION TO TOR

CS526: Information security

Anonymity. Assumption: If we know IP address, we know identity

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

2 ND GENERATION ONION ROUTER

CE Advanced Network Security Anonymity II

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

How Alice and Bob meet if they don t like onions

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

Analysing Onion Routing Bachelor-Thesis

Anonymous communications: Crowds and Tor

Anonymity and Privacy

Privacy defense on the Internet. Csaba Kiraly

2 Application Support via Proxies Onion Routing can be used with applications that are proxy-aware, as well as several non-proxy-aware applications, w

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Onion services. Philipp Winter Nov 30, 2015

ANET: An Anonymous Networking Protocol

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

Anonymity in P2P Systems

Anonymous Connections and Onion Routing

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

What's the buzz about HORNET?

A Peel of Onion. Paul Syverson U.S. Naval Research Laboratory.

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

Practical Anonymity for the Masses with MorphMix

Anonymity. With material from: Dave Levin and Michelle Mazurek

ANONYMOUS CONNECTIONS AND ONION ROUTING

CS Paul Krzyzanowski

Valet Services: Improving Hidden Servers with a Personal Touch

Peer-to-Peer Systems and Security

Privacy SPRING 2018: GANG WANG

UNIT - IV Cryptographic Hash Function 31.1

Metrics for Security and Performance in Low-Latency Anonymity Systems

Privacy Enhancing Technologies CSE 701 Fall 2017

Computer Networks & Security 2016/2017

Anonymous Communication and Internet Freedom

Anonymous Communications

Anonymous Communication and Internet Freedom

Valet Services: Improving Hidden Servers with a Personal Touch

Social Networking for Anonymous Communication Systems: A Survey

Anonymity. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

The New Cell-Counting-Based Against Anonymous Proxy

Tor: Online anonymity, privacy, and security.

Deanonymizing Tor. Colorado Research Institute for Security and Privacy. University of Denver

Towards measuring anonymity

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

Host Website from Home Anonymously

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

Lecture 8: Privacy and Anonymity Using Anonymizing Networks. CS 336/536: Computer Network Security Fall Nitesh Saxena

Detecting Denial of Service Attacks in Tor

Anonymity Analysis of TOR in Omnet++

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

Anonymity on the Internet. Cunsheng Ding HKUST Hong Kong

Low Latency Anonymity with Mix Rings

Peer-to-Peer Networks 14 Security. Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg

CS6740: Network security

Genuine onion: Simple, Fast, Flexible, and Cheap Website Authentication

Introduction to Cryptography Lecture 7

Rendezvous Tunnel for Anonymous Publishing

Security and Anonymity

scribed below in section 5. 2 Application Support via Proxies Onion Routing can be used with applications that are proxy-aware, as well as several non

Core: A Peer-To-Peer Based Connectionless Onion Router

Strongly Anonymous Communications in Mobile Ad Hoc Networks

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

anonymous routing and mix nets (Tor) Yongdae Kim

Achieving Privacy in Mesh Networks

Cryptography CS 555. Topic 1: Course Overview & What is Cryptography

Key Establishment and Authentication Protocols EECE 412

Chapter 10 : Private-Key Management and the Public-Key Revolution

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

The Loopix Anonymity System

Cryptanalysis of a fair anonymity for the tor network

Scalable overlay Networks

A k-anonymous Communication Protocol for Overlay Networks

CNT Computer and Network Security: Privacy/Anonymity

Transcription:

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung

Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym? proxy? traffic analysis problem 3. Still receive a reply hidden return address

Despite.. No trusted authority cannot send the mail to this and ask to forward Insecure underlying communication cannot send the mail over hot channel attacker can eavesdrop any message on any link attacker can inject/modify/record any messeges

Good news(?) public key public key pk(a)? private key Alice Bob Given: Everybody knows Bob s public key Only Bob knows the corresponding private key Assumptions: 1. Attacker cannot guess the private key based on public key 2. Attacker cannot convince Alice a wrong public key of Bob - How to achieve this in real world? slide 4

Basic Mix Design B {r 1,{r 0,M} pk(b),b} pk(mix) {r 0,M} pk(b),b A C {r 5,M } pk(b),b E {r 2,{r 3,M } pk(e),e} pk(mix) D {r 4,{r 5,M } pk(b),b} pk(mix) Mix {r 3,M } pk(e),e Adversary knows all senders and all receivers, but cannot link a sent message with a received message slide 5

Anonymous Return Address (0) {r 1,{r 0,M} pk(b),b} pk(mix) {r0,m} pk(b),b MIX B A A,{r 2,M } pk(a) Response MIX {r 3, {r 2,M } pk(a),a} pk(mix) What s wrong with this? - B knows who A is! slide 6

Anonymous Return Address (1) message includes K where K is a fresh public key {r 1,K,{r 0,K,M} pk(b),b} pk(mix) {r0,k,m} pk(b),b MIX B A A,{r 2,M } K Response MIX {K, {r 2,M } K } pk(mix) what s wrong with this?? MIX knows that A=K (traceable) slide 7

Anonymous Return Address (2) Q: Why A needs to encrypt {K 1,A} pk(mix), not B? M includes {K 1,A} pk(mix), K 2 where K 2 is a fresh public key {r 1,{r 0,M} pk(b),b} pk(mix) {r0,m} pk(b),b MIX B A A,{{r 2,M } K 2 } K1 {K 1,A} pk(mix), {r 2,M } K 2 Response MIX Secrecy without authentication (good for an online confession service ) slide 8

Mix Cascade Messages are sent through a sequence of mixes Can also form an arbitrary network of mixes ( mixnet ) Some of the mixes may be controlled by attacker, but even a single good mix guarantees anonymity Pad and buffer traffic to foil correlation attacks slide 9

Small tricks Size-based correlation send in fixed size blocks Timing-based correlation send a random string even in idle times Frequency-based correlation send always at maximum rate

Disadvantages of Basic Mixnets Public-key encryption and decryption at each mix are computationally expensive Basic mixnets have high latency Ok for email, not Ok for anonymous Web browsing Challenge: low-latency anonymity network Use public-key cryptography to establish a circuit with pairwise symmetric keys between hops on the circuit Then use symmetric decryption and re-encryption to move data messages along the established circuits Each node behaves like a mix; anonymity is preserved even if some nodes are compromised slide 11

Another Idea: Randomized Routing Hide message source by routing it randomly Popular technique: Crowds, Freenet, Onion routing Routers don t know for sure if the apparent source of a message is the true sender or another router slide 12

Onion Routing [Reed, Syverson, Goldschlag 97] Alice R R R 1 R 2 R 3 R 4 R R R R Bob Sender chooses a random sequence of routers Some routers are honest, some controlled by attacker Sender controls the length of the path slide 13

Route Establishment Alice R 1 R 2 R 3 R 4 Bob {M} pk(b) {B,k {R 4,k 3 } 4 } pk(r 4) pk(r {R 2,k 1 } pk(r 1),{ {R 3,k 2 } 3),{,{ } k4 } k 3 pk(r 2),{ } k 2 } k1 Routing info for each link encrypted with router s public key Each router learns only the identity of the next router slide 14

Location Hidden Servers Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it Accessible from anywhere Resistant to censorship Can survive full-blown DoS attack Resistant to physical attack Can t find the physical server! slide 15

Creating a Location Hidden Server Client obtains service descriptor and intro point address from directory Server creates onion routes to introduction points Server gives intro points descriptors and addresses to service lookup directory slide 16

Using a Location Hidden Server Client creates onion route to a rendezvous point Rendezvous point mates the circuits from client & server If server chooses to talk to client, connect to rendezvous point Client sends address of the rendezvous point and any authorization, if needed, to server through intro point slide 17

Deployed Anonymity Systems Free Haven project has an excellent bibliography on anonymity http://freehaven.net/anonbib/date.html TOR (http://www.torproject.org/) Overlay circuit-based anonymity network Best for low-latency applications such as anonymous Web browsing Mixminion (http://www.mixminion.net) Network of mixes Designed for high-latency applications such as anonymous email slide 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback