Privacy at the communication layer

Similar documents
Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

TRAFFIC ANALYSIS: or... encryption is not enough

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

anonymous routing and mix nets (Tor) Yongdae Kim

Anonymous communications: Crowds and Tor

0x1A Great Papers in Computer Security

CS Paul Krzyzanowski

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

CS232. Lecture 21: Anonymous Communications

CS526: Information security

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

A SIMPLE INTRODUCTION TO TOR

Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Anonymity. Assumption: If we know IP address, we know identity

CS6740: Network security

Anonymous Communications

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Herbivore: An Anonymous Information Sharing System

Crowds Anonymous Web Transactions. Why anonymity?

Metrics for Security and Performance in Low-Latency Anonymity Systems

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

CE Advanced Network Security Anonymity II

Protocols for Anonymous Communication

How Alice and Bob meet if they don t like onions

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

The Loopix Anonymity System

Privacy Enhancing Technologies

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

CS 134 Winter Privacy and Anonymity

Anonymous communications and systems

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

Anonymity. With material from: Dave Levin and Michelle Mazurek

2 ND GENERATION ONION ROUTER

Anonymous Communication and Internet Freedom

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Dark Web. Ronald Bishof, MS Cybersecurity. This Photo by Unknown Author is licensed under CC BY-SA

CSC Network Security

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

Anonymous Communication and Internet Freedom

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

IP address. When you connect to another computer you send it your IP address.

Tor: An Anonymizing Overlay Network for TCP

Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures

Bitcoin, Security for Cloud & Big Data

ENEE 459-C Computer Security. Security protocols

System Models. 2.1 Introduction 2.2 Architectural Models 2.3 Fundamental Models. Nicola Dragoni Embedded Systems Engineering DTU Informatics

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

ENEE 459-C Computer Security. Security protocols (continued)

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Online Anonymity & Privacy. Andrew Lewman The Tor Project

Anonymity and Privacy

CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23

Privacy Enhancing Technologies CSE 701 Fall 2017

Privacy SPRING 2018: GANG WANG

Network Security (PhD Section)

SIP and VoIP What is SIP? What s a Control Channel? History of Signaling Channels

Introduction to Cybersecurity Digital Signatures

Practical Anonymity for the Masses with MorphMix

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

Tor: a brief intro. Roger Dingledine The Tor Project

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Challenges in building overlay networks: a case study of Tor. Steven Murdoch Principal Research Fellow University College London

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Heartbeat Traffic to Counter (n-1) Attacks

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

CNT Computer and Network Security: Privacy/Anonymity

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Practical Anonymity for the Masses with Mix-Networks

Anonymity. Christian Grothoff.

CS Final Exam

SECURE COMMUNICATIONS: PAST, PRESENT, FUTURE

Network Security - ISA 656 Routing Security

Peeling Onions Understanding and using

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

FBI Tor Overview. Andrew Lewman January 17, 2012

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz II

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Anonymity Analysis of TOR in Omnet++

P 5 : A Protocol for Scalable Anonymous Communications

Design and Analysis of Efficient Anonymous Communication Protocols

20-CS Cyber Defense Overview Fall, Network Basics

Security I exercises

Privacy & Cookie Statement

CSE484 Final Study Guide

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

CS 161 Computer Security

Extremely Sensitive Communication

CS November 2017

Network Security. Thierry Sans

Transcription:

Privacy at the communication layer CS-721 https://spring.epfl.ch/cs721-privacy-at-the-communication-layer/ Carmela Troncoso http://carmelatroncoso.com/

While (course) do { This course End of lecture - Small intro to next topic - Assign a paper and Defender/Critic Pre-lecture - Read the paper - All provide a Review by Monday 3pm } Lecture - Defender presents the paper (15-30 free format) - Critic presents his view - Comment your reviews and learned lessons By end of course: propose one attack or one defense Up to 3 pages describing: attacker model, attack/defense, proposed evaluation

Reviews Free format Recommendations (for any academic review): - Have a structure - The conclusion should be clear - Be constructive. Write the review you d like to read - Think big. Many small flaws may not be a reason for rejection. Try to extract the contribution - new approach? - will people construct on it? - fundamental result?

My structure (not binding) Summary: helps the authors know what you understood (calibrate your review) General comments: comments about issues global to the paper: motivation, threat model, overall design, flaws in evaluation Specific comments: comments about particular issues in Section X, in page Y Minor comments: editorial comments, typos, suggestions (other people like Strengths/weaknesses)

Privacy at the communication layer Dear Dr., Can we change my chemo appointment? A. A Network

Privacy at the communication layer Intelligence agencies Dear Dr., Can we change my chemo appointment? A. ISPs A Network

Privacy at the communication layer Intelligence agencies SysAdmin s The Boss Dear Dr., Can we change my chemo appointment? A. ISPs A Network

Privacy at the communication layer Intelligence agencies SysAdmin s The Boss Your Parents Your Children Dear Dr., Can we change my chemo appointment? A. ISPs A Network

Privacy at the communication layer Intelligence agencies SysAdmin s The Boss Your Parents Anybody curious Your Children Dear Dr., Can we change my chemo appointment? A. ISPs A Network

The adversary is anyone and she is VERY powerful Intelligence agencies SysAdmin s The Boss Your Parents Anybody curious Your Children Dear Dr., Can we change my chemo appointment? A. ISPs A Network

But we can encrypt! What is the problem? Dear Dr., Can we change my chemo appointment? A. A Network

But we can encrypt! What is the problem? %Q}!$#!{}{ @%%:@} @$@@ }{}{@@}{}@{@ {@}@#$ }{%@$%@@# @${P%@@}}}~ <>}@!@ A Network

But we can encrypt! What is the problem? %Q}!$#!{}{ @%%:@} @$@@ }{}{@@}{}@{@ {@}@#$ }{%@$%@@# @${P%@@}}}~ <>}@!@ A Network Ethernet (IEEE 802.3, 1997)

But we can encrypt! What is the problem? %Q}!$#!{}{ @%%:@} @$@@ }{}{@@}{}@{@ {@}@#$ }{%@$%@@# @${P%@@}}}~ <>}@!@ Alic e A Network Ethernet (IEEE 802.3, 1997)

But we can encrypt! What is the problem? %Q}!$#!{}{ @%%:@} @$@@ }{}{@@}{}@{@ {@}@#$ }{%@$%@@# @${P%@@}}}~ <>}@!@ A Network Ethernet (IEEE 802.3, 1997)

But we can encrypt! What is the problem? %Q}!$#!{}{ @%%:@} @$@@ }{}{@@}{}@{@ {@}@#$ }{%@$%@@# @${P%@@}}}~ <>}@!@ A Network Ethernet (IEEE 802.3, 1997) Same for IP, TCP, SMTP, IRC, HTTP,...

But we can encrypt! What is the problem? %Q}!$#!{}{ @%%:@} @$@@ }{}{@@}{}@{@ {@}@#$ }{%@$%@@# @${P%@@}}}~ <>}@!@ Destination IP web Dr. Oncologist A Network Ethernet (IEEE 802.3, 1997) Same for IP, TCP, SMTP, IRC, HTTP,...

OMG!! Meta Data is also sensitive!! %Q}!$#!{}{ @%%:@} @$@@ }{}{@@}{}@{@ {@}@#$ }{%@$%@@# @${P%@@}}}~ <>}@!@ Destination IP web Dr. Oncologist A Network Ethernet (IEEE 802.3, 1997) Same for IP, TCP, SMTP, IRC, HTTP,...

Traffic analysis: meta data analysis Wikipedia: traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication Making use of just traffic data of a communication (aka metadata) to extract information (as opposed to analyzing content or perform cryptanalysis) Identities of communicating parties Timing, frequency, duration Location Volume Device Military Roots - M. Herman: These non-textual techniques can establish targets' locations, order-ofbattle and movement. Even when messages are not being deciphered, traffic analysis of the target's Command, Control, Communications and intelligence system and its patterns of behavior provides indications of his intentions and states of mind - WWI: British troops finding German boats. - WWII: assessing size of German Air Force, fingerprinting of transmitters or operators (localization of troops). Nowadays - Diffie&Landau: Traffic analysis, not cryptanalysis, is the backbone of communications intelligence - Stewart Baker (NSA): metadata absolutely tells you everything about somebody s life. If you have enough metadata, you don t really need content. - Tempora, MUSCULAR XkeyScore, PRISM - Also good uses: recommendations, location-based services, Herman, Michael. Intelligence power in peace and war. Cambridge University Press, 1996. Diffie, Whitfield, and Susan Landau. Privacy on the line: The politics of wiretapping and encryption. MIT press, 2010. http://www.theguardian.com/world/interactive/2013/nov/01/snowden-nsa-files-surveillance-revelations-decoded

Anonymous communications against Traffic Analysis If you are a cyber-criminal! DRM infringement, hacker, spammer, terrorist, etc. But, also if you are: Journalist Whistleblower Human rights activist Business executive Military/intelligence personnel Abuse victims And normal people?? - Avoid tracking by advertising companies - Protect sensitive personal information from businesses, like insurance companies, banks, etc. - Express unpopular or controversial opinions - Have a dual life A professor who is a pro in LoL! - Try uncommon things -It feels good to have some privacy!

But, It s Hard to be Anonymous! Your network location (IP address) can be linked to you ISPs store communications records Usually for several years (Data Retention Laws) Law enforcement can subpoena these records Your application is being tracked Cookies, Flash cookies, E-Tags, HTML5 Storage Centralized services like Skype, Google voice Browser fingerprinting Your activities can be used to identify you Unique websites and apps that you use Types of links that you click

You Have to Protect at All Layers! While Maintaining Efficiency

You Have to Protect at All Layers! While Maintaining Efficiency

Anonymous communications adversary Observe All links (Global Passive Adversary) Some links Modify delay delete or inject messages Control some nodes in the network. The adversary s' limitations Cannot break cryptographic primitives Cannot see inside nodes he does not control

Anonymity PROPERTIES Sender anonymity: cannot know who is Receiver anonymity: cannot know who is Bidirectional anonymity: and cannot know who each other is 3 rd party anonymity: and can know each other, but Sauron doesn't Unobservability: Sauron cannot tell if or send/receive Unlinkability: Two messages cannot be linked to /

Quantifying anonymity How much anonymous we are? Anonymity Set Who sent this message? Dear Dr., Can we change my chemo appointment? A. A Network

Quantifying anonymity How much anonymous we are? Anonymity Set Who sent this message? Dear Dr., Can we change my chemo appointment? A. A Network

Quantifying anonymity How much anonymous we are? Anonymity Set Who sent this message? Dear Dr., Can we change my chemo appointment? A. A Network

Quantifying anonymity How much anonymous we are? Anonymity Set Who sent this message? Dear Dr., Can we change my chemo appointment? A. A Network Larger anonymity set = stronger anonymity

Quantifying anonymity How much anonymous we are? Anonymity Set Who sent this message? t Dear Dr., Can we change my chemo appointment? A. A Network Larger anonymity set = stronger anonymity

Quantifying anonymity How much anonymous we are? Anonymity Set Who sent this message? H(x) Pr[sender] t Dear Dr., Can we change my chemo appointment? A. A Network Larger anonymity set = stronger anonymity

Quantifying anonymity How much anonymous we are? Anonymity Set Who sent this message? H(x) Pr[sender] t Dear Dr., Can we change my chemo appointment? A. A Network Larger anonymity set = stronger anonymity

Quantifying anonymity Anoa Framework Game à la crypto // Differential privacy Run the protocol (aka anonymous communication system) with different senders and check that the adversary cannot distinguish them

How do we build anonymous communications

Trivial: Anonymity through Broadcasting Dave Charlie Fred

Trivial: Anonymity through Broadcasting Dave Charlie E(msg) Fred

Trivial: Anonymity through Broadcasting E(Junk) E(Junk) Dave Charlie E(msg) Fred E(Junk)

Trivial: Anonymity through Broadcasting Simple receiver anonymity E(Junk) E(Junk) Dave Charlie E(msg) Fred E(Junk)

Trivial: Anonymity through Broadcasting Simple receiver anonymity E(Junk) E(Junk) Point 1: Do not re-invent this Dave Charlie E(msg) Fred E(Junk)

Trivial: Anonymity through Broadcasting Simple receiver anonymity Dave Charlie E(Junk) E(Junk) E(msg) Point 1: Do not re-invent this Point 2: Many ways to do broadcast - Ring - Trees It has all been done (Buses) Fred E(Junk)

Trivial: Anonymity through Broadcasting Simple receiver anonymity Dave Charlie E(Junk) E(Junk) E(msg) Point 1: Do not re-invent this Point 2: Many ways to do broadcast - Ring - Trees It has all been done (Buses) Point 3: Is your anonymity system better than this? Fred E(Junk)

Trivial: Anonymity through Broadcasting Simple receiver anonymity Dave Charlie E(Junk) E(Junk) E(msg) Point 1: Donotre-inventthis Point 2: Many ways to do broadcast - Ring - Trees Ithas all been done (Buses) Point 3:Is your anonymity systembetterthanthis? Point 4: Whatarethe problems here? Fred E(Junk) Coordination Sender anonymity Latency Bandwidth

The Chaumian mix (1981) cryptographic relays to break the link between sender and receiver Zelda Walter E MIX (msg, Charlie) E(msg) Dave mi x Charlie Victor Fred

The Chaumian mix (1981) cryptographic relays to break the link between sender and receiver Zelda Walter E MIX (msg, Charlie) E(msg) Dave mi x Charlie Victor Fred

The Chaumian mix (1981) cryptographic relays to break the link between sender and receiver Zelda Walter E MIX (msg, Charlie) E(msg) Dave Victor mi x Bitwise Unlinkability Computational security (cryptography-based) Charlie Fred

The Chaumian mix (1981) cryptographic relays to break the link between sender and receiver Zelda Walter E MIX (msg, Charlie) E(msg) Dave Victor mi x Traffic analysis resistance destroy metadata Batch + (delay, inject, drop) Charlie Fred

The Chaumian mix (1981) cryptographic relays to break the link between sender and receiver Zelda Walter E MIX (msg, Charlie) E(msg) Dave Victor mi x One-proxy problems - Low throughput. - Corrupt Proxy or Proxy hacked / coerced. - Real case: Penet.fi vs the church of scientology (1996) Charlie Fred

Solution: Mix networks Receivers Senders Bitwise unlinkability Crypto to make inputs and outputs bit patterns different (re)packetizing + (re)schedule + (re)routing, Destroy patterns (traffic analysis resistance) Load balancing Distribute trust

Solution: Mix networks Receivers Senders 2 4 1 Bitwise unlinkability Crypto to make inputs and outputs bit patterns different (re)packetizing + (re)schedule + (re)routing, Destroy patterns (traffic analysis resistance) Load balancing Distribute trust A->M 2 : {M 4, {M 1,{B, Msg} M1 } M4 } M2

Solution: Mix networks Rely on more mixes good idea - Distributing trust some could be dishonest - Distributing load fewer messages per mix Two extremes - Mix Cascades All messages are routed through a preset mix sequence Good for anonymity poor load balancing - Free routing Each message is routed through a random sequence of mixes Security parameter: L then length of the sequence

Mix networks Who are the others? The (n-1) attack active attack Zelda Walter Dave mix Charlie Victor Fred

Mix networks Who are the others? The (n-1) attack active attack Wait or flush the mix. Block all incoming messages (trickle) and injects own messages (flood) Zelda Walter Dave mix Charlie Victor Fred

Mix networks Who are the others? The (n-1) attack active attack Wait or flush the mix. Block all incoming messages (trickle) and injects own messages (flood) Zelda Walter Dave mix Charlie Victor Fred

Who are the others? Mitigating N-1 attacks Strong identification to ensure distinct identities Problem: user adoption

Who are the others? Mitigating N-1 attacks Strong identification to ensure distinct identities Problem: user adoption Message expiry Messages are discarded after a deadline Adversary cannot flush the mix, and inject messages unnoticed

Who are the others? Mitigating N-1 attacks Strong identification to ensure distinct identities Problem: user adoption Message expiry Messages are discarded after a deadline Adversary cannot flush the mix, and inject messages unnoticed Heartbeat traffic Mixes route messages in a loop back to themselves Detect whether an adversary is blocking messages Forces adversary to subvert everyone, all the time

Who are the others? Mitigating N-1 attacks Strong identification to ensure distinct identities Problem: user adoption Message expiry Messages are discarded after a deadline Adversary cannot flush the mix, and inject messages unnoticed Heartbeat traffic Mixes route messages in a loop back to themselves Detect whether an adversary is blocking messages Forces adversary to subvert everyone, all the time General instance of the Sybil Attack

Mixes are slooooow Low-latency anonymous communications Onion Routing: anonymize streams!

Mixes are slooooow Low-latency anonymous communications Onion Routing: anonymize streams!

Mixes are slooooow Low-latency anonymous communications Onion Routing: anonymize streams! Next week

Key takeaways Anonymity requires a crowd Making one on your own expensive (broadcast) Who are the others? Hard problem Mix networks Practical anonymous messaging Bitwise unlinkability / traffic analysis resistance Distribution: Cascades vs. Free route networks Onion Routing next week

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback