Anonymity With material from: Dave Levin

Similar documents
Anonymity. With material from: Dave Levin and Michelle Mazurek

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Protocols for Anonymous Communication

Anonymity and Privacy

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

0x1A Great Papers in Computer Security

CS526: Information security

CS 134 Winter Privacy and Anonymity

CPSC 467b: Cryptography and Computer Security

CNT Computer and Network Security: Privacy/Anonymity

A SIMPLE INTRODUCTION TO TOR

ENEE 459-C Computer Security. Security protocols

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

ENEE 459-C Computer Security. Security protocols (continued)

Anonymity. Christian Grothoff.

CS232. Lecture 21: Anonymous Communications

Security and Anonymity

Anonymity With Tor. The Onion Router. July 5, It s a series of tubes. Ted Stevens. Technische Universität München

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Anonymity. Assumption: If we know IP address, we know identity

Privacy defense on the Internet. Csaba Kiraly

The Loopix Anonymity System

How Alice and Bob meet if they don t like onions

CS Paul Krzyzanowski

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

DC Networks The Protocol. Immanuel Scholz

ANONYMOUS CONNECTIONS AND ONION ROUTING

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

anonymous routing and mix nets (Tor) Yongdae Kim

Anonymous Communication and Internet Freedom

Anonymous Communication and Internet Freedom

Design and Analysis of Efficient Anonymous Communication Protocols

Solution of Exercise Sheet 10

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

CS6740: Network security

Herbivore: An Anonymous Information Sharing System

Peer-to-Peer Systems and Security

Peer-to-Peer Networks 14 Security. Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Privacy Enhancing Technologies CSE 701 Fall 2017

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23

Tor: An Anonymizing Overlay Network for TCP

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Analyzing Tor s Anonymity with Machine Learning. Sanjit Bhat, David Lu May 21 st, 2017 Mentor: Albert Kwon

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Bitcoin, Security for Cloud & Big Data

Circuit Fingerprinting Attack: Passive Deanonymization of Tor Hidden Services

Anonymous communications: Crowds and Tor

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Provable Anonymity. Epistemic Logic for Anonymizing Protocols. Ichiro Hasuo. Radboud University Nijmegen The Netherlands

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Security (and finale) Dan Ports, CSEP 552

Anonymity - Lecture Notes 1

Metrics for Security and Performance in Low-Latency Anonymity Systems

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Dissent: Accountable Anonymous Group Communication

Eating from the Tree of Ignorance Part 2

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981

Introduction to Computer Security

CSCI Computer Networks

CS61A Lecture #39: Cryptography

Analysing Onion Routing Bachelor-Thesis

Anonymous Connections and Onion Routing

CPSC 467: Cryptography and Computer Security

Anonymity. Christian Grothoff.

Lecture 9. Anonymity in Cryptocurrencies

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

Cryptanalysis of a fair anonymity for the tor network

Ref:

ANET: An Anonymous Networking Protocol

DISSENT: Accountable, Anonymous Communication

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Quantum Encryption Keys

Practical Anonymity for the Masses with MorphMix

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Security in ECE Systems

Please ensure answers are neat and legible. Illegible answers may be given no points.

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

CE Advanced Network Security Anonymity II

ECE 697J Advanced Topics in Computer Networks

CS 161 Computer Security

Blum-Blum-Shub cryptosystem and generator. Blum-Blum-Shub cryptosystem and generator

Chapter 9: Key Management

A k-anonymous Communication Protocol for Overlay Networks

P 5 : A Protocol for Scalable Anonymous Communications

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Lecture 7 - Applied Cryptography

Anonymous Communications

2 ND GENERATION ONION ROUTER

Proof-of-Work & Bitcoin

CSE484 Final Study Guide

Lecture 1: Perfect Security

Wireless Network Security Spring 2014

Detecting Denial of Service Attacks in Tor

Transcription:

Anonymity With material from: Dave Levin http://www.sogosurvey.com/static/sogo_resp_images/tat_resp_images/designimg/guaranteed-anonymous-survey.png

What is anonymity? Dining cryptographers Mixnets and Tor Web/device fingerprinting

What is anonymity? An observer/attacker cannot determine who is communicating Sender anonymity: Cannot distinguish true sender from set of potential senders Receiver anonymity: Cannot distinguish true receiver from set of potential receivers

Sender anonymity Ransom note Pass a note when teacher is not looking Hang fliers / chalk messages late at night etc.

Receiver anonymity Dedicate a book/song/etc. to you know who Codes in classified ads Cold war spies: Number stations etc.

Quantifying anonymity K-anonymity: Can t distinguish sender/receiver from pool of K potential senders/receivers Most of these real-world examples are not provably anonymous how could you break the anonymity of each? We want something with stronger mathematical properties

Dining cryptographers https://4.bp.blogspot.com/-uqrm-agzcxk/t1vlvev9wmi/aaaaaaaaayy/l5cbks1fs4m/s1600/baby-girl-eating.jpg

Problem setup From David Chaum (optional reading) Three cryptographers having dinner Waiter says someone has paid Was it one of them? Or a third party? Can one of them admit to paying without the others knowing which one it was?

How to do it Each pair of cryptographers flips one coin, hidden from the 3rd person Everyone reports same or different for the two coins they can see Except, person who paid reports the wrong answer

Why does this work? A : (b_ab XOR b_ac) XOR m B : (b_ab XOR b_bc) C : (b_ac XOR b_bc) All messages: (b_ab XOR b_ab) XOR (b_ac XOR b_ac) XOR (b_bc XOR b_bc) XOR m = m

Why is this secure? Suppose you did not pay If the result is 1 (odd diff ) You can tell one of the others is lying But without coin they share, can t tell which If result is 0 (even diff ) then no anonymity issue We all know the third party paid

Potential issues Unfair coins Not executing the protocol honestly

Generalizing the protocol More than 3 people: Fine with one shared bit per pair of users More than 1 bit of data Proceed in rounds, one bit per round Now we need a shared key (one bit per round) What about collisions?

Pros and Cons Pro: Not interactive After key establishment, no crosstalk by users Make systems simpler, proofs easier Pro: Collusion is hard Generally need everyone conspiring against you Cons: Collisions / Jamming N 2 shared keys

Mixnets

Problem setup One mail server, M Lots of senders (Si) and receivers (Ri) One global observer G Goal: Send messages without G being able to determine which sender -> which receiver

Strawman protocol Every sender sends a message to M Encrypted with M s pub key Indicates intended receiver M waits for all messages; shuffles the order Send messages encrypted for recipient Why is this a strawman?

Fixing this protocol (1) Problem: Mail server reads all messages Solution: Encryption layers E(kM, Ri E(kRi, m))

Fixing this protocol (2) Problem: What if not everyone has a message Mail server might wait forever! Solution: Everyone sends every round Some is labeled as junk Wastes bandwidth/resources on junk

Fixing this protocol (3) Problem: Mail server knows who talks to who Solution: Chain of mail servers. wrapped in layers. like an onion

Only know your links S M1 M2 I only know M1 and M3 M3 M4 R

Encryption layers S etc. M1 etc. M2 E(k_M3, M4 E(k_M4, R E(k_R, m))) E(k_R, m) M3 M4 E(k_M4, R E(k_R, m)) R

Tor: The Onion Router This layers idea is the basis for Tor End-to-end path = a circuit Default = 3-hop circuits Download a big list of available peers Exit node: last hop before destination Looks like it connects to all receivers Nodes decide whether to be exit, for where

Tor vs. Mix-nets Tor doesn t assume global observer Instead, some (small) proportion of Tor nodes are assumed to be malicious Instead, eavesdroppers on a fraction of links As a result, does not batch/delay packets Which would not be very practical for many usecases, e.g. web browsing Relies on lots of cover traffic!

Confirmation vs. analysis If you suspect Alice is talking to Bob Watch both ends Confirm via timing, volume Tor instead aims to prevent analysis attacks Figure out who Alice is talking to

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback