Internet Privacy. Markus Klein, Joshua Juen University of Illinois Fall 2011

Similar documents
CE Advanced Network Security Anonymity II

The New Cell-Counting-Based Against Anonymous Proxy

0x1A Great Papers in Computer Security

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols (continued)

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

Protocols for Anonymous Communication

2 ND GENERATION ONION ROUTER

A SIMPLE INTRODUCTION TO TOR

How Alice and Bob meet if they don t like onions

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

Anonymity. Assumption: If we know IP address, we know identity

A New Replay Attack Against Anonymous Communication Networks

CS526: Information security

Anonymous Communication and Internet Freedom

Onion services. Philipp Winter Nov 30, 2015

Anonymous Communication and Internet Freedom

Tor: An Anonymizing Overlay Network for TCP

Toward Improving Path Selection in Tor

Sleeping dogs lie on a bed of onions but wake when mixed

Revisiting Circuit Clogging Attacks on Tor

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Cryptanalysis of a fair anonymity for the tor network

Low Latency Anonymity with Mix Rings

CS 134 Winter Privacy and Anonymity

The Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

Message Splitting Against the Partial Adversary

Pluggable Transports Roadmap

Tor Experimentation Tools

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Low-Cost Traffic Analysis of Tor

Anonymity Analysis of TOR in Omnet++

Tor Hidden Services. Roger Dingledine Free Haven Project Electronic Frontier Foundation.

The Loopix Anonymity System

Tor. Tor Anonymity Network. Tor Basics. Tor Basics. Free software that helps people surf on the Web anonymously and dodge censorship.

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

More Anonymity Through Trust Degree in Trust-based Onion Routing

Traffic Optimization in Anonymous Networks

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

Port-Scanning Resistance in Tor Anonymity Network. Presented By: Shane Pope Dec 04, 2009

Improving stream correlation attacks on anonymous networks

Introduction to Traffic Analysis. George Danezis University of Cambridge, Computer Laboratory

Persona: Network Layer Anonymity and Accountability for Next Generation Internet

Privacy defense on the Internet. Csaba Kiraly

Preventing Active Timing Attacks in Low-Latency Anonymous Communication

On Anonymity in an Electronic Society: A Survey of Anonymous Communication Systems

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

Heartbeat Traffic to Counter (n-1) Attacks

IP address. When you connect to another computer you send it your IP address.

Metrics for Security and Performance in Low-Latency Anonymity Systems

Anonymity. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Anonymous communications: Crowds and Tor

Core: A Peer-To-Peer Based Connectionless Onion Router

OnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization

Social Networking for Anonymous Communication Systems: A Survey

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

DynaFlow: An Efficient Website Fingerprinting Defense Based on Dynamically-Adjusting Flows

Shining Light in Dark Places: Understanding the Tor Network

Mixminion: Design of a Type III Anonymous R er Protocol

Low-Resource Routing Attacks Against Tor

Tor: Online anonymity, privacy, and security.

anonymous routing and mix nets (Tor) Yongdae Kim

Attacking Tor with covert channel based on cell counting

One Fast Guard for Life (or 9 months)

Blending different latency traffic with alpha-mixing

ANONYMOUS CONNECTIONS AND ONION ROUTING

Nonesuch: a Mix Network with Sender Unobservability

Locating Hidden Servers

Telex Anticensorship in the Network Infrastructure

Impact of Network Topology on Anonymity and Overhead in Low-Latency Anonymity Networks

CSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno

Design and Analysis of Efficient Anonymous Communication Protocols

Avoiding The Man on the Wire: Improving Tor s Security with Trust-Aware Path Selection

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

CS Paul Krzyzanowski

On Flow Correlation Attacks and Countermeasures in Mix Networks

Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks

Introduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?

Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Anonymity and censorship circumvention with Tor

CS6740: Network security

Security and Anonymity

Achieving Privacy in Mesh Networks

Minx: A Simple and Efficient Anonymous Packet Format

PrivCount: A Distributed System for Safely Measuring Tor

Anonymity on the Internet. Cunsheng Ding HKUST Hong Kong

Analysing Onion Routing Bachelor-Thesis

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

Peer-to-Peer Systems and Security

Dissecting Tor Bridges A Security Evaluation of their Private and Public Infrastructures

Online Anonymity. Andrew Lewman June 8, 2010

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

surveillance & anonymity cs642 computer security adam everspaugh

Practical Traffic Analysis: Extending and Resisting Statistical Disclosure

Analysis on End-to-End Node Selection Probability in Tor Network

Countering Statistical Disclosure with Receiver-bound Cover Traffic

Transcription:

Internet Privacy Markus Klein, Joshua Juen University of Illinois Fall 2011

I have nothing to hide!...they accept the premise that privacy is about hiding a wrong. It's not." Rather, privacy is most ohen an issue of accountability and trust. Bruce Schneier 2

Who Needs Privacy? Consider the following scenario: Alice is an employee at XYZ inc. who suspects that her CFO Charlie is conducung insider trading. Bob from the FBI is invesugaung Charlie s suspected insider trading. Bob interviews Alice and decides to keep in contact with Alice. Should Alice be afraid to send informauon to Bob through the company s intranet? 3

Who Needs Privacy? Cont. Bob is a resident of Iran who wants to access internauonal news. Bob s government deems this material objecuonable and limits access to Bob The punishment to accessing such content is severe including possible imprisonment and fines This is a freedom of speech issue. Broad quesuon, should we try to help Bob circumvent censorship? 4

Why is Privacy a Problem? Every packet has a source/desunauon IP address Packets traverse unknown/untrusted networks Difficult to determine who is looking at our packets!!!! 5

Privacy the Naïve Approach In the beginning there was the proxy: Encrypt the desunauon address in the packet header and send to a trusted proxy. Proxy forwards traffic on to the desunauon CGIProxy and others. 6

Privacy the Naïve Approach cont. Problems: What if the aeacker can see the outbound traffic from the proxy? (Global Passive adversary) What if the proxy is controlled by the aeacker? Anonymity set is non- existent Goal we want a system to defeat a global passive adversary that is difficult for the adversary to control 7

High Latency Mix Nets Goal: Send high latency messages anonymously Ideal for E- mail Mixmaster, Mixminion, Babel, and many others Threat model and design goals: Resistant against a global passive adversary (can see all traffic) Distributed network of volunteers (some may be controlled by an adversary) Assume that the adversary can add, drop, reorder, and delay packets 8

Mix Net Proxy Design Make all traffic the same size and look similar by using encrypted packets Make the input/output analysis more difficult by batching and adding cover traffic At each node every T unit of Ume: Wait for N messages before forwarding Forward 60% of the messages Add dummy traffic that goes 1-4 hops Goal: even if the adversary observes all packets in a round, we want him to have 1/(Total Messages) chance to guess the sender/recipient pair 9

Mix Nets Increase the anonymity set: Use muluple routers as proxies to forward traffic each with their own public/private key. Source route traffic through the network with layered encrypuon of the headers. Each client maintains a full view of the network and chooses proxies uniformly at random from the set. 10

Mix Nets Overview 11

Mix Nets cont.? ` ` Alice Bob 12

Mix Nets: Conclusions Mix Nets are great because: Resistant to global passive adversary. Resistant to adversary controlling nodes. Impossible to correlate traffic because all traffic is idenucal. Mix Nets are bad because: They are high latency Only send one batch every Ume period T. Do not send if less than N messages. Do not send with approximately 40% probability. 13

Tor Mixnets provide high privacy guarantees but are unusable for many applicauons Goal: Design a low- latency anonymous communicauon system based on onion rouung TOR: The Onion Router 14

Tor: Low Latency Proxy Design To maintain low latency: Nodes send the packets along the circuit as quickly as possible. No batching and no rounds. No cover traffic is added. While traffic is sent in 512 B cells, the number of cells is unique depending on the load. 15

Tor: Onion RouUng Client chooses three nodes to establish a circuit to send/ receive traffic every ten minutes. Encrypt traffic so each onion router only sees the previous and next hop address Only the entry router knows the client Only the exit router knows the desunauon Example: E G (M E M (EX E EX (A ToA))) Client Entry Node Middle Node Exit Node Server A 16

Tor: Security Problem SuscepUble to end- to- end traffic analysis If the aeacker controls entry and exit nodes Correlate traffic coming into entry and exiung exit node to idenufy the client and server Thus Tor assumes a limited global passive adversary!!!! 17

Tor: Conclusions Tor is Popular The most widely deployed overlay network implemenung onion rouung Currently* 2,500 volunteer nodes running forwarding onion routers Currently* an esumated 250,000 users Protects end- to- end privacy as long as the adversary cannot compromise traffic going into the system and traffic coming out of the system. *As of January 2010 18

Papers George Danezis, Roger Dingledine, Nick Mathewson, "Mixminion: Design of a Type III Anonymous Remailer Protocol," Security and Privacy, IEEE Symposium on, p. 2, 2003 IEEE Symposium on Security and Privacy, 2003 C. Gülcü and G. Tsudik. Mixing E- mail with Babel. In Network and Distributed Security Symposium (NDSS 96), pages 2-16. IEEE, February 1996. Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker, Low- resource rouung aeacks against tor, Proceedings of the 2007 ACM workshop on Privacy in electronic society, October 29-29, 2007, Alexandria, Virginia, USA George Danezis and Claudia Diaz. A survey of anonymous communicauon channels. Technical Report MSR- TR- 2008-35, MicrosoH Research, January 2008. 19

Chipping Away at Censorship Firewalls Background As of 2010, 59 countries filter Internet traffic China, Saudi Arabia, Iran, But also France and Australia have recently garnered aeenuon with controversial filtering pracuces Problem: Present systems use proxies which can be detected and blocked by censors 20

Requirements Availability Even if a censor might block parts of the resources, the system should keep going Deniability Avoid to a certain degree that users of the system get idenufied by censors 21

Idea Make use of user- generated content Embed communicauon into user- generated content i.e. hide data in image, texts or videos Use exisung infrastructure of the Internet i.e. content hosts like Flickr, Picasa, YouTube 22

The Collage System 23

Design of Collage 24

Design of Collage Chunk Chunk Chunk Chunk Chunk The pure message Content Host Chunk The pure message Chunk Chunk Chunk Chunk Chunk Chunk 25

Design of Collage ApplicaDon Layer Message Vector e.g. image, video, Message IdenUfier (a pre- shared secret) Task: a way to send/receive data using a public data sharing- service e.g. publish a photo tagged with flowers 26

Design of Collage ApplicaDon Layer Task Database Contains pairs of tasks 27

Design of Collage Message Layer Goals: Split the message into smaller chunks Hide the chunks in user content Deliver/Receive the user content 28

Design of Collage Message Layer Send funcdon: Uses a rateless erasure encoder to split a message into chunks Encrypts the blocks from the encoder using the message idenufier Encodes the cipher text into a vector 29

Design of Collage Message Layer Receive funcdon: Looks for possible vectors with hidden data in content hosts Decodes the cipher text from the user content Decrypts the cipher text using the message idenufier When enough chunks have arrived, the rateless erasure decoder restores the original message 30

Design of Collage Vector Layer Is responsible for en- /decoding small chunks of data into a vector Relies on informauon hiding technology e.g. Steganography, Digital Watermarking 31

Design of Collage Rendezvous Use a hash- funcuon Hash all tasks and store the resulung table To find the tasks to use for a given message, hash the message idenufier and take m closest tasks The hash table has to be exchanged by all Collage members 32

Example ImplementaUon Web Content Proxy 33

EvaluaUon Big overhead in computauon, storage and transfer Ume, depending on verious factors: Type of user- generated content Method of encoding vectors Choosen Tasks For instance: Web Proxy requires 9 JPEGs to transmit 23 KB of news summary Transfer Ume approx. 1 minute 34

Guarantees None actually Achieving availability and deniability are both best effort 35

Papers BURNETT, S., FEAMSTER, N., AND VEMPALA, S. Chipping away at censorship with user- generated content. USENIX Security Symposium (2010). George Danezis, Roger Dingledine, Nick Mathewson, "Mixminion: Design of a Type III Anonymous Remailer Protocol," Security and Privacy, IEEE Symposium on, p. 2, 2003 IEEE Symposium on Security and Privacy, 2003 C. Gülcü and G. Tsudik. Mixing E- mail with Babel. In Network and Distributed Security Symposium (NDSS 96), pages 2-16. IEEE, February 1996. Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, Douglas Sicker, Low- resource rouung aeacks against tor, Proceedings of the 2007 ACM workshop on Privacy in electronic society, October 29-29, 2007, Alexandria, Virginia, USA George Danezis and Claudia Diaz. A survey of anonymous communicauon channels. Technical Report MSR- TR- 2008-35, MicrosoH Research, January 2008. 36

Discussion Switching the perspecuve: Can you think of any good argument which may legiumate censorship? Tor sacrifices some anonymity for lower latency. Do you think that Tor s assumpuons about the adversary are realisuc with respect to users need for privacy? Avoiding censorship requires hiding the act of communicauon. The method here uulized user generated content. What are some other hidden channels of communicauon available for such systems? 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback