Context. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!

Similar documents
Protocols for Anonymous Communication

0x1A Great Papers in Computer Security

CS 134 Winter Privacy and Anonymity

ENEE 459-C Computer Security. Security protocols

ENEE 459-C Computer Security. Security protocols (continued)

Anonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012

Security and Anonymity

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

CRYPTOGRAPHIC PROTOCOLS: PRACTICAL REVOCATION AND KEY ROTATION

Anonymity. Assumption: If we know IP address, we know identity

Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981

CS526: Information security

ANONYMOUS CONNECTIONS AND ONION ROUTING

Anonymity and Privacy

Peer-to-Peer Networks 14 Security. Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg

CPSC 467b: Cryptography and Computer Security

Anonymity. With material from: Dave Levin and Michelle Mazurek

CS232. Lecture 21: Anonymous Communications

Anonymity With material from: Dave Levin

A SIMPLE INTRODUCTION TO TOR

CIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Privacy Enhancing Technologies CSE 701 Fall 2017

ANET: An Anonymous Networking Protocol

Onion Routing. Submitted By, Harikrishnan S Ramji Nagariya Sai Sambhu J

Anonymity. MPRI Course on Concurrency. Lecture 14. Application of probabilistic process calculi to security. Anonymity: particular case of Privacy

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

CE Advanced Network Security Anonymity II

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Rendezvous Tunnel for Anonymous Publishing

Low Latency Anonymity with Mix Rings

Peer-to-Peer Systems and Security

Payload analysis of anonymous communication system with host-based rerouting mechanism

Privacy defense on the Internet. Csaba Kiraly

Tor: An Anonymizing Overlay Network for TCP

Introduction to Cybersecurity Digital Signatures

2 Application Support via Proxies Onion Routing can be used with applications that are proxy-aware, as well as several non-proxy-aware applications, w

Anonymous communications: Crowds and Tor

Solution of Exercise Sheet 10

MPRI Course on Concurrency. Lecture 16. The need for randomization: examples in distributed computing and in security

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Anonymization for web, fixed line, and mobile applications

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Anonymity Analysis of TOR in Omnet++

anonymous routing and mix nets (Tor) Yongdae Kim

Achieving Privacy in Mesh Networks

VAST: Versatile Anonymous System for Web Users

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015

CNT Computer and Network Security: Privacy/Anonymity

Towards measuring anonymity

Anonymous Connections and Onion Routing

Efficiency Optimisation Of Tor Using Diffie-Hellman Chain

Anonymity - Lecture Notes 1

Design and Analysis of Efficient Anonymous Communication Protocols

Lecture 8: Privacy and Anonymity Using Anonymizing Networks. CS 336/536: Computer Network Security Fall Nitesh Saxena

Design Principles for Low Latency Anonymous Network Systems Secure against Timing Attacks

Anonymity With Tor. The Onion Router. July 21, Technische Universität München

MIX Network for Location Privacy First Draft

Anonymity on the Internet. Cunsheng Ding HKUST Hong Kong

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis

How Alice and Bob meet if they don t like onions

An Optimal Strategy for Anonymous Communication Protocols

A Quantitative Analysis of Anonymous Communications

The New Cell-Counting-Based Against Anonymous Proxy

Persona: Network Layer Anonymity and Accountability for Next Generation Internet

A simple approach of Peer-to-Peer E-Cash system

The Design of an Anonymous and a Fair Novel E-cash System

Anonymity. Christian Grothoff.

ANOC: Anonymous Network-Coding-Based Communication with Efficient Cooperation

Analysis of an Anonymity Network for Web Browsing

2 ND GENERATION ONION ROUTER

Social Networking for Anonymous Communication Systems: A Survey

Efficiency of large-scale DC-networks

Addressing Privacy: Matching User Requirements with Implementation Techniques

A Privacy-Aware Service Protocol for Ubiquitous Computing Environments

11:1 Anonymous Internet Access Method for Wireless Systems

Onion services. Philipp Winter Nov 30, 2015

Herbivore: An Anonymous Information Sharing System

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Onion Routing. 1) Introduction. 2) Operations. by Harikrishnan S (M.Tech CSE) Ramji Nagariya (M.S CSE), Sai Sambhu J (M.Tech CSE).

Core: A Peer-To-Peer Based Connectionless Onion Router

A Report on Modified Onion Routing and its Proof of Concept

A Scheme for Route Optimization in Mobile IP without. Compromising Location Privacy. Yang-hua Chu, Jun Gao and Sanjay Rao

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

An Experimental Study and Analysis of Crowds based Anonymity

Analysing Onion Routing Bachelor-Thesis

Anonymous communication with on-line and off-line onion encoding

An Experimental Study and Analysis of Crowds based Anonymity

Privacy Protection over Network Communication in Manet

A New Replay Attack Against Anonymous Communication Networks

scribed below in section 5. 2 Application Support via Proxies Onion Routing can be used with applications that are proxy-aware, as well as several non

Tor: The Second-Generation Onion Router. Roger Dingledine, Nick Mathewson, Paul Syverson

Provable Anonymity. Epistemic Logic for Anonymizing Protocols. Ichiro Hasuo. Radboud University Nijmegen The Netherlands

Introduction to Computer Security

An Optimal Strategy for Anonymous Communication Protocols

The Predecessor Attack: An Analysis of a Threat to Anonymous Communications Systems

A k-anonymous Communication Protocol for Overlay Networks

Anonymous Credentials through Acid Mixing

Transcription:

Context Protocols for anonymity The nternet is a public network: Myrto Arapinis School of nformatics University of Edinburgh Routing information is public: P packet headers contain source and destination of packets Encryption does not hide identities: March 17, 2014 network routers see all traffic that passes through them encryption hides payload, but not routing information 1 / 21 Routing information can reveal who you are! 66.154.48.145 NTERNET 2 / 21 Routing information can reveal who you are! 79.170.40.232 64.131.67.188 192.185.48.150 108.168.213.84 192.254.187.105 X1.X2.X3.X4 216.240.189.1 69.25.28.142 3 / 21 4 / 21

Your P address is your D Anonymity Definition (SO/EC standard 15408) A user may use a service or resource without disclosing the users identity. this can be achieved by hiding one s activities among others similar activities Your P address leaves behind digital tracks that can be used to identify you and invade your privacy Dinning cryptographers Crowds Chaum s mix Onion routing 5 / 21 6 / 21 Three-party dinning cryptographers (3DC) protocol Three cryptographers are having dinner. Either NSA paid for the dinner, or one of the cryptographers. They want to know if it is the NSA that paid, but without revealing the identity of the cryptographer that paid in the case the NSA did not pay. 3DC protocol: 1. Each cryptographer flips a coin and shows it to his left neighbor: each cryptographer will see his own coin and his right neighbor s 2. Each cryptographer announces whether the two coins he saw are the same. f he is the payer, he lies 3. odd number of same the NSA paid even number of same one of the cryptographers paid only the payer knows he is the one who paid Superposed sending 3DC protocol generalises to any group size n (ndc) Sender wants to anonymously broadcast a message m: 1. for each bit of the m, every user generates a random bit and sends it to his left neighbor every user learns two bits: his own, and his right neighbor s 2. each user (except the sender) announces (own bit XOR neighbor s bit) 3. the sender announces (own bit XOR neighbor s bit XOR message bit) 4. XOR of all announcements = message bit every randomly generated bit occurs in this sum twice (and is canceled by XOR) message bit occurs only once 7 / 21 8 / 21

Limitations of the DC protocol The DC protocol is impractical: Requires pair-wise shared secret keys (secure channels) between the participants (to share random bits) Requires large amounts of randomness Chaum s mix [D. Chaum, Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, February 1981.] user 1 user 2 user 3 user 4 {{M1} r1 pk, S1} r 1 S1 pkmix {{ } } {{M2} r2 pk, S2} r 2 S2 pkmix {{M3} r3 pk, S1} r 3 S1 pkmix {{M4} r4 pk, S2} r 4 S2 pkmix Mix {M1} r1 pk S1, S1 { } {M3} r3 pk S1, S1 { } {M2} r2 pk S2, S2 {M4} r4 pk S2, S2 server 1 server 2 message padding and buffering to avoid time correlation attacks dummy messages are generated by the mixes themselves to prevent an attacker sending n 1 messages to a mix with capacity n, allowing him to then link the sender of the n th message with its recipient 9 / 21 11 / 21 Crowds [M. K. Reiter and A. D. Rubin, Crowds: anonymity for Web transactions. ACM Transactions on nformation and System Security.] dea: randomly route the request through a crowd of users a crowd is a group of m users; c out of m users may be corrupted an initiator that wants to request a webpage creates a path between him and the server: 1. the initiator selects a forwarder from the crowd and sends him his request Anonymity pro 2. a forwarder delivers the request directly to the server with probability 1 p f ; he forwards the request to a Figure 3.2: The Crowds protocol randomly selected new forwarder from Crowd S NOT resistant the crowd with probability forwarding p f ; theit for somebody against else. an attacker that sees new forwarder repeats the More procedure specifically a crowd is a group of m users who participate i the whole network traffic! protocol. Some of the users may be corrupted which means they can collab 3. the response from the server in order follows to reveal the identity of the originator. Let c be the number of same route in opposite direction users and p f 2 (0, 1] a parameter of the protocol. When 10 / 21 a user, calle initiator or originator, wants to request a web page he must create a between him and the server. This is achieved by the following process displayed in Figure 3.2. pastel-00003950, version 1-27 Jul 2010 Anonymous return addresses {{M, {K 1, U} r1 pk Mix, K 2} r2 pk S, S} r3 pk Mix user {{M } r5 }r6, U The initiator selects randomly a member of the crowd (possibly him and forwards the request to him. We will refer to this latter user a forwarder. A forwarder, upon receiving a request, flips a biased coin. With pro ity 1 p f he delivers the request directly to the server. With proba p f he selects randomly, with uniform probability, a new forwarder ( { } } } bly himself) and forwards the request to him. The new forwarder re the same procedure. {M, {K 1, U} r1 pk, K Mix 2} r2 pk, S S The response from the server follows the same route in the opposite direct return to the initiator. Moreover, all communication in the path is encr using a path key, mainly to defend against local eavesdroppers (see [RR9 Mix more details). Each user is considered to have access only to the tra c routed th him, so he cannot intercept messages addressed to other users. With resp the web server the protocol o ers strong anonymity. This is ensured by th that the initiator never sends the message directly to the server, there is at one step of forwarding. After this step the message server will be in possession o user with equal probability. As a consequence, the last user in the path {, U}r4 pk, {M is the one observed by the web server, } r5 Mix can be anyone with equal proba thus the web server can gain no information about the identity of the init The more interesting case, however, is the anonymity wrt a corrupted that Response participates Mix in the protocol. n this case, the initiator might try to fo the message to the attacker, so the latter can gain more information tha end server. We say that a user is detected if he sends a message to a corr user. Then it is clear that the initiator, since he always appears in a pa more likely to be detected than the rest of the users. Thus detecting a 12 / 21

Mix cascade Limitations of Chaum s mixnets {...{...{{M} r pk S, S} rn pk Mixn...} ri pk Mixi...} r1 pk Mix1 {{M} r pk S, S} rn pk Mixn {M} r pk S, S Mix 1 Mix i Mix n {...{{M} r pk S, S} rn pk Mixn...} ri pk Mixi messages are sent through a sequence of mixes some of the mixes may be corrupted a single honnest mix guarantees anonymity against an attacker controlling the whole network provided it applies: message padding buffering dummy messages Asymmetric encryption is not efficitent Dummy messages are innefficient Buffering is not efficient 13 / 21 14 / 21 Onion routing [R. Dingledine, N. Mathewson, and P. F. Syverson: Tor: The Second-Generation Onion Router, USENX Security Symposium 2004] dea: combine advantages of mixes and proxies use public-key crypto only to establish circuit use symmetric-key crypto to exchange data distribute trust like mixes But does not defend against attackers that controle the hole network 15 / 21 16 / 21

client establishes session key and circuit with Onion Router client tunnels through that circuit to extend to Onion Router 17 / 21 18 / 21 client tunnels through that extended circuit to extend to Onion Router client applications connect and communicate of established TOR circuit 19 / 21 20 / 21

a single honnest Onion Router on the TOR circuit guarantees anonymity against an attacker controlling some Onion Routers 21 / 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback