1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum.

Slides:



Advertisements
Similar presentations
Aaron Johnson with Joan Feigenbaum Paul Syverson
Advertisements

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)
Internetworking II: MPLS, Security, and Traffic Engineering
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
Analysis of Onion Routing Presented in by Jayanthkumar Kannan On 10/8/03.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
Anonymity on the Web: Onion routing and Crowds. 2 Outline  the problem of user privacy  basic concepts of anonymous communication  MIXes  Onion routing.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger.
Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
Lecture 14: Anonymity on the Web (cont) Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.
Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.
R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.
Proxy Servers.
Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.
The Silk Road: An Online Marketplace
Onion Routing R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
The Tor Network BY: CONOR DOHERTY AND KENNETH CABRERA.
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
K. Salah1 Security Protocols in the Internet IPSec.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.
IPSecurity.
Anonymous Internet Protocols
Anonymous Communication
Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017
Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin
The University of Adelaide, School of Computer Science
0x1A Great Papers in Computer Security
Anonymous Communication
Anonymous Communication
Computer Networks Protocols
Anonymous Communication
Presentation transcript:

1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum

2 Outline r Overview and Concepts r Anonymous Schemes m Onion Routing m Crowd m Hordes m Incomparable Public Keys

3 Motivation r Is Internet communication private? r No!... Why? m Routing information is completely ‘open’ (visible) to the network and its users. e.g. IP Source, IP destination addresses. m Traffic Analysis can result in loss of privacy throwing up patterns showing communication propensities of internet users.

4 Motivation... r Do we need private communication? r Yes… m Existence of inter-company collaboration may be confidential m users may not wish to reveal who they are communicating with, to the rest of the world m Anonymity may also be desirable: anonymous e-cash is not very anonymous if delivered with a return address m Web based shopping or browsing of public databases should not require revealing one’s identity

5 Anonymity Properties r Types of Anonymity Sender Anonymity Receiver Anonymity Unlinkability of sender and receiver r Model of the Attacker Eavesdropper Collaboration of parties r Anonymity Degree

6 Concept: Mix Networks r First outlined by Chaum in 1981 r Provide anonymous communication m High latency m Message-based (“message-oriented”) m One-way or two-way

7 Mix Networks UsersMixesDestinations

8 Mix Networks 1.User selects a sequence of mixes and a destination. 2.Onion-encrypt the message. M1M1 M2M2 M3M3 ud Protocol Onion Encrypt 1.Proceed in reverse order of the user’s path. 2.Encrypt (message, next hop) with the public key of the mix. {{{ ,d} M 3,M 3 } M 2,M 2 } M 1 Adversary UsersMixesDestinations

9 Mix Networks 1.User selects a sequence of mixes and a destination. 2.Onion-encrypt the message. 3.Send the message, removing a layer of encryption at each mix. M1M1 M2M2 M3M3 ud Protocol Onion Encrypt 1.Proceed in reverse order of the user’s path. 2.Encrypt (message, next hop) with the public key of the mix. {{{ ,d} M 3,M 3 } M 2,M 2 } M 1 Adversary UsersMixesDestinations

10 Mix Networks 1.User selects a sequence of mixes and a destination. 2.Onion-encrypt the message. 3.Send the message, removing a layer of encryption at each mix. M1M1 M2M2 M3M3 ud Protocol Onion Encrypt 1.Proceed in reverse order of the user’s path. 2.Encrypt (message, next hop) with the public key of the mix. {{ ,d} M 3,M 3 } M 2 Adversary UsersMixesDestinations

11 Mix Networks 1.User selects a sequence of mixes and a destination. 2.Onion-encrypt the message. 3.Send the message, removing a layer of encryption at each mix. M1M1 M2M2 M3M3 ud Protocol Onion Encrypt 1.Proceed in reverse order of the user’s path. 2.Encrypt (message, next hop) with the public key of the mix. { ,d} M 3 Adversary UsersMixesDestinations

12 Mix Networks 1.User selects a sequence of mixes and a destination. 2.Onion-encrypt the message. 3.Send the message, removing a layer of encryption at each mix. M1M1 M2M2 M3M3 ud Protocol Onion Encrypt 1.Proceed in reverse order of the user’s path. 2.Encrypt (message, next hop) with the public key of the mix.  Adversary UsersMixesDestinations

13 Mix Networks ud Adversary Anonymity? 1.No one mix knows both source and destination. 2.Adversary cannot follow multiple messages through the same mix. 3.More users provides more anonymity. ve wf UsersMixesDestinations

14 How Onion Routing Works User u running client Internet destination d Routers running servers ud

15 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. ud

16 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. {{{  } 3 } 4 } 1 ud

17 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. {{  } 3 } 4 ud

18 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. {}3{}3 ud

19 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged.  ud

20 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. ’’ ud

21 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. {  ’} 3 ud

22 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. {{  ’} 3 } 4 ud

23 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. {{{  ’} 3 } 4 } 1 ud

24 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. 4.Stream is closed. ud

25 How Onion Routing Works 1. u creates 3-hop circuit through routers (u.a.r.). 2. u opens a stream in the circuit to d. 3.Data are exchanged. 4.Stream is closed. 5.Circuit is changed every few minutes. ud

26 Onion Routing r Provides m An infrastructure for Private Communication over a Public Network m Anonymity of endpoints of communication m Bi-directional and near real-time communication m Resistance to eavesdropping from Network Outside Observers of the network r Can be substituted for sockets

27 A Forward Onion X exp_time x, Y, F fx, K fx, F bx, K bx, Y exp_time y, Z, F fy, K fy, F by, K by, Z exp_time z, Null, F fz, K fz, F bz, K bz, Padding

28 Protocol Operation r Establish Anonymous connection through a series of ORs (Onion Router) instead of a direct socket connection to the destination. r “Initiator” makes a socket connection to an Application Specific Proxy on first OR. r Onion Proxy defines the route m Constructs a layered structure (Onion) and sends it through the network to establish the Virtual Circuit (same as ATM Virtual Circuit Establishment with VPI/VCI). m Onion passes through the entire path to the responder proxy => all involved ORs are initialized with relevant information to encrypt/ decrypt forward/backward data. m Now, initiator’s proxy starts sending data through the anonymous connection.

29 Protocol Operation (contd...) r Each layer of the onion defines a next hop in the route. r An OR, on receiving an onion m peels off its layer m chooses new values for incoming/outgoing VCIs. m identifies next hop m sends the embedded onion to that next hop OR. r Each Onion Layer also contains Keys m Keys are used for crypting data sent forward/backward. m When the onion bounces along, they are stored at each intermediate hop (i.e., OR). r Last OR forwards data to Responder’s Proxy that m Sits on the firewall of the responder’s sensitive site. m Passes data between ORN and the responder.

30 The Onion r PK x : Public Key of the OR m The OR has the corresponding private key for decrypting the message. r next_hop: Next OR in the connection path r F f, K f - Forward data cryption operation Function/Key pair r F b, K b - Backward data cryption operation Function/Key pair m Functions defined for F 0  Identity (No Encryption) 1  DES OFB (Output Feedback Mode) 2  RC4 (128 bit key) r payload: The (similar) embedded onion m Passed on to the ‘next_hop’ r exp_time: Expiry time until which onion the onion is kept to prevent replay.

31 The Onion (contd...) r What happens to the onion at each hop? m It shrinks in size m Compromised nodes can infer route information from this monotonically diminishing size. m So, a random bit string is appended to the end of the payload before forwarding. m Even ‘constant’ size onion might be traced unless all onions have the same size, so the size of the onion is (universally) standardized (fixed).

32 Reply Onion Z exp_time z, Y, F bz, K bz, F fz, K fz, Y exp_time y, X, F by, K by, F fy, K fy, X exp_time x, W, F bx, K bx, F fx, K fx, W exp_time w, Null, Null, Null, Null, Null, {IDENTITY, F bx, K bx, F fx, K fx, F by, K by, F fy, K fy, F bz, K bz, F fz, K fz, Padding }

33 Reply Onion r How to reply anonymously? m Send a reply onion embedded as payload in the forward onion m Responder proxy sends this Reply Onion on the reverse path till the Initiator’s Proxy m VC set-up by Forward Onion, so data path is already established. r The Reply Onion is m Exactly the same as the Forward onion except that the innermost payload has Enough information to enable the initiator’s proxy to reach the initiator All cryptographic function/key pairs that are to crypt data along the Virtual Circuit m Processing it is same as processing a Forward Onion m Usable only once So multiple reply onions need to be sent if multiple replies are required.

34 Crowd jondo blender Request admittance Information to enable jondo to participate “blending into a crowd” i.e. hiding one’s actions within the actions of many others How does it work?

35 Crowd (contd...) Crowd Geographically diverse group Request from browser

Crowd (features) r Data may be in the clear: no protection wrt global eavesdropper r No attempt to pad to avoid flow analysis, no attempt to prevent sender-receiver unlinkability r Used for web transactions: browser uses local johndo as proxy for itself, blender sends data of remote johndo’s to this johndo r Paths are selected randomly and hop-by-hop (not a priori circuit selection as in tor) 36

37 Hordes r Take advantage of multicast communication m Destination address is a multicast group address, which provides receiver anonymity. m It is difficult to determine the membership of a multicast group. m Even if some group memberships are discovered, anonymity can still be provided.

38 Hordes (contd...) r Simple protocol m Join a multicast group. m Initiator sends request using group address. can use either crowds or onion routing for forward path m Server sends reply to the group address. m Initiator receives the reply. m Non-initiators just ignore the reply.

39 Incomparable Public Keys r Take advantage of a novel public key scheme m Traditional scheme: one private key, one public key m The new scheme: one private key, but multiple public keys m Feature: one cannot tell whether two public keys map to the same or different private keys

40 Incomparable Public Keys (contd…) r Plus multicast to provide encryption and anonymity m Join a multicast group. m Initiator sends request using group address with a public key. m Server sends reply, encrypted with the public key, to the group address. m Initiator receives the reply and decrypt it. m Non-initiators just ignore the reply. m Initiator sends request to the same/another server using another public key

41 Conclusion r What are anonymous communications? Why? r Four representative schemes m Onion Routing m Crowd m Hordes m Incomparable Public Keys

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.