CS 4700 / CS 5700 Network Fundamentals Lecture 22: Anonymous Communications (Wave Hi to the NSA)

Slides:



Advertisements
Similar presentations
Tor: The Second-Generation Onion Router
Advertisements

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Information Hiding: Anonymous Communication
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Computer Networks IGCSE ICT Section 4.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update
Virtual Private Network
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Sofya Rozenblat 11/26/2012 CS 105 TOR ANONYMITY NETWORK.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
Intranet, Extranet, Firewall. Intranet and Extranet.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.
Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.
Anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.
CS 3700 Networks and Distributed Systems Anonymous Communications (Wave Hi to the NSA) Revised 8/21/15.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Privacy in Content Oriented Networking: Threats and countermeasures Abdelberi Chaabane, Emiliano De Cristofaro, Mohamed Ali Kaafar, and Ersin Uzun.
R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.
TCP/IP (Transmission Control Protocol / Internet Protocol)
TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 20 PHILLIPA GILL - STONY BROOK U.
Chapter 14 Network Encryption
The Silk Road: An Online Marketplace
Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
science/internet-intro
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
K. Salah1 Security Protocols in the Internet IPSec.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.
Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.
CS590B/690B Detecting Network Interference (FALL 2016)
Tor Internals and Hidden Services
Anonymous Communication
Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017
Introduction to Networking
Christo Wilson Revised 8/21/15
Anonymous Communication and Internet Freedom
0x1A Great Papers in Computer Security
Anonymous Communication
Anonymity (Privacy) Suppose you are surfing the Web.
Lecture 10: Network Security.
Public-Key, Digital Signatures, Management, Security
Anonymous Communication
Presentation transcript:

CS 4700 / CS 5700 Network Fundamentals Lecture 22: Anonymous Communications (Wave Hi to the NSA)

2

You Are Not Anonymous 3  Your IP address can be linked directly to you  ISPs store communications records  Usually for several years (Data Retention Laws)  Law enforcement can subpoena these records  Your browser is being tracked  Cookies, Flash cookies, E-Tags, HTML5 Storage  Browser fingerprinting  Your activities can be used to identify you  Unique websites and apps that you use  Types of links that you click

Wiretapping is Ubiquitous 4  Wireless traffic can be trivially intercepted  Airsnort, Firesheep, etc.  Wifi and Cellular traffic!  Encryption helps, if it’s strong WEP and WPA are both vulnerable!  Tier 1 ASs and IXPs are compromised  NSA, GCHQ, “5 Eyes”  ~1% of all Internet traffic  Focus on encrypted traffic

Who Uses Anonymity Systems? 5  “If you’re not doing anything wrong, you shouldn’t have anything to hide.”  Implies that anonymous communication is for criminals  The truth: who uses Tor?  Journalists  Law enforcement  Human rights activists  Normal people  Fact: Tor was/is developed by the Navy  Business executives  Military/intelligence personnel  Abuse victims

Why Do We Want Anonymity? 6  To protect privacy  Avoid tracking by advertising companies  Viewing sensitive content Information on medical conditions Advice on bankruptcy  Protection from prosecution  Not every country guarantees free speech  Downloading copyrighted material  To prevent chilling-effects  It’s easier to voice unpopular or controversial opinions if you are anonymous

Anonymity Layer 7  Function:  Hide the source, destination, and content of Internet flows from eavesdroppers  Key challenge:  Defining and quantifying anonymity  Building systems that are resilient to deanonymization  Maintaining performance Application Presentation Session Transport Network Data Link Physical Anonymity

 Definitions and Examples  Crowds  Chaum Mix / Mix Networks  Tor Outline 8

Quantifying Anonymity 9  How can we calculate how anonymous we are?  Anonymity Sets  Larger anonymity set = stronger anonymity Who sent this message? Suspects (Anonymity Set)

Other Definitions 11  Unlinkability  From the adversaries perspective, the inability the link two or more items of interest E.g. packets, events, people, actions, etc.  Three parts: Sender anonymity (who sent this?) Receiver anonymity (who is the destination?) Relationship anonymity (are sender A and receiver B linked?)  Unobservability  From the adversaries perspective, items of interest are indistinguishable from all other items

Crypto (SSL) 12 Data Traffic  Content is unobservable  Due to encryption  Source and destination are trivially linkable  No anonymity!

Anonymizing Proxies 13  Source is known  Destination anonymity HTTPS Proxy  Destination is known  Source anonymity No anonymity!

Anonymizing VPNs 14  Source is known  Destination anonymity VPN Gateway  Destination is known  Source anonymity No anonymity!

Using Content to Deanonymize 15 HTTPS Proxy No anonymity! Reading Gmail Looking up directions to home Updating your G+ profile Etc…  Fact: the NSA leverages common cookies from ad networks, social networks, etc. to track users

Data To Protect 16  Personally Identifiable Information (PII)  Name, address, phone number, etc.  OS and browser information  Cookies, etc.  Language information  IP address  Amount of data sent and received  Traffic timing

 Definitions and Examples  Crowds  Chaum Mix / Mix Networks  Tor Outline 17

Crypto Algorithms 18  Symmetric algorithms  Conventional algorithms  Encryption and decryption keys are the same  Examples: DES, 3DES, AES, Blowfish  Asymmetric algorithms  Commonly known as Public Key algorithms  Encryption key and decryption key are different  Examples: Diffie-Hellman, RSA, Elliptic curve

Symmetric Key Crypto 19  Let’s say we have a plaintext message M  … a symmetric encryption algorithm E  … and a key K M  E(K, M) = C  E(K, C) = M  Advantages:  Fast and easy to use  Disadvantages  How to securely communicate the key? Cyphertext C Symmetric encryption is reversible

Public Key Crypto 20  Let’s say we have plaintext message M  … a public key algorithm F  … and two keys K P (public) and K S (private) M  F(K P, M) = C  F(K S, C) = M M  F(K S, M) = C  F(K P, C) = M Encrypt with the public key… Decrypt with the private key

Public Key Crypto in Action 21  Safe to distribute the public key K P  Can only decrypt with the private key K S  Computationally infeasible to derive K S from K P KPKP KPKP

Crowds 22

Crowds Example 23  Links between users use public key crypto  Users may appear on the path multiple times Final Destination

Anonymity in Crowds 24  No source anonymity  Target receives m incoming messages (m may = 0)  Target sends m + 1 outgoing messages  Thus, the target is sending something  Destination anonymity is maintained  If the source isn’t sending directly to the receiver

Anonymity in Crowds 25  Source and destination are anonymous  Source and destination are jondo proxies  Destination is hidden by encryption

Anonymity in Crowds 26  Destination is known  Obviously  Source is anonymous  O(n) possible sources, where n is the number of jondos

Anonymity in Crowds 27  Destination is known  Evil jondo is able to decrypt the message  Source is somewhat anonymous  Suppose there are c evil jondos in the system  If p f > 0.5, and n > 3(c + 1), then the source cannot be inferred with probability > 0.5

Other Implementation Details 28  Crowds requires a central server called a Blender  Keep track of who is running jondos Kind of like a BitTorrent tracker  Broadcasts new jondos to existing jondos  Facilitates exchanges of public keys

Summary of Crowds 29  The good:  Crowds has excellent scalability Each user helps forward messages and handle load More users = better anonymity for everyone  Strong source anonymity guarantees  The bad:  Very weak destination anonymity Evil jondos can always see the destination  Weak unlinkability guarantees

 Definitions and Examples  Crowds  Chaum Mix / Mix Networks  Tor Outline 30

Mix Networks 31  A different approach to anonymity than Crowds  Originally designed for anonymous  David Chaum, 1981  Concept has since been generalized for TCP traffic  Hugely influential ideas  Onion routing  Traffic mixing  Dummy traffic (a.k.a. cover traffic)

Mix Proxies and Onion Routing 32  Mixes form a cascade of anonymous proxies  All traffic is protected with layers of encryption Mix [K P, K P, K P ] Encrypted Tunnels Non-encrypted data E(K P, E(K P, E(K P, M))) = C

Another View of Encrypted Paths 33

Return Traffic 34  In a mix network, how can the destination respond to the sender?  During path establishment, the sender places keys at each mix along the path  Data is re-encrypted as it travels the reverse path K P1 K P2 K P3

Traffic Mixing 35  Hinders timing attacks  Messages may be artificially delayed  Temporal correlation is warped  Problems:  Requires lots of traffic  Adds latency to network flows Arrival Order Send Order Mix collects messages for t seconds Messages are randomly shuffled and sent in a different order

Dummy / Cover Traffic 36  Simple idea:  Send useless traffic to help obfuscate real traffic

 Definitions and Examples  Crowds  Chaum Mix / Mix Networks  Tor Outline 37

Tor: The 2 nd Generation Onion Router 38  Basic design: a mix network with improvements  Perfect forward secrecy  Introduces guards to improve source anonymity  Takes bandwidth into account when selecting relays Mixes in Tor are called relays  Introduces hidden services Servers that are only accessible via the Tor overlay

Deployment and Statistics 39  Largest, most well deployed anonymity preserving service on the Internet  Publicly available since 2002  Continues to be developed and improved  Currently, ~5000 Tor relays around the world  All relays are run by volunteers  It is suspected that some are controlled by intelligence agencies  500K – 900K daily users  Numbers are likely larger now, thanks to Snowden

Celebrities Use Tor 40

How Do You Use Tor? Download, install, and execute the Tor client  The client acts as a SOCKS proxy  The client builds and maintains circuits of relays 2. Configure your browser to use the Tor client as a proxy  Any app that supports SOCKS proxies will work with Tor 3. All traffic from the browser will now be routed through the Tor overlay

Selecting Relays 42  How do clients locate the Tor relays?  Tor Consensus File  Hosted by trusted directory servers  Lists all known relays IP address, uptime, measured bandwidth, etc.  Not all relays are created equal  Entry/guard and exit relays are specially labelled  Why?  Tor does not select relays randomly  Chance of selection is proportional to bandwidth  Why? Is this a good idea?

Attacks Against Tor Circuits 43  Tor users can choose any number of relays  Default configuration is 3  Why would higher or lower number be better or worse? Entry/ Guard Middle Exit Source: known Dest: unknown Source: unknown Dest: unknown Source: unknown Dest: known Source: known Dest: known

Predecessor Attack 44  Assumptions:  N total relays  M of which are controlled by an attacker  Attacker goal: control the first and last relay  M/N chance for first relay  (M-1)/(N-1) chance for the last relay  Roughly (M/N) 2 chance overall, for a single circuit  However, client periodically builds new circuits  Over time, the chances for the attacker to be in the correct positions improves! This is the predecessor attack Attacker controls the first and last relay Probability of being in the right positions increases over time

Guard Relays 45  Guard relays help prevent attackers from becoming the first relay  Tor selects 3 guard relays and uses them for 3 months  After 3 months, 3 new guards are selected  Only relays that:  Have long and consistent uptimes…  Have high bandwidth…  And are manually vetted may become guards  Problem: what happens if you choose an evil guard?  M/N chance of full compromise

Hidden Services 46  Tor is very good at hiding the source of traffic  But the destination is often an exposed website  What if we want to run an anonymous service?  i.e. a website, where nobody knows the IP address?  Tor supports Hidden Services  Allows you to run a server and have people connect  … without disclosing the IP or DNS name  Many hidden services  Tor Mail, Tor Char  DuckDuckGo  Wikileaks  The Pirate Bay  Silk Road (2.0)

Hidden Service Example 47  Onion URL is a hash, allows any Tor user to find the introduction points Hidden Service Introduction Points Rendezvous Point

Perfect Forward Secrecy 48  In traditional mix networks, all traffic is encrypted using public/private keypairs  Problem: what happens if a private key is stolen?  All future traffic can be observed and decrypted  If past traffic has been logged, it can also be decrypted  Tor implements Perfect Forward Secrecy (PFC)  The client negotiates a new public key pair with each relay  Original keypairs are only used for signatures i.e. to verify the authenticity of messages An attacker who compromises a private key can still eavesdrop on future traffic … but past traffic is encrypted with ephemeral keypairs that are not stored

Tor Bridges 49  Anyone can look up the IP addresses of Tor relays  Public information in the consensus file  Many countries block traffic to these IPs  Essentially a denial-of-service against Tor  Solution: Tor Bridges  Essentially, Tor proxies that are not publicly known  Used to connect clients in censored areas to the rest of the Tor network  Tor maintains bridges in many countries

Obfuscating Tor Traffic 50  Bridges alone may be insufficient to get around all types of censorship  DPI can be used to locate and drop Tor frames  Iran blocked all encrypted packets for some time  Tor adopts a pluggable transport design  Tor traffic is forwarded to an obfuscation program  Obfuscator transforms the Tor traffic to look like some other protocol BitTorrent, HTTP, streaming audio, etc.  Deobfuscator on the receiver side extracts the Tor data from the encoding

Conclusions 51  Presented a brief overview of popular anonymity systems  How do they work?  What are the anonymity guarantees?  Introduced Tor  Lots more work in anonymous communications  Dozens of other proposed systems Tarzan, Bluemoon, etc.  Many offer much stronger anonymity than Tor  … however, performance is often a problem

Anonymous P2P Networks 52  Goal: enable censorship resistant, anonymous communication and file storage  Content is generated anonymously  Content is stored anonymously  Content is highly distributed and replicated, making it difficult to destroy  Examples  FreeNet  GNUnet