Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Slides:



Advertisements
Similar presentations
A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
Advertisements

we present SLIDEPLAYER.US
we present SLIDEPLAYER.US
Ulams Game and Universal Communications Using Feedback Ofer Shayevitz June 2006.
Tor: The Second-Generation Onion Router
Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Distributed Detection Of Node Replication Attacks In Sensor Networks Presenter: Kirtesh Patil Acknowledgement: Slides on Paper originally provided by Bryan.
Reusable Anonymous Return Channels
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Parallel Mixing Philippe Golle, PARC Ari Juels, RSA Labs.
Introduction. Overview of Pushback. Architecture of router. Pushback mechanism. Conclusion. Pushback: Remedy for DDoS attack.
Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
K-Anonymous Message Transmission Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Network Measurement Bandwidth Analysis. Why measure bandwidth? Network congestion has increased tremendously. Network congestion has increased tremendously.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
Toward Understanding Congestion in Tor DC-area Anonymity, Privacy, and Security Seminar January 24 th, 2014 Rob Jansen U.S. Naval Research Laboratory *Joint.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
Data Communications and Networking
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Distributed Quality-of-Service Routing of Best Constrained Shortest Paths. Abdelhamid MELLOUK, Said HOCEINI, Farid BAGUENINE, Mustapha CHEURFA Computers.
Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.
Provable Unlinkability Against Traffic Analysis Amnon Ta-Shma Joint work with Ron Berman and Amos Fiat School of Computer Science, Tel-Aviv University.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,
Anonymity on the Internet Presented by Randy Unger.
Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Chapter 5 Network Layer.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.
Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Traffic Analysis: Network Flow Watermarking Amir Houmansadr CS660: Advanced Information Assurance Spring CS660 - Advanced Information Assurance.
ACM SIGACT News Distributed Computing Column 9 Abstract This paper covers the distributed systems issues, concentrating on some problems related to distributed.
SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.
Mixminion: Design of a Type III Anonymous R er Protocol George Danezis Roger Dingledine Nick Mathewson Presented By Michael LeMay.
Guard Sets for Onion Routing JOSHUA FREE. Tor Most popular low-latency distributed anonymity network Controversial decisions of guard selection strategies.
Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.
CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink1 Dining Cryptographers Paper by David Chaum (1988) Presentation by Glenn Fink.
Network RS Codes for Efficient Network Adversary Localization Sidharth Jaggi Minghua Chen Hongyi Yao.
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
TCP continued. Discussion – TCP Throughput TCP will most likely generate the saw tooth type of traffic. – A rough estimate is that the congestion window.
Network Coding Tomography for Network Failures
Making the Neutral Traffic Matrix More Meaningful Joseph Choi.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
Network Security: Anonymity
PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.
Modified Onion Routing and its Proof of Concept By: Gyanranjan Hazarika.
Systems Architecture Receiver Anonymity Matthias Füssel, Dennis Schneider June 5, 2007.
Anonymous Communication
Some slides borrowed from Philippe Golle, Markus Jacobson
Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017
Towards Measuring Anonymity
0x1A Great Papers in Computer Security
Network Security: Anonymity
Free-route Mixes vs. Cascades
Anonymous Communication
Modeling Entropy in Onion Routing Networks
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Anonymous Communication
Anonymity – Generalizing Mixes
Contributors: Connor McCoy
Presentation transcript:

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory

Outline Mix Systems. Criticisms. –too strong threat model(!) –intersection attack when >1 msg (too much data) sent Weaker threat model Sending each message via random route – “non connection-based system” Empirical observations about Mixmaster Mixminion Characteristic delay function [Dan04] is difficult to esitmate

Mix Systems Well known to this audience Implemented –Mixmaster –Mixminion Threat Model –Global Passive Adversary (GPA) –GPA with some (all but one?) compromised mixes

Criticisms GPA does not exist –(a matter of some debate) The mix system (Chaum 81) allows one fixed- sized message to be sent anonymously –Great for votes –Ok for –Bad for Web Browsing –Awful for Bit Torrent If >1 message (more than 32K data), anonymity is degraded

Intersection Attack A B C D E F Mix 1 Mix 4 Mix 3 Mix 2 Senders Receivers Attacker

Traffic

Intersection Attack [BPS00] On the Disadvantages of Free Mix Routes (PET2001) [WALS02] An Analysis of the Degradation of Anonymous Protocols (NDSS’02) [KAP02] Limits of Anonymity in Open Environments (IH2002) [Dan03] Statistical Disclosure (I-NetSec03) [DS04] (IH2004) [Dan04] The traffic analysis of continuous- time mixes (PET2004) etc

The Common Wisdom Intersection attacks are: –Realistic –Powerful (reduce anonymity quickly) –Hard to protect against Require lots of dummy traffic

A Weaker Model A B C 1 2 Mix 3 Mix 4 Mix 1 Mix 2 D E F Attacker observes: not all inputs not all outputs Not interesting

A Better Threat Model A Partial Adversary –Does not observe all Sender to Mix links –(alternatively not all mixes which senders can send to) –Ignore compromised mixes

Observed Mix A B D E Mix 1 Mix 2 Mix 3 Mix Attacker sends all his messages via one single route theough the mix system

Splitting Data A B C Mix 3 Mix 1 Mix 4 Mix 2 E F Sender B splits his stream of data and sends each message via a randomly chosen route The problem: how do you choose the first mix?

The Details Problem: – mixes to send to compromised, the rest not (but no idea which ones) –P packets –What are the s.t. a random subset (attacker) of size gives least information about –Note that (dummy traffic) –No proof or optimal solution in this paper! See one possible solution next

One possible scheme Pick (uniformly) at random a sequence of mixes Pick from a geometric distribution with mean. Set etc Another in the paper (with some analysis)

Part II (Looking at a particular intersection attack and finding it not as easy as it looks at first glance)

Another Intersection Attack Danezis 2004 (thanks for the diagrams) The Idea:

The Details

The Characteristic Delay Function What is this for –Mixes –Mixmaster –Mixminion –Tor This maybe unfair – Danezis intended his attack for lwo latency systems (Tor) Nevertheless interesting

The Characteristic Delay Function Theory: –What is the delay of a mix (cascade/network) –Can say not very much about it (as usual) Details in the paper Practice: –Steven wrote a disciplined pinger Does not ping too often, hope not to affect the results by sampling

Results

Comparing Nothing surprising –Mixmaster has longer delay –Heavy tails

Conclusions I It is well known that the intersection attack is powerful –No reason to abandon investigation! New interesting, mathematically well defined threat model Splitting traffic amongst first nodes –Does not have the efficiency of Tor or other connection-based systems –Does gain anonymity advantage (but only by means of a weaker threat model)

Conclusions II Characteristic function of Mixmaster, Mixminion difficult to work out in theory or estimate empirically Data at: All references at “Anonymity Bibliography” Thank you

The Anonymity Advantage The Network (Mixmaster) The Network (Mixmaster) Total observed packets Alice

Intersection Attack Senders Receivers Attacker Mixes

A Weaker Model Attacker observes: not all inputs not all outputs Not interesting

Observed Mix Attacker sends all his messages via one single route theough the mix system

Splitting Data Attacker splits his stream of data and sends each message via a randomly chosen route The problem: how do you choose The first mix?

Results

Comparing Nothing surprising –Mixmaster has longer delay –Heavy tails

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.