Forensic Dead-Ends: Tracing Anonymous R er Abusers Len Sassaman The Shmoo Group

Slides:

Advertisements

Similar presentations

Basic Communication on the Internet:

Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing Privacy II.

Anonymity Services and the Law: How to Safely Provide Anonymity Technology on the Internet Len Sassaman The Shmoo Group

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Chapter 10 Privacy and Security McGraw-Hill

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

Behind the Machine “The Good, The Bad, and the Ugly” Copyright © 2008 by Helene G. Kershner.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

APA of Isfahan University of Technology In the name of God.

Forensic and Investigative Accounting

Reducing Crime in Cyberspace: A Privacy Industry View Stephanie Perrin Adam Shostack Zero-Knowledge Systems, Inc.

Privacy Protecting Technologies. Technology: Value Neutral? Does technology, on average, help or hinder personal privacy?

Anonymity and the Internet Nathan Owens. Overview Regular Internet anonymity Non-standard implementations Benefits Negatives Legal changes Future Ideas.

Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.

Anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1.

Chapter 11 Computers and Society, Security, Privacy, and Ethics.

CS 4001Mary Jean Harrold1 Class 24 Freedom of speech in cyberspace Assign Assignment 8—due today Term paper—due 11/20.

UDMIS.info Ethics and IS. UDMIS.info The Ethics of IS Ethics and Privacy Ethical Issues Law & Order.

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

The Internet 8th Edition Tutorial 2 Basic Communication on the Internet: .

Anonymity on the Internet Presented by Randy Unger.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Acceptable Use Policy.  The District system includes:  A network of computers that serves all the schools  Saved files on a server for student work.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.

Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.

Chapter 4 Communicating on the Internet. How Works? Most used Feature TCP breaks & reassembles messages into packets IP delivers packets to the.

Reinventing Digital Identity Design Goals Product Overview Technology & Cryptography Overview Question & Answer.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

Mixminion: Design of a Type III Anonymous R er Protocol George Danezis Roger Dingledine Nick Mathewson Presented By Michael LeMay.

Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.

Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 3: Freedom of Speech.

Nathaniel Ley CIS235 Dec. 09, Why do we need Tor?  Encryption is not enough to ensure complete anonymity, since packet headers can still reveal.

Role Of Network IDS in Network Perimeter Defense.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

P2P Networking: Freenet Adriane Lau November 9, 2004 MIE456F.

ANONYMIZING / WEB PRIVACY. TOOLS: STAYING ANONYMOUS ON THE INTERNET Proxy Server Tor.

Electronic mail News File transfer protocol Chat Instant messaging Online services Online shopping.

Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

A Gift of Fire, 2edChapter 5: Freedom of Speech in Cyberspace1 Anonymity Common Sense and the Internet Early publications by some of our Founding Fathers.

Network System Security - Task 2. Russell Johnston.

SmallMail, protect your from nosey Big Brothers Peter Roozemaal

Anonymous Communication

Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017

Topic 5: Communication and the Internet

Privacy Through Anonymous Connection and Browsing

Privacy Protecting Technologies

0x1A Great Papers in Computer Security

Anonymous Communication

A Gift of Fire Third edition Sara Baase

Behind the Machine “The Good, The Bad, and the Ugly”

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

A Gift of Fire Third edition Sara Baase

Anonymous Communication

Presentation transcript:

Forensic Dead-Ends: Tracing Anonymous R er Abusers Len Sassaman The Shmoo Group

What is Anonymity?

Network anonymity services Shield the identity of the user Conceal other identifying factors Dissociate users’ actions with identity Do not conceal that those actions occur! Anonymity != privacy

Why Anonymity on the Internet is Necessary

Why people use r ers Whistle blowing Discussion of personal or taboo issues Journalistic correspondence Spam protection Future anonymity Political speech Censorship avoidance

Why people operate r ers Belief in the right to anonymity Necessity of r er network Certainty of uncompromised r er Exercise applied Cypherpunk technology

Corporate uses Research of competitors Avoidance of information leakage Thwarting industrial espionage Employee feedback

Commercial anonymity Reasons why selling anonymity is difficult –Payment collection (no anonymous cash!) –Cost of operating service –Need for a large anonymity set –Uncertain demand –Legal restrictions –Abuse complications

Commercial anonymity Reasons why buying anonymity is difficult –Payment rendering (no anonymous cash!) –Uncertainty of anonymity strength –Availability of service –Local network restrictions –Ease of use

Types of Anonymity on the Internet

Weak anonymity Protection from the casual attacker Spam avoidance Anonymous online forums

Strong anonymity Protection from ISP snooping Protection from government monitoring Protection in the case of server compromise (hacker-proofing)

Examples Free web mail accounts SSL anonymous proxies Anonymous ISPs Anonymous mail relays Mix-net r er systems

History of strong r ers anon.penet.fi Cypherpunk r ers (Type 1) Mixmaster r ers (Type II) Zero Knowledge Freedom mail Mixminion (Type III -- forthcoming)

The Mechanics of Strong Anonymity

David Chaum’s mix-nets Multi-layered encyption chains indistinguishable message packets Random reordering at each hops Return address reply blocks

Mixmaster A mix-net implimentation Clients available for Windows, Macintosh, Unix Servers available for Unix and Windows Low hardware resource requirements Reliable network connection Mail server capabilities

A Mixmaster Packet

Journey of a mixed message Chain selection Encryption Padding/splitting Transmission What an all-seeing observer would know Importance of a large anonymity set Cover traffic

Flaws in Mixmaster Tagging attacks Flooding attacks Key compromise Need for forward secrecy Reliability failings Ease of use Lack of return address capability

Inside a Mixmaster R er

Walk-through of a live system R er program location Mail handling R er packet handling Logging Abuse processing

Types of Abuse

Spam R ers are ill-suited for spam High latency, easy detection Open-relays are much better Usenet spam is still a problem

Piracy Most r ers block binary transfers Anonymity is decreased by sending large, multi-packet messages is a poor medium for file transfer Throw-away shell/ftp accounts, irc, and p2p systems are more popular for warez

Targeted harassment Directed abusive messages at individuals Floods from one or more r ers Usenet flames

R ers and terrorism Media hype Immediate increase in # of r ers Political opinion of anonymity R ers: Tools against terror What about public libraries?

Getting around the R er Dead-End

Means of tracking abusers Seizing r er servers won’t work Snooping traffic will reveal little Carnivore not very useful Flooding/tagging won’t work after the fact (if at all) Honeypot r ers and chain manipulation Literary forenics Side-channel leakage

Stopping abuse Individual r er block-lists The R er Abuse Blacklist – Local filtering Do not need to know the ID of abuser Ways to avoid being a target of abuse Spam and flood detection tools for remops

Information an Anonymity Service Provider is Able to Reveal

The downfall of anon.penet.fi What Penet couldn’t provide Scientology vs. The Internet Why Julf Helsingius closed anon.penet.fi

Why remops don’t keep logs Disk space / resource drain Local user privacy concerns Not useful for abuse investigations

“Black-bagging a r er” Only the last hop is usually known No logs No chain information Keys aren’t useful in last hop All chained hops are needed START-TLS forward secrecy Future message compromise potential

Asking for help What to ask a remop when investigating abuse What will encourage a remop to be helpful What will discourage a remop Personal experiences

Comments Len Sassaman