Nym: An anonymous, secure, peer-to-peer instant messenger By Seth Cooper, Adam Hoel, Elliott Hoel, Jeff Holschuh, and Hilde Schmitt
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Server Dan Rather: Bill O’Reilly: John Doe: IP Addresses
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Server Confidential Information Dan Rather: Bill O’Reilly: John Doe: IP Addresses
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Server Confidential Information Dan Rather: Bill O’Reilly: John Doe: IP Addresses
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Big Tobacco Lawsuit Server Dan Rather: Bill O’Reilly: John Doe: IP Addresses
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Big Tobacco John Doe: Server Dan Rather: Bill O’Reilly: John Doe: IP Addresses
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Big Tobacco Lawsuit and job loss Server Dan Rather: Bill O’Reilly: John Doe: IP Addresses
Nym: Not just another AIM John Doe Dan Rather Amy Csizmar Dalal Bill O’Reilly Jeff Ondich
Nym: Not just another AIM John Doe Dan Rather Amy Csizmar Dalal Bill O’Reilly Jeff Ondich
Nym: Not just another AIM John Doe john_doe Dan Rather dan_rather Amy Csizmar Dalal amy_csizmar_dalal Bill O’Reilly bill_oreilly Jeff Ondich jeff_ondich
Nym: Not just another AIM John Doe john_doe Dan Rather dan_rather Bill O’Reilly bill_oreilly Confidential Information To bill_oreilly To dan_rather
Nym: Not just another AIM John Doe john_doe Dan Rather dan_rather Bill O’Reilly bill_oreilly Confidential Information To bill_oreilly
Nym: Not just another AIM John Doe john_doe Dan Rather dan_rather Bill O’Reilly bill_oreilly Big Tobacco ? Lawsuit Job = Safe
Goals Implement a peer-to-peer network that provides: Implement a peer-to-peer network that provides: Decentralization Decentralization Anonymity Anonymity Security Security Reliability Reliability Scalability Scalability
Decentralization Significantly minimize the application’s reliance on a central server Significantly minimize the application’s reliance on a central server Peer-to-peer communication Peer-to-peer communication Normally centralized tasks are distributed among nodes Normally centralized tasks are distributed among nodes
Decentralization in Nym Message routing, searching, presence updates and text messaging functionality occurs between peers without the help of any central servers. Message routing, searching, presence updates and text messaging functionality occurs between peers without the help of any central servers. However, on first launch a client connects to a node that caches the IP addresses of other Nym clients. However, on first launch a client connects to a node that caches the IP addresses of other Nym clients.
Anonymity Anonymity is the state of having an undisclosed identity. Anonymity is the state of having an undisclosed identity. On a network, anonymous communication must ensure that information related to the source of a message (e.g. the originating machine’s IP address) cannot be determined. On a network, anonymous communication must ensure that information related to the source of a message (e.g. the originating machine’s IP address) cannot be determined.
Why is anonymity important? According to the Electronic Frontier Foundation: According to the Electronic Frontier Foundation: “Anonymity is a shield from the tyranny of the majority...It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation…at the hand of an intolerant society.”
Anonymity in Nym Pseudonyms Pseudonyms Virtual addressing Virtual addressing Decentralization Decentralization Security Security Nondeterministic/probabilistic routing Nondeterministic/probabilistic routing
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Packet sent Broadcast Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Packet sent Broadcast Packet sent Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Packet sent Broadcast Packet sent Packet received Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Response packet sent Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Response packet sent Packet sent Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Response packet sent Packet sent Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Response packet sent Packet sent Packet received Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Node E Bill O'Reilly Packet sent Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Node E Bill O'Reilly Packet sent Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Node E Bill O'Reilly Packet sent Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B C Node E Bill O'Reilly Packet sent Packet received Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Packet sent Broadcast Node A’s Channel List Bill Dan B C Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Packet sent Broadcast Packet sent Node A’s Channel List Bill Dan B C Packet received Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Response packet sent Node A’s Channel List Bill Dan B C Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Response packet sent Node A’s Channel List Bill Dan B C Packet sent Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Response packet sent Node A’s Channel List Bill Dan B C Packet sent Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Response packet sent Node A’s Channel List Bill Dan C B C Packet sent Packet received Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan C B C Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C The channel list builds up… Node D Dan Rather Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Now, we can route! Node D Dan Rather Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly Nym Network
Node A John Doe Node B Node C Now, we can route! Node D Dan Rather Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly Select a node at random from the Dan column: Nym Network
Node A John Doe Node B Node C Now, we can route! Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly So send to node C: Node D Dan Rather Nym Network
Node A John Doe Node B Node C Note that there is a natural weighting of nodes in the list Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly This means that there are preferred routes. Node D Dan Rather Nym Network
Node A John Doe Node B Node C Sometimes, we pick at random from an unweighted channel list Node D Dan Rather Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly This prevents any routing patterns that may occur. Nym Network
Security Confidentiality Confidentiality Information should be kept secret from unauthorized parties. Information should be kept secret from unauthorized parties. Integrity Integrity Information should be tamper evident. Information should be tamper evident. The authenticity of the source of information should be verifiable. The authenticity of the source of information should be verifiable. Availability Availability Services should be resilient to malicious attacks Services should be resilient to malicious attacks
Security in Nym Link-to-link encryption Link-to-link encryption Digital signing and verifying of text messages Digital signing and verifying of text messages
Link-to-link versus end-to-end Link-to-link encryption Link-to-link encryption Messages are encrypted and decrypted at each node in the network Messages are encrypted and decrypted at each node in the network Messages intercepted by parties outside the network will be unable to read the encrypted text Messages intercepted by parties outside the network will be unable to read the encrypted text End-to-end encryption End-to-end encryption Messages are encrypted with a secret key by the sender and are not decrypted until they reach the recipient Messages are encrypted with a secret key by the sender and are not decrypted until they reach the recipient
The Man-in-the-Middle Secure end-to-end encryption is impossible in an anonymous network Secure end-to-end encryption is impossible in an anonymous network An intermediary node between the sender and recipient can easily intercept a key exchange. An intermediary node between the sender and recipient can easily intercept a key exchange. Link-to-link encryption Link-to-link encryption More robust against man in the middle attacks More robust against man in the middle attacks
Link to link (Symmetric key) A 56-bit DES key is generated and exchanged when a connection is made with a neighbor A 56-bit DES key is generated and exchanged when a connection is made with a neighbor Both parties share this key, but no one else knows it Both parties share this key, but no one else knows it Much quicker than asymmetric encryption Much quicker than asymmetric encryption
RSA public/private key pair RSA key pair is generated from username and password RSA key pair is generated from username and password Public key is essentially the virtual address Public key is essentially the virtual address Asymmetric key pair is only used for digital signatures Asymmetric key pair is only used for digital signatures To send a message to someone, sign it with your private key To send a message to someone, sign it with your private key The recipient uses your public key to validate it The recipient uses your public key to validate it
Digital Signatures Allow us to verify Allow us to verify who a message is from who a message is from that the message has not been changed since it was sent that the message has not been changed since it was sent Use the SHA-1 hash algorithm Use the SHA-1 hash algorithm Takes the message (under 2^64 bits) Takes the message (under 2^64 bits) Returns 160 bit “message digest” Returns 160 bit “message digest” Use RSA key pair Use RSA key pair
How digital signatures work User AUser B At Login Username A Password A Public Key A Private Key A Username B Password B Public Key B Private Key B Virtual Address B Virtual Address A
How digital signatures work User AUser B Public Key A Private Key A Public Key B Private Key B
How digital signatures work User A Message text User B
How digital signatures work User A Message text Message digest SHA-1 User B
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message text Digital signature Message
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message text Message digest SHA-1 Digital signature Message
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message text Message digest SHA-1 Digital signature Decrypt with Public key A Message digest Message
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message text Message digest SHA-1 Digital signature Decrypt with Public key A Message digest Compare Message
Instant Messaging Text communication Text communication Presence notification Presence notification Contact list maintenance Contact list maintenance Distributed search Distributed search User friendly interface User friendly interface
DEMO
Tradeoffs and Limitations Anonymity Anonymity Statistical analysis Statistical analysis Textual analysis Textual analysis Accidental disclosure Accidental disclosure Scalability Scalability Test results and predictions Test results and predictions Reliability Reliability Routing loop avoidance Routing loop avoidance
Extensions Increased fault tolerance for dropped packets and routing loops Increased fault tolerance for dropped packets and routing loops Group chat Group chat Testing and research on anonymity scheme Testing and research on anonymity scheme
Acknowledgements Amy Csizmar Dalal and the CS department for guidance and support Amy Csizmar Dalal and the CS department for guidance and support Michael N. Tie and ITS for helping make our equipment work Michael N. Tie and ITS for helping make our equipment work MUTE and Jason Rohrer MUTE and Jason Rohrer Our friends and family for putting up with us Our friends and family for putting up with us You all for being here today You all for being here today
References Rohrer, Jason. “MUTE Technical Details” Rohrer, Jason. “MUTE Technical Details” Sun Microsystems Sun Microsystems Freenet Freenet RFC 3921: XMPP RFC 3921: XMPP “The Gnutella Protocol Specification v0.4” ol_0.4.pdf “The Gnutella Protocol Specification v0.4” ol_0.4.pdf ol_0.4.pdf ol_0.4.pdf