Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics

2 Outline  Background  Onion routing  Attacks against anonymity  Tor

3 Motivation I know what’s going on!!! Protect the identity of participants in a distributed application, such as E-voting, E-shopping, E-cash, and military applications Eavesdropping

4  Commercial routers not under government control  Unencrypted data is completely open  Encrypted data still exposes communicating parties Current Network Status Sender Address Receiver Address IP Packet Header Structure

5 Public networks are vulnerable to traffic analysis attack. In a public network:  Packet headers identify recipients  Packet routes can be tracked  Volume and timing signatures are exposed Encryption does not hide identity information of a sender and receiver. Sender Public Network Receiver Traffic Analysis Attack

6 Traffic Analysis reveals identities. Who is talking to whom may be confidential or private:  Who is searching a public database?  What web-sites are you surfing?  Which agencies or companies are collaborating?  Where are your correspondents?  What supplies/quantities are you ordering from whom ? Knowing traffic properties can help an adversary decide where to spend resources for decryption, penetration,... Traffic Analysis Attack (cont.)

7 Goals of Anonymity: Receiver Untraceability Senders are observable – i.e. the attacker knows that A sent a message to someone Receivers are not observable – i.e. the attacker does not know if B received a message Alice Bob Example: radio Evil

8 Goals of Anonymity: Sender Untraceability Senders unobservable…. Example: Wireless routers using NAT Alice Bob Evil

9 Goals of Anonymity: Sender/Receiver Unlinkability Senders and Receivers are observable, but not clear who is talking to whom Alice Bob Evil

10 Outline  Background  Onion routing  Attacks against anonymity  Tor

11 Anonymous Communication Systems  A number of Anonymous Communication Systems have been realized. Several well-known systems are: Anonymizer (anonymizer.com) Onion-Routing (NRL) Crowds (Reiter and Rubin) Anonymous R er (MIT LCS) Tor (MIT and EFF) Freedom (Zero-Knowledge Systems) Hordes (Shields and Levine) PipeNet (Dai) SafeWeb (Symantec)

12  Channels appear to come from proxy, not true originator  May also filter traffic for identifying information  Examples: Penet R er (shut down), The Anonymizer, SafeWeb (Symantec) anonymizing proxy Basic Approach: Anonymizing Proxy

13  User connects to the proxy first and types the URL in a web form  Channels appear to come from proxy, not true originator  The proxy may also filter traffic to remove identifying information  It offers encrypted link to the proxy (SSL or SSH) anonymizing proxy: anonymizer.com Anonymizer for Web Browsing

14  ISP knows user connection times/volumes: Can easily eavesdrop on outgoing proxy connections and learn all  Proxy knows everything about connections  So, both are fully trusted (single points of failure) Internet Phone System Responders ISP Encrypted link: user to proxy Proxy Problems of Anonymizer

15  Underlying Idea for Mixmaster r er, Onion Routing, ZKS Freedom, Web Mixes  Basic description: A network of mix nodes Special Onion-like encryption: Cell (message/packet) wrapped in multiple layers of public-key encryption by sender, one for each node in a route Decrypted layer tells mix next node in route Reordering: Mixes hold different cells for a time and reorder before forwarding to respective destinations Rerouting: use a few proxies Chaum Mixes (David Chaum)

16 Anonymity Network Sender Receiver A B Onion Routing Based on Mix Networks  Sender selects a route through the mix network  An intermediate mix only knows where the packet comes from, and what is the next stop of the packet Traditional Spy Network S to A B to R A to B

17 Review of Public Key Cryptography  PrivateKey Bob (PublicKey Bob (Message))=Message  PublicKey Bob (PrivateKey Bob (Message))=Message e B (message) d B (e B (message))=message (e B, d B ) (e A, d A ) Bob Alice

18 Onion-Like Encryption Sender S to R Receiver B A √ M B R S to A A to B M R M B to R

19 Why Buffering and Reordering Packets?  Disrupt the timing correlation between packets into and out of a mix mix

20 Crowds  User machines are the network  "Blender" announces crowd members to all members  “Jondo" at machine flips weighted coin If Heads forwards to random crowd member If Tails connects to end Web address  All Jondos on path know path key  All connections from a source use same path for lifetime of that crowd Sender Web server Blender

21 Crowds Virtues  Good on sender protections  No single point of failure  Peer-to-peer design means minimal long-term network services  More lightweight crypto than mix-based systems

22 Crowds Limitations  All users must run Perl code  Requires users to have longrunning high-speed Internet connections  Entirely new network graph needed for new or reconnecting Crowd member  Connection anonymity dependent on data anonymity  Anonymity protection limited to Crowd size  Rather weak on responder protections  Lacks perfect forward anonymity The intermediate nodes knows the receiver

23 Outline  Background  Onion routing  Attacks against anonymity  Tor

24 Sender B S to A A to B Receiver B to C C to R C A Adversary HQ S to A & A to B B to C & C to R The adversary knows that Sender communicates with Receiver Attacks against Mix Networks x x Connectivity Analysis Attacks

25 Outline  Background  Onion routing  Attacks against anonymity  Tor

26 Tor: A Practical Anonymous Protocol  Some combination of Chaum’s Mix and Crowds Encrypt data packets by symmetric keys Implement forward and backward anonymity Has P2P functions Easy to use  Open source

27 First Sight  A web server knows your ip: address/whatis-my-ip-address.html address/whatis-my-ip-address.html  Tor to hide your ip Tor downloading webpage  Manual for Windows setup 

28

29 IE

30 Tor Components Interne t WWWServer Vidalia Privoxy tor

31 Tor Network  Onion router list: C:\Documents and Settings\fu\Application Data\Tor\cached-status Client Application Server Tor Network Directory Server Legend: Client or Server or Onion Router Onion Router Directory Server

32 References  D. Chaum, (1981), Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, Vol. 24, No. 2, February, pp Untraceable electronic mail, return addresses, and digital pseudonyms  Andrei Serjantov, Roger Dingledine and Paul Syverson, From a Trickle to a Flood: Active Attacks on Several Mix Types, In Proceedings of the Information Hiding Workshop, 2002From a Trickle to a Flood: Active Attacks on Several Mix Types  Andreas Pfitzmann et al., Anonymity, Unobservability, and Pseudonymity – A Proposal for Terminology, 2000,Anonymity, Unobservability, and Pseudonymity – A Proposal for Terminology  Xinwen Fu, welcome to Xinwen Fu’s homepage,  Cisco Systems, Inc., Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide, 12.1(19)EA1, 2007Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide, 12.1(19)EA1  Cisco Systems, Inc., Catalyst 2900 Series Configuration Guide and Command Ref, 2007Catalyst 2900 Series Configuration Guide and Command Ref