0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

Slides:



Advertisements
Similar presentations
Tor: The Second-Generation Onion Router
Advertisements

Network Security: Anonymity Otto Huhta T Network security Aalto University, Nov-Dec 2014.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Protocols for Anonymity CS 395T. Overview uBasic concepts of anonymity Chaum’s MIX Dining cryptographers Knowledge-based definitions of anonymity uProbabilistic.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Reusable Anonymous Return Channels
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Network Layer and Transport Layer.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
8-1 Internet security threats Mapping: m before attacking: gather information – find out what services are implemented on network  Use ping to determine.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Slide 1 Vitaly Shmatikov CS 378 Key Establishment Pitfalls.
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002
Protocol Examples: Key Establishment Anonymity
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.
Anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.
Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Slide 1 Vitaly Shmatikov CS 361S Anonymity Networks.
The Silk Road: An Online Marketplace
Chapter 40 Network Security (Access Control, Encryption, Firewalls)
Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
L-25 Security II 1. Today's Lecture Effective secure channels Access control Privacy and Tor 2.
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum.
K. Salah1 Security Protocols in the Internet IPSec.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.
Network Security: Anonymity
17- 1 Last time ● Internet Application Security and Privacy ● Link-layer security: WEP, WPA, WPA2 ● Network-layer security: VPN, IPSec.
Anonymous Internet Protocols
Anonymous Communication
Protocols for Anonymous Communication
Digital Forensics 2 Presented by : J.Silaa Lecture: FCI 30 Aug 2017
0x1A Great Papers in Computer Security
Network Security: Anonymity
Anonymous Communication
Anonymity (Privacy) Suppose you are surfing the Web.
Lecture 10: Network Security.
Anonymous Communications
Anonymous Communication
Presentation transcript:

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

slide 2 Privacy on Public Networks uInternet is designed as a public network Wi-Fi access points, network routers see all traffic that passes through them uRouting information is public IP packet headers identify source and destination Even a passive observer can easily figure out who is talking to whom uEncryption does not hide identities Encryption hides payload, but not routing information Even IP-level encryption (tunnel-mode IPsec/ESP) reveals IP addresses of IPsec gateways

slide 3 Anonymity uAnonymity = the person is not identifiable within a set of subjects You cannot be anonymous by yourself! –Big difference between anonymity and confidentiality Hide your activities among others’ similar activities uUnlinkability of action and identity For example, sender and his are no more related after adversary’s observations than they were before uUnobservability (hard to achieve) Adversary can’t even tell whether someone is using a particular system and/or protocol

slide 4 Attacks on Anonymity uPassive traffic analysis Infer from network traffic who is talking to whom uActive traffic analysis Inject packets or put a timing signature on packet flow uCompromise of network nodes Attacker may compromise some routers It is not obvious which nodes have been compromised –Attacker may be passively logging traffic Better not to trust any individual router –Can assume that some fraction of routers is good, but don’t know which

slide 5 Chaum’s Mix uEarly proposal for anonymous David Chaum. “Untraceable electronic mail, return addresses, and digital pseudonyms”. Communications of the ACM, February uPublic key crypto + trusted r er (Mix) Untrusted communication medium Public keys used as persistent pseudonyms uMany modern anonymity systems use Mix as the basic building block Before spam, people thought anonymous was a good idea

slide 6 Basic Mix Design A C D E B Mix {r 1,{r 0,M} pk(B),B} pk(mix) {r 0,M} pk(B),B {r 2,{r 3,M’} pk(E),E} pk(mix) {r 4,{r 5,M’’} pk(B),B} pk(mix) {r 5,M’’} pk(B),B {r 3,M’} pk(E),E Adversary knows all senders and all receivers, but cannot link a sent message with a received message

slide 7 Anonymous Return Addresses A B MIX {r 1,{r 0,M} pk(B),B} pk(mix) {r 0,M} pk(B),B M includes {K 1,A} pk(mix), K 2 where K 2 is a fresh public key Response MIX {K 1,A} pk(mix), {r 2,M’} K 2 A,{{r 2,M’} K 2 } K 1 Secrecy without authentication (good for an online confession service )

slide 8 Mix Cascade uMessages are sent through a sequence of mixes Can also form an arbitrary network of mixes (mixnet) uSome of the mixes may be controlled by attacker, but even a single good mix guarantees anonymity uPad and buffer traffic to foil correlation attacks

slide 9 Randomized Routing uHide message source by routing it randomly Popular technique: Crowds, Freenet, Onion routing uRouters don’t know for sure if the apparent source of a message is the true sender or another router

Onion Routing uSender chooses a sequence of routers Some may be honest, some controlled by attacker Sender controls the length of the path slide 10 R R4R4 R1R1 R2R2 R R R3R3 Bob R R R [Reed, Syverson, Goldschlag 1997] Alice

slide 11 Route Establishment R4R4 R1R1 R2R2 R3R3 Bob Alice {R 2,k 1 } pk(R 1 ),{ } k 1 {R 3,k 2 } pk(R 2 ),{ } k 2 {R 4,k 3 } pk(R 3 ),{ } k 3 {B,k 4 } pk(R 4 ),{ } k 4 {M} pk(B) Routing info for each link encrypted with router’s public key Each router learns only the identity of the next router

slide 12 Disadvantages of Basic Mixnets uPublic-key encryption and decryption at each mix are computationally expensive uBasic mixnets have high latency Ok for , not Ok for anonymous Web browsing uChallenge: low-latency anonymity network Use public-key cryptography to establish a “circuit” with pairwise symmetric keys between hops on the circuit Then use symmetric decryption and re-encryption to move data messages along the established circuits Each node behaves like a mix; anonymity is preserved even if some nodes are compromised

R. Dingledine, N. Mathewson, P. Syverson Tor: The Second-Generation Onion Router (USENIX Security 2004)

slide 14 Tor uDeployed onion routing network Specifically designed for low-latency anonymous Internet communications uRunning since October 2003 Thousands of relay nodes, 100K-500K? of users uEasy-to-use client proxy, integrated Web browser

slide 15 Tor Circuit Setup (1) uClient proxy establish a symmetric session key and circuit with relay node #1

slide 16 Tor Circuit Setup (2) uClient proxy extends the circuit by establishing a symmetric session key with relay node #2 Tunnel through relay node #1 - don’t need !

slide 17 Tor Circuit Setup (3) uClient proxy extends the circuit by establishing a symmetric session key with relay node #3 Tunnel through relay nodes #1 and #2

slide 18 Using a Tor Circuit uClient applications connect and communicate over the established Tor circuit Datagrams decrypted and re-encrypted at each link

slide 19 Using Tor uMany applications can share one circuit Multiple TCP streams over one anonymous connection uTor router doesn’t need root privileges Encourages people to set up their own routers More participants = better anonymity for everyone uDirectory servers Maintain lists of active relay nodes, their locations, current public keys, etc. Control how new nodes join the network –“Sybil attack”: attacker creates a large number of relays Directory servers’ keys ship with Tor code

slide 20 Hidden Services uGoal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it uAccessible from anywhere uResistant to censorship, denial of service, physical attack Network address of the server is hidden, thus can’t find the physical server

slide 21 Creating a Location Hidden Server Server creates onion routes to “introduction points” Server gives intro points’ descriptors and addresses to service lookup directory Client obtains service descriptor and intro point address from directory

slide 22 Using a Location Hidden Server Client creates a route to a “rendezvous point” Client sends the address of the rendezvous point and any authorization, if needed, to the server through an intro point If server chooses to talk to client, connect to rendezvous point Rendezvous point mates the circuits from client & server

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.