Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University

Section Overview Browser Privacy Issues Browser Privacy Issues Web Server Tracking Web Server Tracking Phishing Attacks Phishing Attacks Anonymous Browsing Anonymous Browsing High Latency Anonymity High Latency Anonymity Low Latency Anonymity Low Latency Anonymity

References Security in Computing, 3 rd Ed. Security in Computing, 3 rd Ed. Chapter 7 (pg. 453) Chapter 7 (pg. 453) Chapter 9 (pgs ) Chapter 9 (pgs )

View of most internet users… Source: Peter Steiner Source: Peter Steiner, The New Yorker,The New Yorker, (Vol.69 (LXIX) no. 20), 1993

Addresses Enables online communication Enables online communication Often users have several Often users have several Disposable accounts (pseudonyms) Disposable accounts (pseudonyms) Easily forged Easily forged Social engineering attacks Social engineering attacks User anonymity? User anonymity? header analysis header analysis

Browser Privacy History of sites visited History of sites visited Saved form information Saved form information Saved passwords Saved passwords Page cache Page cache Downloads Downloads Cookies Cookies

HTML Cookies Introduced by Netscape Introduced by Netscape Stores information about sites visited Stores information about sites visited Read and written to by Web Server Read and written to by Web Server Contains user web site preferences, etc. Contains user web site preferences, etc. Map of user interests Map of user interests Passes this information when site is visited Passes this information when site is visited Advertisement images Advertisement images Browser Settings Browser Settings Accept all cookies Accept all cookies Accept only those cookies that get sent back to originating server Accept only those cookies that get sent back to originating server Do not except cookies Do not except cookies

Web Server Tracking Web Server log files Web Server log files Web Site registration databases Web Site registration databases Web Bugs Web Bugs 1x1 pixel or transparent GIF images 1x1 pixel or transparent GIF images Site logs IP address and cookie information Site logs IP address and cookie information Referring page for “credit” Referring page for “credit” Can appear in HTML s Can appear in HTML s

Phishing Identify Theft Attack Identify Theft Attack Appears sent from legitimate institution Appears sent from legitimate institution Warns of information compromise Warns of information compromise Link to “legitimate institution” site Link to “legitimate institution” site Asks to verify personal information Asks to verify personal information Passwords Passwords Bank Account Numbers Bank Account Numbers Social Security Numbers Social Security Numbers

Need for Anonymity Discussion of Medical Conditions Discussion of Medical Conditions Whistle Blowing Whistle Blowing Political/Religious Censorship Political/Religious Censorship Electronic Voting Electronic Voting Transaction Privacy (Digital Cash) Transaction Privacy (Digital Cash) Corporate research Corporate research Law Enforcement investigations Law Enforcement investigations

Anonymous Communication Sender Anonymity Sender Anonymity Receiver Anonymity Receiver Anonymity Sender/Receiver unlinkability Sender/Receiver unlinkability Unobservability Unobservability Anonymity Set: Must not be able to identify one member within a set of people.

Anonymity & Latency High latency systems High latency systems /Newsgroup services /Newsgroup services Good resistance to attacks Good resistance to attacks Slow!!! Slow!!! Low latency systems Low latency systems Need quick response to requests Need quick response to requests Web and interactive services Web and interactive services Less resistant to attacks Less resistant to attacks

Pseudo-anonymous R er Real Address Anonymous address anon.penet.fi “Legal Attacks”

Anonymous R ers David Chaum Mixes Server order (chains) picked Server order (chains) picked Message encrypted in reverse order using each server’s public key Message encrypted in reverse order using each server’s public key Server decrypts message to see where to send next Server decrypts message to see where to send next Source Destination

Type I R er “Cypherpunk” “Cypherpunk” PGP Based PGP Based Subject to traffic analysis Subject to traffic analysis Messages immediately delivered Messages immediately delivered Message size changes Message size changes Nym Servers Nym Servers Reply block chain Reply block chain Reused (often) Reused (often)

Type II R ers “Mixmasters” “Mixmasters” Follows (much) of Chaum’s model Follows (much) of Chaum’s model Internally implemented PKE Internally implemented PKE Fixed payload & message splitting Fixed payload & message splitting Message pools/Bogus messages Message pools/Bogus messages No reply blocks No reply blocks

Type III R ers “Mixminion” “Mixminion” Implements Type II features Implements Type II features Fixed message size (32KB) Fixed message size (32KB) Single use reply blocks Single use reply blocks Custom delivery protocol Custom delivery protocol No longer using SMTP No longer using SMTP User implemented User implemented

Proxy Anonymizers UserWorkstation Web Anonymizer Enter Web Site Submit Reset Browser WebAnonymizer

Crowds UserWorkstation Each member passes web request to another member of crowd or to destination server depending on randomly generated probability

Onion Routing UserWorkstation Using the mix model, get the public keys from each onion router then encrypt the request with each key starting from last hop and finishing with nearest one.

Tor Routing UserWorkstation User creates a virtual circuit by securely establishing session keys with each Tor router. Once the circuit is set up, communication to remote hosts can occur when needed

Dining Cryptographers The waiter tells 3 cryptographers who are having dinner that the bill has been taken care of. The waiter tells 3 cryptographers who are having dinner that the bill has been taken care of. The payer chooses to be anonymous The payer chooses to be anonymous One of the cryptographers One of the cryptographers Their boss – the NSA Their boss – the NSA Diners will only agree if the NSA isn’t buying Diners will only agree if the NSA isn’t buying How do they decide? How do they decide? Each flips a coin that only he and the diner to is right can see. Each flips a coin that only he and the diner to is right can see. Each diner looks at his coin and the one to his left Each diner looks at his coin and the one to his left Not buying: announces whether the coins are the same or different Not buying: announces whether the coins are the same or different Buying: lies by announcing the opposite Buying: lies by announcing the opposite Odd number of “different”, someone at the table is buying Odd number of “different”, someone at the table is buying

DC Example Alice Bob Scott “Different” “Same” “Same” Someone at the Table (Scott) is buying [odd # of “Different”] Alice Bob Scott “Different” “Different” “Same” The NSA is buying [even # of “Different”]

DC-Nets Also proposed by David Chaum Also proposed by David Chaum Need secure channel between adjacent proxies Need secure channel between adjacent proxies Each proxy generates random bit Each proxy generates random bit Non-sender: announce xor (its bit, neighbor bit) Non-sender: announce xor (its bit, neighbor bit) Sender: announce xor (its bit, neighbor bit, message bit) Sender: announce xor (its bit, neighbor bit, message bit) Xor (all announcements) = message bit Xor (all announcements) = message bit Impractical Impractical Need to be able to generate lots of randomness Need to be able to generate lots of randomness Huge communication overhead Huge communication overhead