Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Slides:

Advertisements

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Advertisements

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

Anonymity on the Web: Onion routing and Crowds. 2 Outline  the problem of user privacy  basic concepts of anonymous communication  MIXes  Onion routing.

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

A Tale of Research: From Crowds to Deeper Understandings Matthew Wright Jan. 25, : Adv. Network Security.

CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger.

Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.

Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Anonymity and Privacy Enhancing.

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

Aggregation in Sensor Networks

Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.

Anonymity on the Internet Presented by Randy Unger.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

1 Flow Identification Assume you want to guarantee some type of quality of service (minimum bandwidth, maximum end-to-end delay) to a user Before you do.

Privacy Enhancing Technologies Spring What is Privacy? “The right to be let alone” Confidentiality Anonymity Access Control Most privacy technologies.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Lecture 14: Anonymity on the Web (cont) Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.

R. Newman Anonymity - Background. Defining anonymity Defining anonymity Need for anonymity Need for anonymity Defining privacy Defining privacy Threats.

Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.

1 Ad Hoc On-Demand Distance Vector Routing (AODV) Dr. R. B. Patel.

Securing Distributed Sensor Networks Udayan Kumar Subhajit Sengupta Sharad Sonapeer.

Anonymity on Web Transaction Department of Computer Science Ball State University Research Methods - CS 689 Uday Adhikari 7 th Dec

Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.

Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.

Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.

Crowds: Anonymity for Web Transactions Michael Reiter and Avi Rubin 1998.

Web Services. 2 Internet Collection of physically interconnected computers. Messages decomposed into packets. Packets transmitted from source to destination.

Increasing Anonymity in Crowds via Dummy Jondos By: Benjamin Winninger.

Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.

Ad-hoc On Demand Distance Vector Protocol Hassan Gobjuka.

The Silk Road: An Online Marketplace

Onion Routing R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

Ad Hoc On-Demand Distance Vector Routing (AODV) ietf

Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb CSE 535.

1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum.

CS694 - DHT1 Distributed Hash Table Systems Hui Zhang University of Southern California.

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

SSL Certificates for Secure Websites

Anonymous Communication

Anonymity Metrics R. Newman.

Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin

Towards Measuring Anonymity

Safety in Numbers: Crowds

0x1A Great Papers in Computer Security

Free-route Mixes vs. Cascades

Anonymous Communication

Anonymity – Chaum Mixes

Anonymous Communication

Increasing Anonymity via Dummy Jondos in a Crowd

Anonymity – Generalizing Mixes

Presentation transcript:

Anonymity – Crowds R. Newman

Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity Applications of anonymity technology

All relative to attacker Provably exposed Exposed Possible Innocence Probable Innocence Beyond Suspicion Absolute Privacy Degrees of Anonymity

All relative to attacker Provably exposed Attacker can prove who sent a message Exposed Possible Innocence Probable Innocence Beyond Suspicion Absolute Privacy Degrees of Anonymity

All relative to attacker Provably exposed Exposed Attacker knows but can’t prove it Possible Innocence Probable Innocence Beyond Suspicion Absolute Privacy Degrees of Anonymity

All relative to attacker Provably exposed Exposed Possible Innocence Nontrivial probability someone else sent msg Probable Innocence Beyond Suspicion Absolute Privacy Degrees of Anonymity

All relative to attacker Provably exposed Exposed Possible Innocence Probable Innocence Sender is equally likely to have sent as not sent Beyond Suspicion Absolute Privacy Degrees of Anonymity

All relative to attacker Provably exposed Exposed Possible Innocence Probable Innocence Beyond Suspicion Sender is no more likely to have sent than anyone else Absolute Privacy Degrees of Anonymity

All relative to attacker Provably exposed Exposed Possible Innocence Probable Innocence Beyond Suspicion Absolute Privacy Attacker can’t distinguish situations in which sender sent message from those in which it did not Degrees of Anonymity

Crowd = collection of users User represented in crowd by ”jondo” process Jondo contacts ”blender” server on startup Admission to crowd Reports current crowd membership to jondo Jondo set as web proxy for all services by user Crowd Overview

When user request made, sent to jondo Jondo establishes random path of jondos Picks random jondo from crowd (1) Sends request to that jondo That jondo flips biased coin With prob p f forward to another jondo (goto 1) With prob 1- p f send to end server Subsequent requests follow same path Except maybe end server Server reply follow reverse path Crowd Overview

Servers Users/jondos

Jondo treated as client of successor jondo Each jondo maintains set of active jondos Path maintained as virtual circuit (VC) Each path has pathID (like VCID) PathID is local to directional link VC table maintained (in-link, in-ID, out-link, out-ID) 128-bit VCIDs assigned randomly on setup Successor assigned randomly on setup Path key for encrypting msg generated on setup Crowd Overview

Jondo joins Crowd through Blender Blender maintains account with each member Each member has ID and password Password -> symmetric key for communication All jondos encrypt link communication Secret key between each jondo pair Pairwise keys established when jondo joins crowd Blender sends pairwise keys to new member, and to each other member to use with new member Jondos maintain current set of members Add when receive key from blender Delete when detect failure or receive notice Crowd Overview

Security provided to individual user Three types of attackers considered Local eavesdropper Collaborating crowd users End server Crowd Security - Attacks

AttackerSender AnonymityReceiver Anonymity Local eavesdropperExposedP(beyond susp) -> 1 c collaborating jondos, n >= p f (c+1)/(p f – ½) Probable innocence P(abs priv) -> 1 End serverBeyond SuspicionN/A Asymptotics are as n -> infinity Boldface entries are guarantees Probabilities are asymptotic E.g., Local eavesdropper gets lucky then it may be able to determine the receiver of a request Otherwise, receiver is beyond suspicion Prob of getting lucky decreases with crowd size

Can only see traffic to/from one user Can see when a user initiates a request Msg out did not result from msg in Prob(user’s jondo sends to server) = 1/n Uniform random choice from n members If not sent to end server, then receiver anonymous Prob learn receiver decreases with n Local Eavesdropper

Can only see traffic to/from itself Can obviously see receiver Receiver anonymity not possible! Sender anonymity is beyond suspicion Sender picks any member uniformly End server is equally likely to receive request from any member! Note independence from p f here Increasing path length does not help End Server

Can only see traffic to/from itself Can obviously see receiver address Sees plaintext of traffic on paths through it All jondos on path have path key Goal of collaborators is to find sender Assuming c can’t determine from msg contents Collaborator only has reason to suspect predecessor jondo All others are equally likely, except predecessor Paths are static! Collaborating Jondos

Let I = event that first collaborator on path is preceeded by path initiator (sender) Let H k = event that first collaborator on path is in the k th position in the path Sender is in position 0 in the path Let H k+ = event that first collaborator on path is in the k th position or later in the path Def: Probable Innocence wrt sender anonymity P(I | H 1+ ) <= ½ Note H 1 => I, but not converse Collaborating Jondos

Let c be number of collaborators Let n be size of crowd Let p f be forwarding probability p f > ½ Thm: If n >= p f (c + 1)/(p f – ½) then sender has probably innocence Show P(I|H 1+ ) = p f (c + 1)/(p f – ½) Path goes thru i-1 honest nodes first, prob (n-c)/n each So P(H i ) = (p f (n-c)/n) i-1 (c/n), etc. P(I) = P(H 1 )P(I|H 1 ) + P(H 2+ )P(I|H 2+ ) and since I => H 1+, P(I|H 1+ ) = P(I OR H 1+ )/P(H 1+ ) = P(I)/P(H 1+ ) Collaborating Jondos

Thm: If n >= p f (c + 1)/(p f – ½) then sender has probably innocence Example: p f = ¾ then sender gets probable innocence as long as n >= 3(c+1) Get tradeoff in path length (performance) and ability to tolerate collaboration attacks (c) Exp(Path length) = p f /(1 – p f ) + 2 P(H 1+ ) -> 0 as n -> infy for constant c, p f and so P(abs privacy) -> 1 for sender and receiver anonymity as n -> infy Assumes collaborators can only observe paths through nodes they own Collaborating Jondos

HTML pages can contain references to URLs that are immediately loaded by the browser Collaborator jondo can measure time from reply with URL until request for that URL appears Gives limits on how ”far” away sender is Countermeasure: Last jondo (by server) parses HTML, gets URLs Last jondo requests URLs and sends along path User jondo does not forward the URL requests User jondo waits for pages send from last jondo Timing Attacks

How big is load on each jondo? Appearances for a jondo is number of times it appears over all paths If twice in one path, and once in another, then 3 Thm: In a crowd of size n for any jondo, exp # appearances = O((1+1/n)/(1- p f ) 2 ) Load depends on path length, which mostly depends on p f Scaling

What does Crowds approach offer? How is it different from Chaum Mixes? Which approach is ”right”? Are there ways to strengthen the guarantees or protections offered by either, using techniques from the other (or different techniques)? Parting Questions