Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

Published byMorgan Cain Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification "— Presentation transcript:

1 1 Anonymity

2 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification  Why anonymity and P2P?  Simple model  Parties exchange information in a P2P network  Sender anonymity  Receiver anonymity

3 Related notions  Confidentiality  Content of message is not known  Typically achieved by encryption  Is not an alternative to anonymity when the act of sending messages must be hidden or when the content of the message can be deduced  Privacy  In some works equated with anonymity  Usually, protection of personal/secret data as opposed to hiding the identity 3

4 Definitions  Following Pfitzmann and Hansen  Subjects: senders and receivers  Items of interest: messages  The notion of anonymity set  Anonymity: the property of not being identifiable within an anonymity set  We are especially interested in sender anonymity and receiver anonymity 4

5 Unlinkability  Let L be a relation between pairs of items  L is the link relation  Let D be the data that an adversary obtains by observing the system  We say that two items a, b are unlinkable if Pr[L(a,b)|D]=Pr[L(a,b)]  α-sender anonymity for a sender s and message m means:  Pr[L(s,m)|D]=Pr[L(s,m)] > α 5

6 Unlinkability (cont.)  α-receiver anonymity for a receiver r and message m means:  Pr[L(m,r)|D]=Pr[L(m,r)] > α  An α-anonymous communication system is a system in which every receiver and sender is α-anonymous for every message in any sequence of messages.  Anonymity in this definition is a function of D  We relax all definitions to be computational  It is sufficient that the adversary is unable to distinguish between the probabilities 6

7 7 Who is the Adversary  In the real world  An organization such as RIAA or MPAA  A government / intelligence service  Police  Potentially criminals  An adversary model determines what capabilities the adversary has  Monitoring links  Operating “poisoned” peers  Possibly, coercing peer to implicate itself or others

8 Some typical restrictions  In many works the power of the adversary is limited in ways that are sometimes natural (but not always)  Adversary can monitor up to given number of links in network  Adversary can’t break encryption or forge signatures  Adversary can monitor up to given number of links of specific sender  Adversary can’t perform traffic analysis 8

9 9 Anonymizer  Simply a proxy  Accepts messages and resends them as if it is the source  Sufficient for sender anonymity in some scenarios  Risks  It fails if all lines coming into and out of anonymizer are monitored  The anonymizer itself may collude with the adversary  Operators of botnets often use compromised servers as anonymizers (without the owners permission or awareness of the fact)

10 Mix  Chaum - in the context of e-mail  An anonymizer that tries to defeat monitoring of its lines  Every incoming and outgoing message is encrypted. Let m be a message  E k_in (m) is encryption of incoming message  E k_out (m) is encryption of outgoing message  Adversary can’t distinguish between the pairs and, for an arbitrary message p in a given domain.  The mix changes the order, timing and length of outgoing packets compared to incoming packets. 10

11 Mix (cont.)  Mix tries to defeat:  Direct monitoring – by encrypting content  Traffic analysis – by changing parameters of the traffic that are not affected by encryption  Encryption adds to computational overhead  Changing length, timing and order are not always possible  Example: real-time traffic such as voice and video  Mixes often have partial functionality  An adversarial mix is still possible 11

12 12 Onion Routing - Overview  Based on Chaum Mixes  By Reed, Syverson, Goldschlag (1996)  Objectives:  Works with traffic that is almost real time (e.g. HTTP)  Bi-directional traffic  Provides sender anonymity  Reduce effectiveness of traffic analysis  All peers in network “know” each other’s public key  End entities are not necessarily part of the network  Network nodes are called Onion Routers (OR)

13 Preparation of onion  Sender:  Chooses a random path to the receiver  Notation: Sender=OR 1, OR 2, …, OR n =Receiver  Retrieves public keys of path from directory  Onion includes n-1 layers  Layer i, i=2, 3,…,n encrypts with public key of OR i  Address of next onion router, OR i+1  Forward encryption / decryption algorithm E fi  Forward encryption / decryption key K fi  Backward encryption / decryption algorithm E bi  Backward encryption / decryption key K bi  Some additional information  Layers i+1,…,n 13

14 Preparation of onion (cont.)  Payload is encrypted in layers.  The n-th layer encrypts the payload.  The i-th layer encrypts layers i+1,…,n.  The i-th layer, i=2,3,…,n includes encryption by E fi with key K fi. 14

15 Processing by Onion Routers  OR i uses its private key to encrypt / decrypt the i-th layer of the onion.  OR i uses E fi with key K fi to encrypt / decrypt i-th layer of the payload.  OR i sends the onion and the payload after “peeling” off a layer to OR i+1.  OR i retains onion for a time. 15

16 Response  The receiver can send a reply message by the backward encryption algorithm and key.  In the response, OR i encrypts the layered message it receives with encryption algorithm E bi and key K bi.  Response relies on same route as original message.  Sender uses stored list of E bi and key K bi to decrypt.  Sender can prepare a route for a reply  Same route can be used later  Different route 16

17 Reply onion  Layer i, i=1,2,3,…,n encrypts with public key of Or n+1-i  Address of next onion router, Or n-i  Backward encryption algorithm E bi  Backward encryption key K bi  Forward decryption algorithm E fi  Forward decryption key K fi  Some additional information  Layers i+1,…,n  The inner layer (encrypted with the sender’s key) includes E fi, E bi, K bi, K fi for all i.  Each processor “adds” a layer of encryption to the message.  The sender peels all the layers. 17

18 Additional Mechanisms  Replay protection  Each layer contains the expiration time.  An OR stores the onion until the expiration time.  If the same onion is sent within the expiration time then the OR discards it.  If an expired onion is sent then the OR discards it.  Padding  Each OR adds random padding to the onion to compensate for removed layer  Loose routing  Sender defines list of ORs in path.  OR i can send onion to OR i+1 by a route it chooses. 18

19 Anonymity analysis  Onion routing provides sender anonymity.  Reply onions can be used for some receiver anonymity  Anonymity works against adversaries that:  Monitor any number of links.  Control ORs (at least one OR per path is not corrupted)  Analyze message content and message length 19

20 Anonymity analysis (cont.)  Anonymity does not work if adversary:  Compares timing of packets at sender and receiver.  Actively introduces timing signatures and compares the signature on the receiver side.  Subverts public keys.  Sybil attack  Tags padding and looks for tag at the receiving end.  Can compromise additional ORs over time. Adversary records traffic and decrypts it later. 20

Download ppt "1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification "

Similar presentations

Provable Unlinkability Against Traffic Analysis Ron Berman Joint work with Amos Fiat and Amnon Ta-Shma School of Computer Science, Tel-Aviv University.

Provable Unlinkability Against Traffic Analysis Ron Berman Joint work with Amos Fiat and Amnon Ta-Shma School of Computer Science, Tel-Aviv University.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Reusable Anonymous Return Channels

Reusable Anonymous Return Channels
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.

Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.

Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.

I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.
Analysis of Onion Routing Presented in 294-4 by Jayanthkumar Kannan On 10/8/03.

Analysis of Onion Routing Presented in by Jayanthkumar Kannan On 10/8/03.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Similar presentations

Ads by Google