Presentation is loading. Please wait.

Presentation is loading. Please wait.

anonymous routing and mix nets (Tor)

Published byBennett Henderson Modified over 6 years ago

Similar presentations

Presentation on theme: "anonymous routing and mix nets (Tor)"— Presentation transcript:

1 anonymous routing and mix nets (Tor)
Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford

2 Anonymous web browsing
Why? Discuss health issues or financial matters anonymously Bypass Internet censorship in parts of the world Conceal interaction with gambling sites Law enforcement Two goals: Hide user identity from target web site: (1), (4) Hide browsing pattern from employer or ISP: (2), (3) Stronger goal: mutual anonymity (e.g. r ers)

3 Current state of the world I
ISPs tracking customer browsing habits: Sell information to advertisers Embed targeted ads in web pages (1.3%) Example: MetroFi (free wireless) [Web Tripwires: Reis et al. 2008] Several technologies used for tracking at ISP: NebuAd, Phorm, Front Porch Bring together advertisers, publishers, and ISPs At ISP: inject targeted ads into non-SSL pages Tracking technologies at enterprise networks: Vontu (symantec), Tablus (RSA), Vericept

4 Current state of the world II
EU directive 2006/24/EC: year data retention For ALL traffic, requires EU ISPs to record: Sufficient information to identify endpoints (both legal entities and natural persons) Session duration … but not session contents Make available to law enforcement … but penalties for transfer or other access to data For info on US privacy on the net: “privacy on the line” by W. Diffie and S. Landau

5 Part 1: network-layer privacy
Goals: Hide user’s IP address from target web site Hide browsing destinations from network

6 1st attempt: anonymizing proxy
anonymizer.com ? URL=target User1 Web1 SSL anonymizer.com HTTP User2 Web2 User3 Web3

7 Anonymizing proxy: security
Monitoring ONE link: eavesdropper gets nothing Monitoring TWO links: Eavesdropper can do traffic analysis More difficult if lots of traffic through proxy Trust: proxy is a single point of failure Can be corrupt or subpoenaed Example: The Church of Scientology vs. anon.penet.fi Protocol issues: Long-lived cookies make connections to site linkable

8 How proxy works Proxy rewrites all links in response from web site
Updated links point to anonymizer.com Ensures all subsequent clicks are anonymized Proxy rewrites/removes cookies and some HTTP headers Proxy IP address: if a single address, could be blocked by site or ISP anonymizer.com consists of >20,000 addresses Globally distributed, registered to multiple domains Note: chinese firewall blocks ALL anonymizer.com addresses Other issues: attacks (click fraud) through proxy

9 Goal: no single point of failure
2nd Attempt: MIX nets Goal: no single point of failure

10 MIX nets [Chaum’81] Every router has public/private key pair
Sender knows all public keys To send packet: Pick random route: R2  R3  R6  srvr Onion packet: R1 msg srvr R6 R2 R4 Epk2( R3, Epk3( R6, Epk6( srvr , msg)

11 Eavesdropper’s view at a single MIX
Eavesdropper observes incoming and outgoing traffic Crypto prevents linking input/output pairs Assuming enough packets in incoming batch If variable length packets then must pad all to max len Note: router is stateless Ri user1 batch user2 user3

12 Performance Main benefit: Problems:
Privacy as long as at least one honest router on path Problems: High latency (lots of public key ops) Inappropriate for interactive sessions May be OK for (e.g. Babel system) No forward security R2 R3 R6 srvr

13 3rd Attempt: Tor MIX circuit-based method
Goals: privacy as long as one honest router on path, and reasonable performance

14 The Tor design Trusted directory contains list of Tor routers
User’s machine preemptively creates a circuit Used for many TCP streams New circuit is created once a minute stream1 stream2 R3 R1 R5 stream1 srvr1 R4 R2 R6 stream2 one minute later srvr2

15 Creating circuits K1 K1 K2 K2 TLS encrypted TLS encrypted Create C1
D-H key exchange K1 K1 Relay C Extend R2 Extend R2 D-H key exchange K2 K2

16 Once circuit is created
User has shared key with each router in circuit Routers only know ID of successor and predecessor K1 K1, K2, K3, K4 R1 K2 R2 K3 R3 K4 R4

17 Sending Data K2 K1 Relay C1 Begin site:80 Relay C2 Begin site:80
TCP handshake Relay C data HTTP GET Relay C data HTTP GET HTTP GET Relay C data resp Relay C data resp resp

18 Complete View

19 Properties Performance: Tor crypto: Downside:
Fast connection time: circuit is pre-established Traffic encrypted with AES: no pub-key on traffic Tor crypto: provides end-to-end integrity for traffic Forward secrecy via TLS Downside: Routers must maintain state per circuit Each router can link multiple streams via CircuitID all steams in one minute interval share same CircuitID

20 Privoxy Tor only provides network level privacy Privoxy:
No application-level privacy e.g. mail progs add “From: -addr” to outgoing mail Privoxy: Web proxy for browser-level privacy Removes/modifies cookies Other web page filtering

21 Anonymity attacks: watermarking
Goal: R1 and R3 want to test if user is communicating with server Basic idea: R1 and R3 share sequence: 1, 2, … , n  {-10,…,10} R1: introduce inter-packet delay to packets leaving R1 and bound for R Packet i delayed by i (ms) Detect signal at R3 R1 R2 R3

22 Anonymity attacks: congestion
Main idea: R8 can send Tor traffic to R1 and measure load on R1 Exploit: malicious server wants to identify user Server sends burst of packets to user every 10 seconds R8 identifies when bursts are received at R1 Follow packets from R1 to discover user’s ID R1 R2 R3 R8

23 Tor: 히든 서비스 (server-side)
HiddenServiceID.onion ex) facebookcorewwwi.onion (1) 히든 서비스 ID (HID): Base32_encode(First 10 bytes of SHA-1(new 1024-bit RSA public key)) Bob (xyz.onion) (Tor Hidden Service via Onion Proxy) IP1 (2) 3개의 Tor relay 임의 선택 하여, Introduction points 로 사용 Alice (Tor Client) IP2 IP3 Tor Network

24 Tor: 히든 서비스 (server-side)
Step 3,4 are done hourly! (3) Directory authorities 로 부터 Consensus 히든 서비스 디렉토리 (HS Dir) 목록 정보 획득. (4) Service descriptor 생성 Hidden Service Descriptor: [Descriptor ID + its public key + Introduction Points (IPs) ] signed by its private key Bob (Tor Hidden Service) HSDir=1 HSDir=1 (5) 생성한 Service descriptor를 해당 HSDir 들에 업로드 (to a set of 6 HSDirs via a 3-hop circuit) 자세한 내용은 다음 슬라이드에서 설명.. Alice (Tor Client) IP1 IP2 IP3 Tor Network & Donncha O’Cearbhaill’s blog post (Trawling Tor Hidden Service)

25 Tor: 히든 서비스 (server-side)
HS descriptor ID (Fingerprint) computation: hs-descriptor-id = SHA1( permanent-id || SHA1 ( time-period || replica) ) Permanent-id: first 80 bits (10 bytes) of SHA1 (public key) Time period: (current-time + permanent-id-byte * / 256) / 86400 Permanent-id-byte: first unsigned byte of perm-id Replica: which set of HSDirs 예제) facebookcorewwwi.onion descriptor-id = SHA1( facebookcorewwwi || SHA1(16583 || 0)) SHA1( facebookcorewwwi || SHA1(16583 || 1)) replica 0: ys5pml4c6txpw5hnq5v4zn2htytfejf2 replica 1: fq7r4ki5uwcxdxibdl7b7ndvf2mvw2k2 A simple Distributed Hash Table (DHT) Descriptor ID 위치 (replica 포함) 에서 가장 근접한 3기의 HSDir Tor Relay 에 Service Descriptor를 업로드!

26 Tor: 히든 서비스 (client-side)
xyz.onion 의 hs-descriptor-id 를 계산하고, 앞 슬라이드에서 설명한 방식과 동일하게 해당 서비스의 Descriptor를 저장하고 있는 HS Dir 들을 파악 해당 HS Dir 들로 부터 xyz.onion 의 Service descriptor 를 내려받아 히든 서비스의 public key 와 Introduction points (IP) 파악 DB DB Bob (xyz.onion) (Tor Hidden Service) Go to xyz.onion HSDir=1 HSDir=1 IP1 IP2 IP3 Alice (Tor Client) Tor Network Fillippo Valsorda and George Tankersly – Non-Hidden Hidden Services Considered Harmful

27 Tor: 히든 서비스 (client-side)
(3) one-time secret (cookie) 생성 (4) 임의의 Tor relay 를 선택하여 rendezvous point (by sending the cookie)로 사용 (5) 해당 rendezvous point 까지 Tor circuit 생성 후, (6) introduce message (cookie & addr. of RP)를 생성하여 Introduction Points (IP) 들에 전송 Cookie Bob (xyz.onion) (Tor Hidden Service) Rendezvous point (RP) Go to xyz.onion (7) IP는 Bob 에게 해당 메시지를 전달 Introduce Msg. IP1 IP2 IP3 Alice (Tor Client) Tor Network Fillippo Valsorda and George Tankersly – Non-Hidden Hidden Services Considered Harmful

28 Tor: 히든 서비스 (client-side)
(6) Bob 이 introduce message 를 본인의 public key를 사용해 복호화 하여, Rendezvous Point (RP) 의 주소와 Cookie 획득 (7) Bob 이 RP까지 Tor Circuit을 생성하여 연결 후, Rendezvous message (Cookie 포함)를 전송 (8) 인증 후, RP 는 Alice 와 Bob 사이의 메시지들을 단순히 전달. (end-to-end encrypted) Cookie Bob (xyz.onion) (Tor Hidden Service) Rendezvous point (RP) Go to xyz.onion IP1 IP2 IP3 Alice (Tor Client) Tor Network Fillippo Valsorda and George Tankersly – Non-Hidden Hidden Services Considered Harmful

Download ppt "anonymous routing and mix nets (Tor)"

Similar presentations

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.

Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.

INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Similar presentations

Ads by Google