Presentation is loading. Please wait.

Presentation is loading. Please wait.

0x1A Great Papers in Computer Security

Published byAndrea Goodman Modified over 6 years ago

Similar presentations

Presentation on theme: "0x1A Great Papers in Computer Security"— Presentation transcript:

1 0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov

2 Privacy on Public Networks
Internet is designed as a public network Wi-Fi access points, network routers see all traffic that passes through them Routing information is public IP packet headers identify source and destination Even a passive observer can easily figure out who is talking to whom Encryption does not hide identities Encryption hides payload, but not routing information Even IP-level encryption (tunnel-mode IPsec/ESP) reveals IP addresses of IPsec gateways

3 Anonymity Anonymity = the person is not identifiable within
a set of subjects You cannot be anonymous by yourself! Big difference between anonymity and confidentiality Hide your activities among others’ similar activities Unlinkability of action and identity For example, sender and his are no more related after adversary’s observations than they were before Unobservability (hard to achieve) Adversary can’t even tell whether someone is using a particular system and/or protocol

4 Attacks on Anonymity Passive traffic analysis Active traffic analysis
Infer from network traffic who is talking to whom Active traffic analysis Inject packets or put a timing signature on packet flow Compromise of network nodes Attacker may compromise some routers It is not obvious which nodes have been compromised Attacker may be passively logging traffic Better not to trust any individual router Can assume that some fraction of routers is good, but don’t know which

5 Chaum’s Mix Early proposal for anonymous email
David Chaum. “Untraceable electronic mail, return addresses, and digital pseudonyms”. Communications of the ACM, February 1981. Public key crypto + trusted r er (Mix) Untrusted communication medium Public keys used as persistent pseudonyms Many modern anonymity systems use Mix as the basic building block Before spam, people thought anonymous was a good idea 

6 Basic Mix Design Mix B A C E D {r1,{r0,M}pk(B),B}pk(mix) {r0,M}pk(B),B
{r3,M’}pk(E),E C {r2,{r3,M’}pk(E),E}pk(mix) E D {r4,{r5,M’’}pk(B),B}pk(mix) Mix Adversary knows all senders and all receivers, but cannot link a sent message with a received message

7 Anonymous Return Addresses
M includes {K1,A}pk(mix), K2 where K2 is a fresh public key {r1,{r0,M}pk(B),B}pk(mix) {r0,M}pk(B),B B MIX A Response MIX {K1,A}pk(mix), {r2,M’}K2 A,{{r2,M’}K2}K1 Secrecy without authentication (good for an online confession service )

8 Mix Cascade Messages are sent through a sequence of mixes
Can also form an arbitrary network of mixes (mixnet) Some of the mixes may be controlled by attacker, but even a single good mix guarantees anonymity Pad and buffer traffic to foil correlation attacks

9 Randomized Routing Hide message source by routing it randomly
Popular technique: Crowds, Freenet, Onion routing Routers don’t know for sure if the apparent source of a message is the true sender or another router

10 Onion Routing R R R4 R R3 R R1 R R2 R
[Reed, Syverson, Goldschlag 1997] R R R4 R R3 R R1 R R2 Alice R Bob Sender chooses a sequence of routers Some may be honest, some controlled by attacker Sender controls the length of the path

11 Route Establishment R2 R4 R3 R1 Alice Bob
{M}pk(B) {B,k4}pk(R4),{ }k4 {R4,k3}pk(R3),{ }k3 {R3,k2}pk(R2),{ }k2 {R2,k1}pk(R1),{ }k1 Routing info for each link encrypted with router’s public key Each router learns only the identity of the next router

12 Disadvantages of Basic Mixnets
Public-key encryption and decryption at each mix are computationally expensive Basic mixnets have high latency Ok for , not Ok for anonymous Web browsing Challenge: low-latency anonymity network Use public-key cryptography to establish a “circuit” with pairwise symmetric keys between hops on the circuit Then use symmetric decryption and re-encryption to move data messages along the established circuits Each node behaves like a mix; anonymity is preserved even if some nodes are compromised

13 R. Dingledine, N. Mathewson, P
R. Dingledine, N. Mathewson, P. Syverson Tor: The Second-Generation Onion Router (USENIX Security 2004)

14 Tor Deployed onion routing network Running since October 2003
Specifically designed for low-latency anonymous Internet communications Running since October 2003 Thousands of relay nodes, 100K-500K? of users Easy-to-use client proxy, integrated Web browser

15 Tor Circuit Setup (1) Client proxy establish a symmetric session key and circuit with relay node #1

16 Tor Circuit Setup (2) Client proxy extends the circuit by establishing a symmetric session key with relay node #2 Tunnel through relay node #1 - don’t need !

17 Tor Circuit Setup (3) Client proxy extends the circuit by establishing a symmetric session key with relay node #3 Tunnel through relay nodes #1 and #2

18 Using a Tor Circuit Client applications connect and communicate over the established Tor circuit Datagrams decrypted and re-encrypted at each link

19 Using Tor Many applications can share one circuit
Multiple TCP streams over one anonymous connection Tor router doesn’t need root privileges Encourages people to set up their own routers More participants = better anonymity for everyone Directory servers Maintain lists of active relay nodes, their locations, current public keys, etc. Control how new nodes join the network “Sybil attack”: attacker creates a large number of relays Directory servers’ keys ship with Tor code

20 Hidden Services Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it Accessible from anywhere Resistant to censorship, denial of service, physical attack Network address of the server is hidden, thus can’t find the physical server

21 Creating a Location Hidden Server
Server creates onion routes to “introduction points” Client obtains service descriptor and intro point address from directory Server gives intro points’ descriptors and addresses to service lookup directory

22 Using a Location Hidden Server
Client creates a route to a “rendezvous point” Rendezvous point mates the circuits from client & server If server chooses to talk to client, connect to rendezvous point Client sends the address of the rendezvous point and any authorization, if needed, to the server through an intro point

Download ppt "0x1A Great Papers in Computer Security"

Similar presentations

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Xinwen Fu Anonymous Communication & Computer Forensics 91.580.203 Computer & Network Forensics.

Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Protocol Examples: Key Establishment Anonymity

Protocol Examples: Key Establishment Anonymity
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.

Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.

Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.

Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.

Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.

CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.

Similar presentations

Ads by Google