Presentation is loading. Please wait.

Presentation is loading. Please wait.

Free-route Mixes vs. Cascades

Published byΘεοδώρα Αγγελίδης Modified over 5 years ago

Similar presentations

Presentation on theme: "Free-route Mixes vs. Cascades"— Presentation transcript:

1 Free-route Mixes vs. Cascades
R. Newman

2 Topics Defining anonymity Need for anonymity Defining privacy
Threats to anonymity and privacy Mechanisms to provide anonymity Applications of anonymity technology

3 Free-Route Mix Network
Sender picks route Mix only sees predecessor, successor Attacker – global adversary Passive – eavesdrop only Active – delay, delete, modify, fabricate msgs Claim: One honest Mix gives anonymity Anonymity measure: Anonymity set size Measure used is log2 (AS(m)) AS(m) is Anonymity Set for message m

4 Free-Route Mix Network
OK, One honest Mix works... When? For passive global adversary Sort of.... What does attacker still know? What about participants? Suppose attacker controls all but one sender... No anonymity!!! Unless.... How do dummy messages help? Big challenge to prevent n-1 attack Seems to require registration....

5 Free-Route Mix Network
Suppose threshold is N = 2 M2 M4 M1 M3

6 Free-Route Mix Network
Attacker controls n-1 of n senders M2 M4 M1 M3

7 Free-Route Mix Network
Attacker controls n-1 of n senders Attacker knows routes it selected! M2 M4 M1 M3

8 Mix Cascade Single chain of Mixes for a sender group
All traffic enters first Mix M1 in cascade All traffic is shuffled and re-encrypted All traffic is sent from Mi to Mi+1 in cascade All traffic exits last Mix to destinations M1 M2 M3 M4

9 Anonymity Set Relative to a message m All possible senders of m
If Mix M that forwards m is honest AS(m) = Union of AS(m’) for all m’ input to M If Mix that forwards m is corrupt AS(m) = AS(m’) for input message m’ linked to m

10 Anonymity Set Suppose threshold is N = 3 M1 |AS| = 3

11 Anonymity Set Suppose threshold is N = 3 M1 |AS| = 3
m = msg of interest |AS| = 3 M3 |AS| = 3

12 Anonymity Set Suppose threshold is N = 3 And suppose M3 is corrupt M1
|AS| = 3 |AS| = 7 = M2 M4 |AS| = 3 M3 |AS| = 1

13 Mix Cascade AS Anonymity Set for cascade is all senders M1 M2 M3 M4

14 Mix Cascade AS Anonymity Set for cascade is all senders
Even if all but one Mix is corrupt M1 M2 M3 M4

15 Intersection Attack If sequence of messages <mi> = m1, m2,... mn are linked All go to same destination in short time period Each message has an associated anonymity set ASi =AS(mi) The sender of the messages must be in ASi for all i Hence, AS(<mi>) = intersection(ASi) If for some i <> j, ASi <> ASi then AS shrinks

16 Intersection Attack Suppose threshold is N = 2 M2 M4 M1 M3

17 Intersection Attack Suppose threshold is N = 2 M2 M4 M1 M3

18 Intersection Attack Suppose threshold is N = 2 M2 M4 M1 M3

19 Intersection Attack Suppose threshold is N = 2 M2 M4 M1 M3

20 Intersection Attack Some senders are NOT possible! M2 M4 M1 M3

21 Intersection Attack Suppose later, link another message to first M2 M4

22 Intersection Attack Suppose later, link another message to first M2 M4

23 Intersection Attack Suppose later, link another message to first M2 M4

24 Intersection Attack Now even fewer senders are possible! M2 M4 M1 M3

25 Intersection Attack Suppose yet another message is linked M2 M4 M1 M3

26 Intersection Attack Suppose yet another message is linked M2 M4 M1 M3

27 Intersection Attack Suppose yet another message is linked M2 M4 M1 M3

28 Intersection Attack Suppose yet another message is linked M2 M4 M1 M3

29 Intersection Attack Now the AS size is one – no anonymity! M2 M4 M1 M3

30 Path Length In a free-route mix network, routing information must be included in the messages Not so in cascade – all take same route This limits the maximum path length If the senders all use the maximum path length allowed, then for a given message m, ... Senders for shorter paths are excluded Senders for longer paths are excluded This reduces the AS size for that message

31 Free-Route Mix Network
Suppose path length = 2 M2 M4 M1 M3

32 Free-Route Mix Network
Suppose path length = 2 M2 M4 M1 M3

33 Free-Route Mix Network
Suppose path length = 2 M2 M4 M1 M3

34 Free-Route Mix Network
This message can’t be the one – path would be too long! M2 M4 M1 M3

35 Free-Route Mix Network
This message can’t be the one – path would be too long! So a sender is eliminated from AS(m) M2 M4 M1 M3

36 Honest Mix Position If attacker controls all but one Mix
Attacker can tell where honest Mix is on route Can then reduce possible sources or destinations based on route length What is probability that honest Mix is even selected at all for a message’s route? If multiple messages are sent, do they follow same route or different routes? If same => more powerful intersection attack? If different => less likely to always pick honest Mix

Download ppt "Free-route Mixes vs. Cascades"

Similar presentations

Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,

Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,
A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)

A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)
Routing in Poisson small-world networks A. J. Ganesh Microsoft Research, Cambridge Joint work with Moez Draief.

Routing in Poisson small-world networks A. J. Ganesh Microsoft Research, Cambridge Joint work with Moez Draief.
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory.

Definition of the Anonymity of Mix Network Runs Andrei Serjantov University of Cambridge Computer Laboratory.
RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.

RPC Mixing: Making Mix-Nets Robust for Electronic Voting Ron Rivest MIT Markus Jakobsson Ari Juels RSA Laboratories.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:

1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.

Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Analysis of Onion Routing Presented in 294-4 by Jayanthkumar Kannan On 10/8/03.

Analysis of Onion Routing Presented in by Jayanthkumar Kannan On 10/8/03.
Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
MuON: Epidemic Based Mutual Anonymity Neelesh Bansod, Ashish Malgi, Byung Choi and Jean Mayo.

MuON: Epidemic Based Mutual Anonymity Neelesh Bansod, Ashish Malgi, Byung Choi and Jean Mayo.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.

Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.

Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.
1 Lecture 18: E-Mail Security issues specific to email security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.

1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Similar presentations

Ads by Google