Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymous Communications

Published byLeony Rachman Modified over 5 years ago

Similar presentations

Presentation on theme: "Anonymous Communications"— Presentation transcript:

1 Anonymous Communications
Vyas Sekar

2 This lecture’s agenda Outline Objective Motivation
Who needs/wants anonymity? Why do they want it? Mechanisms for anonymity Mixnet (Chaum) Anonymizing proxy Practical example: Anonymous routing with Tor Objective Introduce the cryptographic fundamentals behind anonymous communications Discuss the theory and practice behind a deployed system (Tor)

3 The problem Public networks such as the Internet do not provide anonymity Packet headers identify recipients (even in IPsec…) Packet routes can be traced Encryption (SSL, IPsec, …) provides secrecy of the payload but not anonymity In particular, encryption does not hide routing info You can actually use IPsec in tunneling mode to get limited anonymity but this is not IPsec’s primary intent

4 Motivation: Who needs anonymity?
Activists in countries or regions where freedom of speech is not guaranteed Journalists, dissidents Censorship resistant libraries Socially sensitive communicants Abuse survivors People with illnesses who want to preserve their privacy Law enforcement Anonymous tips, crime reporting Witness protection program? Sting/undercover operations (although fake identity is probably more useful in that case) Corporations Hiding procurement suppliers/patterns

5 Anonymous from whom? Recipient of your message Sender of your message
 Need channel and data anonymity Observer of network from the outside Network infrastructure Need channel anonymity Notes: - Anonymous authenticated communication makes perfect sense - Communicant identification should not be a property of the channel

6 Communication anonymity
Many technical approaches Focus here on (commonly used) Mixes (a.k.a. mixnets) Originally proposed by David Chaum at UC Berkeley around 1980 for untraceable Proxies Generally used by web browsing anonymizing services

7 (Envelopes are sealed using the recipient’s public key)
Chaum Mix (1981) (Envelopes are sealed using the recipient’s public key) Bob Alice Minnie (Mix) Bob

8 (Envelopes are sealed using the recipient’s public key)
Chaum Mix (1981) (Envelopes are sealed using the recipient’s public key) Bob Minnie Alice Minnie (Mix) Bob

9 (Envelopes are sealed using the recipient’s public key)
Chaum Mix (1981) (Envelopes are sealed using the recipient’s public key) Bob Minnie Alice Minnie (Mix) Bob

10 (Envelopes are sealed using the recipient’s public key)
Chaum Mix (1981) (Envelopes are sealed using the recipient’s public key) Bob Minnie Alice Minnie (Mix) Bob Bob Minnie

11 (Envelopes are sealed using the recipient’s public key)
Chaum Mix (1981) (Envelopes are sealed using the recipient’s public key) Bob Minnie Alice Minnie (Mix) Bob Bob

12 (Envelopes are sealed using the recipient’s public key)
Chaum Mix (1981) (Envelopes are sealed using the recipient’s public key) Bob Minnie Bob Alice Minnie (Mix) Bob

13 Chaum Mix No one but Minnie knows the author of the original letter
However, an observer could easily guess it is Alice by observing that Alice sent something to Minnie shortly before Minnie sent it to Bob

14 Chaum mix w/ multiple participants
Alice Bob Minnie Bob Carol Ed Minnie (Mix) Jeff (Envelopes are sealed using the recipient’s public key) Nameless guy

15 Chaum mix w/ multiple participants
Alice Bob Minnie Bob Minnie Jeff Carol Ed Minnie (Mix) Jeff (Envelopes are sealed using the recipient’s public key) Nameless guy

16 Chaum mix w/ multiple participants
Alice Bob Minnie Bob Minnie Jeff Carol Ed Minnie (Mix) Minnie Ed Jeff (Envelopes are sealed using the recipient’s public key) Nameless guy

17 Chaum mix w/ multiple participants
Alice Bob Minnie Bob Bob Minnie Jeff Carol Ed Minnie (Mix) Minnie Ed Jeff (Envelopes are sealed using the recipient’s public key) Nameless guy

18 Chaum mix w/ multiple participants
Alice Bob Minnie Bob Bob Ed Minnie Jeff Carol Ed Minnie (Mix) Minnie Ed Jeff (Envelopes are sealed using the recipient’s public key) Nameless guy

19 Chaum mix w/ multiple participants
Alice Bob Minnie Bob Bob Ed Minnie Jeff Carol Ed Minnie (Mix) Jeff Minnie Ed Jeff (Envelopes are sealed using the recipient’s public key) Nameless guy

20 Chaum mix w/ multiple participants
Mix (Minnie in the example) reorders messages (e.g., in lexicographic order) Only Minnie knows who is talking to whom (but she doesn’t know the content of the message) Note that Minnie can actually be part of the people talking if she can use another mix herself (e.g., if Alice can perform the functions of a mix)

21 Challenge #1 What if Alice sends 7 messages for Bob, Carol 3 messages for Jeff, and the nameless guy 1 message to Ed?

22 Challenge #1 What if Alice sends 7 messages for Bob, Carol 3 messages for Jeff, and the nameless guy 1 message to Ed? One can figure out who is talking to whom by simply counting the number of messages coming in and out of the mix for each input and each output

23 Dummies What if Alice sends 7 messages for Bob, Carol 3 messages for Jeff, and the nameless guy 1 message to Ed? One can figure out who is talking to whom by simply counting the number of messages coming in and out of the mix for each input and each output One way of solving the problem is to have the mix output 7 messages to Bob, Ed, and Jeff… Dummy messages for padding

24 Challenge #2 Minnie knows who is talking to whom
What if Minnie is malicious?

25 Challenge #2 Minnie knows who is talking to whom
What if Minnie is malicious? Use a cascade of mixes = a mixnet

26 Mixnet Bob, Ed, Jeff, Mix 1 Mix 2 Mix 3 Msg 1 Msg 2 Msg 3

27 Mixnet Bob, Ed, Jeff, … Mix 1 Mix 2 Mix 3 Msg 1 Msg 2 Msg 2 Msg 1
Decrypt and permute Msg 1 Msg 3 Msg 3

28 Mixnet Bob, Ed, Jeff, … Mix 1 Mix 2 Mix 3 Msg 1 Msg 2 Msg 3 Msg 2
Decrypt and permute Msg 2 Decrypt and permute Msg 1 Decrypt and permute Msg 1 Msg 3 Msg 3 Msg 2

29 Mixnet Bob, Ed, Jeff, … Mix 1 Mix 2 Mix 3 Msg 1 Msg 2 Msg 3 Msg 1
Decrypt and permute Decrypt and permute Decrypt and permute Decrypt and permute Msg 2 Msg 1 Msg 1 Decrypt and permute Msg 3 Msg 3 Msg 3 Msg 2 Msg 2

30 Mixnets Advantages Drawbacks
Only one honest server is needed to preserve anonymity Can be fully distributed e.g., can be used in peer-to-peer architectures Drawbacks Mixnets introduced for and other high latency applications Each layer of message requires expensive public key cryptography What about remote login, chat, web browsing, and other low latency applications?

31 (Basic) Anonymizing proxy
Conceptually much simpler solution Channels appear to come from proxy, not true originator IPsec can actually implement this!

32 Anonymizing proxy Advantages Drawbacks Simple Focuses a lot of traffic
Very good for anonymity No complex encryption primitives required Appropriate for web transactions, etc Drawbacks Single point of failure Vulnerable to attacks Limited in scale?

33 Onion routing Traffic analysis resistant infrastructure
Main idea: combine advantages of mixes and proxies Use public key crypto to establish circuits Like mixnets Use symmetric key crypto to move data Like SSL/TLS based proxies Related work ISDN mixes Crowds, JAP webmixes, FreeNet Tarzan, Morphmix

34 Tor Tor Deployed anonymizing overlay network The Onion Router
Tor’s Onion Routing Deployed anonymizing overlay network Running since October 2003 5,000+ nodes on five continents (April 2014) Nodes are regular PCs for the most part ran by volunteers

35 Tor design Three main functions of interest to us
Circuit establishment Circuit usage Hidden services

36 How does Tor work? [Dingledine et al., 2004]
Client first gets IP address of possible Tor entry nodes from directory server Client

37 How does Tor work? [Dingledine et al., 2004]
Client first gets IP address of possible Tor entry nodes from directory server Client

38 How does Tor work? [Dingledine et al., 2004]
Client proxy establishes session key+circuit w/ Onion Router 1 1 Client

39 How does Tor work? [Dingledine et al., 2004]
Client proxy establishes session key+circuit w/ Onion Router 1 Proxy tunnels through that circuit to extend to Onion Router 2 1 Client 2

40 How does Tor work? [Dingledine et al., 2004]
Client proxy establishes session key+circuit w/ Onion Router 1 Proxy tunnels through that circuit to extend to Onion Router 2 etc 1 Client 3 2

41 How does Tor work? [Dingledine et al., 2004]
Once circuit is established, applications connect and communicate over Tor circuit 1 Client 3 Server 2

42 Tor: hidden services Hidden server uses Tor to contact 3 “introduction points” (Tor relays) Server upload Introduction Points info to DB server 1 2 3 Hidden server Client 3 1 2 3 1 2 3 I2

43 Tor: hidden services Client hears about hidden server, gets introduction points from DB Client sets up rendez-vous point (3rd node of a circuit built by client) Hidden server Client 3 1 2 I2

44 Tor: hidden services Client tells hidden server about Rendez-Vous Point by contacting one of the Introduction Points and asking them to relay message to server 1 2 3 1 2 3 Hidden server Client 3 I2

45 Tor: hidden services Client communicate with hidden server through rendez-vous point from then on 6 hops (3 picked by client, including RP, 3 picked by server) Hidden server Client 3 1 2 I2 1 2 3

46 Tor bootstrapping Directory servers Effort to decentralize process
Maintain list of which onion routers are up, locations, keys, exit policies, etc Control which nodes can join network Important to guard against Sybil attacks and related problems Effort to decentralize process Research challenge

47 Other anonymous networks
Anonymous storage: Freenet Peer-to-peer network Files split in multiple pieces, pieces may use different circuits Anonymous communications: I2P Originally developed by Freenet community Complement/competitor to Tor Uses “garlic-based” routing – similar to onion routing at a high level Anonymous Mixminion Anonymous mailer Plug-in for clients (e.g., mutt) Development has basically ceased as developers became more involved in Tor Used in Pitt fake bomb threats (didn’t work as well as they’d hope… why?) Numerous server-based solutions: e.g., anonymizer.net (web), Nym ( )

48 Take away slide Encryption does not ensure anonymity
Traffic analysis always possible Combination of mixnets and proxies Clever use of cryptography Try to find again good balance between public key crypto (slow but convenient) and symmetric key crypto (fast but harder to set up) Deployed mechanisms are readily available Interesting policy/technology challenges

49 Caveat: Censorship arms race
Censor blocks “forbidden” website Censor blocks Tor entry nodes List is publically available Censor identifies/blocks Tor traffic patterns Packet sizes indicative of Tor cells Censor attempts to detect morphed traffic User circumvents block using Tor User circumvents block using Tor bridges User attempts to morph their traffic Stegotaurus/Skypemorph etc Etc…

Download ppt "Anonymous Communications"

Similar presentations

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Xinwen Fu Anonymous Communication & Computer Forensics 91.580.203 Computer & Network Forensics.

Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.

I NTERNET A NONYMITY By Esra Erdin. Introduction Types of Anonymity Systems TOR Overview Working Mechanism of TOR I2P Overview Working Mechanism of I2P.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.

Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Sofya Rozenblat 11/26/2012 CS 105 TOR ANONYMITY NETWORK.

Sofya Rozenblat 11/26/2012 CS 105 TOR ANONYMITY NETWORK.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Www.sti-innsbruck.at © Copyright 2012 STI INNSBRUCK www.sti-innsbruck.at Tor project: Anonymity online.

© Copyright 2012 STI INNSBRUCK Tor project: Anonymity online.
CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger.

CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger.

Similar presentations

Ads by Google