Download presentation
Presentation is loading. Please wait.
2
Nym: An anonymous, secure, peer-to-peer instant messenger By Seth Cooper, Adam Hoel, Elliott Hoel, Jeff Holschuh, and Hilde Schmitt
3
AOL Instant Messenger AOL Dan Rather 162.27.1.102 Bill O’Reilly 24.26.105.25 John Doe 137.22.4.60 Server Dan Rather: 162.27.1.102 Bill O’Reilly: 24.26.105.25 John Doe: 137.22.4.60 IP Addresses
4
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Server Confidential Information Dan Rather: 162.27.1.102 Bill O’Reilly: 24.26.105.25 John Doe: 137.22.4.60 IP Addresses
5
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Server Confidential Information Dan Rather: 162.27.1.102 Bill O’Reilly: 24.26.105.25 John Doe: 137.22.4.60 IP Addresses
6
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Big Tobacco Lawsuit Server Dan Rather: 162.27.1.102 Bill O’Reilly: 24.26.105.25 John Doe: 137.22.4.60 IP Addresses
7
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Big Tobacco John Doe: 137.22.4.60 Server Dan Rather: 162.27.1.102 Bill O’Reilly: 24.26.105.25 John Doe: 137.22.4.60 IP Addresses
8
AOL Instant Messenger AOL Dan Rather Bill O’Reilly John Doe Big Tobacco Lawsuit and job loss Server Dan Rather: 162.27.1.102 Bill O’Reilly: 24.26.105.25 John Doe: 137.22.4.60 IP Addresses
9
Nym: Not just another AIM John Doe Dan Rather Amy Csizmar Dalal Bill O’Reilly Jeff Ondich
10
Nym: Not just another AIM John Doe 137.22.4.60 Dan Rather 162.27.1.102 Amy Csizmar Dalal 207.251.23.142 Bill O’Reilly 24.26.105.25 Jeff Ondich 82.65.100.55
11
Nym: Not just another AIM John Doe john_doe Dan Rather dan_rather Amy Csizmar Dalal amy_csizmar_dalal Bill O’Reilly bill_oreilly Jeff Ondich jeff_ondich
12
Nym: Not just another AIM John Doe john_doe Dan Rather dan_rather Bill O’Reilly bill_oreilly Confidential Information To bill_oreilly To dan_rather
13
Nym: Not just another AIM John Doe john_doe Dan Rather dan_rather Bill O’Reilly bill_oreilly Confidential Information To bill_oreilly
14
Nym: Not just another AIM John Doe john_doe Dan Rather dan_rather Bill O’Reilly bill_oreilly Big Tobacco ? Lawsuit Job = Safe
15
Goals Implement a peer-to-peer network that provides: Implement a peer-to-peer network that provides: Decentralization Decentralization Anonymity Anonymity Security Security Reliability Reliability Scalability Scalability
16
Decentralization Significantly minimize the application’s reliance on a central server Significantly minimize the application’s reliance on a central server Peer-to-peer communication Peer-to-peer communication Normally centralized tasks are distributed among nodes Normally centralized tasks are distributed among nodes
17
Decentralization in Nym Message routing, searching, presence updates and text messaging functionality occurs between peers without the help of any central servers. Message routing, searching, presence updates and text messaging functionality occurs between peers without the help of any central servers. However, on first launch a client connects to a node that caches the IP addresses of other Nym clients. However, on first launch a client connects to a node that caches the IP addresses of other Nym clients.
18
Anonymity Anonymity is the state of having an undisclosed identity. Anonymity is the state of having an undisclosed identity. On a network, anonymous communication must ensure that information related to the source of a message (e.g. the originating machine’s IP address) cannot be determined. On a network, anonymous communication must ensure that information related to the source of a message (e.g. the originating machine’s IP address) cannot be determined.
19
Why is anonymity important? According to the Electronic Frontier Foundation: According to the Electronic Frontier Foundation: “Anonymity is a shield from the tyranny of the majority...It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation…at the hand of an intolerant society.”
20
Anonymity in Nym Pseudonyms Pseudonyms Virtual addressing Virtual addressing Decentralization Decentralization Security Security Nondeterministic/probabilistic routing Nondeterministic/probabilistic routing
21
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node E Bill O'Reilly Nym Network
22
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Node E Bill O'Reilly Nym Network
23
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Packet sent Broadcast Node E Bill O'Reilly Nym Network
24
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Packet sent Broadcast Packet sent Node E Bill O'Reilly Nym Network
25
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Packet sent Broadcast Packet sent Packet received Node E Bill O'Reilly Nym Network
26
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Response packet sent Node E Bill O'Reilly Nym Network
27
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Response packet sent Packet sent Node E Bill O'Reilly Nym Network
28
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan Response packet sent Packet sent Node E Bill O'Reilly Nym Network
29
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Response packet sent Packet sent Packet received Node E Bill O'Reilly Nym Network
30
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Node E Bill O'Reilly Nym Network
31
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Node E Bill O'Reilly Packet sent Nym Network
32
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Node E Bill O'Reilly Packet sent Nym Network
33
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B Node E Bill O'Reilly Packet sent Nym Network
34
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan B C Node E Bill O'Reilly Packet sent Packet received Nym Network
35
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Packet sent Broadcast Node A’s Channel List Bill Dan B C Node E Bill O'Reilly Nym Network
36
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Packet sent Broadcast Packet sent Node A’s Channel List Bill Dan B C Packet received Node E Bill O'Reilly Nym Network
37
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Response packet sent Node A’s Channel List Bill Dan B C Node E Bill O'Reilly Nym Network
38
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Response packet sent Node A’s Channel List Bill Dan B C Packet sent Node E Bill O'Reilly Nym Network
39
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Response packet sent Node A’s Channel List Bill Dan B C Packet sent Node E Bill O'Reilly Nym Network
40
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Response packet sent Node A’s Channel List Bill Dan C B C Packet sent Packet received Node E Bill O'Reilly Nym Network
41
Node A John Doe Node B Node C Routing Demo Node D Dan Rather Node A’s Channel List Bill Dan C B C Node E Bill O'Reilly Nym Network
42
Node A John Doe Node B Node C The channel list builds up… Node D Dan Rather Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly Nym Network
43
Node A John Doe Node B Node C Now, we can route! Node D Dan Rather Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly Nym Network
44
Node A John Doe Node B Node C Now, we can route! Node D Dan Rather Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly Select a node at random from the Dan column: Nym Network
45
Node A John Doe Node B Node C Now, we can route! Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly So send to node C: Node D Dan Rather Nym Network
46
Node A John Doe Node B Node C Note that there is a natural weighting of nodes in the list Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly This means that there are preferred routes. Node D Dan Rather Nym Network
47
Node A John Doe Node B Node C Sometimes, we pick at random from an unweighted channel list Node D Dan Rather Node A’s Channel List Bill Dan C B B C C B C Node E Bill O'Reilly This prevents any routing patterns that may occur. Nym Network
48
Security Confidentiality Confidentiality Information should be kept secret from unauthorized parties. Information should be kept secret from unauthorized parties. Integrity Integrity Information should be tamper evident. Information should be tamper evident. The authenticity of the source of information should be verifiable. The authenticity of the source of information should be verifiable. Availability Availability Services should be resilient to malicious attacks Services should be resilient to malicious attacks
49
Security in Nym Link-to-link encryption Link-to-link encryption Digital signing and verifying of text messages Digital signing and verifying of text messages
50
Link-to-link versus end-to-end Link-to-link encryption Link-to-link encryption Messages are encrypted and decrypted at each node in the network Messages are encrypted and decrypted at each node in the network Messages intercepted by parties outside the network will be unable to read the encrypted text Messages intercepted by parties outside the network will be unable to read the encrypted text End-to-end encryption End-to-end encryption Messages are encrypted with a secret key by the sender and are not decrypted until they reach the recipient Messages are encrypted with a secret key by the sender and are not decrypted until they reach the recipient
51
The Man-in-the-Middle Secure end-to-end encryption is impossible in an anonymous network Secure end-to-end encryption is impossible in an anonymous network An intermediary node between the sender and recipient can easily intercept a key exchange. An intermediary node between the sender and recipient can easily intercept a key exchange. Link-to-link encryption Link-to-link encryption More robust against man in the middle attacks More robust against man in the middle attacks
52
Link to link (Symmetric key) A 56-bit DES key is generated and exchanged when a connection is made with a neighbor A 56-bit DES key is generated and exchanged when a connection is made with a neighbor Both parties share this key, but no one else knows it Both parties share this key, but no one else knows it Much quicker than asymmetric encryption Much quicker than asymmetric encryption
53
RSA public/private key pair RSA key pair is generated from username and password RSA key pair is generated from username and password Public key is essentially the virtual address Public key is essentially the virtual address Asymmetric key pair is only used for digital signatures Asymmetric key pair is only used for digital signatures To send a message to someone, sign it with your private key To send a message to someone, sign it with your private key The recipient uses your public key to validate it The recipient uses your public key to validate it
54
Digital Signatures Allow us to verify Allow us to verify who a message is from who a message is from that the message has not been changed since it was sent that the message has not been changed since it was sent Use the SHA-1 hash algorithm Use the SHA-1 hash algorithm Takes the message (under 2^64 bits) Takes the message (under 2^64 bits) Returns 160 bit “message digest” Returns 160 bit “message digest” Use RSA key pair Use RSA key pair
55
How digital signatures work User AUser B At Login Username A Password A Public Key A Private Key A Username B Password B Public Key B Private Key B Virtual Address B Virtual Address A
56
How digital signatures work User AUser B Public Key A Private Key A Public Key B Private Key B
57
How digital signatures work User A Message text User B
58
How digital signatures work User A Message text Message digest SHA-1 User B
59
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B
60
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message
61
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message text Digital signature Message
62
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message text Message digest SHA-1 Digital signature Message
63
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message text Message digest SHA-1 Digital signature Decrypt with Public key A Message digest Message
64
How digital signatures work User A Message text Message digest SHA-1 Encrypt with Private key A Digital signature User B Message text Message digest SHA-1 Digital signature Decrypt with Public key A Message digest Compare Message
65
Instant Messaging Text communication Text communication Presence notification Presence notification Contact list maintenance Contact list maintenance Distributed search Distributed search User friendly interface User friendly interface
66
DEMO
67
Tradeoffs and Limitations Anonymity Anonymity Statistical analysis Statistical analysis Textual analysis Textual analysis Accidental disclosure Accidental disclosure Scalability Scalability Test results and predictions Test results and predictions Reliability Reliability Routing loop avoidance Routing loop avoidance
68
Extensions Increased fault tolerance for dropped packets and routing loops Increased fault tolerance for dropped packets and routing loops Group chat Group chat Testing and research on anonymity scheme Testing and research on anonymity scheme
69
Acknowledgements Amy Csizmar Dalal and the CS department for guidance and support Amy Csizmar Dalal and the CS department for guidance and support Michael N. Tie and ITS for helping make our equipment work Michael N. Tie and ITS for helping make our equipment work MUTE and Jason Rohrer MUTE and Jason Rohrer Our friends and family for putting up with us Our friends and family for putting up with us You all for being here today You all for being here today
71
References Rohrer, Jason. “MUTE Technical Details” http://mute-net.sourceforge.net/technicalDetails.shtml Rohrer, Jason. “MUTE Technical Details” http://mute-net.sourceforge.net/technicalDetails.shtml http://mute-net.sourceforge.net/technicalDetails.shtml http://www.bouncycastle.org/ http://www.bouncycastle.org/ http://www.bouncycastle.org/ Sun Microsystems http://java.sun.com Sun Microsystems http://java.sun.comhttp://java.sun.com Freenet http://freenet.sourceforge.net Freenet http://freenet.sourceforge.nethttp://freenet.sourceforge.net RFC 3921: XMPP http://www.xmpp.org RFC 3921: XMPP http://www.xmpp.orghttp://www.xmpp.org “The Gnutella Protocol Specification v0.4” http://www9.limewire.com/developer/_protoc ol_0.4.pdf “The Gnutella Protocol Specification v0.4” http://www9.limewire.com/developer/gnutella_protoc ol_0.4.pdf http://www9.limewire.com/developer/_protoc ol_0.4.pdf http://www9.limewire.com/developer/gnutella_protoc ol_0.4.pdf
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.