Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity."— Presentation transcript:

1 Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity for Web Transactions Michael K. Reiter and Aviel D. Rubin AT&T Labs Research

2 How safe is web browsing? Web surfing is exposed to many types of monitoring and tracking, many of which may be undesirable Web surfing is exposed to many types of monitoring and tracking, many of which may be undesirable SSL and existing technologies do not address these issues SSL and existing technologies do not address these issues What can we do to prevent this sort of monitoring? What can we do to prevent this sort of monitoring?

3 Crowds Crowds seeks to obscure the actions of the individual within those of a group, by randomly forwarding requests from members between each other before sending them to their final destination. This gives us deniability!

4 Conceptually, is this a good solution? That really all depends… Joining a group makes you a co- conspirator Joining a group makes you a co- conspirator You could be held accountable for fulfilling someone else’s request You could be held accountable for fulfilling someone else’s request Crowds can be undermined by some types of content (which are becoming progressively more common) Crowds can be undermined by some types of content (which are becoming progressively more common)

5 Overview Each user is represented by a Jondo. Each user is represented by a Jondo. Jondos contact a blender to join a crowd. Jondos contact a blender to join a crowd. At the first request for a web page the users Jondo contacts another Jondo at random to begin constructing a path. At the first request for a web page the users Jondo contacts another Jondo at random to begin constructing a path. Each path has a path key, meaning encryption of requested content is only preformed at the end points of the jondo chain. Each path has a path key, meaning encryption of requested content is only preformed at the end points of the jondo chain.

6 Jondos Each jondo maintains a list of other active jondos Each jondo maintains a list of other active jondos Each jondo has a shared key which is known to all other jondos (by way of the blender) to allow for secure communication between jondos. Each jondo has a shared key which is known to all other jondos (by way of the blender) to allow for secure communication between jondos. Jondos perform limited page processing both to prevent certain attacks and remove dangerous content. Jondos perform limited page processing both to prevent certain attacks and remove dangerous content.

7 Blenders Authenticate jondos Authenticate jondos Maintain a list of active jondos and their shared keys Maintain a list of active jondos and their shared keys Schedule “join-commit” events Schedule “join-commit” events Blender failure will not entirely compromise the crowd, or disrupt communication between existing members. Blender failure will not entirely compromise the crowd, or disrupt communication between existing members.

8 Improves on Related Research… Anonymizer & LPWA (Proxies) Anonymizer & LPWA (Proxies) Mixnets Mixnets

9 Analysis Anonymity (Security), Performance & Scalability

10 General types of Anonymity Sender Anonymity Sender Anonymity Receiver Anonymity Receiver Anonymity Unlinkability of Sender and Reciver Unlinkability of Sender and Reciver To this the authors add: Degree of Anonymity Degree of Anonymity

11 Degrees of Anonymity Absolutely Privacy Absolutely Privacy Beyond Suspicion Beyond Suspicion Probable Innocence Probable Innocence Possible Innocence Possible Innocence Provably Exposed Provably Exposed Crowds Most Web Browsers

12 Attackers and Crowds Safety Attackers: Local Eavesdroppers Local Eavesdroppers End Servers End Servers Collaborating crowd members Collaborating crowd members

13 Local Eavesdropper Request initiation is obvious, however the destination is obscured. Request initiation is obvious, however the destination is obscured. This is only compromised in the event that the user is unlucky and is at the end of his particular chain This is only compromised in the event that the user is unlucky and is at the end of his particular chain The above event is unlikely as the probability is inversely proportional to crowd size. The above event is unlikely as the probability is inversely proportional to crowd size.

14 End Servers Because of the nature of the crowd and the manner in which messages are passed between members it is equally likely that any member initiated the request. Because of the nature of the crowd and the manner in which messages are passed between members it is equally likely that any member initiated the request.

15 Collaborating Jondos The goal of collaborating jondos is to determine the path back to the initiator of the request The goal of collaborating jondos is to determine the path back to the initiator of the request Assuming pF is > ½, n is the number of crowd members, c is the number of collaborators we have: Assuming pF is > ½, n is the number of crowd members, c is the number of collaborators we have: Which means that the path initiator has probable innocence

16 Timing Attacks These attacks arise out of the nature of web content, as an HTML page is parsed additional requests are generated from links on the page (images, jscript, etc). These attacks arise out of the nature of web content, as an HTML page is parsed additional requests are generated from links on the page (images, jscript, etc). By timing the gap between a page request and the subsequent requests of its linked content a corrupt jondo on the path can attempt to deduce the position of the initiator By timing the gap between a page request and the subsequent requests of its linked content a corrupt jondo on the path can attempt to deduce the position of the initiator This is avoided by the mechanism mentioned earlier. This is avoided by the mechanism mentioned earlier.

17 Path Reasoning Static vs. Dynamic Static vs. Dynamic Dynamic changes increase the odds of a collaborator being on your path Dynamic changes increase the odds of a collaborator being on your path A path will only be altered at a “join- commit” or because a node sends a “fail stop” A path will only be altered at a “join- commit” or because a node sends a “fail stop” A malicious jondo(s) executing a “fail stop” will not compromise the initiator A malicious jondo(s) executing a “fail stop” will not compromise the initiator

18 Crowd Control The blender should have limits on the number of jondos allowed to associated with a single username/IP The blender should have limits on the number of jondos allowed to associated with a single username/IP Two types of crowds should exist, large public crowds, and smaller personal crowds Two types of crowds should exist, large public crowds, and smaller personal crowds

19 Performance

20 Performance, cont’d

21 Performance Implications Paths are relatively fixed, hence slow links on a path can dramatically impact performance. Paths are relatively fixed, hence slow links on a path can dramatically impact performance. Path length, and therefore pF also factor heavily into the performance. Path length, and therefore pF also factor heavily into the performance.

22 Scale The upper bound on the number of times a jondo appears on a given path is O { 1/(1-pF)^2 [ 1 + (1 + (1/n)) ] } The upper bound on the number of times a jondo appears on a given path is O { 1/(1-pF)^2 [ 1 + (1 + (1/n)) ] } As a consequence of this result the load on any given jondo will remain constant as the number of crowd members increases As a consequence of this result the load on any given jondo will remain constant as the number of crowd members increases Throughput on the network increases as the number of crowd members increases Throughput on the network increases as the number of crowd members increases

23 Other Concerns Firewalls pose a special concern for Crowds users as they prevent jondos outside the wall from forming paths involving jondos within the wall. While a jondo inside a wall can create a path involving those outside his security is seriously compromised.

24 Questions? To clarify the “Wide Mouth Frog” protocol is also known as the “Otway- Rees Protocol” When Alice wants to talk to Bob she asks Troy, the trusted third party, to assist in the key exchange. The process is as follows: A - Identity or location of Alice B - Identity or location of Bob Ka - Key shared between Troy and Alice Kb - Key shared between Troy and Bob Sab - Secret shared between Alice and Bob for session communication Exchange: Alice -> Troy {B,Sab}Ka Troy -> Bob {A,Sab}Kb In this manner Alice uses Troy to securely share a secret with Bob.

Download ppt "Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity."

Similar presentations

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.

Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Similar presentations

Ads by Google