Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger.

Similar presentations


Presentation on theme: "CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger."— Presentation transcript:

1 CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger

2 CSCI 5234 Web Security2 Privacy & Anonymity 12.1 Intro 12.2 Early work 12.4 Anonymous browsing 12.5 Anonymous Publishing 12.6 Voluntary privacy standards 12.3 Cookies

3 CSCI 5234 Web Security3 Intro 1/7 –When a client access a web site, all kinds of information regarding the client may be collected without the client’s knowledge –Examples: client software (browser type, OS), IP address, computer name, screen width, length, Trace route, domain config., …

4 CSCI 5234 Web Security4 Intro 2/7 n Legislations –Many countries have data privacy or data protection laws that make it a legal obligation for entities storing, processing, and transmitting personal data to adequately protect the privacy of the data. –The EU relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of databases with those agencies, and in some instances prior approval before personal data processing may begin. E.g., The European Commission’s Directive on Data Protection became effective in 10/98. –The US takes a sectoral approach to privacy by relying on a mix of legislation (e.g., HIPPA), regulation, and self- regulation. –Challenges for international businesses –Solution: a safe harbor framework to bridge the discrepancy (still ongoing effort)

5 CSCI 5234 Web Security5 Intro 3/7 –http://privacy.net/http://privacy.net/ –Provides free privacy & other network- related analysis –Sample privacy analysisSample privacy analysis –How does it work?How does it work?

6 CSCI 5234 Web Security6 Intro 4/7 –Local network administrators, web managers, and ISPs have access to even more information about the users. –Networking devices are usually configured to log relevant information. –An ongoing legal discussion about how far they may go…

7 CSCI 5234 Web Security7 Intro 5/7 n Traffic Analysis [RFC 2828 Internet Security Glossary] $ traffic analysis (I) Inference of information from observable characteristics of data flow(s), even when the data is encrypted or otherwise not directly available. Such characteristics include the identities and locations of the source(s) and destination(s), and the presence, amount, frequency, and duration of occurrence. (See: wiretapping.) (O) "The inference of information from observation of traffic flows (presence, absence, amount, direction, and frequency)." [I7498 Part 2] $ traffic flow confidentiality (I) A data confidentiality service to protect against traffic analysis. (O) "A confidentiality service to protect against traffic analysis." [I7498 Part 2] $ traffic padding (I) "The generation of spurious instances of communication, spurious data units, and/or spurious data within data units." [I7498 Part 2]

8 CSCI 5234 Web Security8 Intro 6/7 –Traffic analysis may reveal sensitive data. –Some protocols, such as electronic cash, must guard against ‘traffic analysis’ in order to work properly –A threat that is very difficult to protect against –Q: Would encrypting IP packets between a browser and a web server protect against traffic analysis?

9 CSCI 5234 Web Security9 Intro 7/7 –Specialized security mechanisms are required to protect communicating peers against traffic analysis –3 types of anonymity services: 1.Sender anonymity 2.Receiver anonymity 3.Connection anonymity - unlinkability of sender & receiver

10 CSCI 5234 Web Security10 Early attempts of anonymous emails 1/5 –Anonymous remailer e.g., anon.penet.fi An anonymous e-mail forwarding service A simple SMTP proxy server that stripped off all header info of incoming e-mail messages before forwarding them toward their destinations Q: What type of anonymity service is provided by anonymous remailer? –Chaum mixing network

11 CSCI 5234 Web Security11 Early attempts 2/5 –Chaum mixing network a more sophisticated approach for anonymous emails A Chaum mix is an anonymous remailer. A Chaum mixing network consists of a set of Chaum mixes. The sender of the message chooses a route through a series of mixes M 1, …, M n to the intended recipient.

12 CSCI 5234 Web Security12 Early attempts 3/5 –Chaum mixing network The message is encrypted layer by layer using each mix’s pubic key Example (where n = 2, B is the recipient): M 1, {M 2, {B, {mesg}K B }K M2 }K M1 The message is first sent to M 1, which decrypts it using its private key, and then sends {B, {mesg}K B }K M2 to M 2 M 2 then decrypts it and forward {mesg}K B to B

13 CSCI 5234 Web Security13 Early attempts 4/5 –Issues: How would the recipient respond to the sender? –Various approaches were proposed: The recipient may post the response (with a specific subject line) to a newsgroup An inverse untraceable backward route  The return path information (RPI) contains block of information, which must accompany the original message.

14 CSCI 5234 Web Security14 Early attempts 5/5 –Can the ‘anonymous remailer’ approach be used in providing anonymity services on WWW? –Ans: not quite… –c.f., Operation modepull vs push WWWInteractivePull emailStore-and-forwardPush

15 CSCI 5234 Web Security15 Anonymous browsing 1/7 –Technologies that can be used 1.To protect the privacy of Web users, and 2.To provide support for anonymous browsing accordingly –Examples: Anonymizing HTTP proxy servers JAP Crowds Onion routing Freedom Network

16 CSCI 5234 Web Security16 Anonymous browsing 2/7 n Anonymizing HTTP proxy servers An HTTP proxy server that removes all parts of an HTTP request message that may directly or indirectly reveals information about the browser Requirements: The removed info are not required by the Web server to serve the request and to respond appropriately. Such a server can hide the browser’s IP address. Responses from the Web server are forwarded by the proxy server. Most anonymizing HTTP proxy servers rely on nested URLs.

17 CSCI 5234 Web Security17 Anonymous browsing 3/7 n Anonymizing HTTP proxy servers A nested URL is one where the document part refers to another URL http://proxy.ABC.org/http://www.uhcl.eduhttp://proxy.ABC.org/http://www.uhcl.edu The browser first connects to the proxy server (http://proxy.ABC.org), which in turn connects to the Web server at /http://www.uhcl.edu.http://proxy.ABC.org/http://www.uhcl.edu ‘Chained’ HTTP proxy servers: useful when the user does not trust any single proxy server http://proxy.ABC.org/http://proxy.XYZ.net/http://www.uh cl.eduhttp://proxy.ABC.org/http://proxy.XYZ.net/http://www.uh cl.edu Overhead?

18 CSCI 5234 Web Security18 Anonymous browsing 4/7 n JAP –Developed by a group at Univ. of Technology Dresden –http://anon.inf.tu-dresden.de/index_en.htmlhttp://anon.inf.tu-dresden.de/index_en.html –Java-based –In essence, a Chaum mixing network for HTTP –JAP uses a single static address which is shared by many JAP users. That way neither the visited website, nor an eavesdropper can determine which user visited which website. –Instead of connecting directly to a Web server, users take a detour, connecting with encryption through several intermediaries mixes. –A relationship between a connection and its user could only be determined if all intermediaries worked together to sabotage the anonymization. But, the intermediaries (mix providers) are generally provided by independent institutions which officially declare, that they do not keep connection log files or exchange such data with other mix providers.officially declare

19 CSCI 5234 Web Security19 Anonymous browsing 5/7 n Crowds –Developed in late 90s by a group at AT&T Research –A ‘crowd’ is a large group of geographically diverse users. –Basic ideas: To probabilistically chain multiple anonymizing HTTP proxy servers  a unique feature To encrypt all data that is sent forth and back between the proxy servers –Procedure: Each user is represented by a local process called jondo. Jondo contacts the blender server to request admittance to the crowd. Jondo works as a local proxy server; any request originating from the browser is sent directly to its jondo.

20 CSCI 5234 Web Security20 Anonymous browsing 6/7 n Crowds –Procedure (Cont.): The local Jondo picks a jondo from the crowd, possibly itself at random, and forwards the request to it. Each jondo then determines randomly whether to forward the request to another jondo or to the Web server. So, a random path of jondos between the browser and the Web server is established randomly. The return path is the same, only in reverse. All communications between two jondos (J1, J2) are encrypted by a shared key, K J1, J2.  membership management overhead To reduce the overhead, Crowds uses a simple and centralized solution.

21 CSCI 5234 Web Security21 Anonymous browsing 7/7 n Crowds –membership management The blender serves as the centralized membership and key manager of a Crowd. Each user’s jondo must be authenticated by the blender (id, password). The blender generates a list of shared keys for a new jondo; each of the keys is to be shared between the new jondo and another jondo. –Strengths? Separation of key management from the actual Web transactions –Issues? Corrupted blender, attacked blender, firewall bypassing, … –Future improvements: Diffie-Hellman key exchange directly between a pair of jondos –A thought: authentication between sensor nodes in a sensor net?

22 CSCI 5234 Web Security22 Anonymous Publishing 1/5 –The problem: How to anonymously publish on the Web? –The current WWW architecture provides little support for anonymous publishing. –For example: The URL identifies the Web server where the resource is located. –Several attempts: JANUS and the rewebber service TAZ servers and the rewebber network Publius

23 CSCI 5234 Web Security23 Anonymous Publishing 1/5 n JANUS –The Rewebber service provides anonymity services for both browsers and Web servers. –The Rewebber services actss as an anonymizing HTTP server.  anonymous browsing –To support anonymous publishing, the Rewebber service makes use of encrypted URLs that are part of nested URLs. –e.g., http://proxy.ABC.edu/http://www.dcsl.net/sample.htm http://proxy.ABC.edu/http://www.dcsl.net/sample.htm  http://proxy.ABC.edu/url_encrypted/rxmy2198za http://proxy.ABC.edu/url_encrypted/rxmy2198za –The anonymizing proxy server takes care of decryption and encryption of the URLs.

24 CSCI 5234 Web Security24 Cookies 1/5


Download ppt "CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger."

Similar presentations


Ads by Google