Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.

Published byEmory Peters Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University."— Presentation transcript:

1 Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University

2 Section Overview Browser Privacy Issues Browser Privacy Issues Web Server Tracking Web Server Tracking Phishing Attacks Phishing Attacks Anonymous Browsing Anonymous Browsing High Latency Anonymity High Latency Anonymity Low Latency Anonymity Low Latency Anonymity

3 References Security in Computing, 3 rd Ed. Security in Computing, 3 rd Ed. Chapter 7 (pg. 453) Chapter 7 (pg. 453) Chapter 9 (pgs. 595-603) Chapter 9 (pgs. 595-603)

4 View of most internet users… Source: Peter Steiner Source: Peter Steiner, The New Yorker,The New Yorker, (Vol.69 (LXIX) no. 20), 1993

5 Email Addresses Enables online communication Enables online communication Often users have several Often users have several Disposable email accounts (pseudonyms) Disposable email accounts (pseudonyms) Easily forged Easily forged Social engineering attacks Social engineering attacks User anonymity? User anonymity? Email header analysis Email header analysis

6 Browser Privacy History of sites visited History of sites visited Saved form information Saved form information Saved passwords Saved passwords Page cache Page cache Downloads Downloads Cookies Cookies

7 HTML Cookies Introduced by Netscape Introduced by Netscape Stores information about sites visited Stores information about sites visited Read and written to by Web Server Read and written to by Web Server Contains user web site preferences, etc. Contains user web site preferences, etc. Map of user interests Map of user interests Passes this information when site is visited Passes this information when site is visited Advertisement images Advertisement images Browser Settings Browser Settings Accept all cookies Accept all cookies Accept only those cookies that get sent back to originating server Accept only those cookies that get sent back to originating server Do not except cookies Do not except cookies

8 Web Server Tracking Web Server log files Web Server log files Web Site registration databases Web Site registration databases Web Bugs Web Bugs 1x1 pixel or transparent GIF images 1x1 pixel or transparent GIF images Site logs IP address and cookie information Site logs IP address and cookie information Referring page for “credit” Referring page for “credit” Can appear in HTML emails Can appear in HTML emails

9 Phishing Identify Theft Attack Identify Theft Attack Appears sent from legitimate institution Appears sent from legitimate institution Warns of information compromise Warns of information compromise Link to “legitimate institution” site Link to “legitimate institution” site Asks to verify personal information Asks to verify personal information Passwords Passwords Bank Account Numbers Bank Account Numbers Social Security Numbers Social Security Numbers

10 Need for Anonymity Discussion of Medical Conditions Discussion of Medical Conditions Whistle Blowing Whistle Blowing Political/Religious Censorship Political/Religious Censorship Electronic Voting Electronic Voting Transaction Privacy (Digital Cash) Transaction Privacy (Digital Cash) Corporate research Corporate research Law Enforcement investigations Law Enforcement investigations

11 Anonymous Communication Sender Anonymity Sender Anonymity Receiver Anonymity Receiver Anonymity Sender/Receiver unlinkability Sender/Receiver unlinkability Unobservability Unobservability Anonymity Set: Must not be able to identify one member within a set of people.

12 Anonymity & Latency High latency systems High latency systems Email/Newsgroup services Email/Newsgroup services Good resistance to attacks Good resistance to attacks Slow!!! Slow!!! Low latency systems Low latency systems Need quick response to requests Need quick response to requests Web and interactive services Web and interactive services Less resistant to attacks Less resistant to attacks

13 Pseudo-anonymous Remailer alice@cs.iupui.edu bob@cs.iupui.edu Real Address Anonymous address alice@cs.iupui.eduan20439@anon.penet.fi bob@cs.iupui.eduan50714@anon.penet.fi anon.penet.fi “Legal Attacks”

14 Anonymous Remailers David Chaum Mixes Server order (chains) picked Server order (chains) picked Message encrypted in reverse order using each server’s public key Message encrypted in reverse order using each server’s public key Server decrypts message to see where to send next Server decrypts message to see where to send next Source Destination A@z.com B@y.comC@x.com

15 Type I Remailer “Cypherpunk” “Cypherpunk” PGP Based PGP Based Subject to traffic analysis Subject to traffic analysis Messages immediately delivered Messages immediately delivered Message size changes Message size changes Nym Servers Nym Servers Reply block chain Reply block chain Reused (often) Reused (often)

16 Type II Remailers “Mixmasters” “Mixmasters” Follows (much) of Chaum’s model Follows (much) of Chaum’s model Internally implemented PKE Internally implemented PKE Fixed payload & message splitting Fixed payload & message splitting Message pools/Bogus messages Message pools/Bogus messages No reply blocks No reply blocks

17 Type III Remailers “Mixminion” “Mixminion” Implements Type II features Implements Type II features Fixed message size (32KB) Fixed message size (32KB) Single use reply blocks Single use reply blocks Custom delivery protocol Custom delivery protocol No longer using SMTP No longer using SMTP User implemented User implemented

18 Proxy Anonymizers www.cs.iupui.edu UserWorkstation Web Anonymizer Enter Web Site Submit Reset Browser www.cs.iupui.edu WebAnonymizer

19 Crowds UserWorkstation www.cs.iupui.edu Each member passes web request to another member of crowd or to destination server depending on randomly generated probability

20 Onion Routing UserWorkstation www.cs.iupui.edu Using the mix model, get the public keys from each onion router then encrypt the request with each key starting from last hop and finishing with nearest one.

21 Tor Routing UserWorkstation www.cs.iupui.edu www.eff.org User creates a virtual circuit by securely establishing session keys with each Tor router. Once the circuit is set up, communication to remote hosts can occur when needed

22 Dining Cryptographers The waiter tells 3 cryptographers who are having dinner that the bill has been taken care of. The waiter tells 3 cryptographers who are having dinner that the bill has been taken care of. The payer chooses to be anonymous The payer chooses to be anonymous One of the cryptographers One of the cryptographers Their boss – the NSA Their boss – the NSA Diners will only agree if the NSA isn’t buying Diners will only agree if the NSA isn’t buying How do they decide? How do they decide? Each flips a coin that only he and the diner to is right can see. Each flips a coin that only he and the diner to is right can see. Each diner looks at his coin and the one to his left Each diner looks at his coin and the one to his left Not buying: announces whether the coins are the same or different Not buying: announces whether the coins are the same or different Buying: lies by announcing the opposite Buying: lies by announcing the opposite Odd number of “different”, someone at the table is buying Odd number of “different”, someone at the table is buying

23 DC Example Alice Bob Scott “Different” “Same” “Same” Someone at the Table (Scott) is buying [odd # of “Different”] Alice Bob Scott “Different” “Different” “Same” The NSA is buying [even # of “Different”]

24 DC-Nets Also proposed by David Chaum Also proposed by David Chaum Need secure channel between adjacent proxies Need secure channel between adjacent proxies Each proxy generates random bit Each proxy generates random bit Non-sender: announce xor (its bit, neighbor bit) Non-sender: announce xor (its bit, neighbor bit) Sender: announce xor (its bit, neighbor bit, message bit) Sender: announce xor (its bit, neighbor bit, message bit) Xor (all announcements) = message bit Xor (all announcements) = message bit Impractical Impractical Need to be able to generate lots of randomness Need to be able to generate lots of randomness Huge communication overhead Huge communication overhead

Download ppt "Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University."

Similar presentations

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.

Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.

Software programs that enable you to view world wide web documents. Internet Explorer and Firefox are examples. Browser.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Forensic Dead-Ends: Tracing Anonymous R er Abusers Len Sassaman The Shmoo Group

Forensic Dead-Ends: Tracing Anonymous R er Abusers Len Sassaman The Shmoo Group
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Internet Basics.

Internet Basics.
Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Similar presentations

Ads by Google