Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Published byMitchell Mitchell Modified over 9 years ago

Similar presentations

Presentation on theme: "Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity."— Presentation transcript:

1 Anonymity – Crowds R. Newman

2 Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity Applications of anonymity technology

3 All relative to attacker Provably exposed Exposed Possible Innocence Probable Innocence Beyond Suspicion Absolute Privacy Degrees of Anonymity

4 All relative to attacker Provably exposed Attacker can prove who sent a message Exposed Possible Innocence Probable Innocence Beyond Suspicion Absolute Privacy Degrees of Anonymity

5 All relative to attacker Provably exposed Exposed Attacker knows but can’t prove it Possible Innocence Probable Innocence Beyond Suspicion Absolute Privacy Degrees of Anonymity

6 All relative to attacker Provably exposed Exposed Possible Innocence Nontrivial probability someone else sent msg Probable Innocence Beyond Suspicion Absolute Privacy Degrees of Anonymity

7 All relative to attacker Provably exposed Exposed Possible Innocence Probable Innocence Sender is equally likely to have sent as not sent Beyond Suspicion Absolute Privacy Degrees of Anonymity

8 All relative to attacker Provably exposed Exposed Possible Innocence Probable Innocence Beyond Suspicion Sender is no more likely to have sent than anyone else Absolute Privacy Degrees of Anonymity

9 All relative to attacker Provably exposed Exposed Possible Innocence Probable Innocence Beyond Suspicion Absolute Privacy Attacker can’t distinguish situations in which sender sent message from those in which it did not Degrees of Anonymity

10 Crowd = collection of users User represented in crowd by ”jondo” process Jondo contacts ”blender” server on startup Admission to crowd Reports current crowd membership to jondo Jondo set as web proxy for all services by user Crowd Overview

11 When user request made, sent to jondo Jondo establishes random path of jondos Picks random jondo from crowd (1) Sends request to that jondo That jondo flips biased coin With prob p f forward to another jondo (goto 1) With prob 1- p f send to end server Subsequent requests follow same path Except maybe end server Server reply follow reverse path Crowd Overview

12 Servers Users/jondos

13 Jondo treated as client of successor jondo Each jondo maintains set of active jondos Path maintained as virtual circuit (VC) Each path has pathID (like VCID) PathID is local to directional link VC table maintained (in-link, in-ID, out-link, out-ID) 128-bit VCIDs assigned randomly on setup Successor assigned randomly on setup Path key for encrypting msg generated on setup Crowd Overview

14 Jondo joins Crowd through Blender Blender maintains account with each member Each member has ID and password Password -> symmetric key for communication All jondos encrypt link communication Secret key between each jondo pair Pairwise keys established when jondo joins crowd Blender sends pairwise keys to new member, and to each other member to use with new member Jondos maintain current set of members Add when receive key from blender Delete when detect failure or receive notice Crowd Overview

15 Security provided to individual user Three types of attackers considered Local eavesdropper Collaborating crowd users End server Crowd Security - Attacks

16 AttackerSender AnonymityReceiver Anonymity Local eavesdropperExposedP(beyond susp) -> 1 c collaborating jondos, n >= p f (c+1)/(p f – ½) Probable innocence P(abs priv) -> 1 End serverBeyond SuspicionN/A Asymptotics are as n -> infinity Boldface entries are guarantees Probabilities are asymptotic E.g., Local eavesdropper gets lucky then it may be able to determine the receiver of a request Otherwise, receiver is beyond suspicion Prob of getting lucky decreases with crowd size

17 Can only see traffic to/from one user Can see when a user initiates a request Msg out did not result from msg in Prob(user’s jondo sends to server) = 1/n Uniform random choice from n members If not sent to end server, then receiver anonymous Prob learn receiver decreases with n Local Eavesdropper

18 Can only see traffic to/from itself Can obviously see receiver Receiver anonymity not possible! Sender anonymity is beyond suspicion Sender picks any member uniformly End server is equally likely to receive request from any member! Note independence from p f here Increasing path length does not help End Server

19 Can only see traffic to/from itself Can obviously see receiver address Sees plaintext of traffic on paths through it All jondos on path have path key Goal of collaborators is to find sender Assuming c can’t determine from msg contents Collaborator only has reason to suspect predecessor jondo All others are equally likely, except predecessor Paths are static! Collaborating Jondos

20 Let I = event that first collaborator on path is preceeded by path initiator (sender) Let H k = event that first collaborator on path is in the k th position in the path Sender is in position 0 in the path Let H k+ = event that first collaborator on path is in the k th position or later in the path Def: Probable Innocence wrt sender anonymity P(I | H 1+ ) <= ½ Note H 1 => I, but not converse Collaborating Jondos

21 Let c be number of collaborators Let n be size of crowd Let p f be forwarding probability p f > ½ Thm: If n >= p f (c + 1)/(p f – ½) then sender has probably innocence Show P(I|H 1+ ) = p f (c + 1)/(p f – ½) Path goes thru i-1 honest nodes first, prob (n-c)/n each So P(H i ) = (p f (n-c)/n) i-1 (c/n), etc. P(I) = P(H 1 )P(I|H 1 ) + P(H 2+ )P(I|H 2+ ) and since I => H 1+, P(I|H 1+ ) = P(I OR H 1+ )/P(H 1+ ) = P(I)/P(H 1+ ) Collaborating Jondos

22 Thm: If n >= p f (c + 1)/(p f – ½) then sender has probably innocence Example: p f = ¾ then sender gets probable innocence as long as n >= 3(c+1) Get tradeoff in path length (performance) and ability to tolerate collaboration attacks (c) Exp(Path length) = p f /(1 – p f ) + 2 P(H 1+ ) -> 0 as n -> infy for constant c, p f and so P(abs privacy) -> 1 for sender and receiver anonymity as n -> infy Assumes collaborators can only observe paths through nodes they own Collaborating Jondos

23 HTML pages can contain references to URLs that are immediately loaded by the browser Collaborator jondo can measure time from reply with URL until request for that URL appears Gives limits on how ”far” away sender is Countermeasure: Last jondo (by server) parses HTML, gets URLs Last jondo requests URLs and sends along path User jondo does not forward the URL requests User jondo waits for pages send from last jondo Timing Attacks

24 How big is load on each jondo? Appearances for a jondo is number of times it appears over all paths If twice in one path, and once in another, then 3 Thm: In a crowd of size n for any jondo, exp # appearances = O((1+1/n)/(1- p f ) 2 ) Load depends on path length, which mostly depends on p f Scaling

25 What does Crowds approach offer? How is it different from Chaum Mixes? Which approach is ”right”? Are there ways to strengthen the guarantees or protections offered by either, using techniques from the other (or different techniques)? Parting Questions

Download ppt "Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)

A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.

Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
Anonymity on the Web: Onion routing and Crowds. 2 Outline  the problem of user privacy  basic concepts of anonymous communication  MIXes  Onion routing.

Anonymity on the Web: Onion routing and Crowds. 2 Outline  the problem of user privacy  basic concepts of anonymous communication  MIXes  Onion routing.
Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.

Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
A Tale of Research: From Crowds to Deeper Understandings Matthew Wright Jan. 25, 2006 6392-017: Adv. Network Security.

A Tale of Research: From Crowds to Deeper Understandings Matthew Wright Jan. 25, : Adv. Network Security.

Similar presentations

Ads by Google