Presentation is loading. Please wait.

Presentation is loading. Please wait.

Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

Published byHester Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman"— Presentation transcript:

1 Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S15/

2 Administrative stuff Monday office hours moved to 2:30 – Will be 2:30 – 4 How was your break? Quiz graded – Discussion

3 Outline Anonymity concepts and background The Dining Cryptographers problem Anonymous email – Chaum mixes – Mixminion Anonymous web browsing – Tor Problems with Tor

4 Anonymity Concepts Privacy – Confidentiality Anonymity/Pseudonymity – Unobservability – Unlinkability

5 Properties of eCash Unforgeability Non-reusability Anonymity – Untraceability – Unlinkability

6 Dining Cryptographers Three people toss coins: heads=1, tails=0 Menus hide right-hand coin XOR your coin flip result and left neighbor’s result Report value to everyone Report opposite value to send a single bit If the sum is odd, someone sent a message

7 Dining Cryptographers II Slow Error-prone Needs tamper detection Does not scale Provides unobservability

8 Unobservability k-anonymity (scalable dining cryptographers) – Must be implemented very carefully Link padding – Inefficient – Cover traffic knowledge

9 Unlinkability Sender  X  Receiver (Sender can’t identify receiver) Sender  X  Receiver (Receiver can’t identify sender) Sender  X  Receiver (Neither knows who the other is) – How do we handle authentication? Unobservability implies unlinkability (?)

10 For Bob from Alice For Carol from Alice For David from Alice Onion Encryption

11 Source routing with capabilities B, data S3 S2 S1 B S3 S2 S1 A

12 Message for Bob Wrapping for Carol Wrapping for Doug Onion Encryption II Bob Alice Wrapping for Edward Edward Doug Carol

13 Chaum Mixes Bob Alice Output in lexographic order

14 Global Adversary Bob Alice

15 Chaum Mix Cascade Bob Alice

16 Anonymous Reply Address for replies: Reply: Mix0 decrypts N,A; sends: Mix decrypting reply does not know destination Mix encrypting reply does not know source

17 Mixminion AB C D E Bob A,B,C,D,E Alice Bob

18 Problems with Mixminon Centralized entities required – Availability failure – Anonymity failure (how?) Malicious nodes: – Control entry and exit – Unlikely

19 Anonymous Email High-latency Low-throughput Provides unlinkability – Have to be careful about authentication No default end-to-end confidentiality (PGP) – Actually, there is for replies Secure against global adversary

20 Anonymous Web Browsing Low-latency Medium-throughput Server does not know client Provides sender unlinkability – Have to be careful about authentication No default end-to-end confidentiality (SSL) NOT secure against global adversary

21 Tor ABC TCP over TCP (UGH!)

22

23 Anonymous Web Services Web service does not know client Client does not know web service Provides sender and receiver unlinkability Rendezvous

24 Tor Hidden Services ABCDEF

25 Outline Anonymity refresher Tor anonymous web browsing Attacks – Anonymity – Latency-based – Malicious nodes

26 Problems with Tor Global adversary – What are the possible attacks? – Long term intersection – Defined as NOT HANDLED by Tor – Functional vs. actual? Packet counting Packet sampling

27 Problems with Tor “Centralized” entities required – Availability failure – Anonymity failure (how?) Malicious nodes: – Control entry and exit Hopefully unlikely – entry guards Preferential attraction of clients – Eureka! We can lie!

28 Problems with Tor II Information leakage from software – Web browser language – System time – How else? Malicious attacks on software – How?

29 Problems with Tor III Information leakage from design: – Latency (Hopper et al.) Unlinkability failure: – Latency (Hopper et al.) See a pattern? Prevention?

30 Global Adversary Bob Alice Mix server

31 Entire Tor network

32 Global Adversary vs. Tor Bob Alice Entire Tor network

33 Problems with Tor Preferential attraction of clients – Eureka! We can lie! Information leakage from software Information leakage and linkability failure from latency (Hopper et al.) Malicious nodes – Control entry and exit Hopefully unlikely – entry guards

34 Tor Network Positioning Attack ABCM

35 Tor Linkability Attack ABC

36 Outline Anonymity refresher Tor anonymous web browsing Attacks – Anonymity – Latency-based – Malicious nodes

37 Tor Selective DoS Attack ABC

38 Tor reliability R DoS = (1-t) 2 + (tf) 3 (1-t) 2 dominates

39 A defense –entry guards Useful, but ≤ 3 guards may decrease resilience Other mixes

40 Questions? Reading discussion

Download ppt "Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman"

Similar presentations

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
The Dining Cryptographer Problem Security Presentation Nitesh Patel 2005h425.

The Dining Cryptographer Problem Security Presentation Nitesh Patel 2005h425.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
Reusable Anonymous Return Channels

Reusable Anonymous Return Channels
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
Xinwen Fu Anonymous Communication & Computer Forensics 91.580.203 Computer & Network Forensics.

Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.
Analysis of Onion Routing Presented in 294-4 by Jayanthkumar Kannan On 10/8/03.

Analysis of Onion Routing Presented in by Jayanthkumar Kannan On 10/8/03.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.
Protocol Examples: Key Establishment Anonymity

Protocol Examples: Key Establishment Anonymity
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

Similar presentations

Ads by Google