Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Anonymity and Covert Channels in Simple, Timed Mix-firewalls Richard E. Newman --- UF Vipan R. Nalla -- UF Ira S. Moskowitz --- NRL

Published byKristopher Ward Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Anonymity and Covert Channels in Simple, Timed Mix-firewalls Richard E. Newman --- UF Vipan R. Nalla -- UF Ira S. Moskowitz --- NRL"— Presentation transcript:

1 1 Anonymity and Covert Channels in Simple, Timed Mix-firewalls Richard E. Newman --- UF Vipan R. Nalla -- UF Ira S. Moskowitz --- NRL {nemo,vreddy}@cise.ufl.edu, moskowitz@itd.nrl.navy.mil http://chacs.nrl.navy.mil

2 2 Motivation Anonymity --- Linkages – sender/message/recipient optional desire or mandated necessity? Hide who is sending what to whom. What – covered by crypto. Who/which/whom – covered by Mix networks. Even if one cannot associate a particular message with a sender, it is still possible to leak information from sender to observer – covert channel.

3 3 Mixes A Mix is a device intended to hide source/message/destination associations. A Mix can use crypto, delay, shuffling, padding, etc. to accomplish this. Others have studied ways to “beat the Mix” --active attacks to flush the Mix. --passive attacks may study probabilities.

4 4 Prior measures of anonymity AT&T Crowds-degree of anonymity, p foward message –Not Mix-based Dresden: Anonymity (set of senders) Set size N, log(N) –Does not include observations by Eve Cambridge: effective size, assign probs to senders between 0 and log(N) –We show (later): maximal entropy (most noise) does not assure anonymity K.U. Leuven: normalize above We want something that measures before & after That is Shannon’s information theory

5 5 Aim of this Work We wish to provide another tool better to understand and to measure anonymity Limits of anonymity Application of classical techniques Follows WPES, CNIS work

6 6 Covert Channels A communication channel that exists, contrary to system design, in a computer system or network Typically in the realm of MLS systems: non-interference Classically measure threat by capacity

7 7 Quasi-Anonymous Channels Less than perfect anonymity = quasi-anonymity Quasi-anonymity allows covert channel = quasi-anonymous channel Quasi-anonymous channel is (1)Illegal communication channel in its own right (2)A way of measuring anonymity

8 8 NRL Covert Channel Analysis Lab John McDermott & Bruce Montrose Actual network set-up to exploit these quasi-anonymous channels First attempt: detect gross changes in traffic volume Future work may be a more fine-tuned detection of the mathematical channels discussed here

9 9 Our Earlier Scenario WPES 2003 Mix Firewalls separating 2 enclaves. Enclave 1 Enclave 2 Eve Alice & Clueless i Timed Mix, total flush per tick Eve: counts # message per tick – perfect sync, knows # Clueless i Clueless i are IID, p = probability that Clueless i does not send a message Alice is clueless w.r.t to Clueless i overt channel --- anonymous covert channel

10 10 This System Model Alice (malicious insider) and N other senders (Clueless i ’s, 1=1,…,N) M observable destinations (R j, j=1,…,M) “Nobody” destination R 0 Each tick, each sender can send a message (to a destination R j ) or not (“send” to R 0 ) Clueless i are i.i.d. Eve sees message counts to R j ’s each tick

11 11 Multiple Receiver Model Alice Clueless N Clueless 1 [Nobody = R 0 ] R1R1 Clueless 2 Eve Mix-firewall RNRN R2R2 … … …

12 12 Toy Scenario – N=1, M=1 Alice can: not send a message (0), or send (1) Only two input symbols to the (covert) channel What does Eve see? 0,1, or 2 messages. 0 1 2 0 1 Alice Eve p p q q

13 13 Discrete Memoryless Channel 012 0pq0 10pq XY anonymizing network X Y X is the random variable representing Alice, the transmitter to the cc X has a prob dist P(X=0) = x P(X=1) = 1-x Y represents Eve prob dist derived from X and channel matrix

14 14 Channel Capacity In general P(X = x i ) = p(x i ), similarly p(y k ) H(X) = -∑ i p(x i )log[p(x i )] Entropy of X H(X|Y) = -∑ k p(y k ) ∑ i p(x i |y k )log[p(x i |y k )] Mutual information I(X,Y) = H(X) – H(X|Y) = H(Y)-H(Y|X) Capacity is the maximum over dist X of I

15 15 Capacity for Toy Scenario C = max x { -( pxlogpx +[qx+p(1-x)]log[qx+p(1-x)] +q(1-x)logq(1-x) ) –h(p) } where h(p) = -{ p logp + (1-p) log(1-p) }

16 16 Capacity and optimal x vs. p

17 17 Earlier Scenario: 1 Receiver, N Clueless i 0 1 N N+1 0 1 pNpN qNqN Np N-1 q Nq N-1 p qNqN pNpN......

18 18 Capacity vs. N (M=1)

19 19 Observations Highest capacity when very low or very high clueless traffic Capacity (of p) bounded below by C(0.5) x=.5 thus even at maximal entropy, not anonymous Capacity monotonically decreases to 0 with N C(p) is a continuous function of p Alice’s optimal bias is function of p, and is always near 0.5

20 20 Comments 1.Lack of anonymity leads to comm. channel 2.Use this quasi-anonymous channel to measure the anonymity 3.Capacity is not always the correct measure---might want just mutual info, or number of bits passed

21 21 New Results Analysis for M>1 receivers Numerical (but not theoretical) results show best for Clueless to be uniform Numerical results for Clueless uniform over actual receivers (not R 0 ) Numerical results for Alice uniform over actual receivers (not R 0 ) Best for Alice to be uniform

22 22 Earlier Scenario Revisited: 1 Receiver, N Clueless i 0 1 pNpN qNqN Np N-1 q Nq N-1 p qNqN pNpN......

23 23 M=2 Receivers, N=1 Clueless i 0 2 p q/2 1 q/2 p p

24 24 Channel Matrix for N=1, M=2 p q/2 q/2 0 0 0 0 p 0 q/2 q/2 0 0 0 p 0 q/2 q/2 M 1,2 = () (Note: typo in pre-proceedings section 3.2, M 0.2 [i,j]=Pr(e j |A=i), not A=a i )

25 25 Capacity for N=1,M=2 C = max A I(A,E) = max x 1,x 2 - {px 0 logpx 0 +[qx 0 /2+p(x 1 )]log[qx 0 /2+p(x 1 )] +[qx 0 /2+p(x 2 )]log[qx 0 /2+p(x 2 )] +[qx 1 /2]log[qx 1 /2] +[qx 1 /2+ qx 2 /2]log[qx 1 /2+ qx 2 /2] +[qx 2 /2]log[qx 2 /2] –h 2 (p) } where h 2 (p) = -(1-p) log (1-p)/2 – p log p

26 26 Capacity LB vs. p (N=1-4,M=2)

27 27 Mutual Info vs. X0, N=1, M=2

28 28 Mutual Info vs. p, N=2, M=2

29 29 Best x0 vs. p for M=3,N=1-4

30 30 Effect of Suboptimal x0 (M=3)

31 31 Capacity LB vs. p (N=1, M=1-5)

32 32 Capacity (N,M)

33 33 Equivalent Sender Group Size

34 34 Conclusions 1.Highest capacity when very low or very high clueless traffic 2.Multiple receivers induces asymmetry for clueless sending vs. not sending 3.Capacity monotonically decreases to 0 with N 4.Capacity monotonically increases with M, bounded by log(M+1) 5.Alice’s optimal bias is function of p, and is always near 1/(M+1)

35 35 Future Work Relax IID assumption on Clueless i More realistic distributions for Clueless i If Alice has knowledge of Clueless i behavior… More general timed Mixes Threshold Mixes, pool Mixes, Mix networks Effective sender set size Relationship of CC capacity to anonymity

Download ppt "1 Anonymity and Covert Channels in Simple, Timed Mix-firewalls Richard E. Newman --- UF Vipan R. Nalla -- UF Ira S. Moskowitz --- NRL"

Similar presentations

Ulams Game and Universal Communications Using Feedback Ofer Shayevitz June 2006.

Ulams Game and Universal Communications Using Feedback Ofer Shayevitz June 2006.
Binary Symmetric channel (BSC) is idealised model used for noisy channel. symmetric p( 01) =p(10)

Binary Symmetric channel (BSC) is idealised model used for noisy channel. symmetric p( 01) =p(10)
Chapter 10 Shannon’s Theorem. Shannon’s Theorems First theorem:H(S) ≤ L n (S n )/n < H(S) + 1/n where L n is the length of a certain code. Second theorem:

Chapter 10 Shannon’s Theorem. Shannon’s Theorems First theorem:H(S) ≤ L n (S n )/n < H(S) + 1/n where L n is the length of a certain code. Second theorem:
Enhancing Secrecy With Channel Knowledge

Enhancing Secrecy With Channel Knowledge
Preliminaries Prof. Navneet Goyal CS & IS BITS, Pilani.

Preliminaries Prof. Navneet Goyal CS & IS BITS, Pilani.
Chain Rules for Entropy

Chain Rules for Entropy
Chapter 6 Information Theory

Chapter 6 Information Theory
Visual Recognition Tutorial

Visual Recognition Tutorial
Poorvi Vora/CTO/IPG/HP 01/03 1 The channel coding theorem and the security of binary randomization Poorvi Vora Hewlett-Packard Co.

Poorvi Vora/CTO/IPG/HP 01/03 1 The channel coding theorem and the security of binary randomization Poorvi Vora Hewlett-Packard Co.
ENGS4 2004 Lecture 8 ENGS 4 - Lecture 8 Technology of Cyberspace Winter 2004 Thayer School of Engineering Dartmouth College Instructor: George Cybenko,

ENGS Lecture 8 ENGS 4 - Lecture 8 Technology of Cyberspace Winter 2004 Thayer School of Engineering Dartmouth College Instructor: George Cybenko,
. Parameter Estimation and Relative Entropy Lecture #8 Background Readings: Chapters 3.3, 11.2 in the text book, Biological Sequence Analysis, Durbin et.

. Parameter Estimation and Relative Entropy Lecture #8 Background Readings: Chapters 3.3, 11.2 in the text book, Biological Sequence Analysis, Durbin et.
Mutual Information Mathematical Biology Seminar 23.5.2005.

Mutual Information Mathematical Biology Seminar
Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.

Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.
A Bit of Information Theory Unsupervised Learning Working Group Assaf Oron, Oct. 15 2003 Based mostly upon: Cover & Thomas, “Elements of Inf. Theory”,

A Bit of Information Theory Unsupervised Learning Working Group Assaf Oron, Oct Based mostly upon: Cover & Thomas, “Elements of Inf. Theory”,
Fundamental limits in Information Theory Chapter 10 :

Fundamental limits in Information Theory Chapter 10 :
The 1’st annual (?) workshop. 2 Communication under Channel Uncertainty: Oblivious channels Michael Langberg California Institute of Technology.

The 1’st annual (?) workshop. 2 Communication under Channel Uncertainty: Oblivious channels Michael Langberg California Institute of Technology.
Processing Along the Way: Forwarding vs. Coding Christina Fragouli Joint work with Emina Soljanin and Daniela Tuninetti.

Processing Along the Way: Forwarding vs. Coding Christina Fragouli Joint work with Emina Soljanin and Daniela Tuninetti.
Visual Recognition Tutorial

Visual Recognition Tutorial
Xiaohua (Edward) Li1 and E. Paul Ratazzi2

Xiaohua (Edward) Li1 and E. Paul Ratazzi2
Noise, Information Theory, and Entropy

Noise, Information Theory, and Entropy

Similar presentations

Ads by Google