Presentation is loading. Please wait.

Presentation is loading. Please wait.

Onion Routing R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Published byMelvyn Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "Onion Routing R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity."— Presentation transcript:

1 Onion Routing R. Newman

2 Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity Metrics for Anonymity Applications of anonymity technology

3 Vanilla traffic analysis easy Read src and dest from packet Even if data are encrypted (e.g., using IPsec) Can see src, dest, since have to route packet Other observations Amounts of data flowing Connections open/close timing Traffic Analysis

4 Bi-directional socket connections Onions used to set up virtual circuits Setup is distinct from data flow over VC Intermediate proxies only know predecessor and successor Like Chaum Mix-nets Onion = layered object Circuit traffic is encrypted Only initiator proxy knows whole path Basis for TOR (The Onion Router) Used worldwide Onion Routing

5 Uses proxy servers Well-established mechanism Used to accommodate firewalls Used for www and telnet Data stream follows a path through proxies Path defined by initiating proxy Should be managed by source organization/user Initiating proxy should also be intermediate proxy for other paths Onion Routing

6 Example OR Topology W Y X Link encrypted between routing nodes Proxy/Router controlled by Secure Site Routing node Secure Site Initiator host Z U Responder host Responder’s Proxy/Router Unsecured socket connection

7 Proxy can combine all traffic from enclave Further confounds traffic analysis Data stream follows a path through proxies Data encrypted along path from proxy to exit router Data NOT encrypted between initiator host and proxy Or between exit router and responder Goal is NOT anonymity per se End parties generally DO know each other But prevent third party from knowing endpoints Onion Routing

8 Goal is NOT anonymity per se But prevent third party from knowing endpoints Data analytics can reveal interests/intentions from observing history of web searches, e.g. Anonymous Remailers Keep log of packets to prevent replays Not suitable for HTTP traffic Too much data! Requires bi-directional, interactive traffic Onion Routing

9 Establishes bidirectional communication End responder does not HAVE to know initiator Individual messages are not logged Anonymous email supported Can include reply onion for responder Keeps initiator anonymous Can be used after current connection closed Onion Routing

10 Encapsulate routes Initiator proxy determines a route Constructs onion – to set up virtual circuit Data sent after route is set up Forward Onion Encrypt for responder’s proxy (Z) Encrypt for predecessor router (Y), with message for Z as payload Continue adding layers (similar to Chaum Mix-net) for entire route (backwards) Onions

11 Building a Forward Onion W Y X Link encrypted between routing nodes Initiator’s Proxy/Router Z U Responder’s Proxy/Router ET z, NULL, F fz, K fz, F bz, K bz, pad ET y, Z, F fy, K fy, F by, K by, ET x, Y, F fx, K fx, F bx, K bx, Route chosen by W Route info for Z Route info for Y Route info for X Initiator [F fx, K fx, F bx, K bx ] VC-W17 [F fy, K fy, F by, K by ] [F fz, K fz, F bz, K bz ]

12 Using a Forward Onion W Y X Link encrypted between routing nodes Initiator’s Proxy/Router Z U Responder’s Proxy/Router ET z, NULL, F fz, K fz, F bz, K bz, pad ET y, Z, F fy, K fy, F by, K by, ET x, Y, F fx, K fx, F bx, K bx, Route chosen by W Route info for Z Route info for Y Route info for X VC-W17[F fx, K fx, F bx, K bx ] VC-Y3 VC-X3[F fy, K fy, F by, K by ] VC-Z8VC-Y8[F fz, K fz, F bz, K bz ] Responder Initiator [F fx, K fx, F bx, K bx ] VC-W17 [F fy, K fy, F by, K by ] [F fz, K fz, F bz, K bz ] VC17 VC3 VC8

13 Forward Onion Layers of encryption using public key of successor Include Expiration Time for onion Include Next Hop address (except for last router) Include forward and backward functions and keys Expiration Time Used to detect replays Copy of onion held until expiration time is up If duplicate arrives, discard If expired onion arrives, discard Onions

14 Onion shrinkage Each router removes the plaintext it sees as it processes the onion So onion shrinks as it traverses route Size of onion would reveal location in route! Padding Each router adds random bitstring to end of payload Equal in length to the information it strips from header Router cannot tell how much of payload is padding Except last router Initiator proxy pads central payload to fixed onion size So onions all look the same Onions

15 Processing a Forward Onion W Y X Link encrypted between routing nodes Initiator’s Proxy/Router Z U Responder’s Proxy/Router ET x, Y, F fx, K fz, F bz, K bz, Route chosen by W Onion for X Onion for Y Onion for Z Payload ET y, Z, F fz, K fz, F bz, K bz, PAD Payload ET z, NULL, F fz, K fz, F bz, K bz PAD pad Strip headerAdd padding

16 Messages sent on VC Message format VCID – identifies virtual circuit Command – identifies message type Data – payload of message Message types Create – to set up Destroy – to tear down Data – to send data (fwd or bkwd) Setting up Virtual Circuits

17 Create Command Accompanies an onion Recipient selects VCID Sends create command with massaged onion and VCID to next router Stores VCID pair along with VCID info Fwd and bkwd functions and keys Data Command Intermediate nodes convert VCID Apply appropriate function with key Destroy Remove VCID entry Setting up Virtual Circuits

18 Crypting Each node applies forward function with forward key to data moving in forward direction Applies backward function with backward key to data moving in backward direction Initiator proxy ”precrypts” ultimate forward msg by applying inverse functions in reverse order Intermediate nodes ”peel off” transforms applied by initiator proxy as data traverses route Data sent in backward direction is ”crypted” by routers along backward route Initiator proxy peels off these layers by applying inverse of backward transforms in forward route order Data Encryption

19 Route length is limited Size of onion restricts number of intermediates Can allow intermediates to add to route! But must not overwrite needed info! Loose Routing Initiator can add padding to end of onion, set maximum loose count values for intermediate nodes Intermediate can insert addtional hops on the way to the next prescribed node Intermediate must also crypt data as it passes through Can be used to repair route damage, or when initiator does not know a complete route Loose Routing

20 W Y X Loose route link Initiator’s Proxy/Router Z U Responder’s Proxy/Router ET x, Y, F fx, K fx, F bx, K bx, Route chosen by W Onion for X Onion for Y Onion for Z Payload ET y, Z, F fy, K fy, F by, K by, PAD Payload Add headerNo extra padding ET u, Y, F fu, K fu, F bu, K bu, Payload Onion for U Onion for Y Onion for Z Onion for Y ET y, Z, F fy, K fy, F by, K by, Payload PAD ET’ z, Y, F’ fz, K’ fz, F’ bz, K’ bz, Payload ET y, Z, F fy, K fy, F by, K by, Payload PAD ET z, NULL, F fz, K fz, F bz, K bz, PAD

21 Useful to allow recipient to reply after original circuit has been broken down VC no longer available for data transmission Allows responder to remain anonymous also Reply Onion Sent by initiator to responder Can be used as a ”preformed” onion by responder to set up a VC to initiator later Multiple can be sent to allow multiple such VCs Does not need to use the same path as the original VC used Reply Onions

22 Looks like a forward onion Has same format, header information Treated the same as a forward onion by intermediates Here is where ”crypting” comes in handy! Forward and backward functions are indistinguishable Difference is that the payload tells the original initiator’s proxy all it needs to use the VC All the forward and backward functions along path Also indentifier for VC so the initiator can bind it to the reply onion it came from Reply Onions

23 Data are treated in the same way as in a VC set up by the original initiator in the forward direction Just use the functions given Original responder just sends data Intermediates apply ”forward” function given Original initiator applies all ”backward” functions Multiple reply onions can be set Multiple can even be broadcast! Just have to use an unused onion Onions expire, and duplicates are ignored Reply Onions

24 GPA can observe message flows No delays introduced, so timing matters! Near simultaneous opening of sockets a give-away Compromised nodes Initiator proxy bad – then all is revealed! One good intermediate complicates TA One bad intermediate can effect DOS Bad responder proxy – if can detect corrupted data, then earlier node can experimentally damage data Clock Synchronization Can result in DOS – onion expiry Attacks

Download ppt "Onion Routing R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity."

Similar presentations

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IPv4 - The Internet Protocol Version 4

IPv4 - The Internet Protocol Version 4
NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.

NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
Jaringan Komputer Lanjut Packet Switching Network.

Jaringan Komputer Lanjut Packet Switching Network.
OSI MODEL Maninder Kaur www.eazynotes.com.

OSI MODEL Maninder Kaur
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP)
Wide Area Networks School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 11, Thursday 3/22/2007)

Wide Area Networks School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 11, Thursday 3/22/2007)
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Routing Security in Ad Hoc Networks

Routing Security in Ad Hoc Networks
Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.

Chapter 10 Introduction to Wide Area Networks Data Communications and Computer Networks: A Business User’s Approach.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

Similar presentations

Ads by Google