Xinwen Fu Anonymous Communication & Computer Forensics 91.580.203 Computer & Network Forensics

Xinwen Fu

Anonymous Communication&

Computer Forensics

91.580.203 Computer & Network Forensics

2CS@UML

Outline Background Onion routing Attacks against anonymity Tor

3CS@UML

Motivation

I know what’s going on!!!

Protect the identity of participants in a distributed application, such as E-voting, E-shopping, E-cash, and military applications

Eavesdropping

4CS@UML

Commercial routers not under government control Unencrypted data is completely open Encrypted data still exposes communicating parties

Current Network Status

Sender Address

Receiver Address

IP PacketHeaderStructure

5CS@UML

Public networks are vulnerable to traffic analysis attack. In a public network:

Packet headers identify recipients Packet routes can be tracked Volume and timing signatures are exposed

Encryption does not hide identity information of a sender and receiver.

Sender

Public Network

Receiver

Traffic Analysis Attack

6CS@UML

Traffic Analysis reveals identities.

Who is talking to whom may be confidential or private: Who is searching a public database? What web-sites are you surfing? Which agencies or companies are collaborating? Where are your e-mail correspondents? What supplies/quantities are you ordering from whom?

Knowing traffic properties can help an adversary decide where to spend resources for decryption, penetration,...

Traffic Analysis Attack (cont.)

7CS@UML

Goals of Anonymity: Receiver Untraceability

Senders are observable – i.e. the attacker knows that

A sent a message to someone

Receivers are not observable – i.e. the attacker does not know if

B received a message

Alice

Bob

Example: radio

Evil

8CS@UML

Goals of Anonymity: Sender Untraceability

Senders unobservable….

Example: Wireless routers using NAT

Alice

Bob

Evil

9CS@UML

Goals of Anonymity: Sender/Receiver Unlinkability

Senders and Receivers are observable, but not clear who is talking to whom

Alice

Bob

Evil

10CS@UML


11CS@UML

Anonymous Communication Systems A number of Anonymous Communication

Systems have been realized. Several well-known systems are: Anonymizer (anonymizer.com) Onion-Routing (NRL) Crowds (Reiter and Rubin) Anonymous Remailer (MIT LCS) Tor (MIT and EFF) Freedom (Zero-Knowledge Systems) Hordes (Shields and Levine) PipeNet (Dai) SafeWeb (Symantec)

12CS@UML

Channels appear to come from proxy, not true originator May also filter traffic for identifying information Examples: Penet Remailer (shut down), The Anonymizer,

SafeWeb (Symantec)

anonymizing proxyanonymizing proxy

Basic Approach: Anonymizing Proxy

13CS@UML

User connects to the proxy first and types the URL in a web form

Channels appear to come from proxy, not true originator The proxy may also filter traffic to remove identifying

information It offers encrypted link to the proxy (SSL or SSH)

anonymizing proxy:anonymizing proxy:

anonymizer.comanonymizer.com

Anonymizer for Web Browsing

14CS@UML

ISP knows user connection times/volumes: Can easily eavesdrop on outgoing proxy connections and learn all

Proxy knows everything about connections So, both are fully trusted (single points of failure)

InternetPhone System

Responders

ISP

Encrypted link: user to proxy

Proxy

Problems of Anonymizer

15CS@UML

Underlying Idea for Mixmaster remailer, Onion Routing, ZKS Freedom, Web Mixes

Basic description: A network of mix nodes Special Onion-like encryption: Cell (message/packet)

wrapped in multiple layers of public-key encryption by sender, one for each node in a route

Decrypted layer tells mix next node in route Reordering: Mixes hold different cells for a time and

reorder before forwarding to respective destinations Rerouting: use a few proxies

Chaum Mixes (David Chaum)

16CS@UML

Anonymity Network

Sender Receiver

A

B

Onion Routing Based on Mix Networks

Sender selects a route through the mix network An intermediate mix only knows where the packet comes

from, and what is the next stop of the packet

Traditional Spy Network

S to A

B to R

A to B

17CS@UML

Review of Public Key Cryptography PrivateKeyBob(PublicKeyBob(Message))=Message

PublicKeyBob(PrivateKeyBob(Message))=Message

eB(message)dB(eB(message))=message

(eB, dB) (eA, dA)

Bob Alice

18CS@UML

Onion-Like Encryption

Sender S to R Receiver

B

A

√M

BR

S to A

A to B

M

R

M

B to R

19CS@UML

Why Buffering and Reordering Packets? Disrupt the timing correlation between packets

into and out of a mix

mixmix

20CS@UML

Crowds

User machines are the network "Blender" announces crowd members to all members “Jondo" at machine flips weighted coin

If Heads forwards to random crowd member If Tails connects to end Web address

All Jondos on path know path key All connections from a source use same path for lifetime of that crowd

SenderWeb server

Blender

21CS@UML

Crowds Virtues

Good on sender protections No single point of failure Peer-to-peer design means minimal long-term

network services More lightweight crypto than mix-based systems

22CS@UML

Crowds Limitations

All users must run Perl code Requires users to have longrunning high-speed

Internet connections Entirely new network graph needed for new or

reconnecting Crowd member Connection anonymity dependent on data

anonymity Anonymity protection limited to Crowd size Rather weak on responder protections Lacks perfect forward anonymity

The intermediate nodes knows the receiver

23CS@UML


24CS@UML

SenderB

S to A A to B

ReceiverB to CC to R

C

A

Adversary HQ

S to A &A to B

B to C &C to R

The adversary knows that Sender communicates with Receiver

Attacks against Mix Networks

xx

Connectivity Analysis Attacks

25CS@UML


26CS@UML

Tor: A Practical Anonymous Protocol Some combination of Chaum’s Mix and

Crowds Encrypt data packets by symmetric keys Implement forward and backward anonymity Has P2P functions Easy to use

Open source

27CS@UML

First Sight A web server knows your ip:

http://www.proxyway.com/www/check-ip-address/whatis-my-ip-address.html

Tor to hide your ip Tor downloading webpage

http://tor.eff.org/download.html.en Manual for Windows setup

http://tor.eff.org/docs/tor-doc-win32.html.en

28CS@UML

29CS@UML

IE

30CS@UML

Tor Components

Internet

WWWWWWServerServer

Vidalia

Privoxy tor

31CS@UML

Tor Network Onion router list: C:\Documents and Settings\fu\Application

Data\Tor\cached-status

ClientApplication

ServerTor Network

Directory Server

Legend:

Client or Server or Onion Router

Onion Router

Directory Server

32CS@UML

References D. Chaum, (1981), Untraceable electronic mail, return addresses,

and digital pseudonyms, Communications of the ACM, Vol. 24, No. 2, February, pp. 84--88.

Andrei Serjantov, Roger Dingledine and Paul Syverson, From a Trickle to a Flood: Active Attacks on Several Mix Types , In Proceedings of the Information Hiding Workshop, 2002

Andreas Pfitzmann et al., Anonymity, Unobservability, and Pseudonymity – A Proposal for Terminology, 2000,

Xinwen Fu, welcome to Xinwen Fu’s homepage, http://www.homepages.dsu.edu/fux/, 2007

Cisco Systems, Inc., Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide, 12.1(19)EA1, 2007

Cisco Systems, Inc., Catalyst 2900 Series Configuration Guide and Command Ref, 2007