3CS@UML
Motivation
I know what’s going on!!!
Protect the identity of participants in a distributed application, such as E-voting, E-shopping, E-cash, and military applications
Eavesdropping
4CS@UML
Commercial routers not under government control Unencrypted data is completely open Encrypted data still exposes communicating parties
Current Network Status
Sender Address
Receiver Address
IP PacketHeaderStructure
5CS@UML
Public networks are vulnerable to traffic analysis attack. In a public network:
Packet headers identify recipients Packet routes can be tracked Volume and timing signatures are exposed
Encryption does not hide identity information of a sender and receiver.
Sender
Public Network
Receiver
Traffic Analysis Attack
6CS@UML
Traffic Analysis reveals identities.
Who is talking to whom may be confidential or private: Who is searching a public database? What web-sites are you surfing? Which agencies or companies are collaborating? Where are your e-mail correspondents? What supplies/quantities are you ordering from whom?
Knowing traffic properties can help an adversary decide where to spend resources for decryption, penetration,...
Traffic Analysis Attack (cont.)
7CS@UML
Goals of Anonymity: Receiver Untraceability
Senders are observable – i.e. the attacker knows that
A sent a message to someone
Receivers are not observable – i.e. the attacker does not know if
B received a message
Alice
Bob
Example: radio
Evil
8CS@UML
Goals of Anonymity: Sender Untraceability
Senders unobservable….
Example: Wireless routers using NAT
Alice
Bob
Evil
9CS@UML
Goals of Anonymity: Sender/Receiver Unlinkability
Senders and Receivers are observable, but not clear who is talking to whom
Alice
Bob
Evil
11CS@UML
Anonymous Communication Systems A number of Anonymous Communication
Systems have been realized. Several well-known systems are: Anonymizer (anonymizer.com) Onion-Routing (NRL) Crowds (Reiter and Rubin) Anonymous Remailer (MIT LCS) Tor (MIT and EFF) Freedom (Zero-Knowledge Systems) Hordes (Shields and Levine) PipeNet (Dai) SafeWeb (Symantec)
12CS@UML
Channels appear to come from proxy, not true originator May also filter traffic for identifying information Examples: Penet Remailer (shut down), The Anonymizer,
SafeWeb (Symantec)
anonymizing proxyanonymizing proxy
Basic Approach: Anonymizing Proxy
13CS@UML
User connects to the proxy first and types the URL in a web form
Channels appear to come from proxy, not true originator The proxy may also filter traffic to remove identifying
information It offers encrypted link to the proxy (SSL or SSH)
anonymizing proxy:anonymizing proxy:
anonymizer.comanonymizer.com
Anonymizer for Web Browsing
14CS@UML
ISP knows user connection times/volumes: Can easily eavesdrop on outgoing proxy connections and learn all
Proxy knows everything about connections So, both are fully trusted (single points of failure)
InternetPhone System
Responders
ISP
Encrypted link: user to proxy
Proxy
Problems of Anonymizer
15CS@UML
Underlying Idea for Mixmaster remailer, Onion Routing, ZKS Freedom, Web Mixes
Basic description: A network of mix nodes Special Onion-like encryption: Cell (message/packet)
wrapped in multiple layers of public-key encryption by sender, one for each node in a route
Decrypted layer tells mix next node in route Reordering: Mixes hold different cells for a time and
reorder before forwarding to respective destinations Rerouting: use a few proxies
Chaum Mixes (David Chaum)
16CS@UML
Anonymity Network
Sender Receiver
A
B
Onion Routing Based on Mix Networks
Sender selects a route through the mix network An intermediate mix only knows where the packet comes
from, and what is the next stop of the packet
Traditional Spy Network
S to A
B to R
A to B
17CS@UML
Review of Public Key Cryptography PrivateKeyBob(PublicKeyBob(Message))=Message
PublicKeyBob(PrivateKeyBob(Message))=Message
eB(message)dB(eB(message))=message
(eB, dB) (eA, dA)
Bob Alice
19CS@UML
Why Buffering and Reordering Packets? Disrupt the timing correlation between packets
into and out of a mix
mixmix
20CS@UML
Crowds
User machines are the network "Blender" announces crowd members to all members “Jondo" at machine flips weighted coin
If Heads forwards to random crowd member If Tails connects to end Web address
All Jondos on path know path key All connections from a source use same path for lifetime of that crowd
SenderWeb server
Blender
21CS@UML
Crowds Virtues
Good on sender protections No single point of failure Peer-to-peer design means minimal long-term
network services More lightweight crypto than mix-based systems
22CS@UML
Crowds Limitations
All users must run Perl code Requires users to have longrunning high-speed
Internet connections Entirely new network graph needed for new or
reconnecting Crowd member Connection anonymity dependent on data
anonymity Anonymity protection limited to Crowd size Rather weak on responder protections Lacks perfect forward anonymity
The intermediate nodes knows the receiver
24CS@UML
SenderB
S to A A to B
ReceiverB to CC to R
C
A
Adversary HQ
S to A &A to B
B to C &C to R
The adversary knows that Sender communicates with Receiver
Attacks against Mix Networks
xx
Connectivity Analysis Attacks
26CS@UML
Tor: A Practical Anonymous Protocol Some combination of Chaum’s Mix and
Crowds Encrypt data packets by symmetric keys Implement forward and backward anonymity Has P2P functions Easy to use
Open source
27CS@UML
First Sight A web server knows your ip:
http://www.proxyway.com/www/check-ip-address/whatis-my-ip-address.html
Tor to hide your ip Tor downloading webpage
http://tor.eff.org/download.html.en Manual for Windows setup
http://tor.eff.org/docs/tor-doc-win32.html.en
31CS@UML
Tor Network Onion router list: C:\Documents and Settings\fu\Application
Data\Tor\cached-status
ClientApplication
ServerTor Network
Directory Server
Legend:
Client or Server or Onion Router
Onion Router
Directory Server
32CS@UML
References D. Chaum, (1981), Untraceable electronic mail, return addresses,
and digital pseudonyms, Communications of the ACM, Vol. 24, No. 2, February, pp. 84--88.
Andrei Serjantov, Roger Dingledine and Paul Syverson, From a Trickle to a Flood: Active Attacks on Several Mix Types , In Proceedings of the Information Hiding Workshop, 2002
Andreas Pfitzmann et al., Anonymity, Unobservability, and Pseudonymity – A Proposal for Terminology, 2000,
Xinwen Fu, welcome to Xinwen Fu’s homepage, http://www.homepages.dsu.edu/fux/, 2007
Cisco Systems, Inc., Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide, 12.1(19)EA1, 2007
Cisco Systems, Inc., Catalyst 2900 Series Configuration Guide and Command Ref, 2007