1 / 38

Anonymous Communications

Anonymous Communications. CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum. Outline. Overview and Concepts Anonymous Schemes Onion Routing Crowd Hordes Incomparable Public Keys. Motivation. Is Internet communication private?

megan-kirk
Télécharger la présentation

Anonymous Communications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum

  2. Outline • Overview and Concepts • Anonymous Schemes • Onion Routing • Crowd • Hordes • Incomparable Public Keys

  3. Motivation • Is Internet communication private? • No! ... Why? • Routing information is completely ‘open’ (visible) to the network and its users. • e.g. IP Source, IP destination addresses. • Traffic Analysis can result in loss of privacy throwing up patterns showing communication propensities of internet users.

  4. Motivation... • Do we need private communication? • Yes… • Existence of inter-company collaboration may be confidential • E-mail users may not wish to reveal who they are communicating with, to the rest of the world • Anonymity may also be desirable: anonymous e-cash is not very anonymous if delivered with a return address • Web based shopping or browsing of public databases should not require revealing one’s identity

  5. Anonymity Properties • Types of Anonymity • Sender Anonymity • Receiver Anonymity • Unlinkability of sender and receiver • Model of the Attacker • Eavesdropper • Collaboration of parties • Anonymity Degree

  6. Concept: Mix Networks • First outlined by Chaum in 1981 • Provide anonymous communication • High latency • Message-based (“message-oriented”) • One-way or two-way

  7. Mix Networks Users Mixes Destinations

  8. Mix Networks Adversary {{{,d}M3,M3}M2,M2}M1 u d M1 M2 M3 Users Mixes Destinations Protocol Onion Encrypt • User selects a sequence of mixes and a destination. • Onion-encrypt the message. • Proceed in reverse order of the user’s path. • Encrypt (message, next hop) with the public key of the mix.

  9. Mix Networks Adversary {{{,d}M3,M3}M2,M2}M1 u d M1 M2 M3 Users Mixes Destinations Protocol Onion Encrypt • User selects a sequence of mixes and a destination. • Onion-encrypt the message. • Send the message, removing a layer of encryption at each mix. • Proceed in reverse order of the user’s path. • Encrypt (message, next hop) with the public key of the mix.

  10. Mix Networks Adversary {{,d}M3,M3}M2 u d M1 M2 M3 Users Mixes Destinations Protocol Onion Encrypt • User selects a sequence of mixes and a destination. • Onion-encrypt the message. • Send the message, removing a layer of encryption at each mix. • Proceed in reverse order of the user’s path. • Encrypt (message, next hop) with the public key of the mix.

  11. Mix Networks Adversary u d M1 {,d}M3 M2 M3 Users Mixes Destinations Protocol Onion Encrypt • User selects a sequence of mixes and a destination. • Onion-encrypt the message. • Send the message, removing a layer of encryption at each mix. • Proceed in reverse order of the user’s path. • Encrypt (message, next hop) with the public key of the mix.

  12. Mix Networks Adversary u d M1  M2 M3 Users Mixes Destinations Protocol Onion Encrypt • User selects a sequence of mixes and a destination. • Onion-encrypt the message. • Send the message, removing a layer of encryption at each mix. • Proceed in reverse order of the user’s path. • Encrypt (message, next hop) with the public key of the mix.

  13. Mix Networks Adversary u d v e w f Users Mixes Destinations • Anonymity? • No one mix knows both source and destination. • Adversary cannot follow multiple messages through the same mix. • More users provides more anonymity.

  14. How Onion Routing Works 1 2 u d 3 5 User u running client Internet destinationd 4 Routers running servers

  15. How Onion Routing Works 1 2 u d 3 5 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d.

  16. How Onion Routing Works {{{}3}4}1 1 2 u d 3 5 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged.

  17. How Onion Routing Works 1 2 u d 3 5 {{}3}4 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged.

  18. How Onion Routing Works 1 2 u d 3 5 {}3 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged.

  19. How Onion Routing Works 1 2 u  d 3 5 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged.

  20. How Onion Routing Works 1 2 u d ’ 3 5 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged.

  21. How Onion Routing Works 1 2 u d 3 5 4 {’}3 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged.

  22. How Onion Routing Works 1 2 u {{’}3}4 d 3 5 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged.

  23. How Onion Routing Works 1 2 {{{’}3}4}1 u d 3 5 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged.

  24. How Onion Routing Works 1 2 u d 3 5 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged. • Stream is closed.

  25. How Onion Routing Works 1 2 u d 3 5 4 • u creates 3-hop circuit through routers (u.a.r.). • u opens a stream in the circuit to d. • Data are exchanged. • Stream is closed. • Circuit is changed every few minutes.

  26. Onion Routing • Provides • An infrastructure for Private Communication over a Public Network • Anonymity of endpoints of communication • Bi-directional and near real-time communication • Resistance to eavesdropping from • Network • Outside Observers of the network • Can be substituted for sockets

  27. ProtocolOperation • Establish Anonymous connection through a series of ORs (Onion Router) instead of a direct socket connection to the destination. • “Initiator” makes a socket connection to an Application Specific Proxy on first OR. • Onion Proxy defines the route • Constructs a layered structure (Onion) and sends it through the network to establish the Virtual Circuit (same as ATM Virtual Circuit Establishment with VPI/VCI). • Onion passes through the entire path to the responder proxy => all involved ORs are initialized with relevant information to encrypt/ decrypt forward/backward data. • Now, initiator’s proxy starts sending data through the anonymous connection.

  28. Protocol Operation (contd...) • Each layer of the onion defines a next hop in the route. • An OR, on receiving an onion • peels off its layer • chooses new values for incoming/outgoing VCIs. • identifies next hop • sends the embedded onion to that next hop OR. • Each Onion Layer also contains Keys • Keys are used for crypting data sent forward/backward. • When the onion bounces along, they are stored at each intermediate hop (i.e., OR). • Last OR forwards data to Responder’s Proxy that • Sits on the firewall of the responder’s sensitive site. • Passes data between ORN and the responder.

  29. The Onion (contd...) • What happens to the onion at each hop? • It shrinks in size • Compromised nodes can infer route information from this monotonically diminishing size. • So, a random bit string is appended to the end of the payload before forwarding. • Even ‘constant’ size onion might be traced unless all onions have the same size, so the size of the onion is (universally) standardized (fixed).

  30. Reply Onion • How to reply anonymously? • Send a reply onion embedded as payload in the forward onion • Responder proxy sends this Reply Onion on the reverse path till the Initiator’s Proxy • VC set-up by Forward Onion, so data path is already established. • The Reply Onion is • Exactly the same as the Forward onion except that the innermost payload has • Enough information to enable the initiator’s proxy to reach the initiator • All cryptographic function/key pairs that are to crypt data along the Virtual Circuit • Processing it is same as processing a Forward Onion • Usable only once • So multiple reply onions need to be sent if multiple replies are required.

  31. Crowd “blending into a crowd” i.e. hiding one’s actions within the actions of many others How does it work? jondo Request admittance Information to enable jondo to participate blender

  32. Crowd (contd...) Request from browser Crowd Geographically diverse group

  33. Crowd (features) • Data may be in the clear: no protection wrt global eavesdropper • No attempt to pad to avoid flow analysis, no attempt to prevent sender-receiver unlinkability • Used for web transactions: browser uses local johndo as proxy for itself, blender sends data of remote johndo’s to this johndo • Paths are selected randomly and hop-by-hop (not a priori circuit selection as in tor)

  34. Hordes • Take advantage of multicast communication • Destination address is a multicast group address, which provides receiver anonymity. • It is difficult to determine the membership of a multicast group. • Even if some group memberships are discovered, anonymity can still be provided.

  35. Hordes (contd...) • Simple protocol • Join a multicast group. • Initiator sends request using group address. • can use either crowds or onion routing for forward path • Server sends reply to the group address. • Initiator receives the reply. • Non-initiators just ignore the reply.

  36. Incomparable Public Keys • Take advantage of a novel public key scheme • Traditional scheme: one private key, one public key • The new scheme: one private key, but multiple public keys • Feature: one cannot tell whether two public keys map to the same or different private keys

  37. Incomparable Public Keys (contd…) • Plus multicast to provide encryption and anonymity • Join a multicast group. • Initiator sends request using group address with a public key. • Server sends reply, encrypted with the public key, to the group address. • Initiator receives the reply and decrypt it. • Non-initiators just ignore the reply. • Initiator sends request to thesame/another server using another public key

  38. Conclusion • What are anonymous communications? Why? • Four representative schemes • Onion Routing • Crowd • Hordes • Incomparable Public Keys

More Related