1 / 26

Modelling and Analysing of Security Protocol: Lecture 10

This lecture covers practical and theoretical anonymity, protocols like Dinning Cryptographers and Crowds, Onion Routing and Tor System, Mix Networks, and Anonymous File-sharing Systems.

rsteiner
Télécharger la présentation

Modelling and Analysing of Security Protocol: Lecture 10

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modelling and Analysing of Security Protocol: Lecture 10Anonymity: Systems

  2. Today’s Lecture • Practical course issues. • Theoretical anonymity. • Dinning Cryptographers Protocol • Definitions of Anonymity • The Crowds Protocol BREAK • Practical anonymous systems • Onion Routing and the Tor System • Mix Networks • Anonymous File-sharing Systems: MUTE • Anonymous Publishing: Freenet

  3. server Crowds • A crowd is a group of n nodes • The initiator selects randomly a node (called forwarder) and forwards the request to it • A forwarder: • With prob. 1-pf selectsrandomly a new node andforwards the request to him • With prob. pf sends therequest to the server

  4. Crowds • The sender is beyond suspicion to the server. • Some of the nodes could be corrupted. • The initiator could forward the message to a corrupted node. • The sender has probable innocence to other nodes.

  5. Crowds • Problem: many people won’t forward traffic for others. • A practical system has to make forwarding traffic for others optional or controllable. server

  6. Onion Routing • Each node makes its key public • The initiator selects the whole route and encrypts the message with all keys in reverse order • Each node unwraps a layer and forwards the message to the next one {3,{server,m}k3}k2 {2,{3,{server,m}k3}k2}k1 1 2 {server,m}k3 m 3 server

  7. Onion Routing • Each node only learns the next one in the path • End-users can run their own node • Better anonymity • or use an existing one • More efficient • User's identity is revealed to the node

  8. Tor • Tor implement this protocol. • Several hundred volunteer nodes. • Firefox plug-in. • Managed by the US navy.

  9. Problems with Tor • You reveal you IP to the first node and the last node see who you are talking to. • If an attacker controls the first and the last node they may be able to match the packets using traffic analysis. • No anonymity from an attacker that monitors the whole network. • Some protocol broadcast their IP address

  10. MIXes • MIXes are proxies that forward messages between them • A user contacts a MIX to send a message • The MIX waits until it has received a number of messages, then forwards them in different order

  11. MIXes • It is difficult to trace the route of each message. • May provide beyond suspicion S-R unlinkability even to a global attacker. • Messages have to be delayed (can be solved with dummy traffic). • More complicated when sending series of packets

  12. Mutli-casting • Broadcast the message to the whole network. • Beyond suspicion for the receiver. • No anonymity for the sender. • Multicasting is a good technique for broadcasting messages .... but very inefficient to send just one message.

  13. Spoofed UDP • The from IP address is not used by routers, only by higher-level protocols such as TCP. • UDP does not have to use this address. • A random address can be used instead to provide sender anonymity. • Method prohibited by many ISPs.

  14. Anonymous File-Sharing system 800,000 downloads Appeal for donations Informal description Source code

  15. Peer-to-Peer File-Sharing In newer networks peers record the IP address of other peers. A searcher sends a request to all of it’s “neighbours”. This is forwarded to all of there neighbours, up to a fixed hops. A

  16. Peer-to-Peer File-Sharing The search request includes A’s IP address. Any peer with the requested file contacts A directly. Peer “A” may then request the file. A

  17. Peer-to-Peer File-Sharing No anonymity from peers inside the network: The search message gives the searcher’s IP address and name of the files they are looking for. By requesting a file, you can find out the IP address of all peers that are offering the file. A

  18. MUTE • MUTE removes the IP address from the file exchange. • Peers only know the IP address of their direct neighbours. • Peers choose random “pseudo ID”. • Files are not sent directly between peers. Instead files are sent via a number of peers. • MUTE uses a version of the “Ants” ad-hoc routing protocol.

  19. Anonymity Provided by MUTE • MUTE makes it hard to link the IP address of a peer with its pseudo ID. • Peers only know the ID address's of their direct neighbours, but not their pseudo ID. • The network should provide enough cover to let a neighbour deny using a particular ID. • If an attacker can completely surround a peer it looses anonymity.

  20. A A A A A A A A MUTE: Search The search takes place as before, but this time the message uses its pseudo ID as the “from ID”. Each peer builds a routing table by records the ID and the connection. A probabilistic time-to-live counter limits the search. A

  21. A B B A A A A B A A MUTE: Reply If B wants to reply it sends a message to A’s pseudo ID. This message is routed using the ad-hoc routing table. The route to B is also recorded B A A

  22. Un-forgeable Pseudo IDs • MUTE using a hash of using authentication keys as the peers pseudo IDs. • A peer generates a RSA signature key “kS” and an authentication key “kA”. • The message header now has the form: ( to ID, #(kA), message ID-time_stamp, FLAGS:(SkS(messageID-time_stamp), kA) )

  23. Freenet and Free Haven • There are a number of “anonymous publishing system”. • For example Freenet and the MIX based Free Haven. • These systems make the original author of a file anonymous, not the responder. • Nodes will often cache files.Therefore you can “trick” a node into storing and “offering” a file.

  24. Summary of methods

  25. Some Kinds of Attack • Timing attacks • System Membership • Time-to-Live Attacks (Mute, Mantis) • Multiple Attackers (Mute) • Statistical Attacks (MIXes) • Forced Repeat (Crowds) • Nodes Joining and Leaving • Denial of Service (Mute)

  26. Today’s Lecture • Practical course issues. • Theoretical anonymity. • Dinning Cryptographers Protocol • Definitions of Anonymity • The Crowds Protocol BREAK • Practical anonymous systems • Onion Routing and the Tor System • Mix Networks • Anonymous File-sharing Systems: MUTE • Anonymous Publishing: Freenet

More Related