Download Anonymity Two - Computer Network Systems - Lecture Slides and more Slides Computer Networks in PDF only on Docsity!
Lecture 14:
Anonymity on the Web (cont)
Modified from Levente Buttyan, Michael K. Reiter and Aviel D. RubinDocsity.com
The sole mechanism of anonymity is blending and obfuscation.
The Mix approach
- Obfuscate the data
- Blend the data with cover traffic
The Onion Routing approach
- Obfuscate the data
- Use cell padding to make data look similar
The Crowds approach
- Data may be in clear text
- Hide in a group and make everyone in the group equally responsible for an act
Anonymity loves company
- User passes her request to a random member in the crowd.
- The selected router flips a biased coin with forwarding
probability pf.
- With probability (1- pf ) , it delivers the message directly
to destination. Otherwise it forwards the message to a randomly selected next router.
Crowds in operation : Communication
Use of encryption
A single path key is used for end-to-end encryption
At each node, path key is re-encrypted using link encryption
Fast stream cipher for encrypting reply traffic
Static Path
Dynamic paths hurt the anonymity achieved
Paths are changed during join and failure
Protection against timing attacks
Sender revealed if it is an immediate predecessor of malicious jondo.
Introduce delays for thwarting attacks
Distinct Characteristics of Crowds
- Content in plaintext Apply end-to-end encryption to protect content Limitation : Gathering multimedia content
- Restriction on using ActiveX controls etc. Current Internet landscape is different from this requirement
- Vulnerable to DoS attacks Malicious jondos can simply drop packets.
- Performance overhead Increased network traffic, increased retrieval time and load on jondos
- Deployment problem with firewalls
Limitations of Crowds
Chaum MIX
- goal – sender anonymity (for communication partner)
- unlinkability (for global eavesdropper)
- implementation { r, m } where m is the message and r is a random numberKMIX^ ^ MIX^ ^ m
9
MIX
- batches messages
- discards repeats
- changes order
- changes encoding
A real-time MIX network – Onion routing
- general purpose infrastructure for anonymous comm.
- supports several types of applications through the use of
application specific proxies
- operates over a (logical) network of onion routers
- onion routers are real-time Chaum MIXes
- messages are passed on nearly in real-time
- this may limit mixing and weaken the protection!
- onion routers are under the control of different administrative
domains
- makes collusion less probable
- anonymous connections through onion routers are built
dynamically to carry application data
- distributed, fault tolerant, and secure
11
Overview of architecture
12
application (initiator)
application (responder)
onion router
entry funnel
- multiplexes connections from onion proxies
exit funnel
- demultiplexes connections from the OR network
- opens connection to responder application and reports a one byte status msg back to the application proxy
long-term socket connections
application proxy
- prepares the data stream for transfer
- sanitizes appl. data
- processes status msg sent by the exit funnel
onion proxy
- opens the anonymous connection via the OR network
- encrypts/decrypts data
OR network setup and operation
- long-term socket connections between “neighboring” onion routers are
established links
- neighbors on a link setup two DES keys using the Station-to-Station
protocol (one key in each direction)
- several anonymous connections are multiplexed on a link
- connections are identified by a connection ID (ACI)
- an ACI is unique on a link, but not globally
- every message is fragmented into fixed size cells (48 bytes)
- cells are encrypted with DES in OFB mode (null IV)
- optimization: if the payload of a cell is already encrypted (e.g., it carries part of an onion) then only the cell header is encrypted
- cells of different connections are mixed
- but order of cells of each connection is preserved
14
6 5 4 3 2 1
4 3 2 1
mixing
6 5 4 4 3 3 2 2 1 1
Anonymous connection setup
• upon a new request, the application proxy
- decides whether to accept the request
- opens a socket connection to the onion proxy
- passes a standard structure to the onion proxy
- standard structure contains
- application type (e.g., HTTP, FTP, SMTP, …)
- retry count (number of times the exit funnel should retry connecting to the destination)
- format of address that follows (e.g., NULL terminated ASCII string)
- address of the destination (IP address and port number)
- waits response from the exit funnel before sending application data 15
Anonymous connection setup
17
application (responder)
onion proxy
onion
Anonymous connection setup
18
application (responder)
onion proxy
onion
bwd: entry funnel, crypto fns and keys fwd: blue, ACI = 12, crypto fns and keys
Anonymous connection setup
20
application (responder)
onion proxy
onion
bwd: magenta, ACI = 12, crypto fns and keys fwd: green, ACI = 8, crypto fns and keys
Anonymous connection setup
21
application (responder)
onion proxy
onion ACI = 8