Anonymity Two - Computer Network Systems - Lecture Slides, Slides of Computer Networks

During the first semester of our degree program, we study Computer Networks Fundamentals. These lecture slides are very informative for me. The major points which are core of course are:Anonymity Two, Anonymity Loves Company, Sole Mechanism, Anonymity, Mix Approach, Obfuscate the Data, Blend the Data, Onion Routing Approach, Obfuscate the Data, Cell Padding

Typology: Slides

2012/2013

Uploaded on 04/25/2013

avanti
avanti 🇮🇳

4.4

(11)

112 documents

1 / 27

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Lecture 14:
Anonymity on the Web (cont)
Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b

Partial preview of the text

Download Anonymity Two - Computer Network Systems - Lecture Slides and more Slides Computer Networks in PDF only on Docsity!

Lecture 14:

Anonymity on the Web (cont)

Modified from Levente Buttyan, Michael K. Reiter and Aviel D. RubinDocsity.com

The sole mechanism of anonymity is blending and obfuscation.

The Mix approach

  • Obfuscate the data
  • Blend the data with cover traffic

The Onion Routing approach

  • Obfuscate the data
  • Use cell padding to make data look similar

The Crowds approach

  • Data may be in clear text
  • Hide in a group and make everyone in the group equally responsible for an act

Anonymity loves company

  1. User passes her request to a random member in the crowd.
  2. The selected router flips a biased coin with forwarding

probability pf.

  1. With probability (1- pf ) , it delivers the message directly

to destination. Otherwise it forwards the message to a randomly selected next router.

Crowds in operation : Communication

Use of encryption

A single path key is used for end-to-end encryption

At each node, path key is re-encrypted using link encryption

Fast stream cipher for encrypting reply traffic

Static Path

Dynamic paths hurt the anonymity achieved

Paths are changed during join and failure

Protection against timing attacks

Sender revealed if it is an immediate predecessor of malicious jondo.

Introduce delays for thwarting attacks

Distinct Characteristics of Crowds

  • Content in plaintext Apply end-to-end encryption to protect content Limitation : Gathering multimedia content
  • Restriction on using ActiveX controls etc. Current Internet landscape is different from this requirement
  • Vulnerable to DoS attacks Malicious jondos can simply drop packets.
  • Performance overhead Increased network traffic, increased retrieval time and load on jondos
  • Deployment problem with firewalls

Limitations of Crowds

Chaum MIX

  • goal – sender anonymity (for communication partner)
    • unlinkability (for global eavesdropper)
  • implementation { r, m } where m is the message and r is a random numberKMIX^ ^ MIX^ ^ m

9

MIX

  • batches messages
  • discards repeats
  • changes order
  • changes encoding

A real-time MIX network – Onion routing

  • general purpose infrastructure for anonymous comm.
    • supports several types of applications through the use of

application specific proxies

  • operates over a (logical) network of onion routers
    • onion routers are real-time Chaum MIXes
      • messages are passed on nearly in real-time
        • this may limit mixing and weaken the protection!
    • onion routers are under the control of different administrative

domains

  • makes collusion less probable
  • anonymous connections through onion routers are built

dynamically to carry application data

  • distributed, fault tolerant, and secure

11

Overview of architecture

12

application (initiator)

application (responder)

onion router

entry funnel

  • multiplexes connections from onion proxies

exit funnel

  • demultiplexes connections from the OR network
  • opens connection to responder application and reports a one byte status msg back to the application proxy

long-term socket connections

application proxy

  • prepares the data stream for transfer
  • sanitizes appl. data
  • processes status msg sent by the exit funnel

onion proxy

  • opens the anonymous connection via the OR network
  • encrypts/decrypts data

OR network setup and operation

  • long-term socket connections between “neighboring” onion routers are

established  links

  • neighbors on a link setup two DES keys using the Station-to-Station

protocol (one key in each direction)

  • several anonymous connections are multiplexed on a link
    • connections are identified by a connection ID (ACI)
    • an ACI is unique on a link, but not globally
  • every message is fragmented into fixed size cells (48 bytes)
  • cells are encrypted with DES in OFB mode (null IV)
    • optimization: if the payload of a cell is already encrypted (e.g., it carries part of an onion) then only the cell header is encrypted
  • cells of different connections are mixed
    • but order of cells of each connection is preserved

14

6 5 4 3 2 1

4 3 2 1

mixing

6 5 4 4 3 3 2 2 1 1

Anonymous connection setup

• upon a new request, the application proxy

  • decides whether to accept the request
  • opens a socket connection to the onion proxy
  • passes a standard structure to the onion proxy
  • standard structure contains
    • application type (e.g., HTTP, FTP, SMTP, …)
    • retry count (number of times the exit funnel should retry connecting to the destination)
    • format of address that follows (e.g., NULL terminated ASCII string)
    • address of the destination (IP address and port number)
  • waits response from the exit funnel before sending application data 15

Anonymous connection setup

17

application (responder)

onion proxy

onion

Anonymous connection setup

18

application (responder)

onion proxy

onion

bwd: entry funnel, crypto fns and keys fwd: blue, ACI = 12, crypto fns and keys

Anonymous connection setup

20

application (responder)

onion proxy

onion

bwd: magenta, ACI = 12, crypto fns and keys fwd: green, ACI = 8, crypto fns and keys

Anonymous connection setup

21

application (responder)

onion proxy

onion ACI = 8