anonymity and secure messaging fall 2016 ada adam lerner
play

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner - PowerPoint PPT Presentation

Sep 02, 2023 •462 likes •779 views

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

  1. CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Tor • Second-generation onion routing network – https://www.torproject.org/ – Now a large open source project with a non-profit organization behind it – Specifically designed for low-latency anonymous Internet communications • Running since October 2003 • “Easy-to-use” client proxy – Freely available, can use it for anonymous browsing 12/9/16 CSE 484 / CSE M 584 - Fall 2016 2

  3. Tor Browser Bundle • A single, downloadable browser app which does the right thing. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 3

  4. Tor Circuit Setup (1) • Client proxy establishes a symmetric session key and circuit with Onion Router #1 12/9/16 CSE 484 / CSE M 584 - Fall 2016 4

  5. Tor Circuit Setup (2) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #2 – Tunnel through Onion Router #1 12/9/16 CSE 484 / CSE M 584 - Fall 2016 5

  6. Tor Circuit Setup (3) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #3 – Tunnel through Onion Routers #1 and #2 12/9/16 CSE 484 / CSE M 584 - Fall 2016 6

  7. Using a Tor Circuit • Client applications connect and communicate over the established Tor circuit. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 7

  8. Tor Management Issues • Many applications can share one circuit – Multiple TCP streams over one anonymous connection • Tor router doesn’t need root privileges – Encourages people to set up their own routers – More participants = better anonymity for everyone • Directory servers – Maintain lists of active onion routers, their locations, current public keys, etc. – Control how new routers join the network • “Sybil attack”: attacker creates a large number of routers – Directory servers’ keys ship with Tor code 12/9/16 CSE 484 / CSE M 584 - Fall 2016 8

  9. Location Hidden Service • Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it • Accessible from anywhere • Resistant to censorship • Can survive a full-blown DoS attack • Resistant to physical attack – Can’t find the physical server! 12/9/16 CSE 484 / CSE M 584 - Fall 2016 9

  10. Creating a Location Hidden Server Server creates circuits To “introduction points” Client obtains service descriptor and intro point address from directory Server gives intro points ’ descriptors and addresses to service lookup directory 12/9/16 CSE 484 / CSE M 584 - Fall 2016 10

  11. Using a Location Hidden Server Rendezvous point Client creates a circuit If server chooses to talk to client, splices the circuits to a “rendezvous point” connect to rendezvous point from client & server Client sends address of the rendezvous point and any authorization, if needed, to server through intro point 12/9/16 CSE 484 / CSE M 584 - Fall 2016 11

  12. Attacks on Anonymity • Passive traffic analysis – Infer from network traffic who is talking to whom – To hide your traffic, must carry other people’s traffic! • Active traffic analysis – Inject packets or put a timing signature on packet flow • Compromise of network nodes – Attacker may compromise some routers – It is not obvious which nodes have been compromised • Attacker may be passively logging traffic – Better not to trust any individual router • Assume that some fraction of routers is good, don’t know which 12/9/16 CSE 484 / CSE M 584 - Fall 2016 12

  13. Deployed Anonymity Systems • Tor (http://tor.eff.org) – Overlay circuit-based anonymity network – Best for low-latency applications such as anonymous Web browsing • Mixminion (http://www.mixminion.net) – Network of mixes – Best for high-latency applications such as anonymous email • Not: YikYak J 12/9/16 CSE 484 / CSE M 584 - Fall 2016 13

  14. Some Caution • Tor isn’t completely effective by itself – Tracking cookies, fingerprinting, etc. – Exit nodes can see everything! 12/9/16 CSE 484 / CSE M 584 - Fall 2016 14

  15. Identifying Web Pages: Traffic Analysis Herrmann et al. “Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier” CCSW 2009 12/9/16 CSE 484 / CSE M 584 - Fall 2016 15

  16. OTR AND SECURE MESSAGING 12/9/16 CSE 484 / CSE M 584 - Fall 2016 16

  17. OTR – “Off The Record” • Protocol for end-to-end encrypted instant messaging • End-to-end: Only the endpoints can read messages. – PGP, iMessage, WhatsApp, and a variety of other services provide some form of end-to-end encryption today. (Borisov, Goldberg, Brewer 2014) 12/9/16 CSE 484 / CSE M 584 - Fall 2016 17

  18. OTR – “Off The Record” • End-to-end encryption • Authentication • Deniability, after the fact • Perfect Forward Secrecy 12/9/16 CSE 484 / CSE M 584 - Fall 2016 18

  19. OTR – “Off The Record” • End-to-end encryption • Authentication • Deniability/Repudability, after the fact • Perfect Forward Secrecy 12/9/16 CSE 484 / CSE M 584 - Fall 2016 19

  20. OTR: Deniability/Repudability Eve Bob Alice “Something incriminating” 12/9/16 CSE 484 / CSE M 584 - Fall 2016 20

  21. OTR: Deniability/Repudability • During a conversation session, messages are authenticated and unmodified. • Authentication happens using a MAC derived from a shared secret. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 21

  22. OTR: Deniability/Repudability • During a conversation session, messages are authenticated and unmodified. • Authentication happens using a MAC derived from a shared secret. • Q1 12/9/16 CSE 484 / CSE M 584 - Fall 2016 22

  23. OTR: Deniability/Repudability • Can’t prove the other person sent the message, because you also could have computed the MAC! 12/9/16 CSE 484 / CSE M 584 - Fall 2016 23

  24. OTR: Deniability/Repudability • Can’t prove the other person sent the message, because you also could have computed the MAC! • OTR takes this one step farther: After a messaging session is over, Alice and Bob send the MAC key publicly over the wire! 12/9/16 CSE 484 / CSE M 584 - Fall 2016 24

  25. OTR: Deniability/Repudability • Eve now knows the MAC key, so technically speaking, she also has the ability to forge messages from Alice or Bob. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 25

  26. Perfect Forward Secrecy Eve Bob Alice 12/9/16 CSE 484 / CSE M 584 - Fall 2016 26

  27. Perfect Forward Secrecy Public info, e.g. C1 Eve C2 C3 … Bob Alice Cn Secrets A Secrets B 12/9/16 CSE 484 / CSE M 584 - Fall 2016 27

  28. Perfect Forward Secrecy Public info, e.g. C1 Eve C2 C3 … Bob Alice Cn If Eve compromises Alice or Bob’s computers at a later date, we would like Secrets A Secrets B to prevent her from being able to learn what M1, M2, M3, etc. correspond to C1, C2, C3, etc. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 28

  29. OTR: Ratcheting • Idea: Use a new key for every session/ message/time period. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 29

  30. Signal • End-to-end encrypted chat/IM based on OTR • Provides variations on ratcheting, deniability, etc. • Widely used, public code, audited. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 30

Recommend

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

699 views • 54 slides
Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

622 views • 44 slides
Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

633 views • 47 slides
Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to

Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

1.29k views • 42 slides
Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu

Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

559 views • 41 slides
Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks

Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks

CSE 484 / CSE M 584: Computer Security and Privacy Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

807 views • 78 slides
Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner

Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

917 views • 55 slides
Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno,

577 views • 43 slides
Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam)

Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam)

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan

567 views • 38 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner

The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

870 views • 76 slides
Administrative Lab 2 is out please form groups of 1-3 and get to work, its due Nov 21!

Administrative Lab 2 is out please form groups of 1-3 and get to work, its due Nov 21!

CSE 484 / CSE M 584: Computer Security and Privacy XSS attacks Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly

940 views • 48 slides
We have all the pieces! Symmetric Encryption (privacy!) MACs (integrity!) Asymmetric

We have all the pieces! Symmetric Encryption (privacy!) MACs (integrity!) Asymmetric

CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly

872 views • 42 slides
Web Security! Big Picture: Browser and Network request website Browser reply OS Network

Web Security! Big Picture: Browser and Network request website Browser reply OS Network

CSE 484 / CSE M 584: Computer Security and Privacy CSRF and XSS attacks Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell,

1.29k views • 59 slides
Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter

813 views • 43 slides
CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet

654 views • 51 slides
Tamara Denning Adam Lerner Adam Shostack Tadayoshi Kohno

Tamara Denning Adam Lerner Adam Shostack Tadayoshi Kohno

Tamara Denning Adam Lerner Adam Shostack Tadayoshi Kohno University of Washington B ACKGROUND C ONTEXT Implantable medical devices Consumer technologies in the

1.12k views • 94 slides
Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones

Secure Communications Center (SCC) Secure Messaging and Location Tracking Smartphones Information Technology Security Location User Messaging Tracking Network * CEO A. Baar Akbay CFO PDM M. Melih H. Hakan Deirmenci Kahraman

371 views • 36 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements

Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements

Secure Messaging CS 161: Computer Security Prof. Raluca Ada Popa Nov 29, 2016 Announcements Homework 3 due Dec 2 Final Dec 15, 11:30-2:30 End-to-end encryption Encryption decryptable only by the ends Intermediary dont receive decryption

769 views • 30 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs 5:00-6:20PM Deian Stefan UC San Diego Who am I? New assistant professor PhD at Stanford (Mazieres & Mitchell) I like to build secure

896 views • 50 slides
A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital

A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital

Secure Public Instant Messaging Financial Cryptography - Feb 27, 2006 A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital Security Group Carleton University, Canada Mohammad Mannan Feb 27, 2006 1

399 views • 15 slides
The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution

The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution

Grape Chat Presentation 2019 The future of Messaging is integrated Secure and GDPR-ready video-, voice and chat solution that lives inside your favourite tools. The secure Autobahn of communication Integrate Grape with market leading

568 views • 25 slides

More recommend