anonymous communication and internet freedom
play

Anonymous Communication and Internet Freedom CS 161: Computer - PowerPoint PPT Presentation

Feb 14, 2023 •379 likes •974 views

Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 oday Goals For T State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored Adversaries Anonymous

  1. Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013

  2. oday Goals For T • State-sponsored adversaries • Anonymous communication • Internet censorship

  3. State-Sponsored Adversaries

  6. Anonymous Communication

  7. Anonymity • Anonymity: Concealing your identity • In the context of the Internet, we may want anonymous communications – Communications where the identity of the source and/or destination are concealed • Not to be confused with confidentiality – Confidentiality is about contents, anonymity is about identities

  8. Anonymity • Internet anonymity is hard* – Difficult if not impossible to achieve on your own – Right there in every packet is the source and destination IP address – * But it’s easy for bad guys. Why? • You generally need help • State of the art technique: Ask someone else to send it for you – (Ok, it’s a bit more sophisticated than that…)

  9. Proxies • Proxy: Intermediary that relays our traffic • Trusted 3 rd party, e.g. …

  11. Proxies • Proxy: Intermediary that relays our traffic • Trusted 3 rd party, e.g. … hidemyass.com – You set up an encrypted VPN to their site – All of your traffic goes through them • Why easy for bad guys? Compromised machines as proxies.

  12. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob.

  13. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA {M,Bob} K HMA

  14. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA {M,Bob} K HMA

  15. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA {M,Bob} K HMA

  16. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA Bob {M,Bob} K HMA M

  17. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA Bob {M,Bob} K HMA M HMA accepts messages encrypted for it. Extracts destination and forwards.

  18. Proxies • Proxy: Intermediary that relays our traffic • Trusted 3 rd party, e.g. … hidemyass.com – You set up an encrypted VPN to their site – All of your traffic goes through them – Why easy for bad guys? Compromised machines as proxies. • Issues? – Performance – $80-$200/year – “Trusted 3 rd Party” – rubber hose cryptanalysis • Government comes a “calling” (Or worse) • HMA knows Alice and Bob are communicating • Can we do better?

  19. Onion Routing

  20. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”)

  21. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie

  22. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  23. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  24. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  25. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  26. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice HMA {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  27. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie • As long as any of the mixes is honest, no one can link Alice with Bob Alice HMA Charlie {{M, Bob} K Dan ,Dan} K Charlie {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA {M, Bob} K Dan Note: this is what the industrial-strength T or Bob Dan anonymity service uses. M ( It also provides bidirectional communication) Key concept: No one relay knows both you and the destination!

  28. Demo • Four volunteers, please

  29. Demo • Look under your seat – if you find an envelope and index card, you’re in! – What advice would you like to give to a student taking (or considering taking) CS 161 in a future semester? Write your advice on the index card. Put it in the small envelope. Address the small envelope to a random Tor relay (2 nd hop), and put it in the large envelope, addressed to another Tor relay (1 st hop). • Tor relays: – When you receive an envelope, open it. If it’s an envelope, pass on its contents to the next hop. If it’s an index card, pass it to me. • Everyone else: you’re an Internet router. Help pass envelopes on to their destination.

  30. Demo • Look under your seat – if you find an envelope and index card, you’re in! – What advice would you like to give to a student taking (or considering taking) CS 161 in a future semester? Write your advice on the index card. Put it in the small envelope. Address the small envelope to a random Tor mix (2 nd hop), and put it in the large envelope, addressed to another Tor mix (1 st hop). • Tor mixes: – When you receive an envelope, open it. If it’s an envelope, pass on its contents to the next hop. If it’s an index card, pass it to me. • Everyone else: you’re an Internet router. Help pass envelopes on to their destination.

  31. Onion Routing Issues/Attacks? • Performance: message bounces around a lot • Attack: rubber-hose cryptanalysis of mix operators – Defense: use mix servers in different countries • Though this makes performance worse :-( • Attack: adversary operates all of the mixes – Defense: have lots of mix servers (Tor today: ~2,000) • Attack: adversary observes when Alice sends and when Bob receives, links the two together – A side channel attack – exploits timing information – Defenses: pad messages, introduce significant delays • Tor does the former, but notes that it’s not enough for defense

  32. Internet Censorship

  33. Internet Censorship • The suppression of Internet communication that may be considered “objectionable,” by a government or network entity • This is frequently (but not exclusively) related to authoritarian regimes • We’re going to skip the politics (sorry), and go to the technical meat

  34. Take these labels with a grain of salt. Read the report for yourself Source: http://www.freedomhouse.org/sites/default/files/FOTN%202012%20summary%20of%20findings.pdf

  35. HOWTO: Censorship • Requirements: – Operate in real time inside of your network – Examine large amounts of network traffic – Be able to block traffic based on black lists, signatures, or behaviors • Sounds a lot like a NIDS… – Spoiler alert: These systems are basically NIDS

  36. On-Path Censor Client Server

  37. On-Path Censors • On-Path device gets a copy of every packet – Packets are forwarded on before the on-path device can act (Wait, what?) • What can we do if we’ve already forwarded the packet?

  38. On-Path Censor Client Server

  39. On-Path Censor RST RST Client Server This is how the elements of the Great Firewall of China operate

  40. Evasion • Evading keyword filters – NIDS evasion techniques: TTLs, overlapping segments, etc. (see lecture 3/10) – Or, simpler: Encryption! • So that’s it right? We’ll just encrypt everything, they can’t stop that ri…

  43. Evasion • Evading keyword filters – NIDS evasion techniques: TTLs, overlapping segments, etc. (see lecture 3/10) – Or, simpler: Encryption! • So that’s it right? We’ll just encrypt everything, they can’t stop that right wrong • This is called an arms race

  44. Evasion • Evading both keyword and IP/Domain blacklists – Simple approach: Use a VPN • If encryption is not banned this is a great solution • Con: Easy to ban the VPN IP , especially if it’s public – More robust approach • Use an onion router like Tor – Despite being built for anonymity, it has good censorship resistance properties – T or is the defacto standard for censorship resistance

  45. Constant arms race between Tor and censoring governments

Recommend

Ethics of Internet Freedom Promotion Welcome to the World of Human Rights: Please Make Yourself

Ethics of Internet Freedom Promotion Welcome to the World of Human Rights: Please Make Yourself

Ethics of Internet Freedom Promotion Welcome to the World of Human Rights: Please Make Yourself Uncomfortable Henry Corrigan-Gibbs and Bryan Ford Yale University Internet Freedom Internet freedom tools Censorship circumvention Online

517 views • 9 slides
Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Motivation Anonymous Communication NISAN Torsk Conclusion Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt theri@mailbox.tu-berlin.de Seminar Computer Security Technische Universitt Berlin 28 July 2011

390 views • 17 slides
CEO & Co-Founder VR is a disruptor like the Internet or Smartphone, will grow to billions

CEO & Co-Founder VR is a disruptor like the Internet or Smartphone, will grow to billions

CEO & Co-Founder VR is a disruptor like the Internet or Smartphone, will grow to billions users over next 10 years Disruptive for 2 reasons: degrees of input freedom, natural communication General use for communication and

232 views • 5 slides
Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network connecting computers all over the world Data is sent in packets between machines Communication between computers is routed using the Internet

464 views • 7 slides
Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon

Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon

Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon Oya , Carmela Troncoso and Fernando Prez-Gonzlez Introduction Anonymous channels hide correspondences (input/output). Dummies are a common

402 views • 18 slides
Freedom of Speech & The Internet Andrew Lewman andrew@torproject.org October 20, 2009

Freedom of Speech & The Internet Andrew Lewman andrew@torproject.org October 20, 2009

Freedom of Speech & The Internet Andrew Lewman andrew@torproject.org October 20, 2009 Universal Declaration of Human Rights Article 19 Everyone has the right to freedom of opinion and expression; this right includes freedom to hold

652 views • 40 slides
The Collateral Damage of Internet Censorship by DNS Injection Anonymous

The Collateral Damage of Internet Censorship by DNS Injection Anonymous

The Collateral Damage of Internet Censorship by DNS Injection Anonymous <zion.vlab@gmail.com> presented by Philip Levis 1 Basic Summary Great Firewall of China injects DNS responses to restrict access to domain names This

574 views • 43 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April

Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April

Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April 7, 2010 Universal Declaration of Human Rights Article 19 Everyone has the right to freedom of opinion and expression; this right includes freedom

745 views • 56 slides
DISSENT: Accountable, Anonymous Communication Joan Feigenbaum

DISSENT: Accountable, Anonymous Communication Joan Feigenbaum

DISSENT: Accountable, Anonymous Communication Joan Feigenbaum http://www.cs.yale.edu/homes/jf/ Joint work with Bryan Ford (PI), Henry Corrigan Gibbs, Ramakrishna Gummadi, Aaron

802 views • 59 slides
Internet censorship is everywhere Source:

Internet censorship is everywhere Source:

Internet censorship is everywhere Source: https://freedomhouse.org/report/freedom-net/freedom-net-2016 Commonly censored content Unapproved news (Fake News!!111) Wikipedia (usually partially) Facebook Google (all services), YouTube

539 views • 37 slides
Investigating Internet Controls with OONI Internet Freedom Festival, 7 th March 2017 Arturo

Investigating Internet Controls with OONI Internet Freedom Festival, 7 th March 2017 Arturo

Investigating Internet Controls with OONI Internet Freedom Festival, 7 th March 2017 Arturo Filast & Maria Xynou Free software project (under the Tor Project) aimed at empowering decentralized efforts in increasing transparency of

440 views • 29 slides
K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang 515030910412 ABSTRACT The rapid development of social communication network has increased the risk in privacy protection, the association between people has

385 views • 4 slides
Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ April 12, CFP 2005 Talk Outline Motivation: Why anonymous communication? Myth 1: This is only for privacy

488 views • 33 slides
PET PhD Course 2012 SWITS The Smart Grid and Anonymous Communication Mechanisms Leonardo

PET PhD Course 2012 SWITS The Smart Grid and Anonymous Communication Mechanisms Leonardo

PET PhD Course 2012 SWITS The Smart Grid and Anonymous Communication Mechanisms Leonardo Martucci Security and Networks Group, ADIT Department of Computer and Information Science About me EE Degree (95-00) + Master in EE (00-02)

625 views • 33 slides
Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven Project Electronic Frontier Foundation http://tor.eff.org/ 17 September 2005 Talk Outline Motivation: Why anonymous communication? Myth 1:

703 views • 47 slides
Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of

Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of

Anonymous Communication Martijn Terpstra & Max Tijssen Introduction 1. Definition of anonymity 2. Reasons 3. Problems 4. Legal issues and implications 5. PETs 6. Crowds 7. I2P Definition of anonymity The state or quality

607 views • 36 slides
How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary,

How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary,

How to Bootstrap Anonymous Communication Sune K. Jakobsen 1 Claudio Orlandi 2 1 Queen Mary, University of London 2 Aarhus University January 16, 2016 How can you get anonymity? Contact a journalist or publisher, and tell them you want to be

561 views • 34 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
Recap: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet Scott E. Coull and Amos

Recap: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet Scott E. Coull and Amos

Recap: Tracking Anonymous Peer-to- Peer VoIP Calls on the Internet Scott E. Coull and Amos Wetherbee April 7, 2006 Encoding a bit Packet flow of n bits 1. Select 2r packets from the first n-d packets 2. at random d is used to prevent

599 views • 55 slides
Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hbner PETs PhD course

Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hbner PETs PhD course

Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hbner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28 (10), October 1985 Who paid for the Dinner (anonymously)? (I) n Equal

857 views • 37 slides
INTERNET FREEDOM FOUNDATION WHO WE ARE? Indias first homegrown digital rights advocacy group

INTERNET FREEDOM FOUNDATION WHO WE ARE? Indias first homegrown digital rights advocacy group

INTERNET FREEDOM FOUNDATION WHO WE ARE? Indias first homegrown digital rights advocacy group that will have global impact. People centred : IFF traces its origin to the SaveTheInternet.in campaign. We are oriented towards bridging the

365 views • 12 slides
MIMO Communication Multiple antennas create additional degree-of-freedom Limited by

MIMO Communication Multiple antennas create additional degree-of-freedom Limited by

Concurrent Channel Access and Estimation for Scalable Multiuser MIMO Networking Tsung-Han Lin and H.T. Kung IEEE INFOCOM 2013 MIMO Communication Multiple antennas create additional degree-of-freedom Limited by scattering environments

395 views • 28 slides
Chapter 8 Communication Networks and Services The TCP/IP Architecture The Internet Protocol

Chapter 8 Communication Networks and Services The TCP/IP Architecture The Internet Protocol

Chapter 8 Communication Networks and Services The TCP/IP Architecture The Internet Protocol Internet Addressing Address Resolution protocol Internet Control Message Prototocol Chapter 8 Communication Networks and Services The TCP/IP

809 views • 46 slides

More recommend