anonymous communication dc nets crowds onion routing
play

Anonymous Communication: DC-nets, Crowds, Onion Routing Simone - PowerPoint PPT Presentation

Dec 15, 2023 •471 likes •857 views

Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hbner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28 (10), October 1985 Who paid for the Dinner (anonymously)? (I) n Equal

  1. Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hübner PETs PhD course Spring 2012

  2. DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28 (10), October 1985

  3. Who paid for the Dinner (anonymously)? (I) n Equal number of differences ó NSA paid = = ≠ ≠ T H T T T T = =

  4. Who paid for the Dinner (anonymously)? (II.a) n Odd number of differences ó one cryptographer paid As I paid, I As I paid, I = ≠ ≠ say the say the opposite: ≠ opposite: ≠ T H T T T T As I paid, = I say the opposite: ≠

  5. Who paid for the Dinner (anonymously)? (II.b) n Odd number of differences ó one cryptographer paid As I paid, I As I paid, I As I paid, I = ≠ say the say the say the opposite: ≠ opposite: ≠ opposite: = T H T T T T = =

  6. DC-nets: Perfect sender anonymity through Binary superposed sending and broadcast

  7. Anonymity preserving multi- access protocols

  8. Anonymity preserving multi- access protocols (cont.)

  9. Implementation-Example: Local-Area Ring Networks

  10. DC nets - Review n Protection properties: n Perfect sender anonymity through superposed sending (message bits are hidden by one-time pad encryption) n Message secrecy through encryption n Recipient anonymity through broadcast and implicit addresses (addressee is user who can successfully decrypt message) n Problems: n Denial of Service attacks by DC-net participants (Defense: trap protocols) n Random key string distribution

  11. Crowds for anonymous Web- Transactions 1. User first joins a "crowd" of other users, where he is represented by a "jondo" process on his local machine 2. User configures his browser to employ the local jondo as a proxy for all new services 3. User´s request is passed by the jondo to a random member of the crowd 4. That member can either submit the request directly to the web server or forward it to another randomly (with pf> 1/2) chosen user. -> Request is eventually submitted by a random member

  12. Communication Paths in Crowds 6 1 3 5 5 1 2 6 2 3 4 4 Communications between jondos is encrypted with keys shared between jondos

  13. Anonymity degrees in Crowds Absolute Privacy: The attacker cannot distinguish the situations in n which a potential sender sent a message and those in which he did not Beyond suspicion: sender appears no more likely to be originator of n a message than any other potential sender in the system Probably innocense: sender appears no more likely to be originator n than not to be the originator Possible innocense: There is a non-trival possibility that the sender n is someone else Exposed: Attacker can identify sender n

  14. Anonymity Properties in Crowds n: Number of Crowds members

  15. Crowds -Review n Sender anonymity against: n end web servers n other Crowd members n eavesdroppers n Limitations: n No protection against “global” attackers, timing/message length correlation attacks n Web server´s log may record submitting jondo´s IP address as the request originator´s address n Request contents are exposed to jondos on the path n Anonymising service can be circumvented by Java Applets, Active X controls n Performance overhead (increased retrieval time, network traffic and load on jondo machines) n No defend against DoS-attacks by malicious crowd members

  16. Onion Routing Onion = Object with layers of public key encryption to produce n anonymous bi-directional virtual circuit between communication partners and to distribute symmetric keys Initiator's proxy constructs “forward onion” which encapsulates a n route to the responder (Faster) symmetric encryption for data communication via the circuit n U X Z Y Z X Y Z Y Z

  17. Forward Onion for route W-X-Y-Z: X exp-time x , Y, F fx , K fx , F bx , K bx Y exp-time y , Z, F fy , K fy , F by , K by , Z exp_time z , NULL, F fz , K fz , F bz , K bz , PADDING Each node N receives (PK N = public key of node N): {exp-time, next-hop, F f , K f , F b , K b , payload} PK N n exp-time: expiration time n next_hop: next routing node n (F f , K f ) : function / key pair for symmetric encryption of data moving n forward in the virtual circuit (F b , K b ) : function/key pair for symmetric encryption of data moving n backwards in the virtual circuit payload: another onion (or null for responder´s proxy) n

  18. Virtual circuit creation and communication Create command accompanies an Onion: If node n receives onion, it peels off one layer, keeps forward/ backward encryption keys, it chooses a virtual circuit (vc) identifier and sends create command+ vc identifier + (rest of) onion to next hop. It stores the vc identifier it receives and the one that it n sent out as a pair. Until circuit is destroyed -> whenever it receives data on n one connection, it sends it off to the other Forward encryption is applied to data moving in the n forward direction, backward encryption is applied in the backward direction

  19. Example: Virtual Circuit with Onion Routing Send data by the use of send command: Data sent by the initiator is ” pre- encrypted ” prepeatedly by his proxy. If W receives data sent back by Z, it applies the inverse of the backward cryptographic operations (outermost first).

  20. Onion Routing - Review n Functionality: n Hiding of routing information in connection oriented communication relations n Nested public key encryption for building up virtual circuit n Expiration_time field reduces costs of replay detection n Dummy traffic between Mixes (Onion Routers) n Limitations: n First/Last-Hop Attacks by n Timing correlations n Message length (No. of cells sent over circuit)

  21. TOR (2nd Generation Onion Router – www.torproject.org )

  22. First Step TOR client obtains a list of TOR nodes from a directory server n Directory servers maintain list of which onion routers are up, n their locations, current keys, exit policies, etc. TOR client Directory server

  23. TOR circuit setup n Client proxy establishes key + circuit with Onion Router 1 TOR client

  24. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n TOR client proxy

  25. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n Etc. n TOR client proxy

  26. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n Etc. n Client applications connect and communicate over TOR circuit n TOR client proxy

  27. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n Etc. n Client applications connect and communicate over TOR circuit n TOR client proxy

  28. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n Etc. n Client applications connect and communicate over TOR circuit n TOR client proxy

  29. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n Etc. n Client applications connect and communicate over TOR circuit n TOR client proxy

  30. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n Etc. n Client applications connect and communicate over TOR circuit n TOR client proxy

  31. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n Etc. n Client applications connect and communicate over TOR circuit n TOR client proxy

  32. TOR circuit setup Client proxy establishes key + circuit with Onion Router 1 n Proxy tunnels through that circuit to extend to Onion Router 2 n Etc. n Client applications connect and communicate over TOR circuit n TOR client proxy

  33. TOR: Building up a two-hop circuit and fetching a web page Alice Link is TLS-encrypted Link is TLS-encrypted Unencrypted Web site OR 1 OR 2 Create c1, E (g x1 ) Created c1, g y1 , H(K1) Relay c1 {Extend, OR2, E (g x2 )} Create c2, E (g x2 ) Relay c1 {Extended, g y2 , H(K2)} Created c2, g y2 , H(K2) Relay c1 {{Begin <website<:80}} Relay c2 {Begin <website<:80} (TCP handshake) Relay c1 {{Connected}} Relay c2 {Connected} Relay c1 {{Data, HTTP Get...}} Relay c2 {Data, HTTP Get...} HTTP Get... Relay c2 {Data, (response)} (response) Relay c1 {{Data, (response)}} Legend: E(x): RSA encryption {X}: AES encryption cN: a circuit ID

  34. TOR - Review n Some improvemnets in comparision with Onion Routing: n Perfect forward secrecy n Resistant to replay attacks n Many TCP streams can share one circuit n Seperation of ” protocol cleaning ” from anonymity: n Standard SOCKS proxy interface (instead of having a seperate application proxy for each application) n Content filtering via Privoxy n Directory servers n Variable exit policies n End-to-end integrity checking n Hidden services n Still vulnerable to end-to-end timing and size correlations

Recommend

ANDaNA: Onion Routing for NDN Steve DiBenedetto Colorado State University ANDaNA: Anonymous

ANDaNA: Onion Routing for NDN Steve DiBenedetto Colorado State University ANDaNA: Anonymous

ANDaNA: Onion Routing for NDN Steve DiBenedetto Colorado State University ANDaNA: Anonymous Named Data Networking Application NDSS 12 Steven DiBenedetto, Paolo Gasti, Gene Tsudik, Ersin Uzun Information Linkage &amp; Leakage I:

820 views • 52 slides
Mix-Nets Lecture 19 Some tools for electronic-voting (and other things) Mix-Nets Mix-Nets

Mix-Nets Lecture 19 Some tools for electronic-voting (and other things) Mix-Nets Mix-Nets

Mix-Nets Lecture 19 Some tools for electronic-voting (and other things) Mix-Nets Mix-Nets Originally proposed by Chaum (1981) for anonymous communication Mix-Nets Originally proposed by Chaum (1981) for anonymous communication Input: a

1.65k views • 120 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi &amp; Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
The Wisdom of Crowds: attacks and optimal constructions George Danezis 1 Claudia Diaz 2 asper 2

The Wisdom of Crowds: attacks and optimal constructions George Danezis 1 Claudia Diaz 2 asper 2

Outline Anonymous Peer-to-Peer Routing via Crowds The Always Down-or-Up Scheme (ESORICS 08) Optimality of Crowds The Wisdom of Crowds: attacks and optimal constructions George Danezis 1 Claudia Diaz 2 asper 2 Emilia K Carmela Troncoso 2 1

357 views • 15 slides
Anonymous Communication Martijn Terpstra &amp; Max Tijssen Introduction 1. Definition of

Anonymous Communication Martijn Terpstra &amp; Max Tijssen Introduction 1. Definition of

Anonymous Communication Martijn Terpstra &amp; Max Tijssen Introduction 1. Definition of anonymity 2. Reasons 3. Problems 4. Legal issues and implications 5. PETs 6. Crowds 7. I2P Definition of anonymity The state or quality

607 views • 36 slides
Cashmere: Resilient Anonymous Routing Li Zhuang (U.C. Berkeley) Feng Zhou (U.C. Berkeley)

Cashmere: Resilient Anonymous Routing Li Zhuang (U.C. Berkeley) Feng Zhou (U.C. Berkeley)

Cashmere: Resilient Anonymous Routing Li Zhuang (U.C. Berkeley) Feng Zhou (U.C. Berkeley) Ben Y. Zhao (U. C. Santa Barbara) Antony Rowstron (Microsoft Research UK) Andrzej Skalski Plan What is anonymous routing Traditional

383 views • 36 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 16ss 1 / 38 Outline Introduction Trust architecture Protocols Attacks

879 views • 47 slides
iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste

iLab Onion Routing Benjamin Hof hof@in.tum.de Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen Lab 9 18ss 1 / 36 Outline Introduction Trust architecture Protocols Attacks

663 views • 45 slides
(and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161

(and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161

CS161 Computer Security Weaver and Popa (and How To Break It) Nicholas C Weaver 1 Tor: The Onion Router Anonymous Websurfing CS 161 Computer Security Weaver and Popa Tor actually encompasses many di ff erent components The Tor

599 views • 46 slides
Geo Routing in ad hoc nets References: Brad Karp and H.T. Kung GPSR: Greedy

Geo Routing in ad hoc nets References: Brad Karp and H.T. Kung GPSR: Greedy

Geo Routing in ad hoc nets References: Brad Karp and H.T. Kung GPSR: Greedy Perimeter Stateless Routing for Wireless Networks, Mobicom 2000 M. Zorzi, R.R. Rao, ``Geographic Random Forwarding (GeRaF) for ad hoc and

313 views • 14 slides
Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Motivation Anonymous Communication NISAN Torsk Conclusion Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt theri@mailbox.tu-berlin.de Seminar Computer Security Technische Universitt Berlin 28 July 2011

390 views • 17 slides
Clock Routing Problem Formulation Specialized algorithms are required for clock (and power

Clock Routing Problem Formulation Specialized algorithms are required for clock (and power

Clock Routing Problem Formulation Specialized algorithms are required for clock (and power nets) due to strict specifications for routing such nets. Better to develop specialized routers for these nets. Do not over-complicate the

874 views • 37 slides
Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University https://www.torproject.org/about/overview.html We and but... and C loud-based O nion

822 views • 80 slides
Routing Routing is done by the network layer protocol to guide packets through the communication

Routing Routing is done by the network layer protocol to guide packets through the communication

Routing Routing is done by the network layer protocol to guide packets through the communication subnet to their destinations The time when routing decisions are made depends on whether we are using virtual circuits or datagrams connections

664 views • 35 slides
Onion Routing Meant to handle issue of people knowing who youre talking to Basic idea

Onion Routing Meant to handle issue of people knowing who youre talking to Basic idea

Onion Routing Meant to handle issue of people knowing who youre talking to Basic idea is to conceal sources and destinations By sending lots of crypo-protected packets between lots of places Each packet goes through multiple

366 views • 20 slides
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2,

Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2,

Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 oday Goals For T State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored Adversaries Anonymous

974 views • 58 slides
Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon

Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon

Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon Oya , Carmela Troncoso and Fernando Prez-Gonzlez Introduction Anonymous channels hide correspondences (input/output). Dummies are a common

402 views • 18 slides
Routing Topology Algorithms Mustafa Ozdal 1 Introduction How to connect nets with multiple

Routing Topology Algorithms Mustafa Ozdal 1 Introduction How to connect nets with multiple

Routing Topology Algorithms Mustafa Ozdal 1 Introduction How to connect nets with multiple terminals? Net topologies needed before point-to-point routing between terminals. Several objectives: Minimum wirelength Best timing

950 views • 48 slides
guard sets for onion routing Jamie Hayes - joint work with George Danezis University College

guard sets for onion routing Jamie Hayes - joint work with George Danezis University College

guard sets for onion routing Jamie Hayes - joint work with George Danezis University College London j.hayes@cs.ucl.ac.uk why does tor exist? Encryption conceals the data - not the metadata. Tor attempts to hide this metadata by

682 views • 36 slides
Contents l Group Communication l Repetition: Unicast routing (brief) Multicast l Multicast routing

Contents l Group Communication l Repetition: Unicast routing (brief) Multicast l Multicast routing

Contents l Group Communication l Repetition: Unicast routing (brief) Multicast l Multicast routing G Concepts Datakommunikation, G Intra domain ( and inter domain) pbyggnad VT-01 l (Transport protocol) Jerry Eriksson Group Communication

598 views • 14 slides
DISSENT: Accountable, Anonymous Communication Joan Feigenbaum

DISSENT: Accountable, Anonymous Communication Joan Feigenbaum

DISSENT: Accountable, Anonymous Communication Joan Feigenbaum http://www.cs.yale.edu/homes/jf/ Joint work with Bryan Ford (PI), Henry Corrigan Gibbs, Ramakrishna Gummadi, Aaron

802 views • 59 slides
Detailed Routing Detailed Routing Find actual geometric layout of each net within assigned

Detailed Routing Detailed Routing Find actual geometric layout of each net within assigned

Detailed Routing Detailed Routing Find actual geometric layout of each net within assigned routing regions. No layouts of two different nets should intersect on the same layer. Problem is solved incrementally, one region at a time in

594 views • 57 slides
Dropping on the Edge: Flexibility and Dropping on the Edge: Flexibility and Trac Conrmation

Dropping on the Edge: Flexibility and Dropping on the Edge: Flexibility and Trac Conrmation

7/25/2019 PoPET s18 Dropping on the Edge: Flexibility and Dropping on the Edge: Flexibility and Trac Conrmation in Onion Routing Trac Conrmation in Onion Routing Protocols Protocols Florentin Rochet and Olivier Pereira

573 views • 21 slides
The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in

The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in

The Onion Router (Tor): Onion Encryption Served Three Ways Martijn Stam COINS Winterschool in Finse, May 2019 2 Tor: The Second-Generation Onion Router Dingledine, Mathewson, Syverson (Usenix04) What is Tor Tor is a tool to advance

1.01k views • 88 slides

More recommend