communication privacy and censorship resistance
play

Communication Privacy and Censorship Resistance Vitaly Shmatikov - PowerPoint PPT Presentation

Jun 05, 2023 •30 likes •680 views

Communication Privacy and Censorship Resistance Vitaly Shmatikov Privacy on Public Networks Internet is designed as a public network Routing information is public IP packet headers identify source and destination Even a passive

  1. Communication Privacy and Censorship Resistance Vitaly Shmatikov

  2. Privacy on Public Networks • Internet is designed as a public network • Routing information is public – IP packet headers identify source and destination – Even a passive observer can easily figure out who is talking to whom • Encryption does not hide identities – Encryption hides payload, but not routing headers – Even IP-level encryption (VPNs, tunnel-mode IPsec) reveals IP addresses of gateways slide 2

  3. Chaum’s Mix • Early proposal for anonymous email – David Chaum . “Untraceable electronic mail, return addresses, and digital pseudonyms”. Communications of the ACM, February 1981. • Public-key crypto + trusted re-mailer (Mix) – Untrusted communication medium – Public keys used as persistent pseudonyms • Modern anonymity systems use Mix as the basic building block slide 3

  4. Basic Mix Design B {r 1 ,{r 0 ,M} pk(B) ,B} pk(mix) {r 0 ,M} pk(B) ,B A {r 5 ,M’’} pk(B) ,B C E {r 2 ,{r 3 ,M’} pk(E) ,E} pk(mix) {r 3 ,M’} pk(E) ,E D Mix Adversary knows all senders and {r 4 ,{r 5 ,M’’} pk(B) ,B} pk(mix) all receivers, but cannot link a sent message with a received message slide 4

  5. Mix Cascades and Mixnets • Messages are sent through a sequence of mixes – Can also form an arbitrary network of mixes (“mixnet”) • Some of the mixes may be controlled by attacker, but even a single good mix ensures anonymity • Pad and buffer traffic to foil correlation attacks slide 5

  6. Disadvantages of Basic Mixnets • Public-key encryption and decryption at each mix are computationally expensive • Basic mixnets have high latency – Ok for email, but not for Web browsing • Challenge: low-latency anonymity network – Use public- key crypto to establish a “circuit” with pairwise symmetric keys between hops – Then use symmetric decryption and re-encryption to move data along the established circuits slide 6

  7. • Second-generation onion routing network – http://tor.eff.org – Specifically designed for low-latency anonymous Internet communications (e.g., Web browsing) – Running since October 2003 • Hundreds of nodes on all continents • Over 2,500,000 users • “Easy -to- use” client – Freely available, can use it for anonymous browsing slide 7

  8. Tor Circuit Setup (1) • Client proxy establishes a symmetric session key and circuit with Onion Router #1 slide 8

  9. Tor Circuit Setup (2) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #2 – Tunnel through Onion Router #1 slide 9

  10. Tor Circuit Setup (3) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #3 – Tunnel through Onion Routers #1 and #2 slide 10

  11. Using a Tor Circuit • Client applications connect and communicate over the established T or circuit – Datagrams decrypted and re-encrypted at each link slide 11

  12. Tor Management Issues • Many TCP connections can be “multiplexed” over one anonymous circuit • Directory servers – Lists of active onion routers, their locations, current public keys, etc. – Control how new routers join the network • “Sybil attack”: attacker creates a large number of routers – Directory servers’ keys ship with Tor code slide 12

  13. Location Hidden Services • Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it • Accessible from anywhere • Resistant to censorship • Can survive a full-blown DoS attack • Resistant to physical attack – Can’t find the physical server! slide 13

  14. Deploying a Hidden Service Server creates circuits to “introduction points” Client obtains service descriptor and intro point address from directory Server gives intro points’ descriptors and addresses to service lookup directory slide 14

  15. Using a Hidden Service Client creates a circuit Rendezvous point If server chooses to talk to client, to a “rendezvous point” splices the circuits connect to rendezvous point from client & server Client sends address of the rendezvous point and any authorization, if needed, to server through intro point slide 15

  16. slide 16

  17. Silk Road Shutdown • Ross Ulbricht, alleged operator of the Silk Road Marketplace, arrested by the FBI on Oct 1, 2013 = ? slide 17

  18. Silk Road Shutdown Theories • A package of fake IDs from Canada traced to an apartment to San Francisco? • A fake murder-for-hire arranged by DPR? • A Stack Overflow question accidentally posted by Ulbricht under his real name? – “How can I connect to a Tor hidden service using curl in php?” – … a few seconds later, changed username to “frosty” – … oh, and the encryption key on the Silk Road server ends with the substring "frosty@frosty" • Probably not weaknesses in Tor slide 18

  19. Main (?) Tor Problem Traffic correlation and confirmation slide 19

  20. Traffic Confirmation Techniques • Congestion and denial-of-service attacks – Attack a Tor relay, see if circuit slows down • Throughput attacks • Latency leaks • Website fingerprinting slide 20

  21. Reading Material Johnson et al. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries CCS 2013 • Realistic model of T or adversaries, incorporating… – Autonomous systems (entities controlling sub- areas of the Internet) and Internet exchange points – Evolution of Internet topology over time – Traffic generated by typical applications over time slide 21

  22. Using Tor Circuits 1. Clients begin all circuits with a selected guard 2. Relays define individual exit policies 3. Clients multiplex streams over a circuit slide 22

  23. Using Tor Circuits 1. Clients begin all circuits with a selected guard 2. Relays define individual exit policies 3. Clients multiplex streams over a circuit 4. New circuits replace existing ones periodically slide 23

  24. Node Adversaries slide 24

  25. Link Adversaries Some ASes and IXPs handle much more AS8 traffic than others! AS7 AS6 AS6 AS1 AS3 AS4 AS5 AS2 Adversary has fixed location, may control one or more autonomous systems or Internet exchange points (IXP) slide 25

  26. Modeling User Behavior Session schedule Gmail/GChat Gcal/GDocs One session at Typical 9:00, 12:00, 15:00, and 18:00 Facebook Su-Sa Web search Repeated sessions IRC 8:00-17:00, M-F Repeated sessions BitTorrent 0:00-6:00, Sa-Su 20-minute traces slide 26

  27. TorPS: The Tor Path Simulator • Realistic client software model based on the current T or • Reimplemented path selection in Python • Major path selection features: – Bandwidth weighting – Exit policies – Guards and guard rotation – Hibernation – /16 and family conflicts slide 27

  28. Node Adversary Success Adversary with total 100 MiB/s bandwidth (83.3 guard, 16.7 exit) Time to first compromised stream Fraction of compromised streams slide 28

  29. Link Adversary Success Adversary controls one AS “best” = most secure client AS, “worst” = least secure Time to first compromised stream Fraction of compromised streams slide 29

  30. Not a Theoretical Threat! • Sybil attack + traffic confirmation • Earlier in 2014, two CMU CERT “researchers” added 115 fast relays to the T or network – Accounted for about 6.4% of available guards – Because of Tor’s guard selection algorithm, these relays became entry guards for a significant chunk of users over their five months of operation • The attackers then used these relays to stage a traffic confirmation attack slide 30

  31. RELAY_EARLY Cell Special control cell sent to the other end of the circuit (not just the next hop, like normal cell) Used to prevent building very long T or paths slide 31

  32. RELAY_EARLY Sent Backward Any number of RELAY_EARLY cells can be sent backward along the circuit No legitimate reason for this, just an oversight slide 32

  33. Traffic Confirmation Hidden service descriptor Wants to access a hidden service Malicious exit node encodes the name of hidden service in the pattern of relay and padding cells Malicious guard learns which hidden service the client is accessing slide 33

  34. Fighting Internet Censorship • Key use of anonymity networks – circumventing Internet censorship slide 34

  35. Using Tor for Circumvention Tor network Deep packet inspection Easily recognizable (DPI) at the network level Tor bridge Gateway Active probes “Classic” T or may not be effective anymore! The Non-Democratic Blocked Republic of Repressistan destination slide 35 35

  36. Let’s Play Hide -and-Seek For example, make this look like a Skype connection The Non-Democratic Republic of Repressistan slide 36 36

  37. Goal: Unobservability Censors should not be able to identify circumvention traffic, clients, or servers through passive, active, or proactive techniques slide 37

  38. Reading Material Houmansadr, Brubaker, Shmatikov The Parrot is Dead: Observing Unobservable Network Communications Oakland 2013 slide 38

  39. Unobservability by Imitation • “Parrot systems” imitate a popular protocol like Skype or HTTP – SkypeMorph (CCS 2012) – StegoTorus (CCS 2012) – CensorSpoofer (CCS 2012) slide 39

  40. What's, uh... What's wrong with it? 'E's dead, that's what's wrong with it! slide 40

Recommend

Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005

Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005

Tools for Censorship Resistance Rachel Greenstadt greenie@eecs.harvard.edu CIH2K5 March 2005 Tools for Censorship Resistance p.1/36 Overview Approaches to Censorship Circumvention methods Case study: China Censorship in a free

628 views • 36 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

654 views • 44 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

517 views • 23 slides
Security & Privacy in P2P Networks Niels Olof Bouvin 1 Overview Aspects of security*

Security & Privacy in P2P Networks Niels Olof Bouvin 1 Overview Aspects of security*

Security & Privacy in P2P Networks Niels Olof Bouvin 1 Overview Aspects of security* Venues of attack Techniques for anonymity & censorship resistance Securing a DHT *This is not the interesting part to talk about during the exam 2

964 views • 62 slides
Anonymity and Censorship Resistance Entry node Middle node Exit node Tor user Tor Node Tor

Anonymity and Censorship Resistance Entry node Middle node Exit node Tor user Tor Node Tor

Anonymity and Censorship Resistance Entry node Middle node Exit node Tor user Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Node Tor Network Encrypted tunnel Web server Unencrypted

575 views • 36 slides
Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship?

Regulation of Online Media: A Comparison Assumptions about censorship? What is censorship? History of Censorship Arguments for censorship Arguments against censorship What do we mean by media? AUSTRALIA Statutory Regulation Recent

566 views • 37 slides
Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of

Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of

Censorship and Self-Censorship in Research on the Iraq War By Michael Spagat Department of Economics Royal Holloway, University of London Presentation given at the International Studies Association 57 th annual convention, Atlanta, GA, March

504 views • 24 slides
bitmarkets anonymous decentralized markets with no trusted third parties problem centralized

bitmarkets anonymous decentralized markets with no trusted third parties problem centralized

bitmarkets anonymous decentralized markets with no trusted third parties problem centralized markets censorship no privacy high fees winner takes all solution decentralized markets no censorship more privacy no fees market diversity

250 views • 21 slides
K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang 515030910412 ABSTRACT The rapid development of social communication network has increased the risk in privacy protection, the association between people has

385 views • 4 slides
Securing the Tor Network Mike Perry Black Hat USA 2007 Defcon 2007 What is Tor? Volunteer

Securing the Tor Network Mike Perry Black Hat USA 2007 Defcon 2007 What is Tor? Volunteer

Securing the Tor Network Mike Perry Black Hat USA 2007 Defcon 2007 What is Tor? Volunteer run relay network designed for privacy, anonymity, and censorship resistance. Tor relays TCP connections (streams) Multiplexed on

225 views • 20 slides
How Communication Technologies Introduce Privacy Turbulence in Families During Late Adolescence

How Communication Technologies Introduce Privacy Turbulence in Families During Late Adolescence

How Communication Technologies Introduce Privacy Turbulence in Families During Late Adolescence Jessica Vitak, Yuting Liao, and Priya Kumar College of Information Studies, University of Maryland Privacy and Education Research Lab (PEARL) |

353 views • 17 slides
Censorship and surveillance in France Nicola Spanti 2015 Liberty - Equality Fraternity

Censorship and surveillance in France Nicola Spanti 2015 Liberty - Equality Fraternity

Censorship and surveillance in France Nicola Spanti 2015 Liberty - Equality Fraternity Censorship - Surveillance - Money Censorship Lets help our friends! There is nothing to see I have nothing to hide Panopticon Human rights?

298 views • 9 slides
Security and Privacy of Blockchain Protocols and Applications Sergei Tikhomirov

Security and Privacy of Blockchain Protocols and Applications Sergei Tikhomirov

Security and Privacy of Blockchain Protocols and Applications Sergei Tikhomirov Esch-sur-Alzette, Luxembourg, 17 September 2020 Part 1 Introduction Problems with government-controlled money Unpredictable issuance Censorship and

763 views • 51 slides
The Parachute Drop Newtons Toy Box Activity 4 air resistance Air resistance Air resistance is

The Parachute Drop Newtons Toy Box Activity 4 air resistance Air resistance Air resistance is

The Parachute Drop Newtons Toy Box Activity 4 air resistance Air resistance Air resistance is the force exerted by air against an object moving through it; it acts in the opposite direction of the objects motion. If an object is falling,

645 views • 8 slides
Towards a Censorship Analyser for Tor Philipp Winter The Tor Project & Karlstad University

Towards a Censorship Analyser for Tor Philipp Winter The Tor Project & Karlstad University

Towards a Censorship Analyser for Tor Philipp Winter The Tor Project & Karlstad University 2013-08-13 Tor and censorship Some countries, corporate firewalls, captive portals and ISPs block Tor. Blocks become known through users and

534 views • 16 slides
Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown

Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown

Censorship-Resistant Architectures Henry Tan Micah Sherr Georgetown University Georgetown University Censorship-Resistant Architectures 1 The Censorship Problem Internet censorship is a problem in certain areas of the world. In some cases,

260 views • 15 slides
Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories

Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories

Theorem-proving Privacy and Anonymity Yoshinobu KAWABE NTT Communication Science Laboratories NTT Corporation References Simulation-based proof method of privacy/anonymity Y. Kawabe, K. Mano, H. Sakurada and Y. Tsukada

303 views • 28 slides
Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely

Censored Planet Observatory Measuring Internet censorship globally, continuously, and remotely Internet Measurement Village 2020 Ram Sundara Raman June 26, 2020 Measuring Censorship is a Complex Problem! Internet censorship practices are

644 views • 52 slides
SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

SK Telecom 1 U U U U U U U- U - - communication - - - - - communication

U U U U U U U- U - - communication - - - - - communication communication communication communication communication communication communication Korea Mobile Market Trend for Convergence & Ubiquitous Communication 2004.

400 views • 16 slides
Distributed Trajectory Estimation with Privacy and Communication Constraints: a Two-Stage

Distributed Trajectory Estimation with Privacy and Communication Constraints: a Two-Stage

Distributed Trajectory Estimation with Privacy and Communication Constraints: a Two-Stage Distributed Gauss-Seidel Approach Siddharth Choudhary 1 , Luca Carlone 2 , Carlos Nieto 1 , John Rogers 3 , Henrik I. Christensen 1 , Frank Dellaert 1 1

548 views • 22 slides
HIV-1-specific CTL and Drug Resistance Aim of Studies Interaction CTL/Resistance

HIV-1-specific CTL and Drug Resistance Aim of Studies Interaction CTL/Resistance

HIV-1-specific CTL and Drug Resistance Aim of Studies Interaction CTL/Resistance Analysis of the influence of the immune system on sequence variation and drug resistance mutations in HIV-1 PR/RT Cohort of 198 chronically infected

300 views • 16 slides
LETS ENCRYPT Olivier Yiptong oyiptong@mozilla.com PRIVACY MATTERS PRIVACY MATTERS: HTTPS

LETS ENCRYPT Olivier Yiptong oyiptong@mozilla.com PRIVACY MATTERS PRIVACY MATTERS: HTTPS

LETS ENCRYPT Olivier Yiptong oyiptong@mozilla.com PRIVACY MATTERS PRIVACY MATTERS: HTTPS Con fi dentiality Data Integrity Authentication NO PRIVACY: HTTP Public-only communication (Possibly?) Tampered messages Of

244 views • 23 slides
Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous, Censorship-Resistant Networks Dennis Kgler Federal Office for Information Security, Germany Dennis.Kuegler@bsi.bund.de 1 Anonymous,

488 views • 16 slides
Resistance testing practices and prevalence of HIV drug resistance in the German ClinSurv

Resistance testing practices and prevalence of HIV drug resistance in the German ClinSurv

Resistance testing practices and prevalence of HIV drug resistance in the German ClinSurv resistance study Daniel Schmidt, Christian Kollan, Barbara Bartmeyer Robert Koch-Institute Dept. Infectious Disease Epidemiology HIV/AIDS, STI unit

716 views • 15 slides

More recommend