internet privacy options
play

Internet Privacy Options Options Other Issues Networking - PowerPoint PPT Presentation

Networking Privacy Options The Internet Internet Security Internet Privacy Options Options Other Issues Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014


  1. Networking Privacy Options The Internet Internet Security Internet Privacy Options Options Other Issues Networking Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 19 June 2014 Common/Reports/internet-privacy-options.tex, r892 1/38

  2. Networking Acronyms and Abbreviations Privacy Options IP Internet Protocol The Internet ISP Internet Service Provider Internet Security HTTP HyperText Transfer Protocol Options HTTPS HTTP over SSL Other Issues SSL Secure Sockets Layer (same as TLS) TCP Transmission Control Protocol TLS Transport Layer Security (same as SSL) Tor The Onion Router VPN Virtual Private Network 2/38

  3. Networking Contents Privacy Options The Internet Internet Security What is the Internet? Options Other Issues Security in the Internet Internet Privacy Options Other Issues 3/38

  4. Networking What is the Internet? Privacy Options Network The Internet Collection of computer networks connected together using Internet Security routers, where hosts and routers communicate using the Options Other Issues Internet Protocol ◮ Access networks: connect to core networks; home, company LAN, mobile networks ◮ Core networks: connect to access networks and other core networks; run by ISPs, telecom companies Applications ◮ Web browsing, email, instant messaging, voice and video calls, collaboration, audio/video streaming, games, . . . 4/38

  5. Networking What does the Internet look like? Privacy Options The Internet Internet Security Options Other Issues The Internet allows your computer to communicate with another computer (a web server) 5/38

  6. Networking What does the Internet look like? Privacy Options The Internet Internet Security Options Other Issues ◮ Home computer connects via WiFi or LAN to ADSL router ◮ ADSL router connects via telephone cable to your ISPs router ◮ Your ISP connects to other ISPs and so on 6/38

  7. Networking How are computers identified in the Internet? Privacy Options ◮ IP addresses: 32 bits, often in dotted decimal notation The Internet ◮ 106.187.46.22 , 61.91.8.94 , 203.131.209.82 Internet Security ◮ Each host (computer, server) has a globally unique IP Options address Other Issues ◮ What about NAT and private addresses, e.g. 192.168.1.1 ? ◮ Routers also have IP addresses ◮ Humans use domain names, e.g. www.example.com ◮ DNS maps domain name to IP address ◮ sandilands.info → 106.187.46.22 ◮ ict.siit.tu.ac.th → 203.131.209.82 7/38

  8. Networking How does IP work? Privacy Options 1. Your computer creates an IP packet The Internet ◮ Source address: your computer; destination address: Internet Security server Options Other Issues 2. Sends IP packet to your local (default) router 3. Router forwards IP packet to next router, and so on 4. IP packet eventually arrives at destination ◮ Routing: finds the path of routers between source and destination, creates routing tables 8/38

  9. Networking How does web browsing work? Privacy Options The Internet Internet Security Options Other Issues 9/38

  10. Networking How does web browsing work? Privacy Options The Internet Internet Security Options Other Issues 10/38

  11. Networking How does web browsing work? Privacy Options The Internet Internet Security Options Other Issues 11/38

  12. Networking Contents Privacy Options The Internet Internet Security What is the Internet? Options Other Issues Security in the Internet Internet Privacy Options Other Issues 12/38

  13. Networking Security in the Internet Privacy Options ◮ Internet security includes: The Internet ◮ Confidentiality: keeping data secret (encryption) Internet Security ◮ User Authentication: ensuring the other entity is who Options they say they are (passwords, keys) Other Issues ◮ Data Integrity: ensuring fake/modified data is not accepted (encryption, signatures) ◮ Privacy: keeping actions secret (?) ◮ . . . ◮ Terminology can be confusing: ◮ Confidentiality = secrecy = data privacy ◮ Our focus: privacy of actions and confidentiality of data 13/38

  14. Networking Confidentiality and Privacy Privacy Options Why keep data confidential? The Internet Internet Security ◮ Competitors cannot steal your ideas and trade secrets Options ◮ Criminals cannot steal your money Other Issues ◮ Employer/government/parents cannot see the information you are exchanging with others ◮ . . . Why keep actions private? ◮ Employer cannot determine you are looking for new job ◮ Whistle-blower cannot be identified ◮ People do not know your medical conditions ◮ Governments cannot determine if you are plotting against them ◮ . . . 14/38

  15. Networking Some Common Requirements Privacy Options Security The Internet Internet Security ◮ I don’t want anyone but the server to read my data Options ◮ I don’t want others to know I am communicating with Other Issues the server ◮ During the communication ◮ After the communication has taken place ◮ I don’t want the server to be able to identify me ◮ I want to bypass blocks at a firewall Convenience ◮ I want it free ◮ I want it easy to setup/use ◮ I want it to perform well 15/38

  16. Networking Contents Privacy Options The Internet Internet Security What is the Internet? Options Other Issues Security in the Internet Internet Privacy Options Other Issues 16/38

  17. Networking Assumptions Privacy Options ◮ Encryption algorithms are strong The Internet ◮ Path between you and a server is unpredictable, may Internet Security change Options ◮ Computers (and users) uniquely identified by IP address Other Issues ◮ Firewall blocks based on destination IP address 17/38

  18. Networking Notation and Terminology Privacy Options U You, your computer The Internet S (Web) Server (also Srv ) Internet Security P Proxy server Options V VPN server (also VPN ) Other Issues E Tor Exit Relay T x Tor Relay FW Firewall Src Source IP address Dst Destination IP address 18/38

  19. Networking Basic Browsing with HTTP (Firewall Enabled) Privacy Options The Internet Internet Security Options Other Issues 19/38

  20. Networking Basic Browsing with HTTP (No Firewall) Privacy Options The Internet Internet Security Options Other Issues 20/38

  21. Networking Confidentiality of Data when Browsing Privacy Options ◮ HTTPS: normal HTTP but using a secure transport The Internet (SSL/TLS) Internet Security ◮ Encrypts data between browser and web server (both Options directions) Other Issues ◮ Relies on certificates for distributing public key of web server ◮ Self-signed certificates or invalid certificates should not be trusted 21/38

  22. Networking Basic Browsing with HTTPS (Firewall Enabled) Privacy Options The Internet Internet Security Options Other Issues 22/38

  23. Networking Basic Browsing with HTTPS (No Firewall) Privacy Options The Internet Internet Security Options Other Issues 23/38

  24. Networking Web Proxy Privacy Options ◮ Website that sends HTTP request to web server on The Internet your behalf; HTTP response forwarded back to you Internet Security ◮ Proxy web site provides form to enter URL of web Options server you want to visit Other Issues ◮ Common usage models: free, ad-supported, pay per month 24/38

  25. Networking HTTP Exchange via Web Proxy Privacy Options The Internet Internet Security Options Other Issues 25/38

  26. Networking Proxy and HTTP Privacy Options The Internet Internet Security Options Other Issues 26/38

  27. Networking Proxy and HTTPS Privacy Options The Internet Internet Security Options Other Issues 27/38

  28. Networking Virtual Private Networks Privacy Options ◮ Tunnelling: packets at one layer are encapsulated into The Internet packets at the same or higher layer Internet Security ◮ Encryption: tunnelling protocols usually also encrypt Options the inner packet Other Issues ◮ Different VPN technologies: ◮ Application layer: SSH (*) ◮ Transport layer: TLS (OpenVPN) ◮ Network layer: IPsec ◮ Data link layer: PPTP, L2TP ◮ Create a virtual interface on your computer ◮ (Inner) IP packets sent to virtual interface enter the tunnel ◮ Tunnel encapsulates, encrypts the data and creates new (outer) IP packet ◮ Outer IP packets sent via real interface 28/38

  29. Networking VPN and HTTP Privacy Options The Internet Internet Security Options Other Issues 29/38

  30. Networking VPN and HTTPS Privacy Options The Internet Internet Security Options Other Issues 30/38

  31. Networking Tor: The Onion Router Privacy Options ◮ Design for anonymous communications in public The Internet Internet Internet Security ◮ Computers in Internet act as TOR relays Options ◮ Your computer selects set of relays to send via to reach Other Issues TOR exit node ◮ SSL encryption used between each TOR node ◮ Keys exchanged so TOR node can decrypt receive packet and knows next TOR node to send to ◮ A TOR node only knows the previous TOR node and next TOR node in path ◮ Doesn’t know original source or final destination ◮ TOR exit node sends received packets across normal Internet 31/38

  32. Networking Tor and HTTP Privacy Options The Internet Internet Security Options Other Issues 32/38

  33. Networking Tor and HTTPS Privacy Options The Internet Internet Security Options Other Issues 33/38

  34. Comparison of Privacy Techniques

Recommend


More recommend