outline
play

Outline Anonymous communications techniques CSci 5271 - PDF document

Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction to Computer Security Day 24: Anonymizing the network Tor basics Stephen McCamant University of Minnesota, Computer Science & Engineering Tor


  1. Outline Anonymous communications techniques CSci 5271 Announcements intermission Introduction to Computer Security Day 24: Anonymizing the network Tor basics Stephen McCamant University of Minnesota, Computer Science & Engineering Tor experiences and challenges Traffic analysis Nymity slider (Goldberg) Verinymity Social security number What can you learn from encrypted data? A lot Persistent pseudonymity Content size, timing Pen name (“George Eliot”), “moot” Who’s talking to who Linkable anonymity ✦ countermeasure: anonymity Frequent-shopper card Unlinkable anonymity (Idealized) cash payments Nymity ratchet? Steganography It’s easy to add names on top of an anonymous One approach: hide real content within bland-looking protocol cover traffic The opposite direction is harder Classic: hide data in least-significant bits of images But, we’re stuck with the Internet as is Easy to fool casual inspection, hard if adversary So, add anonymity to conceal underlying identities knows the scheme Dining cryptographers Dining cryptographers

  2. Dining cryptographers Dining cryptographers Dining cryptographers DC-net challenges Quadratic key setups and message exchanges per round Scheduling who talks when One traitor can anonymously sabotage Improvements subject of ongoing research Mixing/shuffling Anonymous remailers Anonymizing intermediaries for email Computer analogue of shaking a ballot box, etc. First cuts had single points of failure Reorder encrypted messages by a random Mix and forward messages after receiving a permutation sufficiently-large batch Building block in larger protocols Chain together mixes with multiple layers of encryption Distributed and verifiable variants possible as well Fancy systems didn’t get critical mass of users Outline Note to early readers Anonymous communications techniques This is the section of the slides most likely to change Announcements intermission in the final version If class has already happened, make sure you have Tor basics the latest slides for announcements Tor experiences and challenges

  3. Outline Tor: an overlay network Anonymous communications techniques Tor (originally from “the onion router”) ❤tt♣s✿✴✴✇✇✇✳t♦r♣r♦❥❡❝t✳♦r❣✴ Announcements intermission An anonymous network built on top of the non-anonymous Internet Tor basics Designed to support a wide variety of anonymity use Tor experiences and challenges cases Low-latency TCP applications Tor Onion routing Stream from sender to ❉ forwarded via ❆ , ❇ , and ❈ Tor works by proxying TCP streams One Tor circuit made of four TCP hops (And DNS lookups) Encrypt packets (512-byte “cells”) as Focuses on achieving interactive latency ❊ ❆ ✭ ❇❀ ❊ ❇ ✭ ❈❀ ❊ ❈ ✭ ❉❀ P ✮✮✮ WWW, but potentially also chat, SSH, etc. TLS-like hybrid encryption with “telescoping” path Anonymity tradeoffs compared to remailers setup Client perspective Entry/guard relays “Entry node”: first relay on path Entry knows the client’s identity, so particularly Install Tor client running in background sensitive Configure browser to use Tor as proxy Many attacks possible if one adversary controls entry Or complete Tor+Proxy+Browser bundle and exit Choose a small random set of “guards” as only Browse web as normal, but a lot slower entries to use Also, sometimes ❣♦♦❣❧❡✳❝♦♠ is in Swedish Rotate slowly or if necessary For repeat users, better than random each time Exit relays Centralized directory How to find relays in the first place? Forwards traffic to/from non-Tor destination Straightforward current approach: central directory Focal point for anti-abuse policies servers E.g., no exits will forward for port 25 (email sending) Relay information includes bandwidth, exit polices, Can see plaintext traffic, so danger of sniffing, MITM, public keys, etc. etc. Replicated, but potential bottleneck for scalability and blocking

  4. Outline Anonymity loves company Anonymous communications techniques Diverse user pool needed for anonymity to be meaningful Announcements intermission Hypothetical Department of Defense Anonymity Network Tor basics Tor aims to be helpful to a broad range of (sympathetic sounding) potential users Tor experiences and challenges Who (arguably) needs Tor? Tor and the US government Onion routing research started with the US Navy Consumers concerned about web tracking Academic research still supported by NSF Businesses doing research on the competition Anti-censorship work supported by the State Citizens of countries with Internet censorship Department Reporters protecting their sources Same branch as Voice of America Law enforcement investigating targets But also targeted by the NSA Per Snowden, so far only limited success Volunteer relays Performance Tor relays are run basically by volunteers Increased latency from long paths Most are idealistic A few have been less-ethical researchers, or GCHQ Bandwidth limited by relays Never enough, or enough bandwidth Recently 1-2 sec for 50KB, 3-7 sec for 1MB P2P-style mandatory participation? Historically worse for many periods Unworkable/undesirable Flooding (guessed botnet) fall 2013 Various other kinds of incentives explored Anti-censorship Hidden services As a web proxy, Tor is useful for getting around Tor can be used by servers as well as clients blocking Identified by cryptographic key, use special Unless Tor itself is blocked, as it often is rendezvous protocol Bridges are special less-public entry points Servers often present easier attack surface Also, protocol obfuscation arms race (uneven)

  5. Undesirable users Intersection attacks Suppose you use Tor to update a pseudonymous P2P filesharing blog, reveal you live in Minneapolis Discouraged by Tor developers, to little effect Comcast can tell who in the city was sending to Tor Terrorists at the moment you post an entry At least the NSA thinks so Anonymity set of 1000 ✦ reasonable protection Illicit e-commerce But if you keep posting, adversary can keep “Silk Road” and its successors narrowing down the set Exit sniffing Browser bundle JS attack Tor’s Browser Bundle disables many features try to stop tracking Easy mistake to make: log in to an HTTP web site But, JavaScript defaults to on over Tor Usability for non-expert users A malicious exit node could now steal your password Fingerprinting via NoScript settings Another reason to always use HTTPS for logins Was incompatible with Firefox auto-updating Many Tor users de-anonymized in August 2013 by JS vulnerability patched in June Traffic confirmation attacks Hidden service traffic conf. Bug allowed signal to guard when user looked up a If the same entity controls both guard and exit on a hidden service circuit, many attacks can link the two connections Non-statistical traffic confirmation “Traffic confirmation attack” For 5 months in 2014, 115 guard nodes (about 6%) Can’t directly compare payload data, since it is encrypted participated in this attack Standard approach: insert and observe delays Apparently researchers at CMU’s SEI/CERT Protocol bug until recently: covert channel in hidden Beyond “research,” they also gave/sold info. to the service lookup FBI Apparently used in Silk Road 2.0 prosecution, etc. Next time How usability affects security

Recommend


More recommend