anonymous communications

1

Anonymous Communications

CSE 5473: Network Security

Lecture due to Prof. Dong XuanSome material from Prof. Joan Feigenbaum

2

OutlineOutline

Overview and Concepts

Anonymous Schemes Onion Routing Crowd Hordes Incomparable Public Keys

3

Motivation

Is Internet communication private?

No! ... Why? Routing information is completely ‘open’

(visible) to the network and its users.• e.g. IP Source, IP destination addresses.

Traffic Analysis can result in loss of privacy throwing up patterns showing communication propensities of internet users.

4

Motivation...

Do we need private communication?

Yes…

Existence of inter-company collaboration may be confidential

E-mail users may not wish to reveal who they are

communicating with, to the rest of the world

Anonymity may also be desirable: anonymous e-cash is not

very anonymous if delivered with a return address

Web based shopping or browsing of public databases should

not require revealing one’s identity

5

Anonymity Properties

Types of Anonymity• Sender Anonymity• Receiver Anonymity• Unlinkability of sender and receiver

Model of the Attacker• Eavesdropper• Collaboration of parties

Anonymity Degree

6

Concept: Mix Networks

First outlined by Chaum in 1981

Provide anonymous communication High latency Message-based (“message-oriented”) One-way or two-way

7

Mix Networks

Users Mixes Destinations

8

Mix Networks

1. User selects a sequence of mixes and a destination.

2. Onion-encrypt the message.

M1

M2

M3

u d

Protocol Onion Encrypt1. Proceed in reverse order

of the user’s path.

2. Encrypt (message, next hop) with the public

key of the mix.

{{{,d}M3,M3}M2

,M2}M1

Adversary


9

Mix Networks



3. Send the message, removing a layer of encryption at each mix.

M1

M2

M3

u d




key of the mix.

{{{,d}M3,M3}M2

,M2}M1

Adversary


10

Mix Networks




M1

M2

M3

u d




key of the mix.

{{,d}M3,M3}M2

Adversary


11

Mix Networks




M1

M2

M3

u d




key of the mix.

{,d}M3

Adversary


12

Mix Networks




M1

M2

M3

u d




key of the mix.

Adversary


13

Mix Networks

u d

Adversary

Anonymity?

1. No one mix knows both source and destination.

2. Adversary cannot follow multiple messages through the same mix.

3. More users provides more anonymity.

v e

w f


14

How Onion Routing Works

User u running client Internet destination d

Routers running servers

u d

1 2

3

45

15


1. u creates 3-hop circuit through routers (u.a.r.).

2. u opens a stream in the circuit to d.

u d

1 2

3

45

16




3. Data are exchanged.

{{{}3}4}1

u d

1 2

3

45

17





{{}3}4

u d

1 2

3

45

18





{}3

u d

1 2

3

45

19





u d

1 2

3

45

20





’u d

1 2

3

45

21





{’}3

u d

1 2

3

45

22





{{’}3}4u d

1 2

3

45

23





{{{’}3}4}1

u d

1 2

3

45

24





4. Stream is closed.

u d

1 2

3

45

25





4. Stream is closed.

5. Circuit is changed every few minutes.

u d

1 2

3

45

26

Onion Routing

Provides An infrastructure for Private Communication over a

Public Network

Anonymity of endpoints of communication

Bi-directional and near real-time communication

Resistance to eavesdropping from• Network• Outside Observers of the network

Can be substituted for sockets

28

Protocol Operation Establish Anonymous connection through a series of ORs (Onion

Router) instead of a direct socket connection to the destination.

“Initiator” makes a socket connection to an Application Specific Proxy on first OR.

Onion Proxy defines the route

Constructs a layered structure (Onion) and sends it through the network to establish the Virtual Circuit (same as ATM Virtual Circuit Establishment with VPI/VCI).

Onion passes through the entire path to the responder proxy => all involved ORs are initialized with relevant information to encrypt/ decrypt forward/backward data.

Now, initiator’s proxy starts sending data through the anonymous connection.

29

Protocol Operation (contd...) Each layer of the onion defines a next hop in the route.

An OR, on receiving an onion peels off its layer chooses new values for incoming/outgoing VCIs. identifies next hop sends the embedded onion to that next hop OR.

Each Onion Layer also contains Keys Keys are used for crypting data sent forward/backward. When the onion bounces along, they are stored at each

intermediate hop (i.e., OR).

Last OR forwards data to Responder’s Proxy that Sits on the firewall of the responder’s sensitive site. Passes data between ORN and the responder.

31

The Onion (contd...) What happens to the onion at each hop?

It shrinks in size

Compromised nodes can infer route information from this monotonically diminishing size.

So, a random bit string is appended to the end of the payload before forwarding.

Even ‘constant’ size onion might be traced unless all onions have the same size, so the size of the onion is (universally) standardized (fixed).

33

Reply Onion How to reply anonymously?

Send a reply onion embedded as payload in the forward onion

Responder proxy sends this Reply Onion on the reverse path till the Initiator’s Proxy

VC set-up by Forward Onion, so data path is already established.

The Reply Onion is Exactly the same as the Forward onion except that the

innermost payload has• Enough information to enable the initiator’s proxy to

reach the initiator • All cryptographic function/key pairs that are to crypt data

along the Virtual Circuit Processing it is same as processing a Forward Onion Usable only once

• So multiple reply onions need to be sent if multiple replies are required.

34

Crowd

jondo

blender

Request admittance

Information to enablejondo to participate

“blending into a crowd”i.e. hiding one’s actions within the actions of many others

How does it work?

35

Crowd (contd...)

CrowdGeographically diverse group

Request from browser

Crowd (features)

Data may be in the clear: no protection wrt global eavesdropper

No attempt to pad to avoid flow analysis, no attempt to prevent sender-receiver unlinkability

Used for web transactions: browser uses local johndo as proxy for itself, blender sends data of remote johndo’s to this johndo

Paths are selected randomly and hop-by-hop (not a priori circuit selection as in tor)

36

37

Hordes

Take advantage of multicast communication Destination address is a multicast group

address, which provides receiver anonymity.

It is difficult to determine the membership of a multicast group.

Even if some group memberships are discovered, anonymity can still be provided.

38

Hordes (contd...)

Simple protocol Join a multicast group. Initiator sends request using group address.

• can use either crowds or onion routing for forward path

Server sends reply to the group address. Initiator receives the reply. Non-initiators just ignore the reply.

39

Incomparable Public Keys

Take advantage of a novel public key scheme Traditional scheme: one private key, one

public key The new scheme: one private key, but

multiple public keys Feature: one cannot tell whether two public

keys map to the same or different private keys

40

Incomparable Public Keys (contd…)

Plus multicast to provide encryption and anonymity Join a multicast group. Initiator sends request using group address

with a public key. Server sends reply, encrypted with the

public key, to the group address. Initiator receives the reply and decrypt it. Non-initiators just ignore the reply. Initiator sends request to the same/another

server using another public key

41

Conclusion

What are anonymous communications? Why?

Four representative schemes Onion Routing Crowd Hordes Incomparable Public Keys

anonymous communications

Documents

mix networksfirst

users path

reverse order

sequence of mixes

public databases

layer of encryption

ip destination addresses

confidentialemail users