Title: Anonymous Communications
1Anonymous Communications
- CSE 5473 Network Security
- Lecture due to Prof. Dong Xuan
- Some material from Prof. Joan Feigenbaum
2Outline
- Overview and Concepts
- Anonymous Schemes
- Onion Routing
- Crowd
- Hordes
- Incomparable Public Keys
3Motivation
- Is Internet communication private?
- No! ... Why?
- Routing information is completely open
(visible) to the network and its users. - e.g. IP Source, IP destination addresses.
- Traffic Analysis can result in loss of privacy
throwing up patterns showing communication
propensities of internet users.
4Motivation...
- Do we need private communication?
- Yes
- Existence of inter-company collaboration may be
confidential - E-mail users may not wish to reveal who they are
communicating with, to the rest of the world - Anonymity may also be desirable anonymous e-cash
is not very anonymous if delivered with a return
address - Web based shopping or browsing of public
databases should not require revealing ones
identity
5Anonymity Properties
- Types of Anonymity
- Sender Anonymity
- Receiver Anonymity
- Unlinkability of sender and receiver
- Model of the Attacker
- Eavesdropper
- Collaboration of parties
- Anonymity Degree
6Concept Mix Networks
- First outlined by Chaum in 1981
- Provide anonymous communication
- High latency
- Message-based (message-oriented)
- One-way or two-way
7Mix Networks
Users
Mixes
Destinations
8Mix Networks
Adversary
?,dM3,M3M2,M2M1
u
d
M1
M2
M3
Users
Mixes
Destinations
Protocol
Onion Encrypt
- User selects a sequence of mixes and a
destination. - Onion-encrypt the message.
- Proceed in reverse order of the users path.
- Encrypt (message, next hop) with the public
key of the mix.
9Mix Networks
Adversary
?,dM3,M3M2,M2M1
u
d
M1
M2
M3
Users
Mixes
Destinations
Protocol
Onion Encrypt
- User selects a sequence of mixes and a
destination. - Onion-encrypt the message.
- Send the message, removing a layer of encryption
at each mix.
- Proceed in reverse order of the users path.
- Encrypt (message, next hop) with the public
key of the mix.
10Mix Networks
Adversary
?,dM3,M3M2
u
d
M1
M2
M3
Users
Mixes
Destinations
Protocol
Onion Encrypt
- User selects a sequence of mixes and a
destination. - Onion-encrypt the message.
- Send the message, removing a layer of encryption
at each mix.
- Proceed in reverse order of the users path.
- Encrypt (message, next hop) with the public
key of the mix.
11Mix Networks
Adversary
u
d
M1
?,dM3
M2
M3
Users
Mixes
Destinations
Protocol
Onion Encrypt
- User selects a sequence of mixes and a
destination. - Onion-encrypt the message.
- Send the message, removing a layer of encryption
at each mix.
- Proceed in reverse order of the users path.
- Encrypt (message, next hop) with the public
key of the mix.
12Mix Networks
Adversary
u
d
M1
?
M2
M3
Users
Mixes
Destinations
Protocol
Onion Encrypt
- User selects a sequence of mixes and a
destination. - Onion-encrypt the message.
- Send the message, removing a layer of encryption
at each mix.
- Proceed in reverse order of the users path.
- Encrypt (message, next hop) with the public
key of the mix.
13Mix Networks
Adversary
u
d
v
e
w
f
Users
Mixes
Destinations
- Anonymity?
- No one mix knows both source and destination.
- Adversary cannot follow multiple messages through
the same mix. - More users provides more anonymity.
14How Onion Routing Works
1
2
u
d
3
5
User u running client
Internet destination d
4
Routers running servers
15How Onion Routing Works
1
2
u
d
3
5
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
16How Onion Routing Works
?341
1
2
u
d
3
5
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
17How Onion Routing Works
1
2
u
d
3
5
?34
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
18How Onion Routing Works
1
2
u
d
3
5
?3
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
19How Onion Routing Works
1
2
?
u
d
3
5
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
20How Onion Routing Works
1
2
u
d
?
3
5
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
21How Onion Routing Works
1
2
u
d
3
5
?3
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
22How Onion Routing Works
1
2
?34
u
d
3
5
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
23How Onion Routing Works
1
2
?341
u
d
3
5
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
24How Onion Routing Works
1
2
u
d
3
5
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
- Stream is closed.
25How Onion Routing Works
1
2
u
d
3
5
4
- u creates 3-hop circuit through routers
(u.a.r.). - u opens a stream in the circuit to d.
- Data are exchanged.
- Stream is closed.
- Circuit is changed every few minutes.
26Onion Routing
- Provides
- An infrastructure for Private Communication over
a Public Network - Anonymity of endpoints of communication
- Bi-directional and near real-time communication
- Resistance to eavesdropping from
- Network
- Outside Observers of the network
- Can be substituted for sockets
27A Forward Onion
X exp_timex , Y, Ffx , Kfx , Fbx , Kbx ,
Yexp_timey , Z , Ffy , Kfy , Fby , Kby ,
Z exp_timez , Null , Ffz , Kfz , Fbz , Kbz ,
Padding
28Protocol Operation
- Establish Anonymous connection through a series
of ORs (Onion Router) instead of a direct socket
connection to the destination. - Initiator makes a socket connection to an
Application Specific Proxy on first OR. - Onion Proxy defines the route
- Constructs a layered structure (Onion) and sends
it through the network to establish the Virtual
Circuit (same as ATM Virtual Circuit
Establishment with VPI/VCI). - Onion passes through the entire path to the
responder proxy gt all involved ORs are
initialized with relevant information to encrypt/
decrypt forward/backward data. - Now, initiators proxy starts sending data
through the anonymous connection.
29Protocol Operation (contd...)
- Each layer of the onion defines a next hop in the
route. - An OR, on receiving an onion
- peels off its layer
- chooses new values for incoming/outgoing VCIs.
- identifies next hop
- sends the embedded onion to that next hop OR.
- Each Onion Layer also contains Keys
- Keys are used for crypting data sent
forward/backward. - When the onion bounces along, they are stored at
each intermediate hop (i.e., OR). - Last OR forwards data to Responders Proxy that
- Sits on the firewall of the responders sensitive
site. - Passes data between ORN and the responder.
30The Onion
- PKx Public Key of the OR
- The OR has the corresponding private key for
decrypting the message. - next_hop Next OR in the connection path
- Ff, Kf - Forward data cryption operation
Function/Key pair - Fb, Kb - Backward data cryption operation
Function/Key pair - Functions defined for F
- 0 ? Identity (No Encryption)
- 1 ? DES OFB (Output Feedback Mode)
- 2 ? RC4 (128 bit key)
- payload The (similar) embedded onion
- Passed on to the next_hop
- exp_time Expiry time until which onion the onion
is kept to prevent replay.
31The Onion (contd...)
- What happens to the onion at each hop?
- It shrinks in size
- Compromised nodes can infer route information
from this monotonically diminishing size. - So, a random bit string is appended to the end of
the payload before forwarding. - Even constant size onion might be traced
unless all onions have the same size, so the size
of the onion is (universally) standardized
(fixed).
32Reply Onion
Z exp_timez , Y , Fbz , Kbz , Ffz , Kfz ,
Yexp_timey , X , Fby , Kby , Ffy , Kfy ,
X exp_timex , W, Fbx , Kbx , Ffx , Kfx ,
W exp_timew , Null , Null , Null , Null , Null ,
IDENTITY , Fbx , Kbx , Ffx , Kfx , Fby , Kby ,
Ffy , Kfy , Fbz , Kbz , Ffz , Kfz , Padding
33Reply Onion
- How to reply anonymously?
- Send a reply onion embedded as payload in the
forward onion - Responder proxy sends this Reply Onion on the
reverse path till the Initiators Proxy - VC set-up by Forward Onion, so data path is
already established. - The Reply Onion is
- Exactly the same as the Forward onion except that
the innermost payload has - Enough information to enable the initiators
proxy to reach the initiator - All cryptographic function/key pairs that are to
crypt data along the Virtual Circuit - Processing it is same as processing a Forward
Onion - Usable only once
- So multiple reply onions need to be sent if
multiple replies are required.
34Crowd
blending into a crowd i.e. hiding ones actions
within the actions of many others
How does it work?
jondo
Request admittance
Information to enable jondo to participate
blender
35Crowd (contd...)
Request from browser
Crowd
Geographically diverse group
36Crowd (features)
- Data may be in the clear no protection wrt
global eavesdropper - No attempt to pad to avoid flow analysis, no
attempt to prevent sender-receiver unlinkability - Used for web transactions browser uses local
johndo as proxy for itself, blender sends data of
remote johndos to this johndo - Paths are selected randomly and hop-by-hop (not a
priori circuit selection as in tor)
37Hordes
- Take advantage of multicast communication
- Destination address is a multicast group address,
which provides receiver anonymity. - It is difficult to determine the membership of a
multicast group. - Even if some group memberships are discovered,
anonymity can still be provided.
38Hordes (contd...)
- Simple protocol
- Join a multicast group.
- Initiator sends request using group address.
- can use either crowds or onion routing for
forward path - Server sends reply to the group address.
- Initiator receives the reply.
- Non-initiators just ignore the reply.
39Incomparable Public Keys
- Take advantage of a novel public key scheme
- Traditional scheme one private key, one public
key - The new scheme one private key, but multiple
public keys - Feature one cannot tell whether two public keys
map to the same or different private keys
40Incomparable Public Keys (contd)
- Plus multicast to provide encryption and
anonymity - Join a multicast group.
- Initiator sends request using group address with
a public key. - Server sends reply, encrypted with the public
key, to the group address. - Initiator receives the reply and decrypt it.
- Non-initiators just ignore the reply.
- Initiator sends request to the same/another
server using another public key
41Conclusion
- What are anonymous communications? Why?
- Four representative schemes
- Onion Routing
- Crowd
- Hordes
- Incomparable Public Keys