Anonymizing Censorship Resistant Systems

1
Anonymizing Censorship Resistant Systems

• Andrei Serjantov

2
Outline

• Anonymizing censorship resistance
• Some goals to achieve
• The protocol
• How P2P work helps
• Related and future work

3
Anonymity and Censorship Resistance

• Designing systems which make content hard to
  remove for someone who is more powerful than the
  publisher
• Censorship resistance and anonymity go together
• Publishing
• Retrieval
• Storage
• Censorship resistance is more than just anonymity

4
Censorship Resistance

• Availability of documents
• (we want needles, not hay)
• Fault tolerance (attacker taking down servers)
• Denial of service attacks
• Ease of use
• But not
• Searching
• Efficiency
• Can take minutes or hours to retrieve a document

5
Assumptions

• Anonymous connection system
• Onion Routing
• Tarzan
• P2P layer
• PAST
• Chord
• Anonymous broadcast channel
• Anonymous newsgroup

6
Publishing

• Documents
• Split up into shares (using standard algorithms)
• N shares, but only need k to reconstruct document
  
• Stored in the system (omitted)
• Address of the document
• Gets broadcasted in an anonymous newsgroup

7
Architecture

• P2P network, each node takes on the following
  roles
• Storers (storing shares of a document)
• Chosen randomly
• Forwarders (publically visible)
• Chosen randomly
• Retrievers (want a document)
• Decrypters (decrypts shares)

8
Architecture
Storer
Forwarder
Decrypter
Retriever
9
Our Contribution

• Storers
• Can deny accusations of storing part of a
  document
• Do not know what they are storing
• Forwarders
• deny forwarding requests for parts of documents
• Retrievers, Publishers
• Deny (almost) everything!
• (Unless caught red-handed with document)

10
Properties

• Resistance to Rubber-Hose Cryptoanalysis for the
  storers
• (someone going and beating them up, whether
  legally or physically)
• Active document anonymity for the storers
• Storers cannot determine what they are storing,
  even by requesting it from themselves
• Anonymity for the publishers, retrievers, etc

11
Architecture
Anonymous Communication via Onions
Storer
Encrypted Share
Request
key
Forwarder
Decrypter
Anonymous address
Share
Request
Retriever
12
How Does P2P Help?

• Built on top of a P2P-like infrastructure
• PAST
• Chord
• Replication of resources
• Discovery
• Routing
• Makes it easier to build and engineer
• Introduces subtle bugs

13
Related Work

• Publius
• Few globally known servers
• Free Haven
• Moving document shares around frequently
• Tangler
• Entangles documents together so you cannot censor
  any one

14
Future Work

• Prove anonymity properties informally stated here
• Build a prototype
• Address many outstanding issues
• Flooding attack
• Accountability

15
Conclusions

• There are techniques to make censorship resistant
  systems more anonymous
• Separation of duties
• Reply Onions
• P2P helps
• Engineering
• Building