Anonymity and Peer to Peer - PowerPoint PPT Presentation

1 / 22

About This Presentation

Title:

Anonymity and Peer to Peer

Description:

Publishing. Documents. Split up into shares (using standard algorithms) ... Do not know what they are storing and cannot find out (Active Document Anonymity) ... – PowerPoint PPT presentation

Number of Views:69

Avg rating:3.0/5.0

Slides: 23

Provided by: andreise

Category:

more less

Transcript and Presenter's Notes

Title: Anonymity and Peer to Peer

1
Anonymity and Peer to Peer
PEPITO Workshop Stockholm

Andrei Serjantov
University of Cambridge
Computer Laboratory

July 2, 2002
2
Outline

Can P2P be used to build privacyrelated
applications?
Anonymity and P2P
Traditional Anonymity
P2P Anonymity
Weak
Combining the two is hard
Censorship Resistance and P2P
Requires anonymity!

3
Traditional Anonymity ---Mix Systems

A few (trusted) machines, mixes
Mixmaster
Email
Onion Routing
A variety of protocols
Not running (yet)
Resistant to a global passive adversary
Attacker who can see the whole network

4
A (Threshold) Mix
N 4
5
How Mixes Work
R - Receiver A - Mix B - Mix
Sender
Receiver
6
Mix Network Diagrams
Q
A
R
B
C
S
7
Anonymity in P2P

P2P means anonymity!
Anonymity by passing messages on
Not secure against the global passive attacker
Crowds
Freenet
etc
Too weak for us
Can we use P2P platforms to build stronger
anonymity systems?

8
DHTs in one slide
A

Nodes organized into a logical ring
Each node has a node id
Know about their neighbours
And their non-neighbours
For routing

All thats required to send a message is the node
id
If node is down, routes to one of the nearest
nodes

9
P2P Mixes?

More mixes g Less traffic per mix
Hosts go up and down
Unreliable mixes
Need to learn about the available mixes just
before sending the message
Makes a number of strong statistical attacks
possible
Tarzan (M. Freedman, MIT)
Deployment even harder

10
Other Privacy Technologies?

File Sharing!
Get Crowds anonymity for free
Steganographic Storage (see IPTPS02)
Censorship Resistant Systems?
Have to think about security properties of
underlying P2P systems
Other systems???

11
Anonymity and Censorship Resistance

Designing systems which make content hard to
remove for someone who is more powerful than the
publisher
Censorship resistance and anonymity go together
Publishing
Retrieval
Storage
Censorship resistance is more than just anonymity

12
Censorship Resistance

Availability of documents
(we want needles, not hay)
Fault tolerance (attacker taking down servers)
Denial of service attacks
Ease of use
But not
Searching
Efficiency
Can take minutes or hours to retrieve a document

13
Assumptions

Anonymous connection system
Onion Routing
P2P layer
PAST
Chord
Anonymous broadcast channel
Anonymous newsgroup

14
Publishing

Documents
Split up into shares (using standard algorithms)
N shares, but need any k to reconstruct document
Stored in the system (omitted)
Address of the document
Gets broadcasted in an anonymous newsgroup

15
Architecture

P2P network, each node takes on the following
roles
Storers (storing encrypted shares of a document)
Chosen randomly
Forwarders (publicly visible)
Chosen randomly
Retrievers (want a document)
Decrypters (decrypts shares)

16
Architecture
Storer
Forwarder
Decrypter
Retriever does not communicate to the storer
directly
Retriever
17
Properties

Storers
Do not know what they are storing and cannot find
out (Active Document Anonymity)
Shares are stored encrypted
Are resistant to Rubber-Hose Cryptoanalysis
Forwarders
Deny forwarding requests for parts of documents
Forward requests via anonymous pointers
Retrievers, Publishers
Deny (almost) everything!
(Unless caught red-handed with document)

18
Architecture
Anonymous Communication via Onions
Storer
Encrypted Share
Request AA
key
Forwarder
Decrypter
Anonymous Address (AA)
Share
Request
Retriever
19
How Does P2P Help?