Selling an Idea or a Product

Download Report

Transcript Selling an Idea or a Product 

91.580.203
Computer & Network Forensics
Xinwen Fu
Anonymous Communication
&
Computer Forensics
Outline
Background
 Onion routing
 Attacks against anonymity
 Tor

2
CS@UML
Motivation
Protect the identity of participants in a distributed
application, such as E-voting, E-shopping, E-cash,
and military applications
I know
what’s
going
on!!!
Eavesdropping
3
CS@UML
Current Network Status

Commercial routers not under government control
 Unencrypted data is completely open
 Encrypted data still exposes communicating parties
Sender Address
IP Packet
Header
Structure
Receiver Address
4
CS@UML
Traffic Analysis Attack
Public networks are vulnerable to traffic analysis attack.
In a public network:
 Packet headers identify recipients
 Packet routes can be tracked
 Volume and timing signatures are exposed
Public Network
Sender
Receiver
Encryption does not hide identity information of a sender
and receiver.
5
CS@UML
Traffic Analysis Attack (cont.)
Traffic Analysis reveals identities.
Who is talking to whom may be confidential or private:
 Who is searching a public database?
 What web-sites are you surfing?
 Which agencies or companies are collaborating?
 Where are your e-mail correspondents?

What supplies/quantities are you ordering from whom?
Knowing traffic properties can help an adversary decide where
to spend resources for decryption, penetration,...
6
CS@UML
Goals of Anonymity: Receiver Untraceability
Evil
Alice
Bob
Senders are observable – i.e.
the attacker knows that
A sent a message to someone
Receivers are not observable – i.e.
the attacker does not know if
B received a message
Example: radio
7
CS@UML
Goals of Anonymity: Sender Untraceability
Evil
Bob
Alice
Senders unobservable….
Example: Wireless
routers using NAT
8
CS@UML
Goals of Anonymity: Sender/Receiver
Unlinkability
Alice
Evil
Bob
Senders and Receivers are observable,
but not clear who is talking to whom
9
CS@UML
Outline
Background
 Onion routing
 Attacks against anonymity
 Tor

10
CS@UML
Anonymous Communication Systems

A number of Anonymous Communication
Systems have been realized. Several well-known
systems are:









Anonymizer (anonymizer.com)
Onion-Routing (NRL)
Crowds (Reiter and Rubin)
Anonymous Remailer (MIT LCS)
Tor (MIT and EFF)
Freedom (Zero-Knowledge Systems)
Hordes (Shields and Levine)
PipeNet (Dai)
SafeWeb (Symantec)
11
CS@UML
Basic Approach: Anonymizing Proxy
anonymizing proxy
 Channels appear to come from proxy, not true originator
 May also filter traffic for identifying information
 Examples: Penet Remailer (shut down), The Anonymizer,
SafeWeb (Symantec)
12
CS@UML
Anonymizer for Web Browsing
anonymizing proxy:
anonymizer.com
 User connects to the proxy first and types the URL in a web
form
 Channels appear to come from proxy, not true originator
 The proxy may also filter traffic to remove identifying
information
 It offers encrypted link to the proxy (SSL or SSH)
CS@UML
13
Problems of Anonymizer
Internet
Phone System
Proxy
ISP
Encrypted link: user to proxy
Responders
 ISP knows user connection times/volumes: Can easily
eavesdrop on outgoing proxy connections and learn all
 Proxy knows everything about connections
 So, both are fully trusted (single points of failure)
14
CS@UML
Chaum Mixes (David Chaum)


Underlying Idea for Mixmaster remailer, Onion
Routing, ZKS Freedom, Web Mixes
Basic description: A network of mix nodes




Special Onion-like encryption: Cell (message/packet)
wrapped in multiple layers of public-key encryption by
sender, one for each node in a route
Decrypted layer tells mix next node in route
Reordering: Mixes hold different cells for a time and
reorder before forwarding to respective destinations
Rerouting: use a few proxies
15
CS@UML
Onion Routing Based on Mix Networks
Receiver
Sender
B to R
B
S to A
A
Traditional Spy Network


A to B
Anonymity Network
Sender selects a route through the mix network
An intermediate mix only knows where the packet comes
from, and what is the next stop of the packet
16
CS@UML
Review of Public Key Cryptography


PrivateKeyBob(PublicKeyBob(Message))=Message
PublicKeyBob(PrivateKeyBob(Message))=Message
Bob
Alice
(eB, dB)
dB(eB(message))=message
(eA, dA)
eB(message)
17
CS@UML
Onion-Like Encryption
Receiver
S to R
Sender
B to R
M
S to A
B
R
A to B
R
√
M
M
B
A
18
CS@UML
Why Buffering and Reordering Packets?

Disrupt the timing correlation between packets
into and out of a mix
mix
19
CS@UML
Crowds
Sender





Web
server
User machines are the network
"Blender" announces crowd members to all members
“Jondo" at machine flips weighted coin


Blender
If Heads forwards to random crowd member
If Tails connects to end Web address
All Jondos on path know path key
All connections from a source use same path for lifetime of that crowd
20
CS@UML
Crowds Virtues




Good on sender protections
No single point of failure
Peer-to-peer design means minimal long-term
network services
More lightweight crypto than mix-based systems
21
CS@UML
Crowds Limitations







All users must run Perl code
Requires users to have longrunning high-speed
Internet connections
Entirely new network graph needed for new or
reconnecting Crowd member
Connection anonymity dependent on data
anonymity
Anonymity protection limited to Crowd size
Rather weak on responder protections
Lacks perfect forward anonymity

The intermediate nodes knows the receiver
22
CS@UML
Outline
Background
 Onion routing
 Attacks against anonymity
 Tor

23
CS@UML
Connectivity Analysis Attacks
Attacks against Mix Networks
B
Sender
B to C
S to A
A to B
x
A
S to A &
A to B
x
C to R
Receiver
C
B to C &
C to R
Adversary HQ
The adversary knows that Sender communicates with Receiver
24
CS@UML
Outline
Background
 Onion routing
 Attacks against anonymity
 Tor

25
CS@UML
Tor: A Practical Anonymous Protocol

Some combination of Chaum’s Mix and
Crowds





Encrypt data packets by symmetric keys
Implement forward and backward anonymity
Has P2P functions
Easy to use
Open source
26
CS@UML
First Sight

A web server knows your ip:
http://www.proxyway.com/www/check-ipaddress/whatis-my-ip-address.html

Tor to hide your ip

Tor downloading webpage


http://tor.eff.org/download.html.en
Manual for Windows setup

http://tor.eff.org/docs/tor-doc-win32.html.en
27
CS@UML
28
CS@UML
IE
29
CS@UML
Tor Components
Privoxy
tor
Interne
t
WWW
Server
Vidalia
30
CS@UML
Tor Network

Onion router list: C:\Documents and Settings\fu\Application
Data\Tor\cached-status
Client
Tor Network
Application
Server
Legend:
Client or Server or Onion
Router
Directory Server
Onion Router
Directory Server
31
CS@UML
References






D. Chaum, (1981), Untraceable electronic mail, return addresses,
and digital pseudonyms, Communications of the ACM, Vol. 24, No.
2, February, pp. 84--88.
Andrei Serjantov, Roger Dingledine and Paul Syverson, From a
Trickle to a Flood: Active Attacks on Several Mix Types , In
Proceedings of the Information Hiding Workshop, 2002
Andreas Pfitzmann et al., Anonymity, Unobservability, and
Pseudonymity – A Proposal for Terminology, 2000,
Xinwen Fu, welcome to Xinwen Fu’s homepage,
http://www.homepages.dsu.edu/fux/, 2007
Cisco Systems, Inc., Catalyst 2950 and Catalyst 2955 Switch
Software Configuration Guide, 12.1(19)EA1, 2007
Cisco Systems, Inc., Catalyst 2900 Series Configuration Guide and
Command Ref, 2007
32
CS@UML