Transcript privacy anonymity

Privacy & Anonymity
in the WWW
Ch. 12, Oppliger
CSCI 5234 Web Security
1
Privacy & Anonymity
12.1 Intro
12.2 Early work
12.4 Anonymous browsing
12.5 Anonymous Publishing
12.6 Voluntary privacy standards
12.3 Cookies
CSCI 5234 Web Security
2
Intro
1/7
– When a client access a web site, all
kinds of information regarding the client
may be collected without the client’s
knowledge
– Examples: client software (browser type,
OS), IP address, computer name,
screen width, length, Trace route,
domain config., …
CSCI 5234 Web Security
3
Intro

2/7
Legislations
– Many countries have data privacy or data protection laws
that make it a legal obligation for entities storing, processing,
and transmitting personal data to adequately protect the
privacy of the data.
– The EU relies on comprehensive legislation that, for
example, requires creation of government data protection
agencies, registration of databases with those agencies,
and in some instances prior approval before personal data
processing may begin.
E.g., The European Commission’s Directive on Data Protection
became effective in 10/98.
– The US takes a sectoral approach to privacy by relying on a
mix of legislation (e.g., HIPPA), regulation, and selfregulation.
– Challenges for international businesses
– Solution: a safe harbor framework to bridge the discrepancy
(still ongoing effort)
CSCI 5234 Web Security
4
Intro
3/7
– http://privacy.net/
– Provides free privacy & other networkrelated analysis
– Sample privacy analysis
– How does it work?
CSCI 5234 Web Security
5
Intro
4/7
– Local network administrators, web
managers, and ISPs have access to
even more information about the users.
– Networking devices are usually
configured to log relevant information.
– An ongoing legal discussion about how
far they may go…
CSCI 5234 Web Security
6
Intro

5/7
Traffic Analysis [RFC 2828 Internet Security Glossary]
$ traffic analysis
(I) Inference of information from observable characteristics of data flow(s),
even when the data is encrypted or otherwise not directly available.
Such characteristics include the identities and locations of the
source(s) and destination(s), and the presence, amount, frequency,
and duration of occurrence. (See: wiretapping.)
(O) "The inference of information from observation of traffic flows
(presence, absence, amount, direction, and frequency)." [I7498 Part
2]
$ traffic flow confidentiality
(I) A data confidentiality service to protect against traffic analysis.
(O) "A confidentiality service to protect against traffic analysis." [I7498
Part 2]
$ traffic padding
(I) "The generation of spurious instances of communication, spurious data
units, and/or spurious data within data units." [I7498 Part 2]
CSCI 5234 Web Security
7
Intro
6/7
– Traffic analysis may reveal sensitive data.
– Some protocols, such as electronic cash, must
guard against ‘traffic analysis’ in order to work
properly
– A threat that is very difficult to protect against
– Q: Would encrypting IP packets between a
browser and a web server protect against
traffic analysis?
CSCI 5234 Web Security
8
Intro
7/7
–
Specialized security mechanisms are
required to protect communicating peers
against traffic analysis
–
3 types of anonymity services:
1. Sender anonymity
2. Receiver anonymity
3. Connection anonymity - unlinkability of sender &
receiver
CSCI 5234 Web Security
9
Early attempts of anonymous emails
1/5
– Anonymous remailer
e.g., anon.penet.fi
An anonymous e-mail forwarding service
A simple SMTP proxy server that stripped off
all header info of incoming e-mail
messages before forwarding them toward
their destinations
Q: What type of anonymity service is provided
by anonymous remailer?
– Chaum mixing network
CSCI 5234 Web Security
10
Early attempts
2/5
– Chaum mixing network
•
•
•
•
a more sophisticated approach for
anonymous emails
A Chaum mix is an anonymous remailer.
A Chaum mixing network consists of a set
of Chaum mixes.
The sender of the message chooses a
route through a series of mixes M1, …, Mn
to the intended recipient.
CSCI 5234 Web Security
11
Early attempts
3/5
– Chaum mixing network
•
•
The message is encrypted layer by layer
using each mix’s pubic key
Example (where n = 2, B is the recipient):
M1, {M2, {B, {mesg}KB}KM2}KM1
•
The message is first sent to M1, which
decrypts it using its private key, and then
sends {B, {mesg}KB}KM2 to M2
•
M2 then decrypts it and forward {mesg}KB
to B
CSCI 5234 Web Security
12
Early attempts
4/5
– Issues: How would the recipient
respond to the sender?
– Various approaches were proposed:
•
•
The recipient may post the response (with
a specific subject line) to a newsgroup
An inverse untraceable backward route
The return path information (RPI)
contains block of information, which must
accompany the original message.
CSCI 5234 Web Security
13
Early attempts
–
–
–
5/5
Can the ‘anonymous remailer’ approach be
used in providing anonymity services on
WWW?
Ans: not quite…
c.f.,
Operation mode
pull vs push
WWW
Interactive
Pull
email
Store-and-forward
Push
CSCI 5234 Web Security
14
Anonymous browsing
1/7
– Technologies that can be used
1. To protect the privacy of Web users, and
2. To provide support for anonymous
browsing accordingly
– Examples:
•
•
•
•
•
Anonymizing HTTP proxy servers
JAP
Crowds
Onion routing
Freedom Network
CSCI 5234 Web Security
15
Anonymous browsing

2/7
Anonymizing HTTP proxy servers
•
An HTTP proxy server that removes all parts of an
HTTP request message that may directly or
indirectly reveals information about the browser
•
Requirements: The removed info are not required
by the Web server to serve the request and to
respond appropriately.
•
The proxy server hides the browser’s IP address.
•
Responses from the Web server are forwarded by
the proxy server. Q: What’s implied?
•
Most anonymizing HTTP proxy servers rely on
nested URLs.
CSCI 5234 Web Security
16
Anonymous browsing

3/7
Anonymizing HTTP proxy servers
•
A nested URL is one where the document part
refers to another URL
•
http://proxy.ABC.org/http://www.uhcl.edu
•
The browser first connects to the proxy server
(http://proxy.ABC.org), which in turn connects to
the Web server at /http://www.uhcl.edu.
•
‘Chained’ HTTP proxy servers: useful when the
user does not trust any single proxy server
•
http://proxy.ABC.org/http://proxy.XYZ.net/http://www.uh
cl.edu
•
Overhead?
CSCI 5234 Web Security
17
Anonymous browsing
4/7
JAP

–
–
–
–
–
–
–
Developed by a group at Univ. of Technology Dresden
http://anon.inf.tu-dresden.de/index_en.html
Java-based
In essence, a Chaum mixing network for HTTP
JAP uses a single static address which is shared by many JAP
users. That way neither the visited website, nor an
eavesdropper can determine which user visited which website.
Instead of connecting directly to a Web server, users take a
detour, connecting with encryption through several
intermediaries mixes.
A relationship between a connection and its user could only be
determined if all intermediaries worked together to sabotage
the anonymization. But, the intermediaries (mix providers) are
generally provided by independent institutions which officially
declare, that they do not keep connection log files or exchange
such data with other mix providers.
CSCI 5234 Web Security
18
Anonymous browsing
5/7
Crowds

–
–
–
Developed in late 90s by a group at AT&T Research
A ‘crowd’ is a large group of geographically diverse
users.
Basic ideas:
•
•
–
To probabilistically chain multiple anonymizing HTTP
proxy servers
 a unique feature
To encrypt all data that is sent forth and back between
the proxy servers
Procedure:
•
•
•
Each user is represented by a local process called jondo.
Jondo contacts the blender server to request admittance
to the crowd.
Jondo works as a local proxy server; any request
originating from the browser is sent directly to its jondo.
CSCI 5234 Web Security
19
Anonymous browsing
6/7
Crowds

–
Procedure (Cont.):
•
•
The local Jondo picks a jondo from the crowd, possibly
itself at random, and forwards the request to it.
Each jondo then determines randomly whether to forward
the request to another jondo or to the Web server.
So, a random path of jondos between the browser and the
Web server is established randomly. Note: Compare this
feature to the Chaum mixes network and JAP.
The return path is the same, only in reverse.
•
All communications between two jondos (J1, J2) are
•
•
encrypted by a shared key, KJ1, J2.  membership
management overhead
•
To reduce the overhead, Crowds uses a simple and
centralized solution.
CSCI 5234 Web Security
20
Anonymous browsing
7/7
Crowds

–
membership management
•
•
•
–
The blender serves as the centralized membership and key
manager of a Crowd.
Each user’s jondo must be authenticated by the blender (id,
password).
The blender generates a list of shared keys for a new jondo; each
of the keys is to be shared between the new jondo and another
jondo.
Strengths? Separation of key management from the actual Web
transactions
–
Issues? Corrupted blender, attacked blender, firewall bypassing, …
–
Future improvements: Diffie-Hellman key exchange directly
between a pair of jondos
–
A thought: authentication between sensor nodes in a sensor net?
CSCI 5234 Web Security
21
Anonymous Publishing
–
–
–
–
1/5
The problem: How to anonymously publish
on the Web?
The current WWW architecture provides little
support for anonymous publishing.
For example: The URL identifies the Web
server where the resource is located.
Several attempts:
•
•
•
JANUS and the rewebber service
TAZ servers and the rewebber network
Publius
CSCI 5234 Web Security
22
Anonymous Publishing
1/5
JANUS

–
–
–
–
The Rewebber service provides anonymity services
for both browsers and Web servers.
The Rewebber services actss as an anonymizing
HTTP server.  anonymous browsing
To support anonymous publishing, the Rewebber
service makes use of encrypted URLs that are part of
nested URLs.
e.g.,
http://proxy.ABC.edu/http://www.dcsl.net/sample.htm
 http://proxy.ABC.edu/url_encrypted/rxmy2198za
–
The anonymizing proxy server takes care of
decryption and encryption of the URLs.
CSCI 5234 Web Security
23
Cookies




A way of adding states to HTTP and make the
states information available to Web-based
applications
States information about a user are saved in the
user’s machine as cookies.
The next time the user connects to the Web
server, the cookies are downloaded from the
user’s machine to the Web server. Result: The
Web-based application can then tailor its action
based on the customized data about that user.
RFC 2965: HTTP State Management Mechanism
CSCI 5234 Web Security
24
Cookies

Encrypted cookies. Implication?
Q: Is cookies a potential abuse of privacy?
Solution: A user may select to disable the cookies
mechanism in his/her browser or via some
operating system command.

c.f., session management protocols


CSCI 5234 Web Security
25