class 8 introduction to anonymity cis 755: advanced computer security spring 2015 eugene vasserman...
TRANSCRIPT
![Page 1: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/1.jpg)
Class 8Introduction to Anonymity
CIS 755: Advanced Computer SecuritySpring 2015
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S15/
![Page 2: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/2.jpg)
Administrative stuff
• Monday office hours moved to 2:30– Will be 2:30 – 4
• How was your break?
• Quiz graded– Discussion
![Page 3: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/3.jpg)
Anonymity Concepts
• Privacy– Confidentiality
• Anonymity/Pseudonymity– Unobservability– Unlinkability
![Page 4: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/4.jpg)
Properties of eCash
• Unforgeability
• Non-reusability
• Anonymity– Untraceability– Unlinkability
![Page 5: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/5.jpg)
Dining Cryptographers
• Three people toss coins: heads=1, tails=0• Menus hide right-hand coin• XOR your coin flip result and left
neighbor’s result• Report value to everyone• Report opposite value to send a single bit• If the sum is odd, someone sent a message
![Page 6: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/6.jpg)
Dining Cryptographers II
• Slow• Error-prone• Needs tamper detection• Does not scale• Provides unobservability
![Page 7: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/7.jpg)
Unobservability
• k-anonymity (scalable dining cryptographers)– Must be implemented very carefully
• Link padding– Inefficient– Cover traffic knowledge
![Page 8: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/8.jpg)
Unlinkability
• Sender X Receiver(Sender can’t identify receiver)
• Sender X Receiver(Receiver can’t identify sender)
• Sender X Receiver(Neither knows who the other is)
– How do we handle authentication?
• Unobservability implies unlinkability (?)
![Page 9: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/9.jpg)
For Bob For Bob from Alicefrom AliceFor Carol For Carol from Alicefrom AliceFor David For David from Alicefrom Alice
Onion Encryption
![Page 10: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/10.jpg)
Source routing with capabilities
B, dataS3S2S1 B
S3
S2
S1
A
![Page 11: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/11.jpg)
Message for BobWrapping for CarolWrapping for Doug
Onion Encryption IIBob
Alice
Wrapping for Edward
Edward
Doug
Carol
![Page 12: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/12.jpg)
Chaum MixesBob
Alice
Output in lexographic order
![Page 13: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/13.jpg)
Global AdversaryBob
Alice
![Page 14: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/14.jpg)
Chaum Mix CascadeBob
Alice
![Page 15: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/15.jpg)
Anonymous Reply
• Address for replies:
• Reply:
• Mix0 decrypts N,A; sends:
• Mix decrypting reply does not know destination• Mix encrypting reply does not know source
![Page 16: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/16.jpg)
Mixminion
A
B
C
D
E Bob
A,B,C,D,E
Alice
Bob
![Page 17: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/17.jpg)
Problems with Mixminon
• Centralized entities required– Availability failure– Anonymity failure (how?)
• Malicious nodes:– Control entry and exit– Unlikely
![Page 18: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/18.jpg)
Anonymous Email
• High-latency• Low-throughput• Provides unlinkability
– Have to be careful about authentication
• No default end-to-end confidentiality (PGP)– Actually, there is for replies
• Secure against global adversary
![Page 19: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/19.jpg)
Anonymous Web Browsing
• Low-latency• Medium-throughput• Server does not know client• Provides sender unlinkability
– Have to be careful about authentication
• No default end-to-end confidentiality (SSL)• NOT secure against global adversary
![Page 20: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/20.jpg)
Tor
A
B
C
TCP over TCP (UGH!)
![Page 21: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/21.jpg)
![Page 22: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/22.jpg)
Anonymous Web Services
• Web service does not know client• Client does not know web service• Provides sender and receiver unlinkability
• Rendezvous
![Page 23: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/23.jpg)
Tor Hidden Services
A
B
C
D
E
F
![Page 24: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/24.jpg)
Problems with Tor
• Global adversary– What are the possible attacks?– Long term intersection– Defined as NOT HANDLED by Tor– Functional vs. actual?
• Packet counting
• Packet sampling
![Page 25: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/25.jpg)
Problems with Tor
• “Centralized” entities required– Availability failure– Anonymity failure (how?)
• Malicious nodes:– Control entry and exit
• Hopefully unlikely – entry guards
• Preferential attraction of clients– Eureka! We can lie!
![Page 26: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/26.jpg)
Problems with Tor II
• Information leakage from software– Web browser language– System time– How else?
• Malicious attacks on software– How?
![Page 27: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/27.jpg)
Problems with Tor III
• Information leakage from design:– Latency (Hopper et al.)
• Unlinkability failure:– Latency (Hopper et al.)
• See a pattern?• Prevention?
![Page 28: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/28.jpg)
Global AdversaryBob
Alice
Mix serverMix
server
![Page 29: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/29.jpg)
Global Adversary vs. TorBob
Alice
Entire Tor
network
Entire Tor
network
![Page 30: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/30.jpg)
Problems with Tor
• Preferential attraction of clients– Eureka! We can lie!
• Information leakage from software• Information leakage and linkability failure
from latency (Hopper et al.)• Malicious nodes
– Control entry and exit• Hopefully unlikely – entry guards
![Page 31: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/31.jpg)
Tor Network Positioning Attack
A
B
C
M
![Page 32: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/32.jpg)
Tor Linkability Attack
A
B
C
![Page 33: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/33.jpg)
Tor Selective DoS Attack
A
B
C
![Page 34: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/34.jpg)
Tor reliability
• RDoS = (1-t)2 + (tf)3
(1-t)2 dominates
![Page 35: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/35.jpg)
A defense – entry guards
Useful, but ≤ 3 guards may decrease resilience
Othermixes
![Page 36: Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman eyv/CIS755_S15](https://reader030.vdocument.in/reader030/viewer/2022032612/56649f035503460f94c1771b/html5/thumbnails/36.jpg)
Questions?
Reading discussion