Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Published byEdward Richards Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014."— Presentation transcript:

1 Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014

2 Lecture 29 Page 2 Advanced Network Security Outline What do we mean by privacy? Privacy in networks Traffic analysis and onion routing

3 Lecture 29 Page 3 Advanced Network Security What Is Privacy? The ability to keep certain information secret Usually one’s own information But also information that is “in your custody” Includes ongoing information about what you’re doing

4 Lecture 29 Page 4 Advanced Network Security Privacy and Our Network Operations Lots of stuff goes on over the Internet –Banking and other commerce –Health care –Romance and sex –Family issues –Personal identity information We used to regard this stuff as private –Is it private any more?

5 Lecture 29 Page 5 Advanced Network Security Threat to Computer Privacy Cleartext transmission of data Poor security allows remote users to access our data Sites we visit save information on us –Multiple sites can combine information Governmental snooping Location privacy Insider threats in various places

6 Lecture 29 Page 6 Advanced Network Security Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption, data values not readable So what’s the problem?

7 Lecture 29 Page 7 Advanced Network Security Traffic Analysis Problems Sometimes desirable to hide that you’re talking to someone else That can be deduced even if the data itself cannot How can you hide that? –In the Internet of today?

8 Lecture 29 Page 8 Advanced Network Security A Cautionary Example VoIP traffic is commonly encrypted Researchers recently showed that they could understand what was being said –Despite the encryption –Without breaking the encryption –Without obtaining the key

9 Lecture 29 Page 9 Advanced Network Security How Did They Do That? Lots of sophisticated data analysis based on understanding human speech –And how the application worked In essence, use size of encrypted packets and interarrival time –With enough analysis, got conversation about half right

10 Lecture 29 Page 10 Advanced Network Security Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations By sending lots of crypo-protected packets between lots of places Each packet goes through multiple hops

11 Lecture 29 Page 11 Advanced Network Security A Little More Detail A group of nodes agree to be onion routers Users obtain crypto keys for those nodes Plan is that many users send many packets through the onion routers –Concealing who’s really talking

12 Lecture 29 Page 12 Advanced Network Security Sending an Onion-Routed Packet Encrypt the packet using the destination’s key Wrap that with another packet to another router –Encrypted with that router’s key Iterate a bunch of times

13 Lecture 29 Page 13 Advanced Network Security In Diagram Form SourceDestination Onion routers

14 Lecture 29 Page 14 Advanced Network Security What’s Really in the Packet An unencrypted header to allow delivery to

15 Lecture 29 Page 15 Advanced Network Security Delivering the Message

16 Lecture 29 Page 16 Advanced Network Security What’s Been Achieved? Nobody improper read the message Nobody knows who sent the message –Except the receiver Nobody knows who received the message –Except the sender Assuming you got it all right

17 Lecture 29 Page 17 Advanced Network Security Issues for Onion Routing Proper use of keys Traffic analysis Overheads –Multiple hops –Multiple encryptions

18 Lecture 29 Page 18 Advanced Network Security Tor The most popular onion routing system Widely available on the Internet Using some of the original onion routing software –Significantly altered to handle various security problems Usable today, if you want to IETF is investigating standard for Tor

19 Lecture 29 Page 19 Advanced Network Security Why Hasn’t Tor Solved This Privacy Problem? First, the limitations of onion routing Plus usability issues –Tor’s as good as it gets, but isn’t that easy to use Can’t help if a national government disapproves –China and other nations have prohibited Tor’s use NSA (and others) keep attacking Tor’s privacy techniques

20 Lecture 29 Page 20 Advanced Network Security Can’t I Surreptitiously Run Tor? Can’t I get around government restrictions by just not telling them? No –Tor routers must know each others’ identities –Traffic behavior of Tor routers “glows in the dark” –Tor developers keep trying

21 Lecture 29 Page 21 Advanced Network Security Conclusions We don’t have the privacy we used to have We use networks for almost everything Including moving our private data from place to place Cryptography can help protect its secrecy But sophisticated attacks can negate the value of crypto, to some extent Such sophisticated attacks require sophisticated defenses

Download ppt "Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014."

Similar presentations

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999.

1 Securing Information Transmission by Redundancy Jun LiPeter ReiherGerald Popek Computer Science Department UCLA NISS Conference October 21, 1999.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.

CSE 486/586, Spring 2012 CSE 486/586 Distributed Systems Case Study: TOR Anonymity Network Bahadir Ismail Aydin Computer Sciences and Engineering University.
Issues in Internet Security. Securing the Internet How does the internet hold up security-wise? How does the internet hold up security-wise? Not well:

Issues in Internet Security. Securing the Internet How does the internet hold up security-wise? How does the internet hold up security-wise? Not well:
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.

Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.

Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014.

Lecture 16 Page 1 CS 136, Fall 2014 Privacy Computer Security Peter Reiher December 11, 2014.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.

Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.

Lecture 27 Page 1 Advanced Network Security Routing Security Advanced Network Security Peter Reiher August, 2014.
Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.

Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.
Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 17 Page 1 CS 236 Online Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 3 Page 1 Advanced Network Security Review of Cryptography Advanced Network Security Peter Reiher August, 2014.

Lecture 3 Page 1 Advanced Network Security Review of Cryptography Advanced Network Security Peter Reiher August, 2014.

Similar presentations

Ads by Google