Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crowds: Anonymity for Web Transactions Michael Reiter and Avi Rubin 1998.

Published byEmil Norton Modified over 8 years ago

Similar presentations

Presentation on theme: "Crowds: Anonymity for Web Transactions Michael Reiter and Avi Rubin 1998."— Presentation transcript:

1 Crowds: Anonymity for Web Transactions Michael Reiter and Avi Rubin 1998

2 Privacy Online Supreme Court Justice Louis Brandeis defined privacy as "the right to be let alone", which he said was one of the rights most cherished by Americans. The Internet represents previously inconceivable opportunities to monitor your actions and personal information! Just imagine the McCarthy hearings now.

3 Strong Privacy Online NSA, FBI, etc. Consumer databases, Axciom, and Hackers What about *Bad Guys*? Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. - Bruce Schneier Good Guys: CIA, Undercover Cops, Biz., etc.

4 Opportunities for Exploitation Your computer’s IP address uniquely identifies you across web sites. Nothing illegal about cross-referencing. www.genetic-diseases.com www.insurance-online.com

5 Conclusions: Free Exchange The Internet’s benefit increases directly with –the number of resources online –the privacy people having in obtaining it –The privacy people have in serving it Anonymity is a promising technology for providing user privacy.

6 Why Anonymity? Today, only 20% of web sites meet the FTC’s fair information practices. Anonymity is a technical means to privacy –Without cooperation of the receiver. Legitimate social uses on the Net –Allow for safe “whistle blowing” –Privacy in medical issues or psychological counseling –Web surfing privacy –Web serving privacy

7 Anonymous Routing Anonymity is the state of being indistinguishable from other members of some group. Our goal is to provide mechanism for routing that hides initiator’s IP address Not trying to protect content of message. –Can use end-to-end encryption for that. That said... –Does not protect higher-level protocols/data. –Doesn’t make sense to send “I’m Matt and my SSN is...” anonymously.

8 Anonymizer.com Lucent personalized web assistant. You must trust the proxy! In fact, now they are in a position to monitor everything you do. Anon.penet.fi and the Church of Scientology Single Proxy I R P

9 Key Contributions? Crowds

10 Decentralized P2P solution Anonymous within the Crowd Jondo (John Doe) –Proxy –User Path based

11 Path-based Initiator Anonymity R X Y Z I Packets are passed from the initiator, I, to the proxies which then deliver the packet to the responder R.

12 Crowds Paths R X Y Z I Weighted Coin Flip Spinner

13 Does it work? Threat models: –Responder (end server): Beyond Suspicion! –Local eavesdropper –Malicious (collaborating) Jondos Types of attacks: –Timing attacks –Passive logging –Traceback

14 Degree of Anonymity Not a Boolean question! –Rarely undetectable –Difficult to prove ID unless signed Range: Absolute Privacy Beyond Suspicion Probable Innocence Possible Innocence Exposed Provably Exposed

15 Eavesdropping Messages are encrypted between jondos –Otherwise complete exposure Information available –Message timing –Initiator? –Messages to responders (but path length > 0 proxies) R1 A B Jondo

16 Malicious Jondos Giving information –Your IP address is seen by the next node in the path –Being on the path means you might be the initiator Many attackers –Ratio of attackers (c) to total (n) is important –So is weight of the coin flip (p f ) Innocent? –If p f = 3/4 and n  3(c+1), probable innocence –Higher p f implies greater resilience to attackers I 3 4 5 1 2 R

17 Performance Path length –A function of p f : larger = longer paths Latency –note: all local nodes, no error info. –note 2: older machines; encryption is more expensive –latency of up to 13.5 seconds! (8.6 for 1-hop) –No 0-hop tests

18 Scalability How many paths will node X be on? –Spse. ave. path length is l –n nodes, so n l positions on the path –chance of picking node X = 1/n –thus, expectation of l times on a path Independent of n

19 End of Crowds

20 Strengths Performance & Scaling Security against weak attackers –single operators generally fail ISP, web site, your neighborhood eavesdropper, one person with a few jondos Parameter to trade off security/performance

21 Usability Weaknesses Must disable Java & ActiveX More generally, a good proxy required –clean all traces –could be bypassed? Group membership –keeping a full list may be hard/expensive –centralizing it provides a way to attack –(intersection attack) Delay in joining Group size –required to have either small or large groups Network delays

22 Security Weaknesses Problem –strong eavesdroppers exist –Sybil attacks (many bad peers) –Combined attacks possible (e.g. local eavesdropper + responder) Collaborating members –increasing bad peers guarantees compromise –growing threat over time DOS + Sybil attack –always changing non-sending members

23 Security Weaknesses Possible eavesdrop –When many peers use the same ISP (cable modem, DSL), a full path may be controlled by the ISP. Exposure of information –a path of nodes that sees all –info. can allow attackers to guess at initiators –can change web requests

Download ppt "Crowds: Anonymity for Web Transactions Michael Reiter and Avi Rubin 1998."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
On the Economics of P2P Systems Speaker Coby Fernandess.

On the Economics of P2P Systems Speaker Coby Fernandess.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao.

Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.

Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.

Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
Anonymization and Privacy Services Infranet: Circumventing Web Censorship and Surveillance, Feamster et al, Usenix Security Symposium 2002.

Anonymization and Privacy Services Infranet: Circumventing Web Censorship and Surveillance, Feamster et al, Usenix Security Symposium 2002.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002
Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001.

Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Similar presentations

Ads by Google