Anonymous Internet Protocols Gregory Martin

Why should I be anonymous Releasing information to the public domain without a name attached Rights to free speech Rights to discuss things without being watched Don’t want people seeing what your looking at Most importantly it just has to do with a basic right to privacy Earlier this year Yahoo, MSN and AOL turned data over to the government including profiles on users search habits

What does anonymous mean Pseudonymity – This is almost anonymous Real world identity is hidden by a user name or “handle” Gives user a sense of safety from being identified Not really anonymous as your IP address can still be determined IP address gives out enough information to often reveal your real world identity First step towards true anonymity is to hide your IP address

First steps to becoming anonymous Firewalls for protection Protects you from outsiders finding you Packet filtering prevents others from sending things to you based on IP address, ports, or protocol Does not really make you anonymous when you go looking for things but can help prevent others from finding you when they are actively looking for holes in security You can make filters based on whether traffic comes form intra or internet also can dictate IP zones for what is trusted

Next step: Proxies Proxies are a way of communicating through something else. A tells B, B tells C in a sense hiding A’s identity from C Can be used as a medium to reformat pages for cell phones and PDA’s (skweezer) This can also be used to view a site that is blocked by your school or works network Want to check sports scores at work, find a proxy so work sees the connection to the proxy not espn.com Not only makes it so work can’t see where you go, it can make it so that the site can’t see where you came from(http://elgoog.rb-hosting.de/index.cgi)

The first proxy downfall to be addressed Logging. If a proxy server is between you and the site you are going to what happens if it is logging what you are doing. The site you go to does not know who you are, but the proxy does and the proxy also knows what you requested. To address the proxy knowing who you are you can have a proxy go to a proxy go to a proxy go to a proxy…….. This makes the proxy not know your address, maybe. The more proxies you go to the bigger chance you have that one of them is logging, and if they are logging are you sure your header data isn’t in there anywhere. Sometimes this ends up being not much more than an illusion of safety

Types of proxies Web Proxy Can speed up operations through cache hits Can be used to filter information to your corporation Can be used to detect malicious intent through use of log files

Reverse Proxy Using a proxy to host a website Web servers connect to the proxy that can be placed outside a firewall so you can keep your web servers protected inside the firewall Can be used to lower traffic requests to a web server Can use a cache as well and can also help load balance between web servers.

More uses of basic proxies Encryption or compression can be done at the proxy area instead of on the web server or desktop connecting to it If the proxy has hardware acceleration for compression or encryption it can lower traffic costs and speed up transmissions If you build a web interface on top of an application you can use a proxy to serve more than just websites. Ex: Citrix can be used to enable use of a whole desktop through a website.

A side note: Encryption Anonymous proxies are on the way next While encryption is not necessarily used for anonymity it needs to be mentioned as many of the things I will mention use encryption Also encryption has the ability of hiding the content of what you are looking at from people between you and where you go. A encrypts file hands to B, B can’t read it and hands it to C, C has the key to decrypt file and so can read it. So long as B does not have access to the key they cannot read the information that is being passed through it. Some forms of encryption are AES and DES Also public/private key encryptions

ANTS P2P Ants is simply a peer to peer network that uses multiple hops that cascade as you search to make it so you don’t know who has the info and they don’t know who you are Data sent is encrypted with AES encryption and therefore secret from eavesdroppers.

SOCKS SOCKetS Is an internet protocol used to allow client server proxying Made for allowing of clients inside a firewall to use a proxy outside the firewall, works opposite direction as well Provides an interface for the proxying of programs through a standard protocol

Back to proxies: Anonymous proxies

JAP - Java Anonymous Proxy For a while this had code in it so that if someone used it to access certain IP’s it recorded it and sent it to the police. Found later by observant users Don’t always trust your proxy

I want to get lost in the cloud Anonymous proxies are used as a go between measure to hide your identity If the proxy is being monitored though it eliminates the security. If you are the only person connected to a proxy it would be pretty easy to guess who might be on the other end. So again the proxy chain is an idea. One proxy to another to another, you would have to monitor multiple proxies. Also make sure you don’t have personal data in the message itself.

Onion Routing Each router has a public key First router selects a group of onion routers and generates each of them a symmetric key as well as the next router in the path Encrypt message send to first router, it gets decrypted using its private key revealing the next router, it then sends to that router which decrypts using its private key and sends along Until it reaches the destination and has all layers peeled

Onion Routing Replys are sent as the sender generates an onion and a reply onion. The reply onion is sent to the recipient and this is used to initiate the reply, Because this is multiply encrypted you must either break the public key encryption or compromise all routers in route to find out much info Weaknesses – Traffic analysis If you can see the whole network you can watch where things start and end If you stay on the network you can watch connections going through yourself, if you find yourself seeing the same session multiple times you will tend to see the source most often Also you can analyze based on traffic cannot go through onions that recently left, or ones that very recently joined

TOR – “onion V2” Provides a network proxy for any application to use It creates a hop to hop connection to find a way to a server, still using an onion peel Can be plugged into chat, email, P2P or any other application that supports SOCKS proxies

TOR Because it does away with the onion routing layer it makes it general purpose TCP so you can use it for general purposes. Its reply system is a rendezvous point system which also allows for hidden web servers (.onion) and things such as messaging back and forth while both people remain anonymous Still weak to some traffic analyisis, such as viewing the whole network, or watching timings on both ends of a conversation Active X and Virtual machines, or other such things running on your computer can still give out information. This protects the packets, not the contents of the packets.

I2P Similar to TOR UDP instead of TCP Java instead of C More meant for plugging into to P2P networks than TOR Uses Garlic routing where each clove has padded information to prevent traffic analysis, and can also pad latency times to prevent this as well. The routing does not use SOCKS it uses java, c and python API’s I2P allows each clove to contain multiple messages instead of just one onion being passed. Every person on network has to be a server

I2P and TOR cont’ I2P is packet switched instead of circuit switched which can speed it up a bit Connections are unidirectional instead of bidirectional meaning you have to compromise 2x as many computers to do traffic analysis successfully Tunnels are shorter lived Because all clients have to be servers there is an inherent overhead from using it You can use that to compare uptimes of services to uptimes of nodes to analyze and get addresses Hidden sites are .I2P Very similar concept, very opposite approaches, very similar results Websites of both do a fair analysis of the other

Freenet

Freenet Mainly meant for hiding information about who published something You send request for key, it is forwarded until found and then sent back same route you sent on. Any of the hops on the way back may cache the file thus making later searches faster and also making it so there is no single source node Updates are done in a similar way, the updated page is sent into the network looking for the key to update the page SSK is a public key encryption to veryify author and to make sure that your document is not tampered with This allows for a pseudonymous identity on the network

Freenet As more things are inserted by the same person it will cause things with similar keys to end up in the same area Future versions use darknet which uses a friends system to allow for an increase in performance. Though many users won’t use new versions of freenet because of the darknet implementation Also the possibility does exist to combine an onion routing protocol into the networks message passing

Bibliography http://en.wikipedia.org/wiki/Anonymity http://en.wikipedia.org/wiki/Firewalls http://palmtops.about.com/cs/productreviews/fr/Skweezer.htm http://en.wikipedia.org/wiki/Proxies http://elgoog.rb-hosting.de/index.cgi http://www.samspublishing.com/articles/article.asp?p=376126&seqNum=3&rl=1 http://www.foxnews.com/story/0,2933,183005,00.html http://freenetproject.org/ http://tor.eff.org/overview.html.en http://en.wikipedia.org/wiki/Onion_routing http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head- 2434c16e03401abd07e4d027e0d0c3ad7518e358 http://en.wikipedia.org/wiki/SOCKS#SOCKS_5_protocol http://freenetproject.org/faq.html http://en.wikipedia.org/wiki/Freenet http://en.wikipedia.org/wiki/ANts_P2P http://www.i2p.net/how_garlicrouting