Crowds: Anonymity for Web Transactions Michael Reiter and Avi Rubin 1998.

Slides:

Advertisements

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Advertisements

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

On the Economics of P2P Systems Speaker Coby Fernandess.

Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Paul Solomine Security of P2P Systems. P2P Systems Used to download copyrighted files illegally. The RIAA is watching you… Spyware! General users become.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

Privacy on the Web Gertzman Lora Krakov Lena. Why privacy? Privacy is the number one consumer issue facing the internet. An eavesdropper (server, service.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Anonymization and Privacy Services Infranet: Circumventing Web Censorship and Surveillance, Feamster et al, Usenix Security Symposium 2002.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

Web server security Dr Jim Briggs WEBP security1.

Anonymous Communication Luis von Ahn Andrew Bortz Nick Hopper The Aladdin Center Carnegie Mellon University.

MuON: Epidemic Based Mutual Anonymity Neelesh Bansod, Ashish Malgi, Byung Choi and Jean Mayo.

Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.

P2P File Sharing Systems

Freenet. Anonymity  Napster, Gnutella, Kazaa do not provide anonymity  Users know who they are downloading from  Others know who sent a query  Freenet.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

A Tale of Research: From Crowds to Deeper Understandings Matthew Wright Jan. 25, : Adv. Network Security.

Trusted Computing, Peer-To-Peer Distribution, and the Economics of Pirated Entertainment Peter Scott Based on paper by S. E. Schechter, R. A. Greenstadt,

CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger.

Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.

Psiphon Program By Amine Moubtasim.

Defining Computer Security cybertechnology security can be thought of in terms of various counter measures: (i) unauthorized access to systems (ii) alteration.

Anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1.

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )

Freenet: A Distributed Anonymous Information Storage and Retrieval System Presenter: Chris Grier ECE 598nb Spring 2006.

Anonymity on the Internet Presented by Randy Unger.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Protecting Students on the School Computer Network Enfield High School.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Anonymity – Crowds R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

Lecture 14: Anonymity on the Web (cont) Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

9: Troubleshooting Your Network

Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.

Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.

SybilGuard: Defending Against Sybil Attacks via Social Networks.

Increasing Anonymity in Crowds via Dummy Jondos By: Benjamin Winninger.

Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.

A Reputation-Based Approach for Choosing Reliable Resources in Peer-to-Peer Networks E. Damiani S. De Capitani di Vimercati S. Paraboschi P. Samarati F.

Freenet: Anonymous Storage and Retrieval of Information

INVINCIBLESERVICES PROTECTING YOUR PRIVACY, SO YOU DON’T HAVE TO.

Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.

Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.

Modified Onion Routing and its Proof of Concept By: Gyanranjan Hazarika.

Hotspot Shield Protect Your Online Identity

Zueyong Zhu† and J. William Atwood‡

Wireless Network Security

Safety in Numbers: Crowds

Trust-based Privacy Preservation for Peer-to-peer Data Sharing

Increasing Anonymity via Dummy Jondos in a Crowd

Presentation transcript:

Crowds: Anonymity for Web Transactions Michael Reiter and Avi Rubin 1998

Privacy Online Supreme Court Justice Louis Brandeis defined privacy as "the right to be let alone", which he said was one of the rights most cherished by Americans. The Internet represents previously inconceivable opportunities to monitor your actions and personal information! Just imagine the McCarthy hearings now.

Strong Privacy Online NSA, FBI, etc. Consumer databases, Axciom, and Hackers What about *Bad Guys*? Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. - Bruce Schneier Good Guys: CIA, Undercover Cops, Biz., etc.

Opportunities for Exploitation Your computer’s IP address uniquely identifies you across web sites. Nothing illegal about cross-referencing.

Conclusions: Free Exchange The Internet’s benefit increases directly with –the number of resources online –the privacy people having in obtaining it –The privacy people have in serving it Anonymity is a promising technology for providing user privacy.

Why Anonymity? Today, only 20% of web sites meet the FTC’s fair information practices. Anonymity is a technical means to privacy –Without cooperation of the receiver. Legitimate social uses on the Net –Allow for safe “whistle blowing” –Privacy in medical issues or psychological counseling –Web surfing privacy –Web serving privacy

Anonymous Routing Anonymity is the state of being indistinguishable from other members of some group. Our goal is to provide mechanism for routing that hides initiator’s IP address Not trying to protect content of message. –Can use end-to-end encryption for that. That said... –Does not protect higher-level protocols/data. –Doesn’t make sense to send “I’m Matt and my SSN is...” anonymously.

Anonymizer.com Lucent personalized web assistant. You must trust the proxy! In fact, now they are in a position to monitor everything you do. Anon.penet.fi and the Church of Scientology Single Proxy I R P

Key Contributions? Crowds

Decentralized P2P solution Anonymous within the Crowd Jondo (John Doe) –Proxy –User Path based

Path-based Initiator Anonymity R X Y Z I Packets are passed from the initiator, I, to the proxies which then deliver the packet to the responder R.

Crowds Paths R X Y Z I Weighted Coin Flip Spinner

Does it work? Threat models: –Responder (end server): Beyond Suspicion! –Local eavesdropper –Malicious (collaborating) Jondos Types of attacks: –Timing attacks –Passive logging –Traceback

Degree of Anonymity Not a Boolean question! –Rarely undetectable –Difficult to prove ID unless signed Range: Absolute Privacy Beyond Suspicion Probable Innocence Possible Innocence Exposed Provably Exposed

Eavesdropping Messages are encrypted between jondos –Otherwise complete exposure Information available –Message timing –Initiator? –Messages to responders (but path length > 0 proxies) R1 A B Jondo

Malicious Jondos Giving information –Your IP address is seen by the next node in the path –Being on the path means you might be the initiator Many attackers –Ratio of attackers (c) to total (n) is important –So is weight of the coin flip (p f ) Innocent? –If p f = 3/4 and n  3(c+1), probable innocence –Higher p f implies greater resilience to attackers I R

Performance Path length –A function of p f : larger = longer paths Latency –note: all local nodes, no error info. –note 2: older machines; encryption is more expensive –latency of up to 13.5 seconds! (8.6 for 1-hop) –No 0-hop tests

Scalability How many paths will node X be on? –Spse. ave. path length is l –n nodes, so n l positions on the path –chance of picking node X = 1/n –thus, expectation of l times on a path Independent of n

End of Crowds

Strengths Performance & Scaling Security against weak attackers –single operators generally fail ISP, web site, your neighborhood eavesdropper, one person with a few jondos Parameter to trade off security/performance

Usability Weaknesses Must disable Java & ActiveX More generally, a good proxy required –clean all traces –could be bypassed? Group membership –keeping a full list may be hard/expensive –centralizing it provides a way to attack –(intersection attack) Delay in joining Group size –required to have either small or large groups Network delays

Security Weaknesses Problem –strong eavesdroppers exist –Sybil attacks (many bad peers) –Combined attacks possible (e.g. local eavesdropper + responder) Collaborating members –increasing bad peers guarantees compromise –growing threat over time DOS + Sybil attack –always changing non-sending members

Security Weaknesses Possible eavesdrop –When many peers use the same ISP (cable modem, DSL), a full path may be controlled by the ISP. Exposure of information –a path of nodes that sees all –info. can allow attackers to guess at initiators –can change web requests