Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Published byGraham Edginton Modified over 9 years ago

Similar presentations

Presentation on theme: "Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems."— Presentation transcript:

1 Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems

2 Today’s Lecture Practical course issues. Theoretical anonymity. –Dinning Cryptographers Protocol –Definitions of Anonymity –The Crowds Protocol BREAK Practical anonymous systems –Onion Routing and the Tor System –Mix Networks –Anonymous File-sharing Systems: MUTE –Anonymous Publishing: Freenet

3 Crowds A crowd is a group of n nodes The initiator selects randomly a node (called forwarder) and forwards the request to it A forwarder: –With prob. 1-p f selects randomly a new node and forwards the request to him –With prob. p f sends the request to the server server

4 Crowds The sender is beyond suspicion to the server. Some of the nodes could be corrupted. The initiator could forward the message to a corrupted node. The sender has probable innocence to other nodes.

5 Crowds Problem: many people won’t forward traffic for others. A practical system has to make forwarding traffic for others optional or controllable. server

6 Onion Routing Each node makes its key public The initiator selects the whole route and encrypts the message with all keys in reverse order Each node unwraps a layer and forwards the message to the next one {2,{3,{server,m} k3 } k2 } k1 12 3 m {3,{server,m} k3 } k2 {server,m} k3 server

7 Onion Routing Each node only learns the next one in the path End-users can run their own node –Better anonymity or use an existing one –More efficient –User's identity is revealed to the node

8 Tor Tor implement this protocol. Several hundred volunteer nodes. Firefox plug-in. Managed by the US navy.

9 Problems with Tor You reveal you IP to the first node and the last node see who you are talking to. If an attacker controls the first and the last node they may be able to match the packets using traffic analysis. No anonymity from an attacker that monitors the whole network. Some protocol broadcast their IP address

10 MIXes MIXes are proxies that forward messages between them A user contacts a MIX to send a message The MIX waits until it has received a number of messages, then forwards them in different order

11 MIXes It is difficult to trace the route of each message. May provide beyond suspicion S-R unlinkability even to a global attacker. Messages have to be delayed (can be solved with dummy traffic). More complicated when sending series of packets

12 Mutli-casting Broadcast the message to the whole network. Beyond suspicion for the receiver. No anonymity for the sender. Multicasting is a good technique for broadcasting messages.... but very inefficient to send just one message.

13 Spoofed UDP The from IP address is not used by routers, only by higher-level protocols such as TCP. UDP does not have to use this address. A random address can be used instead to provide sender anonymity. Method prohibited by many ISPs.

14 Anonymous File-Sharing system 800,000 downloads Informal description Source code Appeal for donations

15 Peer-to-Peer File-Sharing In newer networks peers record the IP address of other peers. A searcher sends a request to all of it’s “neighbours”. This is forwarded to all of there neighbours, up to a fixed hops. A

16 Peer-to-Peer File-Sharing The search request includes A’s IP address. Any peer with the requested file contacts A directly. Peer “A” may then request the file. A

17 Peer-to-Peer File-Sharing No anonymity from peers inside the network: The search message gives the searcher’s IP address and name of the files they are looking for. By requesting a file, you can find out the IP address of all peers that are offering the file. A

18 MUTE MUTE removes the IP address from the file exchange. Peers only know the IP address of their direct neighbours. Peers choose random “pseudo ID”. Files are not sent directly between peers. Instead files are sent via a number of peers. MUTE uses a version of the “Ants” ad-hoc routing protocol.

19 Anonymity Provided by MUTE MUTE makes it hard to link the IP address of a peer with its pseudo ID. Peers only know the ID address's of their direct neighbours, but not their pseudo ID. The network should provide enough cover to let a neighbour deny using a particular ID. If an attacker can completely surround a peer it looses anonymity.

20 MUTE: Search The search takes place as before, but this time the message uses its pseudo ID as the “from ID”. Each peer builds a routing table by records the ID and the connection. A probabilistic time-to-live counter limits the search. A A A A A A A A A

21 MUTE: Reply If B wants to reply it sends a message to A’s pseudo ID. This message is routed using the ad- hoc routing table. The route to B is also recorded A A A A A A A A A B B B B

22 Un-forgeable Pseudo IDs MUTE using a hash of using authentication keys as the peers pseudo IDs. A peer generates a RSA signature key “kS” and an authentication key “kA”. The message header now has the form: ( to ID, #(kA), message ID-time_stamp, FLAGS:(S kS (messageID-time_stamp), kA) )

23 Freenet and Free Haven There are a number of “anonymous publishing system”. For example Freenet and the MIX based Free Haven. These systems make the original author of a file anonymous, not the responder. Nodes will often cache files.Therefore you can “trick” a node into storing and “offering” a file.

24 Summary of methods

25 Some Kinds of Attack Timing attacks System Membership Time-to-Live Attacks (Mute, Mantis) Multiple Attackers (Mute) Statistical Attacks (MIXes) Forced Repeat (Crowds) Nodes Joining and Leaving Denial of Service (Mute)

26 Today’s Lecture Practical course issues. Theoretical anonymity. –Dinning Cryptographers Protocol –Definitions of Anonymity –The Crowds Protocol BREAK Practical anonymous systems –Onion Routing and the Tor System –Mix Networks –Anonymous File-sharing Systems: MUTE –Anonymous Publishing: Freenet

Download ppt "Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems."

Similar presentations

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,

A CGA based Source Address Authentication Method in IPv6 Access Network(CSA) Guang Yao, Jun Bi and Pingping Lin Tsinghua University APAN26 Queenstown,
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)

A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Gnutella 2 GNUTELLA A Summary Of The Protocol and it’s Purpose By

Gnutella 2 GNUTELLA A Summary Of The Protocol and it’s Purpose By
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.
Analysing the MUTE Anonymous File-Sharing System Using the Pi-calculus Tom Chothia CWI.

Analysing the MUTE Anonymous File-Sharing System Using the Pi-calculus Tom Chothia CWI.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
Internet Networking Spring 2002 Tutorial 13 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2002 Tutorial 13 Web Caching Protocols ICP, CARP.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Similar presentations

Ads by Google