Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory."— Presentation transcript:

1 Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory

2 Today’s Lecture Practical course issues. Theoretical anonymity. –Dinning Cryptographers Protocol –Definitions of Anonymity –The Crowds Protocol BREAK Practical anonymous systems –Onion Routing and the Tor System –Mix Networks –Anonymous File-sharing Systems: MUTE –Anonymous Publishing: Freenet

3 The rest of the course Today: 12th Oct, Protocols for anonymity (homework) 19th Oct moved to 22th Oct 11:15 to 13:00: – Model Checking & Fair exchange protocols. 26th Oct, : Summary Lecture (Homework due) 2nd, 9th, 16th, 23rd and 30th Nov Student presentations

4 Homework You have only got questions 1 and 2 back. You have not been told your mark for question 3. Attacks exist against some of your protocols. As part of the current homework you have to analysis your own protocol using ProVerif. If you can find and correct a fault in your protocol you will win back half the marks lost for that fault in homework 1.

5 Qu. 1: Typing attack 1. A  B : A 2. B  A : N b 3. A  B : { A, B, N b } Kas 4. B  S : { A, B, { A, B, N b } Kas } Kbs 5. S  B : { A, B, N b } Kbs

6 Qu. 2: Early SSL 1. A  B : E B (Kab) 2. B  A : { N b } Kab 3. A  B : { CA, Sign A ( N b ) } Kab

7 Today’s Lecture Practical course issues. Theoretical anonymity. –Dinning Cryptographers Protocol –Definitions of Anonymity –The Crowds Protocol BREAK Practical anonymous systems –Onion Routing and the Tor System –Mix Networks –Anonymous File-sharing Systems: MUTE –Anonymous Publishing: Freenet

8 IP address When you connect to another computer you send it our IP address. It is ever hard to communicate well without revealing your real IP address. Recent count case (last week) decided that your IP address can be used to identify you in court.

9 “You have zero privacy anyway, get over it” Scott, CEO of SUN microsystems.

10 Dining Cryptographers Nodes form a ring Each adjacent pair picks a random number Each node broadcasts the sum (xor) of the adjacent numbers The user who wants to send a message also adds the message The total sum (xor) is: r 1 +r 2 +r 2 +r 3 +r 3 + r 4 +r 4 +r 5 +r 5 +r 1 +m = m r1r1 r4r4 r5r5 r3r3 r2r2 r 1 +r 2 r 5 +r 1 r 4 +r 5 r 3 +r 4 r 2 +r 3 +m

11 Dinning Cryptographers It's impossible to tell who added m. Beyond suspicion even to a global attacker. Very inefficient: everyone must send the same amount of data as the real sender.

12 A Hierarchy of Goals Fresh KeyKey Exclusivity Far-end Operative Once Authenticated Good Key Entity Authentication Key Confirmation Mutual Belief in Key

13 The Theory of Anonymity Anonymity means different things to different users. The right definitions are key to understand any system. “On the Internet nobody knows you’re a dog”

14 The Theory of Anonymity Anonymity is a difficult notion to define. –Systems have multiple agents –which have different views of the system –and wish to hide different actions –to variable levels. Sometimes you just want some doubt, sometimes you want to act unseen.

15 The Theory of Anonymity In a system of anonymous communication you can be: –A sender –A receive / responder –A helpful node in the system –An outsider (who may see all or just some of the communications). We might want anonymity for any of these, from any of these.

16 Some Kinds of Anonymity Sender anonymity. Receiver anonymity. Sender-receiver unlinkability. For the Sender Receive Another participant in the protocol. Outside observer that can see all/some of the network

17 Levels of Anonymity Reiter and Rubin provide the classification: Beyond suspicion: the user appears no more likely to have acted than any other. Probable innocence: the user appears no more likely to have acted than to not to have. Possible innocence: there is a nontrivial probability that it was not the user.

18 Beyond suspicion All users are Beyond suspicion: Prob Users ABCDE

19 Beyond suspicion Not Beyond Suspicion: Prob Users ABCDE

20 Probable Innocence All users are Probably Innocence Prob Users ABCDE 50%

21 Probable Innocence All users are Probably Innocence Prob Users ABCDE 50%

22 Probable Innocence All users are Probably Innocence Prob Users ABCDE 50%

23 Probable Innocence All users are Probably Innocence Prob Users ABCDE 50%

24 Probable Innocence All users are Probably Innocence Prob Users ABCDE 50%

25 Possible Innocence There a small change it is not you. Prob Users ABCDE 50%

26 Definitions These definitions do not take into account how likely each principal is to be guilty to start off with. Or quantify what the attack learns from a run of the protocol. This is currently a hot research topic, so far there are lots of complicated definitions but no clear winner.

27 Example: The Anonymizer An Internet connection reveals your IP number. The Anonymizer promise “Anonymity” Connection made via The Anonymizer. The Server see only the Anonymizer. S ? The Anonymizer

28 Example: The Anonymizer The sender is Beyond Suspicion to the server. The server knows The Anonymizer is being used. If there is enough other traffic, you are Probably Innocence to a global observer. The global observer knows you are using the “The Anonymizer” There is no anonymity to the “The Anonymizer”

29 Example: The Anonymizer From the small print: … we disclose personal information only in the good faith belief that we are required to do so by law, or that doing so is reasonably necessary … … Note to European Customers: The information you provide us will be transferred outside the European Economic Area

30 Crowds A crowd is a group of n nodes The initiator selects randomly a node (called forwarder) and forwards the request to it A forwarder: –With prob. 1-p f selects randomly a new node and forwards the request to him –With prob. p f sends the request to the server server

31 Crowds The sender is beyond suspicion to the server. Some of the nodes could be corrupted. The initiator could forward the message to a corrupted node. The sender has probable innocence to other nodes.

32 Today’s Lecture Practical course issues. Theoretical anonymity. –Dinning Cryptographers Protocol –Definitions of Anonymity –The Crowds Protocol BREAK Practical anonymous systems –Onion Routing and the Tor System –Mix Networks –Anonymous File-sharing Systems: MUTE –Anonymous Publishing: Freenet

Download ppt "Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory."

Similar presentations

Provable Unlinkability Against Traffic Analysis Ron Berman Joint work with Amos Fiat and Amnon Ta-Shma School of Computer Science, Tel-Aviv University.

Provable Unlinkability Against Traffic Analysis Ron Berman Joint work with Amos Fiat and Amnon Ta-Shma School of Computer Science, Tel-Aviv University.
Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking Tom Chothia CWI.
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
ITIS 6200/8200. 2 Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)

A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
Students’ online profiles for employability and community Frances Chetwynd, Karen Kear, Helen Jefferis and John Woodthorpe The Open University.

Students’ online profiles for employability and community Frances Chetwynd, Karen Kear, Helen Jefferis and John Woodthorpe The Open University.
Network Layer and Transport Layer.

Network Layer and Transport Layer.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.
Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.

Explorations in Anonymous Communication Andrew Bortz with Luis von Ahn Nick Hopper Aladdin Center, Carnegie Mellon University, 8/19/2003.
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter and Aviel D. Rubin, Presented by Eric M. Busse Portions excerpt from Crowds: Anonymity.
Analysing the MUTE Anonymous File-Sharing System Using the Pi-calculus Tom Chothia CWI.

Analysing the MUTE Anonymous File-Sharing System Using the Pi-calculus Tom Chothia CWI.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.

Similar presentations

Ads by Google