1 / 24

Onion Routing

Onion Routing. R. Newman. Topics. Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity Metrics for Anonymity Applications of anonymity technology. Traffic Analysis. Vanilla traffic analysis easy

jeffreynhudson
Download Presentation

Onion Routing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Onion Routing R. Newman

  2. Topics • Defining anonymity • Need for anonymity • Defining privacy • Threats to anonymity and privacy • Mechanisms to provide anonymity • Metrics for Anonymity • Applications of anonymity technology

  3. Traffic Analysis • Vanilla traffic analysis easy • Read src and dest from packet • Even if data are encrypted (e.g., using IPsec) • Can see src, dest, since have to route packet • Other observations • Amounts of data flowing • Connections open/close timing

  4. Onion Routing • Bi-directional socket connections • Onions used to set up virtual circuits • Setup is distinct from data flow over VC • Intermediate proxies only know predecessor and successor • Like Chaum Mix-nets • Onion = layered object • Circuit traffic is encrypted • Only initiator proxy knows whole path • Basis for TOR (The Onion Router) • Used worldwide

  5. Onion Routing • Uses proxy servers • Well-established mechanism • Used to accommodate firewalls • Used for www and telnet • Data stream follows a path through proxies • Path defined by initiating proxy • Should be managed by source organization/user • Initiating proxy should also be intermediate proxy for other paths

  6. Example OR Topology Secure Site Initiator host W U X Proxy/Router controlled by Secure Site Link encrypted between routing nodes Z Y Unsecured socket connection Responder’s Proxy/Router Routing node Responder host

  7. Onion Routing • Proxy can combine all traffic from enclave • Further confounds traffic analysis • Data stream follows a path through proxies • Data encrypted along path from proxy to exit router • Data NOT encrypted between initiator host and proxy • Or between exit router and responder • Goal is NOT anonymity per se • End parties generally DO know each other • But prevent thirdparty from knowing endpoints

  8. Onion Routing • Goal is NOT anonymity per se • But prevent thirdparty from knowing endpoints • Data analytics can reveal interests/intentions from observing history of web searches, e.g. • Anonymous Remailers • Keep log of packets to prevent replays • Not suitable for HTTP traffic • Too much data! • Requires bi-directional, interactive traffic

  9. Onion Routing • Establishes bidirectional communication • End responder does not HAVE to know initiator • Individual messages are not logged • Anonymous email supported • Can include reply onion for responder • Keeps initiator anonymous • Can be used after current connection closed

  10. Onions • Encapsulate routes • Initiator proxy determines a route • Constructs onion – to set up virtual circuit • Data sent after route is set up • Forward Onion • Encrypt for responder’s proxy (Z) • Encrypt for predecessor router (Y), with message for Z as payload • Continue adding layers (similar to Chaum Mix-net) for entire route (backwards)

  11. Building a Forward Onion Route info for Z ETx, Y, Ffx, Kfx, Fbx, Kbx, ETy, Z, Ffy, Kfy, Fby, Kby, ETz, NULL, Ffz, Kfz, Fbz, Kbz, pad Route info for Y Route info for X Initiator [Ffx, Kfx, Fbx, Kbx] VC-W17 [Ffy, Kfy, Fby, Kby] [Ffz, Kfz, Fbz, Kbz] W U X Initiator’s Proxy/Router Link encrypted between routing nodes Route chosen by W Z Y Responder’s Proxy/Router

  12. Using a Forward Onion ETx, Y, Ffx, Kfx, Fbx, Kbx, Route info for X ETy, Z, Ffy, Kfy, Fby, Kby, ETz, NULL, Ffz, Kfz, Fbz, Kbz, pad Route info for Y Route info for Z Initiator [Ffx, Kfx, Fbx, Kbx] VC-W17 [Ffy, Kfy, Fby, Kby] VC-W17[Ffx, Kfx, Fbx, Kbx] VC-Y3 [Ffz, Kfz, Fbz, Kbz] W U X Initiator’s Proxy/Router VC17 Link encrypted between routing nodes VC3 Route chosen by W VC8 Z Y Responder’s Proxy/Router VC-X3[Ffy, Kfy, Fby, Kby] VC-Z8 VC-Y8[Ffz, Kfz, Fbz, Kbz] Responder

  13. Onions • Forward Onion • Layers of encryption using public key of successor • Include Expiration Time for onion • Include Next Hop address (except for last router) • Include forward and backward functions and keys • Expiration Time • Used to detect replays • Copy of onion held until expiration time is up • If duplicate arrives, discard • If expired onion arrives, discard

  14. Onions • Onion shrinkage • Each router removes the plaintext it sees as it processes the onion • So onion shrinks as it traverses route • Size of onion would reveal location in route! • Padding • Each router adds random bitstring to end of payload • Equal in length to the information it strips from header • Router cannot tell how much of payload is padding • Except last router • Initiator proxy pads central payload to fixed onion size • So onions all look the same

  15. Processing a Forward Onion Onion for X ETz, NULL, Ffz, Kfz, Fbz, Kbz ETy, Z, Ffz, Kfz, Fbz, Kbz, Payload ETx, Y, Ffx, Kfz, Fbz, Kbz, Payload pad PAD PAD PAD Onion for Y Onion for Z Strip header Add padding W U X Initiator’s Proxy/Router Link encrypted between routing nodes Route chosen by W Z Y Responder’s Proxy/Router

  16. Setting up Virtual Circuits • Messages sent on VC • Message format • VCID – identifies virtual circuit • Command – identifies message type • Data – payload of message • Message types • Create – to set up • Destroy – to tear down • Data – to send data (fwd or bkwd)

  17. Setting up Virtual Circuits • Create Command • Accompanies an onion • Recipient selects VCID • Sends create command with massaged onion and VCID to next router • Stores VCID pair along with VCID info • Fwd and bkwd functions and keys • Data Command • Intermediate nodes convert VCID • Apply appropriate function with key • Destroy • Remove VCID entry

  18. Data Encryption • Crypting • Each node applies forward function with forward key to data moving in forward direction • Applies backward function with backward key to data moving in backward direction • Initiator proxy ”precrypts” ultimate forward msg by applying inverse functions in reverse order • Intermediate nodes ”peel off” transforms applied by initiator proxy as data traverses route • Data sent in backward direction is ”crypted” by routers along backward route • Initiator proxy peels off these layers by applying inverse of backward transforms in forward route order

  19. Loose Routing • Route length is limited • Size of onion restricts number of intermediates • Can allow intermediates to add to route! • But must not overwrite needed info! • Loose Routing • Initiator can add padding to end of onion, set maximum loose count values for intermediate nodes • Intermediate can insert addtional hops on the way to the next prescribed node • Intermediate must also crypt data as it passes through • Can be used to repair route damage, or when initiator does not know a complete route

  20. Loose Routing Onion for X Payload ETx, Y, Ffx, Kfx, Fbx, Kbx, Onion for Y ETy, Z, Ffy, Kfy, Fby, Kby, Payload PAD Onion for U ETu, Y, Ffu, Kfu, Fbu, Kbu, Payload Onion for Y ETy, Z, Ffy, Kfy, Fby, Kby, Payload PAD Onion for Z ET’z, Y, F’fz, K’fz, F’bz, K’bz, Payload ETy, Z, Ffy, Kfy, Fby, Kby, Payload PAD Onion for Y ETz, NULL, Ffz, Kfz, Fbz, Kbz, PAD PAD PAD Onion for Z Add header No extra padding W U X Initiator’s Proxy/Router Loose route link Route chosen by W Z Y Responder’s Proxy/Router

  21. Reply Onions • Useful to allow recipient to reply after original circuit has been broken down • VC no longer available for data transmission • Allows responder to remain anonymous also • Reply Onion • Sent by initiator to responder • Can be used as a ”preformed” onion by responder to set up a VC to initiator later • Multiple can be sent to allow multiple such VCs • Does not need to use the same path as the original VC used

  22. Reply Onions • Looks like a forward onion • Has same format, header information • Treated the same as a forward onion by intermediates • Here is where ”crypting” comes in handy! • Forward and backward functions are indistinguishable • Difference is that the payload tells the original initiator’s proxy all it needs to use the VC • All the forward and backward functions along path • Also indentifier for VC so the initiator can bind it to the reply onion it came from

  23. Reply Onions • Data are treated in the same way as in a VC set up by the original initiator in the forward direction • Just use the functions given • Original responder just sends data • Intermediates apply ”forward” function given • Original initiator applies all ”backward” functions • Multiple reply onions can be set • Multiple can even be broadcast! • Just have to use an unused onion • Onions expire, and duplicates are ignored

  24. Attacks • GPA can observe message flows • No delays introduced, so timing matters! • Near simultaneous opening of sockets a give-away • Compromised nodes • Initiator proxy bad – then all is revealed! • One good intermediate complicates TA • One bad intermediate can effect DOS • Bad responder proxy – if can detect corrupted data, then earlier node can experimentally damage data • Clock Synchronization • Can result in DOS – onion expiry

More Related