1 / 25

Anonymity without Sacrificing Performance

Anonymity without Sacrificing Performance. Enhanced Nymble System with Distributed Architecture. CS 858 Project Presentation Omid Ardakanian * Nam Pham *. *David R. Cheriton School of Computer Science, University of Waterloo. Outline. Introduction Review of Nymble New goals

aqua
Download Presentation

Anonymity without Sacrificing Performance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian* Nam Pham* *David R. Cheriton School of Computer Science, University of Waterloo

  2. Outline • Introduction • Review of Nymble • New goals • Ring Signature for dummies! • Proposed Solution • Distributed Pseudonym Manager • Distributed Nymble Manager • Analysis • Future Work • Summary

  3. Review of Nymble

  4. Nymble Weaknesses • Collusion between NM and PM • De-anonymizes the network • Reveals user behavior • TTPs are single point of failure • Scalability problem

  5. Related Work • BLacklistable Anonymous Credential (BLAC) • Pros: Eliminates the reliance of TTPs • Cons: Suffers from severe bottleneck at the side of Service Providers • PEREA • Pros: Computation is linear in the size of the blacklist • Cons: Performance is still a problem

  6. New goals • Maintaining security properties of original Nymble Design • Mis-authentication resistance • Blacklistability • Anonymity and Non-frameability • Enhancements • Unconditional Anonymity • Scalability & Robustness

  7. Proposed Solutions • Consists of two main parts: • Distributing Pseudonym Manager • Distributing Nymble Manager

  8. Ring Signature • By Rivest, Shamir and Tauman • A group member can sign a message on behalf of the group without revealing her identity. • Ring signature is created on demand! • No setup procedure or agreement

  9. Distributing Pseudonym Manager • Previously • Motivation If a pseudonym can represent an IP, why don’t we use it recursively? IP address PM pnym User

  10. Round 1 • Alice • Chooses a random index i • Connects to PMi directly with her IPA • Requests a pseudonym for the next round IPA PMi PM1 PM2 PMn Alice

  11. Round 1 (cont’d) • PMi • Generates a codename for Alice • Signs using a ring signature scheme • Informs all other PMs “IPA has been issued a pseudonym in round 1” IPA IPA IPA IPA PMj PM1 PM2 PMn Alice

  12. Round 1 (cont’d) • PMi • Waits for Acknowledgements from other PMs • Sends ‘codename’ back to Alice Ack IPA Ack Codename + Ack PMi PM1 PM2 PMn Alice

  13. Round 2 • Alice • Chooses another random index j • Connects to PMj anonymously using Tor • Requests a pseudonym to connect to NM codename PMj PM1 PM2 PMn Somebody

  14. Round 2 (cont’d) • PMj • Verifies the validity of <codename, signature> • Creates a pnymfor that ‘somebody’ • Signs pnym using a ring signature scheme • Informs all other PMs: “The guy with ‘codename’ has been issued a pseudonym in round 2” codename + codename codename PMj PM1 PM2 PMn codename Somebody

  15. Round 2 (cont’d) • PMj • Waits for Acknowledgement from other PMs • Sends <pnym, signature> back to the user Ack Ack pnym + PMj PM1 PM2 PMn Ack Somebody

  16. Aspects of DPM • Alice’s IP address is protected by one more security level • It’s not feasible for Alice to obtain more than one pseudonym with her IP

  17. Distributing NM PMi PMj Pseudonym acquisition Codename acquisition NM NymbleTicket acquisition

  18. Distributing NM Service Provider Server Authentication

  19. Distributing NM Service Provider Linking Token Extraction NM’ NM

  20. Distributing NM - Requirements

  21. Distributing NM (cont’d) • Seed  HkhkN(pnym,sid,w) • How should we generate the seed? • S1: Ask another NM to create the hash of server id with his own key • Seed will not be unique • S2: Ask another NM to create the hash of server id with the shared key • Vulnerable to brute force attack

  22. Analysis • Our Solution: • Provides collusion prevention without eliminating TTPs • No proof generation and proof verification needed • Better performance than BLAC and PEREA • Decreases the number of required signature • Eliminates unnecessary key sharing • Makes use of an efficient ring signature scheme with efficient size

  23. Future Work • Dynamic Forgiveness • Multiple Rounds for Pseudonym Registration • Optimal Ring Signature • Experimental Analysis

  24. Summary • We introduced an anonymous blocking system based on Nymble • Using distributed TTPs architecture • With collusion resistance feature • With less computation cost • With increased usability

  25. Thank You!

More Related