240 likes | 257 Views
Privacy & Anonymity in the WWW. Ch. 12, Oppliger. Privacy & Anonymity. 12.1 Intro 12.2 Early work 12.4 Anonymous browsing 12.5 Anonymous Publishing 12.6 Voluntary privacy standards 12.3 Cookies. Intro 1/7.
E N D
Privacy & Anonymityin the WWW Ch. 12, Oppliger CSCI 5234 Web Security
Privacy & Anonymity 12.1 Intro 12.2 Early work 12.4 Anonymous browsing 12.5 Anonymous Publishing 12.6 Voluntary privacy standards 12.3 Cookies CSCI 5234 Web Security
Intro 1/7 • When a client access a web site, all kinds of information regarding the client may be collected without the client’s knowledge • Examples: client software (browser type, OS), IP address, computer name, screen width, length, Trace route, domain config., … CSCI 5234 Web Security
Intro 2/7 • Legislations • Many countries have data privacy or data protection laws that make it a legal obligation for entities storing, processing, and transmitting personal data to adequately protect the privacy of the data. • The EU relies on comprehensive legislation that, for example, requires creation of government data protection agencies, registration of databases with those agencies, and in some instances prior approval before personal data processing may begin. E.g., The European Commission’s Directive on Data Protection became effective in 10/98. • The US takes a sectoral approach to privacy by relying on a mix of legislation (e.g., HIPPA), regulation, and self-regulation. • Challenges for international businesses • Solution: a safe harbor framework to bridge the discrepancy (still ongoing effort) CSCI 5234 Web Security
Intro 3/7 • http://privacy.net/ • Provides free privacy & other network-related analysis • Sample privacy analysis • How does it work? CSCI 5234 Web Security
Intro 4/7 • Local network administrators, web managers, and ISPs have access to even more information about the users. • Networking devices are usually configured to log relevant information. • An ongoing legal discussion about how far they may go… CSCI 5234 Web Security
Intro 5/7 • Traffic Analysis [RFC 2828 Internet Security Glossary] $ traffic analysis (I) Inference of information from observable characteristics of data flow(s), even when the data is encrypted or otherwise not directly available. Such characteristics include the identities and locations of the source(s) and destination(s), and the presence, amount, frequency, and duration of occurrence. (See: wiretapping.) (O) "The inference of information from observation of traffic flows (presence, absence, amount, direction, and frequency)." [I7498 Part 2] $ traffic flow confidentiality (I) A data confidentiality service to protect against traffic analysis. (O) "A confidentiality service to protect against traffic analysis." [I7498 Part 2] $ traffic padding (I) "The generation of spurious instances of communication, spurious data units, and/or spurious data within data units." [I7498 Part 2] CSCI 5234 Web Security
Intro 6/7 • Traffic analysis may reveal sensitive data. • Some protocols, such as electronic cash, must guard against ‘traffic analysis’ in order to work properly • A threat that is very difficult to protect against • Q: Would encrypting IP packets between a browser and a web server protect against traffic analysis? CSCI 5234 Web Security
Intro 7/7 • Specialized security mechanisms are required to protect communicating peers against traffic analysis • 3 types of anonymity services: • Sender anonymity • Receiver anonymity • Connection anonymity - unlinkability of sender & receiver CSCI 5234 Web Security
Early attempts of anonymous emails 1/5 • Anonymous remailer e.g., anon.penet.fi An anonymous e-mail forwarding service A simple SMTP proxy server that stripped off all header info of incoming e-mail messages before forwarding them toward their destinations Q: What type of anonymity service is provided by anonymous remailer? • Chaum mixing network CSCI 5234 Web Security
Early attempts 2/5 • Chaum mixing network • a more sophisticated approach for anonymous emails • A Chaum mix is an anonymous remailer. • A Chaum mixing network consists of a set of Chaum mixes. • The sender of the message chooses a route through a series of mixes M1, …, Mn to the intended recipient. CSCI 5234 Web Security
Early attempts 3/5 • Chaum mixing network • The message is encrypted layer by layer using each mix’s pubic key • Example (where n = 2, B is the recipient): M1, {M2, {B, {mesg}KB}KM2}KM1 • The message is first sent to M1, which decrypts it using its private key, and then sends {B, {mesg}KB}KM2 to M2 • M2 then decrypts it and forward {mesg}KB to B CSCI 5234 Web Security
Early attempts 4/5 • Issues: How would the recipient respond to the sender? • Various approaches were proposed: • The recipient may post the response (with a specific subject line) to a newsgroup • An inverse untraceable backward route The return path information (RPI) contains block of information, which must accompany the original message. CSCI 5234 Web Security
Early attempts 5/5 • Can the ‘anonymous remailer’ approach be used in providing anonymity services on WWW? • Ans: not quite… • c.f., CSCI 5234 Web Security
Anonymous browsing 1/7 • Technologies that can be used • To protect the privacy of Web users, and • To provide support for anonymous browsing accordingly • Examples: • Anonymizing HTTP proxy servers • JAP • Crowds • Onion routing • Freedom Network CSCI 5234 Web Security
Anonymous browsing 2/7 • Anonymizing HTTP proxy servers • An HTTP proxy server that removes all parts of an HTTP request message that may directly or indirectly reveals information about the browser • Requirements: The removed info are not required by the Web server to serve the request and to respond appropriately. • Such a server can hide the browser’s IP address. • Responses from the Web server are forwarded by the proxy server. • Most anonymizing HTTP proxy servers rely on nested URLs. CSCI 5234 Web Security
Anonymous browsing 3/7 • Anonymizing HTTP proxy servers • A nested URL is one where the document part refers to another URL • http://proxy.ABC.org/http://www.uhcl.edu • The browser first connects to the proxy server (http://proxy.ABC.org), which in turn connects to the Web server at /http://www.uhcl.edu. • ‘Chained’ HTTP proxy servers: useful when the user does not trust any single proxy server • http://proxy.ABC.org/http://proxy.XYZ.net/http://www.uhcl.edu • Overhead? CSCI 5234 Web Security
Anonymous browsing 4/7 • JAP • Developed by a group at Univ. of Technology Dresden • http://anon.inf.tu-dresden.de/index_en.html • Java-based • In essence, a Chaum mixing network for HTTP • JAP uses a single static address which is shared by many JAP users. That way neither the visited website, nor an eavesdropper can determine which user visited which website. • Instead of connecting directly to a Web server, users take a detour, connecting with encryption through several intermediaries mixes. • A relationship between a connection and its user could only be determined if all intermediaries worked together to sabotage the anonymization. But, the intermediaries (mix providers) are generally provided by independent institutions which officially declare, that they do not keep connection log files or exchange such data with other mix providers. CSCI 5234 Web Security
Anonymous browsing 5/7 • Crowds • Developed in late 90s by a group at AT&T Research • A ‘crowd’ is a large group of geographically diverse users. • Basic ideas: • To probabilistically chain multiple anonymizing HTTP proxy servers a unique feature • To encrypt all data that is sent forth and back between the proxy servers • Procedure: • Each user is represented by a local process called jondo. • Jondo contacts the blender server to request admittance to the crowd. • Jondo works as a local proxy server; any request originating from the browser is sent directly to its jondo. CSCI 5234 Web Security
Anonymous browsing 6/7 • Crowds • Procedure (Cont.): • The local Jondo picks a jondo from the crowd, possibly itself at random, and forwards the request to it. • Each jondo then determines randomly whether to forward the request to another jondo or to the Web server. • So, a random path of jondos between the browser and the Web server is established randomly. • The return path is the same, only in reverse. • All communications between two jondos (J1, J2) are encrypted by a shared key, KJ1, J2. membership management overhead • To reduce the overhead, Crowds uses a simple and centralized solution. CSCI 5234 Web Security
Anonymous browsing 7/7 • Crowds • membership management • The blender serves as the centralized membership and key manager of a Crowd. • Each user’s jondo must be authenticated by the blender (id, password). • The blender generates a list of shared keys for a new jondo; each of the keys is to be shared between the new jondo and another jondo. • Strengths? Separation of key management from the actual Web transactions • Issues? Corrupted blender, attacked blender, firewall bypassing, … • Future improvements: Diffie-Hellman key exchange directly between a pair of jondos • A thought: authentication between sensor nodes in a sensor net? CSCI 5234 Web Security
Anonymous Publishing 1/5 • The problem: How to anonymously publish on the Web? • The current WWW architecture provides little support for anonymous publishing. • For example: The URL identifies the Web server where the resource is located. • Several attempts: • JANUS and the rewebber service • TAZ servers and the rewebber network • Publius CSCI 5234 Web Security
Anonymous Publishing 1/5 • JANUS • The Rewebber service provides anonymity services for both browsers and Web servers. • The Rewebber services actss as an anonymizing HTTP server. anonymous browsing • To support anonymous publishing, the Rewebber service makes use of encrypted URLs that are part of nested URLs. • e.g., http://proxy.ABC.edu/http://www.dcsl.net/sample.htm • http://proxy.ABC.edu/url_encrypted/rxmy2198za • The anonymizing proxy server takes care of decryption and encryption of the URLs. CSCI 5234 Web Security
Cookies 1/5 CSCI 5234 Web Security