130 likes | 147 Views
Crowds: Anonymity for Web Transactions. Michael K. Reiter Aviel D. Rubin. Jan 31, 2006. Presented by – Munawar Hafiz. Crowds: Anonymity for Web Transactions. Contributions * Introduces the concept of ‘Degree of Anonymity’ * Introduces the concept of Crowds
E N D
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006 Presented by – Munawar Hafiz
Crowds: Anonymity for Web Transactions Contributions * Introduces the concept of ‘Degree of Anonymity’ * Introduces the concept of Crowds * Analyzes the implementation * Comparison with other methods 2
Degrees of Anonymity Beyond Suspicion Sender appears no more likely to be the originator of a sent message than any other potential senders in the system. Probable Innocence Sender appears no more likely to be the originator than not to be the originator. Possible Innocence There is a nontrivial probability that the real sender is someone else. What type of privacy requirement is suitable for a particular application? 3
Anonymity loves company The sole mechanism of anonymity is blending and obfuscation. The Mix approach • Obfuscate the data • Blend the data with cover traffic The Onion Routing approach • Obfuscate the data • Use cell padding to make data look similar The Crowds approach • Data may be in clear text • Hide in a group and make everyone in the group equally responsible for an act. 4
Crowds in operation : Setup • Setup Phase • User first joins a crowd of other users and he is represented by a jondo process on his local machine. He registers to a server machine which is called a Blender. • User configures his browser to use the local jondo as the proxy for all new services. • The blender sends the data of other nodes in the crowd to the local jondo. • All other members in the crowd go through a Join Commit. 5
Crowds in operation : Communication • Communication Phase • User passes her request to a random member in the crowd. • The selected router flips a biased coin with forwarding probability pf . • With probability (1- pf ) , it delivers the message directly to destination. Otherwise it forwards the message to a randomly selected next router. 6
Distinct Characteristics of Crowds Use of encryption A single path key is used for end-to-end encryption At each node, path key is re-encrypted using link encryption Fast stream cipher for encrypting reply traffic Static Path Dynamic paths hurt the anonymity achieved Paths are changed during join and failure Protection against timing attacks Sender revealed if it is an immediate predecessor of malicious jondo. Introduce delays for thwarting attacks 8
Comparison with MIX networks Crowds and MIX solve different anonymity problems Crowds provide (probable innocence) sender anonymity MIX networks provide sender and receiver un-linkability Different type of protection against global passive eavesdropper Crowds provide no protection MIX networks provide protection again global eavesdropper Performance Crowds provide better performance Public key encryptions and decryptions affect performance. Different approach in routing (Efficiency) In Crowds paths are selected randomly In a re-mailer, the circuit has to be determined first. 9
Concepts coming out of Crowds Every node is a MIX Making the end nodes and the MIXes indistinguishable Distributed workload Used in MorphMix / Tarzan for Peer to Peer communication The leaky pipe architecture Any node is an exit node Used in Tor to provide better protection against Robustness No single point of failure Distributed Blender ?? Anonymity loves company The more the user base, the better the anonymity Highly scalable 10
Limitations of Crowds • Content in plaintext • Apply end-to-end encryption to protect content • Limitation : Gathering multimedia content • Restriction on using ActiveX controls etc. • Current Internet landscape is different from this requirement Break for brainstorming : What type of applications can use this approach ? • Vulnerable to DoS attacks • Malicious jondos can simply drop packets. • Performance overhead • Increased network traffic, increased retrieval time and load on jondos • Deployment problem with firewalls 11
Crowds for Social Networking A crowds network where all the participants know each other and are therefore trusted. Are you comfortable in a friendly crowd or unfriendly crowd ? A crowds network with trusted entities but not friends / acquaintances. A crowds network that includes adversaries and honest nodes, all un-trusted. Are you willing to take the risk of being logged by server ? What about content tampering risks ? 12
Discussion questions Crowds provide better options for deployment than an onion routing scheme like Tor. Yet you see Tor deployed in two continents and crowds a research prototype only. What is the reason? What would happen if membership in the crowd is controlled by the blender but in this case the blender is using public key authentication. Would the overall anonymity be improved? What are the factors that hinder crowd scalability? The crowds approach limit the subset of users that hides the message initiator. How does it affect anonymity ? Have we seen the end of crowds ? 13