1 / 32

Xinwen Fu Anonymous Communication & Computer Forensics

91.580.203 Computer & Network Forensics. Xinwen Fu Anonymous Communication & Computer Forensics. Outline. Background Onion routing Attacks against anonymity Tor. Motivation.

gaille
Download Presentation

Xinwen Fu Anonymous Communication & Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 91.580.203 Computer & Network Forensics Xinwen Fu Anonymous Communication & Computer Forensics

  2. Outline • Background • Onion routing • Attacks against anonymity • Tor

  3. Motivation Protect the identity of participants in a distributed application, such as E-voting, E-shopping, E-cash, and military applications I know what’s going on!!! Eavesdropping

  4. IP Packet Header Structure Sender Address Receiver Address Current Network Status • Commercial routers not under government control • Unencrypted data is completely open • Encrypted data still exposes communicating parties

  5. Public Network Receiver Sender Traffic Analysis Attack • Public networks are vulnerable to traffic analysis attack. • In a public network: • Packet headers identify recipients • Packet routes can be tracked • Volume and timing signatures are exposed Encryption does not hide identity information of a sender and receiver.

  6. Traffic Analysis Attack (cont.) • Traffic Analysis reveals identities. • Who is talking to whom may be confidential or private: • Who is searching a public database? • What web-sites are you surfing? • Which agencies or companies are collaborating? • Where are your e-mail correspondents? • What supplies/quantities are you ordering from whom? • Knowing traffic properties can help an adversary decide where to spend resources for decryption, penetration,...

  7. Goals of Anonymity: Receiver Untraceability Evil Alice Bob Receivers are not observable – i.e. the attacker does not know if B received a message Senders are observable – i.e. the attacker knows that A sent a message to someone Example: radio

  8. Goals of Anonymity: Sender Untraceability Evil Bob Alice Example: Wireless routers using NAT Senders unobservable….

  9. Goals of Anonymity: Sender/Receiver Unlinkability Alice Evil Bob Senders and Receivers are observable, but not clear who is talking to whom

  10. Outline • Background • Onion routing • Attacks against anonymity • Tor

  11. Anonymous Communication Systems • A number of Anonymous Communication Systems have been realized. Several well-known systems are: • Anonymizer (anonymizer.com) • Onion-Routing (NRL) • Crowds (Reiter and Rubin) • Anonymous Remailer (MIT LCS) • Tor (MIT and EFF) • Freedom (Zero-Knowledge Systems) • Hordes (Shields and Levine) • PipeNet (Dai) • SafeWeb (Symantec)

  12. Basic Approach: Anonymizing Proxy anonymizing proxy • Channels appear to come from proxy, not true originator • May also filter traffic for identifying information • Examples: Penet Remailer (shut down), The Anonymizer, SafeWeb (Symantec)

  13. Anonymizer for Web Browsing anonymizing proxy: anonymizer.com • User connects to the proxy first and types the URL in a web form • Channels appear to come from proxy, not true originator • The proxy may also filter traffic to remove identifying information • It offers encrypted link to the proxy (SSL or SSH)

  14. Problems of Anonymizer Internet Phone System Proxy ISP Responders Encrypted link: user to proxy • ISP knows user connection times/volumes: Can easily eavesdrop on outgoing proxy connections and learn all • Proxy knows everything about connections • So, both are fully trusted (single points of failure)

  15. Chaum Mixes (David Chaum) • Underlying Idea for Mixmaster remailer, Onion Routing, ZKS Freedom, Web Mixes • Basic description: A network of mix nodes • Special Onion-like encryption: Cell (message/packet) wrapped in multiple layers of public-key encryption by sender, one for each node in a route • Decrypted layer tells mix next node in route • Reordering: Mixes hold different cells for a time and reorder before forwarding to respective destinations • Rerouting: use a few proxies

  16. Receiver Sender B to R B S to A A to B A Anonymity Network Onion Routing Based on Mix Networks • Sender selects a route through the mix network • An intermediate mix only knows where the packet comes from, and what is the next stop of the packet Traditional Spy Network

  17. Bob Alice (eA, dA) (eB, dB) eB(message) dB(eB(message))=message Review of Public Key Cryptography • PrivateKeyBob(PublicKeyBob(Message))=Message • PublicKeyBob(PrivateKeyBob(Message))=Message

  18. B to R M S to A S to R B A to B √ R R M M Onion-Like Encryption Receiver Sender B A

  19. Why Buffering and Reordering Packets? • Disrupt the timing correlation between packets into and out of a mix mix

  20. Crowds Blender Sender Web server • User machines are the network • "Blender" announces crowd members to all members • “Jondo" at machine flips weighted coin • If Heads forwards to random crowd member • If Tails connects to end Web address • All Jondos on path know path key • All connections from a source use same path for lifetime of that crowd

  21. Crowds Virtues • Good on sender protections • No single point of failure • Peer-to-peer design means minimal long-term network services • More lightweight crypto than mix-based systems

  22. Crowds Limitations • All users must run Perl code • Requires users to have longrunning high-speed Internet connections • Entirely new network graph needed for new or reconnecting Crowd member • Connection anonymity dependent on data anonymity • Anonymity protection limited to Crowd size • Rather weak on responder protections • Lacks perfect forward anonymity • The intermediate nodes knows the receiver

  23. Outline • Background • Onion routing • Attacks against anonymity • Tor

  24. Connectivity Analysis Attacks x x C to R B to C S to A A to B B to C & C to R S to A & A to B Adversary HQ Attacks against Mix Networks B Sender Receiver C A The adversary knows that Sender communicates with Receiver

  25. Outline • Background • Onion routing • Attacks against anonymity • Tor

  26. Tor: A Practical Anonymous Protocol • Some combination of Chaum’s Mix and Crowds • Encrypt data packets by symmetric keys • Implement forward and backward anonymity • Has P2P functions • Easy to use • Open source

  27. First Sight • A web server knows your ip: http://www.proxyway.com/www/check-ip-address/whatis-my-ip-address.html • Tor to hide your ip • Tor downloading webpage • http://tor.eff.org/download.html.en • Manual for Windows setup • http://tor.eff.org/docs/tor-doc-win32.html.en

  28. IE

  29. tor Privoxy Vidalia Tor Components Internet WWW Server

  30. Directory Server Tor Network • Onion router list: C:\Documents and Settings\fu\Application Data\Tor\cached-status Application Server Client Tor Network Legend: Client or Server or Onion Router Onion Router Directory Server

  31. References • D. Chaum, (1981), Untraceable electronic mail, return addresses, and digital pseudonyms, Communications of the ACM, Vol. 24, No. 2, February, pp. 84--88. • Andrei Serjantov, Roger Dingledine and Paul Syverson, From a Trickle to a Flood: Active Attacks on Several Mix Types , In Proceedings of the Information Hiding Workshop, 2002 • Andreas Pfitzmann et al., Anonymity, Unobservability, and Pseudonymity – A Proposal for Terminology, 2000, • Xinwen Fu, welcome to Xinwen Fu’s homepage, http://www.homepages.dsu.edu/fux/, 2007 • Cisco Systems, Inc., Catalyst 2950 and Catalyst 2955 Switch Software Configuration Guide, 12.1(19)EA1, 2007 • Cisco Systems, Inc., Catalyst 2900 Series Configuration Guide and Command Ref, 2007

More Related