420 likes | 586 Views
Department of Computer Science. Group Project Presentation. Anonymous IM. Group Members. Ioannis Gyftakis Michail - Georgios Leivadas Chris Mantas Angelos Sakellaropoulos. Benefits of anonymous communication. Circumvent censorship of dissidents (eg. from oppressive government).
E N D
Department of Computer Science Group Project Presentation Anonymous IM Group Members • Ioannis Gyftakis • Michail - Georgios Leivadas • Chris Mantas • Angelos Sakellaropoulos
Benefits of anonymous communication • Circumvent censorship of dissidents (eg. from oppressive government) • Corporate "whistleblowing" of activities that are illegal or harmful to society • Confidential business negotiations • Anonymous participation in elections / polls etc. • Law enforcement • (secret agents in drug cartels - sting operations and honeypots) • Assure anonymity in sensitive conversations • (psychological support "hotline")
The Anonymity problem I am talking to Alice but I don’t know who she really is or what is her IP I am talking to Bob but I don’t know who he really is or what is his IP Bob Live video Alice Inst. messaging Mail Scalable design Who is Bob and who is Alice? Are they talking to each other? Preserve forward secrecy Eve/ Mallory
The Anonymity problem In the context of instant messaging the ultimate goals of anonymity is to protect: • The mapping between the application level user ID and the IP address (physical location) • The inability to confirm that two items of interest (e.g. IP addresses, user IDs), participate in a conversation with each other • The fact that a user participates in an active conversation at a given time
Threat model • Local Eavesdropper Initiator LAN • Intermediate (possibly collaborating) compromised nodes • Malicious responder Responder Initiator 07/30
Background MixNet and Onion Routing Systems
Background – General MixNets[3] B B B A E B C E B E D
Background General Onion Routing [12] Alice R2 R4 R1 R3 Bob {M}pk(B) {B,k4}pk(R4),{ }k4 {R4,k3}pk(R3),{ }k3 {R3,k2}pk(R2),{ }k2 {R2,k1}pk(R1),{ }k1
Background – Related work I2P [7] CONNECT Tunel Bob Alice Inbound Gateway Inbound Participant Outbound Participant Outbound Gateway Establishing a Connection Network Database
Background – Related work Mix rings [8] 2 Mixnet Tunel 3 4 Initiator 1
Related Work - Timeline Mix Rings [8] Invisible Mix Rings [13] Mixnets [3] Mixnets with Restricted Routes [15] Mix Cascades [14] AnonIM • Enhancement of Mix Rings • Hybrid P2P system that introduces Cluster Escape and Random Extend mechanisms into Mix Rings • Unlike MixNets users not free to choose which route to take. • Forced to route their messages through a predefined sequence of mixes. • Highlights that a middle ground exists between free mix networks, and extremely restrictive mix cascades. • The theory is based on the properties of Expander Graphs Tarzan [5] Invincible Internet Project [7] • All peers are potential originators of traffic • All peers are potentional relays • Tries to make nodes to be in diverse subnets • Uses DHT, Gossip Protocol later • Generic protocol not strictly coupled to a specific app. Tor instead of IP [9] Tor [6] Onion Routing [12] • ISP design level • Uses mailboxes and polling mechanisms for tackling DoS attacks 1981 1997 2002 2003 2004 2006 2011 2012
Simulator • Real data from Rocketfuel[16] project (got them from running many traceroutes) • We will deploy the final version of our implementation on a limited topology • Latency • Throughput • Fault Tolerance 09/30
Our Protocol Design Onion Rings We propose constructing an onion routing ring of randomly chosen nodes
Bootup • Alice registers herself with the directory service. • H(IP) IP , Alice’s Pkey • Pkey is NOT for Instant messages
Bootup • The directory service (only) stores her for other nodes to use her as a relay • A once-per user policy is enforced • Either the directory service is trusted or each user also has some kind of certificate • You probably need to trust someone…
Looking up random Nodes (2) And so on …
Ring Establishment Messages • Alice sends messageM1 to I1 • I1decrypts M1 with its PK • Inside M1, the message M2 is included • M1establishes a rule on I1 • Whatever I give you from now on, try and decrypt with SK1 • See if there is something for you in the message and forward rest to I2 • Else forward to I2
Cover Traffic • Inside the ring • Outbound • Inbound (hopefully)
Entry Point • In node “In” a rule is established: • Forward any outside messages in the ring
How will Bob find Alice? • Alice and Bob share a secret:RAB (agreed offline) • Bob will use H(Alice, RAB) to lookup Alice • Alice needs a way to inform Bob of her in-proxy, “In” • Enter The Rendezvous Service
The Big Picture Lookup H( Bob, RAB ) Lookup H( Alice, RAB )
Project Management A Tailored Feature Driven Development approach
Development Approach - Tailored Feature Driven Development Method Process 1: Overall Model Entry requirements Exit criteria Project manager • Class diagrams with model shape • Informal features list Roles have been finalized Development manager Development manager is responsible for the above to be correct Software engineer Proceed to next process System architect Task 2 Develop small group using pair programming technique Task1 • Study Documents (Research) • Domain Walkthrough Task 3 Informal features list
Development Approach - Tailored Feature Driven Development Method Process 2: Build feature list Process 3: Plan by feature Entry requirements Entry requirements Successfully completed process #1 The features-list has already been created Task 1 Task 1 • Determine the development sequence • Assign workload on a feature set • Identify features, form feature sets Task 2 Task 2 • Prioritize features, divide complex features ( simulator , implementation) • Prioritize features, divide complex features Exit criteria Exit criteria Feature sets with completion dates Development managers assigned to feature sets • Identify features, form feature sets A detailed development plan
Features List Simulator’s feature set Implementation’s feature set Simulate point-to-point & end-to-end latencies (possibly based on “Rocketfuel”) Directory service Rendezvous service Ring establishment (complex feature) Simulate creating & resetting anonymizing 'onion rings' Messages among participants of the ring Incoming & outgoing traffic Simulate end-to-end message reception End-to-end message reception Recovery from a failure node Simulate node failure & ring recovery End user interface
Development Approach - Tailored Feature Driven Development Method Process 4: Design by feature Process 5: Build by feature Entry requirements Entry requirements Successfully completed process 3 Successfully completed process 4 For every feature Task 1 Task 1a Task 1b Task 2 Implement classes & methods Refine the object model Design Inspection Study the reference documents Task 2 Code refactoring Task 3 Unit Test Done in pairs Exit criteria Exit criteria • Supporting documentation • A to-do list for the next process (optional) • The pair team must complete the development of one or more features
Team Structure Development manager Project manager Ioannis Angelos Members are assigned a role in a rotational fashion • Phase 1 • Phase 2 • Phase 3 Michail-Georgios Chris Software engineer System architect
Gantt chart Phase 1 - Groundwork Phase 2 - Core Design Phase 3 - Simulation Phase 4 - Implementation & Testing These phases start together Phase 5 - Evaluation & Optimization Phase 6 - Final Documentation
Resources Gantt chart John Angelos Chris Michail - Georgios
Collaboration Tools • Source code management system (SCM) • Online repository • Code backup • Version control • Wikispaces - url: anonim-ncs.wikispaces.com • Google groups - mailing lists • Skype conferences
References [1] C Low-cost traffic analysis of Tor - Murdoch, Danezis - 2005 [2] Andreas Pfitzmann, Marit Hansen. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, Aug 2010 [3] D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 4(2), February 1981. [4] M. Reiter and A. Rubin. Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security, 1(1), June 1998 [5] M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, November 2002. [6] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 2004 [7] Invincible Internet Project : A SCALABLE FRAMEWORK FOR ANONYMOUS COMMUNICATION Introducing I2P (non-academic research)
References (2) [8] Burnside, M., Keromytis, A.D.: Low latency anonymity with mix rings. Information Security. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 32–45. Springer, Heidelberg (2006) [9] Vincent Liu, Seungyeop Han, Arvind Krishnamurthy, Thomas Anderson.Tor Instead of IP. SIGCOMM HotNets-X, Nov 2011 [10] C. Dixon, T. Anderson, and A. Krishnamurthy. Phalanx: Withstanding multimillion-node botnets. In NSDI, 2008. [11] MatthewK. Wright, Micah Adler, and Brian Neil Levine. The predecessor attack: An analysis of a threat to anonymous communications systems. TISSEC. Nov 2004 [12]. Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE J. Sel. Area Comm. 16, 482–494 (1998) [13] Ming Zheng, HaixinDuan, Jianping Wu: Anonymous Communication over Invisible Mix Rings. ICA3PP'11 George Danezis. Mix-networks with Restricted Routes. Proceedings of Privacy Enhancing Technologies workshop (PET March 2003)
References (3) [14] G. Danezis. Mix-networks with Restricted Routes . PET 2003 [15] George Danezis. Mix-networks with Restricted Routes. Proceedings of Privacy Enhancing Technologies workshop (PET March 2003) [16] N. Spring, R. Mahajan, D. Wetherall, T. Anderson. Measuring ISP Topologies with Rocketfuel. IEEE/ACM TON 2004