1 / 41

Anonymous IM

Department of Computer Science. Group Project Presentation. Anonymous IM. Group Members. Ioannis Gyftakis Michail - Georgios Leivadas Chris Mantas Angelos Sakellaropoulos. Benefits of anonymous communication. Circumvent censorship of dissidents (eg. from oppressive government).

Download Presentation

Anonymous IM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Department of Computer Science Group Project Presentation Anonymous IM Group Members • Ioannis Gyftakis • Michail - Georgios Leivadas • Chris Mantas • Angelos Sakellaropoulos

  2. Benefits of anonymous communication • Circumvent censorship of dissidents (eg. from oppressive government) • Corporate "whistleblowing" of activities that are illegal or harmful to • society • Anonymous participation in elections / polls via PC • Law enforcement • (secret agents in drug cartels - sting operations and honeypots) • Assure anonymity in sensitive conversations

  3. The Anonymity problem I am talking to Alice but I don’t know who she really is or what is her IP I am talking to Bob but I don’t know who he really is or what is his IP Bob Live video Alice Mail Inst. messaging Scalable design Who is Bob and who is Alice? Are they talking to each other? Preserve forward secrecy Eve/ Mallory

  4. The Anonymity problem In the context of instant messaging the ultimate goals of anonymity is : To prevent the mapping between the application level user ID and the IP address (physical location) To ensure inability of deriving that two items of interest (e.g. IP addresses, user IDs), participate in a conversation with each other The fact that a user participates in an active conversation at a given time

  5. The team's tasks prioritized

  6. Threat model • Local Eavesdropper Initiator LAN • Intermediate (possibly collaborating) compromised nodes • Malicious responder Responder Initiator

  7. Background MixNet and Onion Routing Systems

  8. Background – General MixNets[3] B B B A E B C E B E D

  9. Background General Onion Routing [12] Alice R2 R4 R1 R3 Bob {M}pk(B) {B,k4}pk(R4),{ }k4 {R4,k3}pk(R3),{ }k3 {R3,k2}pk(R2),{ }k2 {R2,k1}pk(R1),{ }k1

  10. Background – Related work I2P [7] CONNECT Tunel Bob Alice Inbound Gateway Inbound Participant Outbound Participant Outbound Gateway Establishing a Connection Network Database

  11. Background – Related work Mix rings [8] 2 Mixnet Tunel 3 4 Initiator 1

  12. Related Work - Timeline Mix Rings [8] Invisible Mix Rings [13] Mixnets [3] Mixnets with Restricted Routes [15] Mix Cascades [14] AnonIM • Enhancement of Mix Rings • Hybrid P2P system that introduces Cluster Escape and Random Extend mechanisms into Mix Rings • Unlike MixNets users not free to choose which route to take. • Forced to route their messages through a predefined sequence of mixes. • Highlights that a middle ground exists between free mix networks, and extremely restrictive mix cascades. • The theory is based on the properties of Expander Graphs Tarzan [5] Invincible Internet Project [7] • All peers are potential originators of traffic • All peers are potentional relays • Tries to make nodes to be in diverse subnets • Uses DHT, Gossip Protocol later • Generic protocol not strictly coupled to a specific app. Tor instead of IP [9] Tor [6] Onion Routing [12] • ISP design level • Uses mailboxes and polling mechanisms for tackling DoS attacks 1981 1997 2002 2003 2004 2006 2011 2012

  13. Simulator • Real data from Rocketfuel[16] project (got them from running many traceroutes) • We plan to run our (semi)final version of our implementation on PlanetLab • Latency • Throughput • Fault Tolerance

  14. Evaluation

  15. Our Protocol Design Onion Rings We propose constructing an onion routing ring of randomly chosen nodes

  16. Bootup • Alice registers herself with the directory service. • H(IP)  IP , Alice’s Pkey • Pkey is NOT for Instant messages

  17. Bootup • The directory service (only) stores her for other nodes to use her as a relay • A once-per user policy is enforced • Either the directory service is trusted or each user also has some kind of certificate • You probably need to trust someone…

  18. Looking up random Nodes

  19. Looking up random Nodes (2) And so on …

  20. Ring Establishment Messages • Alice sends messageM1 to I1 • I1decrypts M1 with its PK • Inside M1, the message M2 is included • M1establishes a rule on I1 • Whatever I give you from now on, try and decrypt with SK1 • See if there is something for you in the message and forward rest to I2 • Else forward to I2

  21. Ring Establishment

  22. Alice has built herself a (blue) ring

  23. Cover Traffic • Inside the ring • Outbound • Inbound (hopefully)

  24. Entry Point • In node “In” a rule is established: • Forward any outside messages in the ring

  25. How will Bob find Alice? • Alice and Bob share a secret:RAB (agreed offline) • Bob will use H(Alice, RAB) to lookup Alice • Alice needs a way to inform Bob of her in-proxy, “In” • Enter The Rendezvous Service

  26. The Big Picture Lookup H( Bob, RAB ) Lookup H( Alice, RAB )

  27. Project Management A Tailored Feature Driven Development approach

  28. Development Approach - Tailored Feature Driven Development Method Process 1: Overall Model Entry requirements Exit criteria Project manager • Class diagrams with model shape • Informal features list Roles have been finalized Development manager Development manager is responsible for the above to be correct Software engineer Proceed to next process System architect Task 2 Develop small group using pair programming technique Task1 • Study Documents (Research) • Domain Walkthrough Task 3 Informal features list

  29. Development Approach - Tailored Feature Driven Development Method Process 2: Build feature list Process 3: Plan by feature Entry requirements Entry requirements Successfully completed process #1 The features-list has already been created Task 1 Task 1 • Determine the development sequence • Assign workload on a feature set • Identify features, form feature sets Task 2 Task 2 • Prioritize features, divide complex features ( simulator , implementation) • Prioritize features, divide complex features Exit criteria Exit criteria Feature sets with completion dates Development managers assigned to feature sets • Identify features, form feature sets A detailed development plan

  30. Features List Simulator’s feature set Implementation’s feature set Simulate point-to-point & end-to-end latencies (possibly based on “Rocketfuel”) Directory service Rendezvous service Ring establishment (complex feature) Simulate creating & resetting anonymizing 'onion rings' Messages among participants of the ring Incoming & outgoing traffic Simulate end-to-end message reception End-to-end message reception Recovery from a failure node Simulate node failure & ring recovery End user interface

  31. Development Approach - Tailored Feature Driven Development Method Process 4: Design by feature Process 5: Build by feature Entry requirements Entry requirements Successfully completed process 3 Successfully completed process 4 For every feature Task 1 Task 1a Task 1b Task 2 Implement classes & methods Refine the object model Design Inspection Study the reference documents Task 2 Code refactoring Task 3 Unit Test Done in pairs Exit criteria Exit criteria • Supporting documentation • A to-do list for the next process (optional) • The pair team must complete the development of one or more features

  32. Team Structure Development manager Project manager Ioannis Angelos Members are assigned a role in a rotational fashion • Phase 1 • Phase 2 • Phase 3 Michail-Georgios Chris Software engineer System architect

  33. Gantt chart Phase 1 - Groundwork Phase 2 - Core Design Phase 3 - Simulation Phase 4 - Implementation & Testing These phases start together Phase 5 - Evaluation & Optimization Phase 6 - Final Documentation

  34. Detailed Gantt chart (Phases)

  35. Basic Class Diagram DIRECTORY SERVER NODE MIX RING UML Notation Reminder: INITIATOR Inheritance Aggregation Composition

  36. Resources Gantt chart Phase 3: Simulator Feature 1 Phase 4: All the team members work on IM implementation John Angelos Phase 4: IM Implementation Feature 1 Chris Michail - Georgios

  37. Risk Management

  38. Collaboration Tools • Source code management system (SCM) • Online repository • Code backup • Version control • Wikispaces - url: anonim-ncs.wikispaces.com • Google groups - mailing lists • Skype conferences

  39. References [1] C Low-cost traffic analysis of Tor - Murdoch, Danezis - 2005 [2] Andreas Pfitzmann, Marit Hansen. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, Aug 2010 [3] D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 4(2), February 1981. [4] M. Reiter and A. Rubin. Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security, 1(1), June 1998 [5] M. J. Freedman and R. Morris. Tarzan: A peer-to-peer anonymizing network layer. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), Washington, DC, November 2002. [6] R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 2004 [7] Invincible Internet Project : A SCALABLE FRAMEWORK FOR ANONYMOUS COMMUNICATION Introducing I2P (non-academic research)

  40. References [8] Burnside, M., Keromytis, A.D.: Low latency anonymity with mix rings. Information Security. In: Katsikas, S.K., López, J., Backes, M., Gritzalis, S., Preneel, B. (eds.) ISC 2006. LNCS, vol. 4176, pp. 32–45. Springer, Heidelberg (2006) [9] Vincent Liu, Seungyeop Han, Arvind Krishnamurthy, Thomas Anderson.Tor Instead of IP. SIGCOMM HotNets-X, Nov 2011 [10] C. Dixon, T. Anderson, and A. Krishnamurthy. Phalanx: Withstanding multimillion-node botnets. In NSDI, 2008. [11] MatthewK. Wright, Micah Adler, and Brian Neil Levine. The predecessor attack: An analysis of a threat to anonymous communications systems. TISSEC. Nov 2004 [12]. Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE J. Sel. Area Comm. 16, 482–494 (1998) [13] Ming Zheng, HaixinDuan, Jianping Wu: Anonymous Communication over Invisible Mix Rings. ICA3PP'11 George Danezis. Mix-networks with Restricted Routes. Proceedings of Privacy Enhancing Technologies workshop (PET March 2003)

  41. References [14] G. Danezis. Mix-networks with Restricted Routes . PET 2003 [15] George Danezis. Mix-networks with Restricted Routes. Proceedings of Privacy Enhancing Technologies workshop (PET March 2003) [16] N. Spring, R. Mahajan, D. Wetherall, T. Anderson. Measuring ISP Topologies with Rocketfuel. IEEE/ACM TON 2004

More Related