Anonymity in the Internet - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Anonymity in the Internet

Description:

Usability of the system is a key requirement (to get users at all) ... No utopia: Church of Scientology vs. anon.penet.fi case ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 22
Provided by: infse
Category:

less

Transcript and Presenter's Notes

Title: Anonymity in the Internet


1
Anonymity in the Internet
Marc Rennhard, TIK rennhard_at_tik.ee.ethz.ch 15th
April 2003

2
Outline
  • Introduction what is anonymity?
  • Proxy-based approaches
  • The traffic analysis problem
  • Mix-networks basics
  • Measures against traffic analysis
  • Different types of mix-networks
  • Conclusions

3
Introduction (1)
  • Different kinds of anonymity
  • Sender (client) anonymity
  • Recipient (server) anonymity
  • Relationship anonymity
  • This talk deals with
  • sender and relationship anonymity
  • for near-real time applications (e.g. web
    browsing)
  • It also deals with anonymity at the network layer
  • No protection from applications disclosing
    information (cookies, web forms, malicious code)
  • There are other technologies that deal with those
    problems (LPWA, pseudonyms, or simply blocking
    cookies and java applets)

4
Introduction (2)
  • Goals of anonymity at the network layer
  • Hide the clients IP address from the server
  • Make it difficult/impossible for an adversary to
    trace packets as they travel between client and
    server
  • Why anonymity?
  • Real life is often anonymous (browsing through a
    store, looking up information in the library,
    checking job offers in the newspaper)
  • Internet users are profiled daily imagine your
    dossier in 20 years!
  • What do you think about somebody who is suddenly
    checking several medical sites for information
    about a particular lethal disease?
  • Would you offer this person a job?
  • If you are careful and take your time, you can
    have anonymity/privacy today but it is very
    inconvenient!

5
The Anonymity Set
  • One is only anonymous within the group of people
    using a particular anonymity-providing service!
  • This group is called the anonymity set
  • Larger anonymity sets imply better anonymity
  • Anonymity only works if a service can attract
    many users!
  • Without any users, there is no anonymity at all
  • Anonymity-providing services introduce always
    overhead and a performance penalty for the user
  • In general, better resistance to attacks means
    more overhead and perfomance penalty, which again
    could scare away many users
  • Usability of the system is a key requirement (to
    get users at all)
  • Better resistance to attacks not necessarily
    means more anonymity (more overhead, worse
    performance, fewer users can be supported)

6
Single Proxy
  • Client and proxy establish a shared secret (key)
  • Data are encrypted between client and proxy
  • Good efficient, S sees only P, protection from
    your ISP, ETH, company
  • Bad Proxy knows everything, scalability problems
  • Example Anonymizer.com

7
Proxy Cascade with Layered Encryption
  • Client establishes a key with every proxy
  • Clients encrypts data for each proxy, starting
    with the last
  • Additional benefits each proxy only knows the
    previous and next hop (one trustworthy proxy is
    enough!)
  • Still bad scalability problems
  • Less efficient than single proxy (longer
    end-to-end delay)

8
The Traffic Analysis Problem
  • An eavesdropper observing P1 and P3 can usually
    break the anonymity...
  • ... because although encrypted, the length of the
    messages is still visible...
  • ...and messages entering at one end exit shortly
    afterwards at the other end
  • Single proxy observing one proxy is enough
    (possible for ISP hosting P)
  • Proxy cascade observe two proxies, but they are
    well known

9
Mix-Network (1)
  • In 1981 by David Chaum, originally to send e-mail
    messages anonymously
  • Resulted in a variety of remailers of different
    flavours (Cypherpunk, Mixmaster)
  • Variations of the original design to support
    low-latency applications such as web browsing ?
    circuit-based systems
  • Onion Routing, Web Mixes, Freedom network,
    Anonymity Network
  • Made up of mixes that are distributed in the
    Internet
  • A mix is similar to a proxy, but with additional
    functionality

10
Mix-Network (2)
11
Mix-Network (3)
  • The chain of mixes from a client to aserver is
    called anonymous tunnel
  • A single encrypted connection is used to
    transport the data of multiple anonymous tunnels
    between two mixes ? an eavesdropper
    cannotidentify distinct anonymous tunnels!
  • Advantages over proxy cascade
  • Scales better, because more mixes can be added to
    extend the mix network and support more users (in
    the same anonymity set!)
  • The mixes in any anonymous tunnel are not known
    to the adversary ? the adversary cannot easily
    know where to perform traffic analysis

12
Measures against Traffic Analysis (1)
  • Messages (e.g. web requests/replies)are chopped
    in fixed-length packets
  • Traffic analysis at a mix based on thepacket
    length is defeated
  • This also significantly reduces end-to-enddelay
  • Packets change their encoding when traversing a
    mix
  • Using layered encryption and additionally encrypt
    the mix-network-internal protocol headers between
    two adjacent mixes
  • This defeats traffic analysis based on the
    pattern of packets
  • Packets entering a mix that belong to different
    anonymous tunnels are reordered before they are
    forwarded
  • This beats traffic analysis by looking at the
    sequence of incoming and outgoing packets

13
Measures against Traffic Analysis (2)
  • But even with these measures, end-to-end
    traffic analysis is still possible
  • If the adversary happens to observe M1and M3,
    the red anonymous tunnel canprobably be broken
  • To solve this problem, dummy traffic can be used
  • Contain random bit strings and for an observer
    are indistinguishable from real packets
  • Either between two mixes or client and first mix
    in the tunnel
  • or end-to-end dummies between the client and the
    last mix in the tunnel
  • This results in constant, bi-directional packet
    streams between any two mixes or the clients and
    their first mix
  • ? Correlation based on the length of messages is
    no longer possible!

14
Measures against Traffic Analysis (3)
  • In theory, it is possible to achieveperfect
    anonymity against very power-ful adversaries
    (global observer or partial internal attacker)!
  • Requires vast amounts of end-to-enddummies
  • Requires clients to be connected indefinitely
  • Requires operating the mix-network synchronously
  • Synchronous operation
  • Requires adaptation of all links to the weakest
    link in the system
  • This is not only extremely difficult to achieve,
    but opens holes for new attacks (DoS)

15
Measures against Traffic Analysis (4)
  • Even if synchronous operation werepossible
  • the quality of service of such a mix-net-work
    would be poor because temporarlyblocked links
    happen naturally all the timein the Internet
  • which would require to stall the mix network
    again and again
  • and as a result, users would simply no longer
    use such a system!
  • Conclusions
  • In practical mix-networks for low-latency
    applications, perfect anonymity seems to be very
    difficult/impossible to achieve
  • In practical systems, dummy traffic helps
    somewhat against certain adversaries, but its
    benefits do not seem to outweigh its high costs
    (overhead)

16
Different Types of Mix-Networks
  • We can distinguish between 2 types of
    mix-networks
  • Static mix-networks
  • Made up of a relatively small number of highly
    available, powerful mixes with good network
    connectivity that serve a much larger number of
    users (e.g. 100 mixes, 100000 users)
  • Can be either operated commercially or by
    volunteers
  • Dynamic mix-networks
  • Peer-to-peer based, every client is also a mix
  • Different threat models apply depending on the
    operation of a mix-network
  • External eavesdropper (global or partial)
  • Internal attacker operating a subset of the mixes

17
Commercial Static Mix-Networks
  • Zeroknowledge Systems Freedom network
  • 150 mixes in North America, Europe, Japan
  • Contracts with various ISPs, at least T1 (1.544
    Mb/s) connectivity
  • No cover traffic
  • Shutdown October 2001 after 2 years due to high
    costs and limited return
  • Internal attacker unliklely ? eavesdropper threat
    model applies
  • Several mixes distributed across three continents
    ? unlikely an adversary can control more than,
    say, 10 of all mixes
  • 10 eavesdropping on all mixes ? 1 of all
    tunnels compromised
  • But can you sell good but not perfect
    anonymity?
  • With dummy traffic protection from attacks
    increases at the cost of smaller anonymity sets
    and higher costs per user
  • ? Commercial mix-networks do not seem to be the
    right way to go

18
Static Mix-Networks operated by Volunteers
  • No large mix-network operated by volunteers so
    far
  • Problem aquiring many mixes (e.g. 100 with 1-10
    Mb/s)
  • Operated not by private persons, but maybe by
    companies or universities
  • But many that could are not willing to do so!
  • Bad press about supporting terrorists, legal
    attacks on mix operators
  • No utopia Church of Scientology vs.
    anon.penet.fi case
  • But beyond that internal attackers are a threat!
  • A government could hire private persons to
    operate mixes
  • There is no defence against this attack
  • except making the attack too difficult/too
    expensive
  • ? Static mix-networks operated by volunteers also
    do not seem the right way to go

19
Dynamic Mix-Networks (1)
  • Peer-to-peer based, every client isalso a mix
  • Advantages compared to staticmix-networks
  • In theory, no limits in number of usersit can
    support
  • As in every peer-to-peer system, barrier to join
    is low
  • Legal attacks are unlikely
  • Potentally huge number of mixes ? controlling a
    significant number of all mixes (internal
    attacker) becomes expensive
  • Entry points (connections between client and
    first mix) are no longer visible, which makes
    end-to-end traffic analysis attacks more
    difficult to mount

20
Dynamic Mix-Networks (2)
  • But there are new difficulties
  • Dynamic means nodes can join and leave at any
    time (tunnels are lessstable)
  • Discovering other nodes, some nodes offer poor
    service, which degrades thequality of service of
    a tunnel
  • Nevertheless, dynamic mix-networks maybe the
    better approach than static mix-networks, but
    much more research is needed!
  • Examples (Crowds), Tarzan, MorphMix

21
Conclusions
  • There is a wide range of approaches to get
    sender- and relationship anonymity (simple proxy
    to mix-networks)
  • Mix-networks are the most promising approach for
    good anonymity
  • Perfect anonymity for low-latency applications
    may well be impossible
  • Peer-to-peer based systems seem to have
    advantages over static mix-networks
  • Anonymity is and will remain a hot-topic in
    Internet research!
Write a Comment
User Comments (0)
About PowerShow.com