3. What is Anonymity ?
Anonymity is the state of being
unidentifiable within a set of subjects.
◦ Hide your activities among others’ similar
activities
◦ You cannot be anonymous by yourself!
Unlinkability of action and identity
Unobservability (hard to achieve)
Observer cannot even tell whether a certain
action took place or not
4. You Are Not Anonymous
Your IP address can be linked directly to
you
◦ ISPs store communications records
◦ Usually for several years (Data Retention
Laws)
◦ Law enforcement can subpoena these
records
Your browser is being tracked
◦ Cookies, Flash cookies, E-Tags, HTML5
Storage
◦ Browser fingerprinting
Your activities can be used to identify
5. Who Uses Anonymity
Systems ?
“If you’re not doing anything wrong,
you shouldn’t have anything to hide.”
• Implies that anonymous communication is
for criminals
The truth: who uses Tor?
• Journalists
• Business executives
• Law enforcement
• Military/intelligence
• Human rights activists
personnel
• Normal people
• Abuse victims
Fact: Tor was/is developed by the Navy
6. Why Do We Need Anonymity
?
To protect privacy
◦ Avoid tracking by advertising companies
◦ Viewing sensitive content
Information on medical conditions
Advice on bankruptcy
Protection from prosecution
◦ Not every country guarantees free speech
To prevent chilling-effects
◦ It’s easier to voice unpopular or
controversial opinions if you are
anonymous
7. Anonymity Layer
Function:
◦ Hide the source,
destination, and content of
Internet flows from
eavesdroppers
Key challenge:
◦ Defining and quantifying
anonymity
◦ Building systems that are
resilient to
deanonymization
◦ Maintaining performance
Applicatio
n
Anonymity
Presentatio
Sesnsion
Transport
Network
Data Link
Physical
8. Related Work
Chaum’s Mix-Net design
◦ Correspondence hiding between sender &
receiver by wrapping messages in layers
and relaying through “mix” routers.
Babel ‘s Mix master and Mixminion
◦ Try to maximize anonymity at the cost of high
latency.
Anonymizer
◦ Single-hop proxy
PipeNet
◦ Low-latency design giving user anonymity by
shutting down the network by not sending.
9. Related Work
P2P Tarzan and MorphMix designs
◦ Rely and generate traffic for other participating
users and hide who originated or relayed a
request.
Hordes/Crowds
◦ Hides the initiator of traffic thorough multicast
responses
Freedom
◦ Supports session keys and address of the server
in a circuit.
Rennhard’s Anonymity Network
◦ Builds circuits in stages which helps to obtain
perfect forward secrecy by extending them one
hop at a time.
10. Threats to Anonymity
Traffic Analysis
◦ Passive traffic analysis
Infer from network traffic who is talking to whom
To hide your traffic, must carry other people’s traffic!
◦ Active traffic analysis
Inject packets or put a timing signature on packet flow.
Compromised network nodes (routers)
◦ It is not obvious which nodes have been
compromised
Attacker may be passively logging traffic
◦ Better not to trust any individual node
Assume that some fraction of nodes is good, don’t know
which
11. How Traffic Analysis Work ?
Internet data packets have two parts:
◦ a data payload
Generally Encrypted
traffic analysis still reveals a great deal about what you're
doing and, possibly, what you're saying. because
◦ a header used for routing
it focuses on the header, which discloses source,
destination, size, timing, and so on.
simple traffic analysis
◦ sitting somewhere between sender and recipient on
the network, looking at headers.
sophisticated traffic analysis
Encryption does not help against these attackers,
since it only hides the content of Internet traffic,
not the headers.
12. Onion Routing (Original)
A technique
for anonymous communication
over a computer network.
Messages are repeatedly encrypted and
then sent through several network nodes
called onion routers.
Like someone peeling an onion,each onion
router removes a layer of encryption to
uncover routing instructions, and sends the
message to the next router where this is
repeated.
This prevents these intermediary nodes
from knowing the origin, destination, and
contents of the message.
14. Tor
(The Second Generation Onion
Router)
a distributed, anonymous network
reduce the risks of both simple and
sophisticated traffic analysis by
distributing transactions over several
places on the Internet.
data packets on the Tor network take
a random pathway through several
relays.
no observer at any single point can tell
where the data came from or where
it's going.
15. Tor
(The Second Generation Onion
Router)
Basic design: a mix network with
improvements
◦ Perfect forward secrecy
◦ Introduces guards to improve source
anonymity
◦ Takes bandwidth into account when
selecting relays
Mixes in Tor are called relays
◦ Introduces hidden services
Servers that are only accessible via the Tor
overlay
16. Deployment and Statistics
Largest, most well deployed anonymity
preserving service on the Internet
◦ Publicly available since 2002
◦ Continues to be developed and improved
Currently, ~5000 Tor relays around the
world
◦ All relays are run by volunteers
◦ It is suspected that some are controlled by
intelligence agencies
500K – 900K daily users
◦ Numbers are likely larger now, thanks to
Snowden
17. How Tor Works ?
Courtesy:
https://www.torproject.org/about/overview.html.en
18. How Tor Works ?...Circuit
Setup
Courtesy:
https://www.torproject.org/about/overview.html.en
19. How Tor Works ?....new
connection
Courtesy:
https://www.torproject.org/about/overview.html.en
20. Tor Enhancements over
Previous
Onion Routing applications
Tor uses telescoping path-built design
◦ Previous designs allowed hostiles to record traffic
and compromise successive nodes.
Tor uses SOCKS proxy interface
◦ Previous designs required a separate application
proxy for each application protocol.
Tor is able to share one circuit for many
TCP streams
◦ Previous designs required a separate circuit for
each application level request. Which is a threat to
anonymity.
Leaky pipe circuit topology
21. Tor Enhancements over
Previous
Onion Routing applications Directory servers
◦ Previous designs resorted to flooding info on
the network.
Variable exit policies
End-to-end integrity checks
◦ Previous designs had no integrity checks.
Rendezvous points/hidden services
◦ Previous designs included replay onions.
Congestion control: uses end-to-end
acks
◦ Previous designs didn’t address traffic
bottlenecks.
22. Hidden Services
Tor is very good at hiding the source of traffic
◦ But the destination is often an exposed website
What if we want to run an anonymous
service?
◦ i.e. a website, where nobody knows the IP
address?
Tor supports Hidden Services
◦ Allows you to run a server and have people
connect
◦ … without disclosing the IP or DNS name
Many hidden services
◦ Tor Mail, Tor Char
◦ DuckDuckGo
◦ Wikileaks
• The Pirate Bay
• Silk Road (2.0)
23. Hidden Services Example:
Creating a hidden Server
Server creates circuits
to “introduction points”
Server gives intro points’
descriptors and addresses
to service lookup directory
Client obtains service
descriptor and intro point
address from directory
24. Using a Location Hidden
Service
Client sends address of the
rendezvous point and any
authorization, if needed, to
server through intro point
If server chooses to talk to client,
connect to rendezvous point
If server chooses to talk
to client,
connect to rendezvous
point
Client creates a circuit
to a “rendezvous point”
25. Staying Anonymous
Tor can't solve all anonymity problems.
It focuses only on protecting the
transport of data
to protect your anonymity, be smart.
Tor does not provide protection against
end-to-end timing attacks:
◦ If your attacker can watch the traffic coming
out of your computer, and also the traffic
arriving at your chosen destination, he can
use statistical analysis to discover that they
are part of the same circuit.
26. The Future of Tor
Providing a usable anonymizing
network on the Internet today is an
ongoing challenge.
Recent activities like NSA snooping.
More number of users attracted
towards Tor.
Each new user and relay provides
additional diversity, enhancing Tor's
ability to put control over your security
and privacy back into your hands.