Anonymizing Networks



                                         Peng Deng
                pdeng@students.csse.unimelb.edu...
Agenda
• Introduction
   – Background
   – Threats
   – Taxonomy

• Different Approaches
   – Centralized approaches
     ...
Background
•   Internet was designed with accountability in mind



•   Anonymous network can be used to:
     –   Support...
Threats
         Threats                         Prevent Methods
Message coding attack   Re-encrypting message when transm...
Taxonomy
                                             High latency   Low latency


                        Central        ...
Centralized approaches
Proxy:

    •Proxy reveals identity                             SSL
    •Adversary blocks access to...
Centralized approaches cont.
Crowds:            Registration
                     Server       1
                         ...
Distributed approaches
Chaum’s MIX network:




                                       Nxt
                          Nxt
 ...
Distributed approaches cont.
The Onion Router: (Pseudo-distributed)
     Alice’s
     Computer
                           ...
Distributed approaches cont.
     The Onion Router’s Hidden Service
     + Provide anonymity service            3         ...
Distributed approaches cont.
  Tarzan and MorphMix: (Distributed)


                                                      ...
Distributed approaches cont.
Tarzan and MorphMix: (Distributed)


•Join the system
1. Contacts known peers to learn neighb...
Comparison and Conclusion
                  Anonymizer   Tor   Tarzan

 S. anon. to R.                       ☺
 R. anon. t...
Thank you

                                 Peng Deng
                             MEDC Student
                        SU...
Upcoming SlideShare
Loading in …5
×

Anonymous Network

1,789 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,789
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
61
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Anonymous Network

  1. 1. Anonymizing Networks Peng Deng pdeng@students.csse.unimelb.edu.au ∑ SUM Lab CSSE University of Melbourne
  2. 2. Agenda • Introduction – Background – Threats – Taxonomy • Different Approaches – Centralized approaches • Proxy • Crowds – Distributed approaches • Classical MIX • Tor • Tarzan • Comparison and Conclusion 2
  3. 3. Background • Internet was designed with accountability in mind • Anonymous network can be used to: – Support free of speech – Censorship resistant communication – Preserve privacy -Identification: Identifies the current datagram -Time-to-Live: Fingerprint of OS – Distribute materials -Source Address -Destination Address -Port Number • Encryption is not enough to preserve privacy – Encryption can only hide the content of message – Both initiator and receiver’s anonymity should be preserved 3
  4. 4. Threats Threats Prevent Methods Message coding attack Re-encrypting message when transmitting packets Message length attack between nodes, padding Replay attack Maintain a temporary database to record processed packet Collusion attack More intermediate nodes in network Flooding attack P2P network is preferred rather than centralized services Message volume attack Network width traffic analysis, hard to prevent Timing attack Profiling attack 4
  5. 5. Taxonomy High latency Low latency Central Email relay Web proxy Distributed and N/A MIX Pseudo-distributed •Central/High latency: anon.penet.fi and MixMaster •Central/Low latency: Anonymizer and SafeWeb •Pseudo-Distributed/High Latency and Distributed/High Latency: N/A •Pseudo-Distributed/Low Latency and Distributed/Low latency : Tor, Tarzan and MorphMix 5
  6. 6. Centralized approaches Proxy: •Proxy reveals identity SSL •Adversary blocks access to proxy (DoS) Client Proxy Web server SSL •Traffic analysis is easy Client Proxy Web server •Adversary blocks connections from proxy SSL Client Proxy Web server Example services are: •Anonymizer •SafeWeb 6
  7. 7. Centralized approaches cont. Crowds: Registration Server 1 2 5 Destination 3 Server 4 Crowd 1. Register to server and retrieve network topology information 2. Server updates new topology information to every node 3. Initiator sends packet to another randomly selected node 4. The node randomly decides relay the packet again or send out 7
  8. 8. Distributed approaches Chaum’s MIX network: Nxt Nxt adr Nxt adr adr Real Payload (True) •Layered encryption •Node can only know its successor and predecessor •Packet padding and cover traffic can be applied 8
  9. 9. Distributed approaches cont. The Onion Router: (Pseudo-distributed) Alice’s Computer OR2 App1 App2 1 2 2 OR1 1 LP 1 OR3 WS2 2 2 OR7 OR6 Directory Service 1 WS1 •MIX encoding creates encrypted tunnel of relays •Packet forwarding through tunnel •Small-scale, static network + Individual malicious relays cannot reveal identity -Adversary targets core routers and directory server -Network-edge analysis still exists -Scalability is a problem 9
  10. 10. Distributed approaches cont. The Onion Router’s Hidden Service + Provide anonymity service 3 2 -- Within TOR network only Database 4 4 1 IP IP 1 Alice 5 Hidden server RP 6 5 1. Server picks some introduction points and build circuits to them 2. Server advertises his hidden service “XYZ.onion” at the DB 3. Alice hears “XYZ.onion” exists, and she requests information from DB 4. Alice writes a message with rendezvous point to hidden server through introduction point 5. Alice and hidden server validate one-time secret in rendezvous point 6. Tor circuits established between Alice and hidden server 10
  11. 11. Distributed approaches cont. Tarzan and MorphMix: (Distributed) PNAT •No distinction between anon proxies and clients Peer-to-peer model •Anonymity against corrupt relays MIX-net encoding Robust tunnel selection Prevent adversary spoofing or running many nodes •Anonymity against global eavesdropping Cover traffic protects all edges Restrict topology to make cover practical Choose neighbors in verifiably-random manner •Application-independence Low-latency IP-layer redirection 11
  12. 12. Distributed approaches cont. Tarzan and MorphMix: (Distributed) •Join the system 1. Contacts known peers to learn neighbor lists PNAT 2. Validates each peer by directly ping •Cover the traffic within mimics 1. Nodes send at some traffic rate per time period 2. Traffic rate independent of actual demand 3. All packets are same length and link encrypted + Reduce the network overhead •Peer selection Assumption: Adversary nodes are mostly in same IP area Method: Randomly select IP address in different subnet The path of communication is not defined by initiator but choose by intermediate nodes in MorphMix. 12
  13. 13. Comparison and Conclusion Anonymizer Tor Tarzan S. anon. to R. ☺ R. anon. to S. ☺ Scalability ☺ Usability ☺ Popularity ☺ ☺ 13
  14. 14. Thank you Peng Deng MEDC Student SUM Research Lab CSSE University of Melbourne pdeng@students.csse.unimelb.edu.au Monday, May 19, 2008 14

×