anonymity and secure messaging fall 2016 ada adam lerner
play

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner - PowerPoint PPT Presentation

Sep 02, 2023 •462 likes •779 views

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

  1. CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Tor • Second-generation onion routing network – https://www.torproject.org/ – Now a large open source project with a non-profit organization behind it – Specifically designed for low-latency anonymous Internet communications • Running since October 2003 • “Easy-to-use” client proxy – Freely available, can use it for anonymous browsing 12/9/16 CSE 484 / CSE M 584 - Fall 2016 2

  3. Tor Browser Bundle • A single, downloadable browser app which does the right thing. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 3

  4. Tor Circuit Setup (1) • Client proxy establishes a symmetric session key and circuit with Onion Router #1 12/9/16 CSE 484 / CSE M 584 - Fall 2016 4

  5. Tor Circuit Setup (2) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #2 – Tunnel through Onion Router #1 12/9/16 CSE 484 / CSE M 584 - Fall 2016 5

  6. Tor Circuit Setup (3) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #3 – Tunnel through Onion Routers #1 and #2 12/9/16 CSE 484 / CSE M 584 - Fall 2016 6

  7. Using a Tor Circuit • Client applications connect and communicate over the established Tor circuit. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 7

  8. Tor Management Issues • Many applications can share one circuit – Multiple TCP streams over one anonymous connection • Tor router doesn’t need root privileges – Encourages people to set up their own routers – More participants = better anonymity for everyone • Directory servers – Maintain lists of active onion routers, their locations, current public keys, etc. – Control how new routers join the network • “Sybil attack”: attacker creates a large number of routers – Directory servers’ keys ship with Tor code 12/9/16 CSE 484 / CSE M 584 - Fall 2016 8

  9. Location Hidden Service • Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it • Accessible from anywhere • Resistant to censorship • Can survive a full-blown DoS attack • Resistant to physical attack – Can’t find the physical server! 12/9/16 CSE 484 / CSE M 584 - Fall 2016 9

  10. Creating a Location Hidden Server Server creates circuits To “introduction points” Client obtains service descriptor and intro point address from directory Server gives intro points ’ descriptors and addresses to service lookup directory 12/9/16 CSE 484 / CSE M 584 - Fall 2016 10

  11. Using a Location Hidden Server Rendezvous point Client creates a circuit If server chooses to talk to client, splices the circuits to a “rendezvous point” connect to rendezvous point from client & server Client sends address of the rendezvous point and any authorization, if needed, to server through intro point 12/9/16 CSE 484 / CSE M 584 - Fall 2016 11

  12. Attacks on Anonymity • Passive traffic analysis – Infer from network traffic who is talking to whom – To hide your traffic, must carry other people’s traffic! • Active traffic analysis – Inject packets or put a timing signature on packet flow • Compromise of network nodes – Attacker may compromise some routers – It is not obvious which nodes have been compromised • Attacker may be passively logging traffic – Better not to trust any individual router • Assume that some fraction of routers is good, don’t know which 12/9/16 CSE 484 / CSE M 584 - Fall 2016 12

  13. Deployed Anonymity Systems • Tor (http://tor.eff.org) – Overlay circuit-based anonymity network – Best for low-latency applications such as anonymous Web browsing • Mixminion (http://www.mixminion.net) – Network of mixes – Best for high-latency applications such as anonymous email • Not: YikYak J 12/9/16 CSE 484 / CSE M 584 - Fall 2016 13

  14. Some Caution • Tor isn’t completely effective by itself – Tracking cookies, fingerprinting, etc. – Exit nodes can see everything! 12/9/16 CSE 484 / CSE M 584 - Fall 2016 14

  15. Identifying Web Pages: Traffic Analysis Herrmann et al. “Website Fingerprinting: Attacking Popular Privacy Enhancing Technologies with the Multinomial Naïve-Bayes Classifier” CCSW 2009 12/9/16 CSE 484 / CSE M 584 - Fall 2016 15

  16. OTR AND SECURE MESSAGING 12/9/16 CSE 484 / CSE M 584 - Fall 2016 16

  17. OTR – “Off The Record” • Protocol for end-to-end encrypted instant messaging • End-to-end: Only the endpoints can read messages. – PGP, iMessage, WhatsApp, and a variety of other services provide some form of end-to-end encryption today. (Borisov, Goldberg, Brewer 2014) 12/9/16 CSE 484 / CSE M 584 - Fall 2016 17

  18. OTR – “Off The Record” • End-to-end encryption • Authentication • Deniability, after the fact • Perfect Forward Secrecy 12/9/16 CSE 484 / CSE M 584 - Fall 2016 18

  19. OTR – “Off The Record” • End-to-end encryption • Authentication • Deniability/Repudability, after the fact • Perfect Forward Secrecy 12/9/16 CSE 484 / CSE M 584 - Fall 2016 19

  20. OTR: Deniability/Repudability Eve Bob Alice “Something incriminating” 12/9/16 CSE 484 / CSE M 584 - Fall 2016 20

  21. OTR: Deniability/Repudability • During a conversation session, messages are authenticated and unmodified. • Authentication happens using a MAC derived from a shared secret. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 21

  22. OTR: Deniability/Repudability • During a conversation session, messages are authenticated and unmodified. • Authentication happens using a MAC derived from a shared secret. • Q1 12/9/16 CSE 484 / CSE M 584 - Fall 2016 22

  23. OTR: Deniability/Repudability • Can’t prove the other person sent the message, because you also could have computed the MAC! 12/9/16 CSE 484 / CSE M 584 - Fall 2016 23

  24. OTR: Deniability/Repudability • Can’t prove the other person sent the message, because you also could have computed the MAC! • OTR takes this one step farther: After a messaging session is over, Alice and Bob send the MAC key publicly over the wire! 12/9/16 CSE 484 / CSE M 584 - Fall 2016 24

  25. OTR: Deniability/Repudability • Eve now knows the MAC key, so technically speaking, she also has the ability to forge messages from Alice or Bob. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 25

  26. Perfect Forward Secrecy Eve Bob Alice 12/9/16 CSE 484 / CSE M 584 - Fall 2016 26

  27. Perfect Forward Secrecy Public info, e.g. C1 Eve C2 C3 … Bob Alice Cn Secrets A Secrets B 12/9/16 CSE 484 / CSE M 584 - Fall 2016 27

  28. Perfect Forward Secrecy Public info, e.g. C1 Eve C2 C3 … Bob Alice Cn If Eve compromises Alice or Bob’s computers at a later date, we would like Secrets A Secrets B to prevent her from being able to learn what M1, M2, M3, etc. correspond to C1, C2, C3, etc. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 28

  29. OTR: Ratcheting • Idea: Use a new key for every session/ message/time period. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 29

  30. Signal • End-to-end encrypted chat/IM based on OTR • Provides variations on ratcheting, deniability, etc. • Widely used, public code, audited. 12/9/16 CSE 484 / CSE M 584 - Fall 2016 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity and Secure Messaging Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

699 views • 54 slides
Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Certificate Authorities and SSL/TLS/HTTPS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

622 views • 44 slides
Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

633 views • 47 slides
Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to

Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Miscellaneous Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

1.29k views • 42 slides
Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu

Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

559 views • 41 slides
Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks

Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks

CSE 484 / CSE M 584: Computer Security and Privacy Mobile Platform Security (finish) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John

807 views • 78 slides
Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner

Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

917 views • 55 slides
Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Software Security: Buffer Overflow Attacks (continued) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno,

577 views • 43 slides
Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam)

Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam)

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Hash Functions, MACs (finish) Asymmetric Cryptography (start) Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan

567 views • 38 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner

The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy The End of Software Security (and some Cryptography) Spring 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

870 views • 76 slides
Administrative Lab 2 is out please form groups of 1-3 and get to work, its due Nov 21!

Administrative Lab 2 is out please form groups of 1-3 and get to work, its due Nov 21!

CSE 484 / CSE M 584: Computer Security and Privacy XSS attacks Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly

940 views • 48 slides
We have all the pieces! Symmetric Encryption (privacy!) MACs (integrity!) Asymmetric

We have all the pieces! Symmetric Encryption (privacy!) MACs (integrity!) Asymmetric

CSE 484 / CSE M 584: Computer Security and Privacy SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly

872 views • 42 slides
Web Security! Big Picture: Browser and Network request website Browser reply OS Network

Web Security! Big Picture: Browser and Network request website Browser reply OS Network

CSE 484 / CSE M 584: Computer Security and Privacy CSRF and XSS attacks Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell,

1.29k views • 59 slides
Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall

Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter

813 views • 43 slides
CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner

CSE 484 / CSE M 584: Computer Security and Privacy Fall2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet

654 views • 51 slides
Exploiting Open Functionality in SMS-Capable Cellular Networks William Enck, Patrick Traynor,

Exploiting Open Functionality in SMS-Capable Cellular Networks William Enck, Patrick Traynor,

Exploiting Open Functionality in SMS-Capable Cellular Networks William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta Lecture 2 - CSE 544 - Advanced Systems Security Presenter: William Enck January 18, 2007 URL:

575 views • 31 slides
Innovative Instant Messaging Technology HIC 2019 - Melbourne 14.Aug.2019 James Tan, Health

Innovative Instant Messaging Technology HIC 2019 - Melbourne 14.Aug.2019 James Tan, Health

Secure Clinical Communication with Innovative Instant Messaging Technology HIC 2019 - Melbourne 14.Aug.2019 James Tan, Health Informatician Hong Kong Hospital Authority 7,416km from Mel 1,108km 2 7.5M population 2 S omething about HKH

537 views • 32 slides
Scientific Presentations: Expectations Slides by: Annemarie Friedrich (Saarland University) &

Scientific Presentations: Expectations Slides by: Annemarie Friedrich (Saarland University) &

Scientific Presentations: Expectations Slides by: Annemarie Friedrich (Saarland University) & Alexis Palmer Institute for Computational Linguistics, Heidelberg University 2016 Palmer (ICL) Scientific Presentations 2016 1 / 26 Motivation

395 views • 26 slides
very rapid pace of datacenter rollout April 2007 Microsoft opens DC in Quincy, WA

very rapid pace of datacenter rollout April 2007 Microsoft opens DC in Quincy, WA

volley: automated data placement for geo-distributed cloud services sharad agarwal, john dunagan, navendu jain, stefan saroiu, alec wolman, harbinder bhogan very rapid pace of datacenter rollout April 2007 Microsoft opens DC in Quincy, WA

246 views • 24 slides
Scientific Presentations: Expectations M.Sc. Seminar: Discourse Coherence Theories and Modeling

Scientific Presentations: Expectations M.Sc. Seminar: Discourse Coherence Theories and Modeling

Scientific Presentations: Expectations M.Sc. Seminar: Discourse Coherence Theories and Modeling Annemarie Friedrich & Alexis Palmer Department of Computational Linguistics, Saarland University April 29th, 2013 Annemarie Friedrich (CoLi

640 views • 25 slides
SIMPLE Architecture draft IETF 57 Vienna, Austria draft-houri-simple-arch-01 Informational

SIMPLE Architecture draft IETF 57 Vienna, Austria draft-houri-simple-arch-01 Informational

SIMPLE Architecture draft IETF 57 Vienna, Austria draft-houri-simple-arch-01 Informational draft Current Authors: Avshalom Houri, IBM Tom Hiller, Lucent Tony Hansen, AT&T Why? Charter item of the group An

366 views • 5 slides
. 1 b i b i 1 b 2 b 1 b 0 b 1 b 2 b 3 b j 1/2 1/4

. 1 b i b i 1 b 2 b 1 b 0 b 1 b 2 b 3 b j 1/2 1/4

Fractional Binary Numbers 2 i 2 i 1 4 Floating-point numbers 2 . 1 b i b i 1 b 2 b 1 b 0 b 1 b 2 b 3 b j 1/2 1/4 Fractional binary numbers 1/8 IEEE floating-point standard Floating-point

428 views • 4 slides
Machine numbers: how floating point numbers are stored? Floating-point number representation

Machine numbers: how floating point numbers are stored? Floating-point number representation

Machine numbers: how floating point numbers are stored? Floating-point number representation What do we need to store when representing floating point numbers in a computer? ! = 1. & 2 ! Initially, different floating-point

379 views • 18 slides

More recommend