anonymity sneakiness
play

Anonymity / Sneakiness CS 161: Computer Security Prof. Vern Paxson - PowerPoint PPT Presentation

Aug 31, 2022 •381 likes •1.07k views

Anonymity / Sneakiness CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 7, 2011 Todays Lecture A look at technical means for one form

  1. Anonymity / Sneakiness CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ April 7, 2011

  2. Today’s Lecture • A look at technical means for one form of anonymity: hiding one’s IP address – “Onion routing” • A look sneakiness – Ways of communicating or computing by cheating

  3. Gaining Privacy Through Technical Means • How can we surf the web truly anonymously? • Step #1: remove browser leaks – Delete cookies (oops - also Flash cookies!) – Turn off Javascript (so Google Analytics doesn’t track you) • Step #2: how do we hide our IP address? • One approach: trusted third party – E.g.

  5. Gaining Privacy Through Technical Means • How can we surf the web truly anonymously? • Step #1: remove browser leaks – Delete cookies (oops - also “Flash cookies”!) – Turn off Javascript (so Google Analytics doesn’t track you) • Step #2: how do we hide our IP address? • One approach: trusted third party – E.g. hidemyass.com • You set up an encrypted VPN to their site • All of your traffic goes via them

  6. Alice wants to send a message M to Bob … … but ensuring that Eve can’t determine that she’s indeed communicating with Bob. Alice HMA Bob {M,Bob} K HMA M HMA accepts messages encrypted for it. Extracts destination and forwards.

  7. Gaining Privacy Through Technical Means • How can we surf the web truly anonymously? • Step #1: remove browser leaks – Delete cookies (oops - also “Flash cookies”!) – Turn off Javascript (so Google Analytics doesn’t track you) • Step #2: how do we hide our IP address? • One approach: trusted third party – E.g. hidemyass.com • You set up an encrypted VPN to their site • All of your traffic goes via them – Issues? • Performance • ($80-$200/year) • “ rubber hose cryptanalysis ” (cf. anon.penet.fi & Scientologists)

  8. Alice wants to send a message M to Bob … … but ensuring that Eve can’t determine that she’s indeed communicating with Bob … … and that HMA can’t determine it, either. Alice HMA Charlie {M, Bob} K Charlie {{M, Bob} K Charlie ,Charlie} K HMA M HMA can tell that Alice is communicating with Charlie, but not that it’s ultimately Bob Bob Charlie can tell that someone is communicating with Bob via HMA, but not that it’s Alice

  9. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • As long as any of the mixes is honest, no one can link Alice with Bob Alice HMA Charlie {{M, Bob} K Dan ,Dan} K Charlie {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA {M, Bob} K Dan Note: this is what the industrial-strength Tor Bob Dan anonymizing service uses. M ( It also provides bidirectional communication)

  10. Onion Routing Issues/Attacks? • Performance: message bounces around a lot • Key management: the usual headaches • Attack: rubber-hose cryptanalysis of mix operators – Defense: use mix servers in different countries • Though this makes performance worse :-( • Attack: adversary operates all of the mixes – Defense: have lots of mix servers (Tor today: ~2,000) • Attack: adversary observes when Alice sends and when Bob receives, links the two together – A “confirmation” attack – Defenses: pad messages, introduce significant delays • Tor does the former, but notes that it’s not enough for defense

  11. Onion Routing Attacks, con’t • Issue: leakage • Suppose all of your HTTP/HTTPS traffic goes through Tor, but the rest of your traffic doesn’t – Because you don’t want it to suffer performance hit • How might the operator of sensitive.com deanonymize your web session to their server? • Answer: they inspect the logs of their DNS server to see who looked up sensitive.com just before your connection to their web server arrived • Hard , general problem: anonymity often at risk when adversary can correlate separate sources of information

  12. Sneakiness

  13. Steganography • Transmitting hidden messages using a known communication channel – No one knows the message is even there • Same notion applies to hiding extra hidden data inside known storage – Again, no one knows the data is there • Goal: Sneak communication past a reference monitor (“warden”) • Does not imply confidentiality – If message is discovered, it’s revealed – (Though you could decide to also encrypt it)

  14. Steganography, con’t • Examples? – Zillions: tattooed heads of slaves, least-significant bits of image pixels, extra tags in HTML documents, … – All that’s necessary is agreement between writer of message & reader of message … – … and some extra capacity • Security? – Brittle: relies on security-by-obscurity – If well designed, and warden can only watch, then can be difficult to detect – If however warden can modify communication (e.g., recode images, canonicalize HTML, shave slave heads) then warden can disrupt/discover

  15. Covert Channels • Communication between two parties that uses a hidden (secret) channel • Goal: evade reference monitor inspection entirely – Warden doesn’t even realize communication is possible • Again, main requirement is agreement between sender and receiver (established in advance) • Example: suppose (unprivileged) process A wants to send 128 bits of secret data to (unprivileged) process B … – But can’t use pipes, sockets, signals, or shared memory; and can only read files, can’t write them

  16. Covert Channels, con’t • Method #1: A syslog ’s data, B reads via /var/log/… • Method #2: select 128 files in advance. A opens for read only those corresponding to 1-bit’s in secret. – B recovers bit values by inspecting access times on files • Method #3: divide A ’s running time up into 128 slots. A either runs CPU-bound - or idle - in a slot depending on corresponding bit in the secret. B monitors A ’s CPU usage. • Method #4: Suppose A can run 128 times. Each time it either exits after 2 seconds (0 bit) or after 30 seconds (1 bit). • Method #5: … – There are zillions of Method #5’s!

  17. Covert Channels, con’t • Defenses? • As with steganography, #1 challenge is identifying the mechanisms • Some mechanisms can be very hard to completely remove – E.g., duration of program execution • Fundamental issue is the covert channel’s capacity (same for steganography) – Bits (or bit-rate) that adversary can obtain using it • Crucial for defenders to consider their threat model • Usual assumption is that Attacker Wins (can’t effectively stop communication, esp. if low rate )

  18. Side Channels • Inferring information meant to be hidden / private by exploiting how system is structured – Note: unlike for steganography & covert channels, here we do not assume a cooperating sender / receiver • Can be difficult to recognize because often system builders “abstract away” seemingly irrelevant elements of system structure • Side channels can arise from physical structure …

  20. Side Channels • Inferring information meant to be hidden / private by exploiting how system is structured – Note: unlike for steganography & covert channels, here we do not assume a cooperating sender / receiver • Can be difficult to recognize because often system builders “abstract away” seemingly irrelevant elements of system structure • Side channel can arise from physical structure … – … or higher-layer abstractions

  21. /* ¡Returns ¡true ¡if ¡the ¡password ¡from ¡the ¡* ¡user, ¡'p', ¡matches ¡the ¡correct ¡master ¡* ¡password. ¡*/ Attacker knows code, bool ¡check_password(char ¡*p) but not this value { static ¡char ¡*master_pw ¡= ¡"T0p$eCRET"; int ¡i; for(i=0; ¡p[i] ¡&& ¡master_pw[i]; ¡++i) if(p[i] ¡!= ¡master_pw[i]) return ¡FALSE; /* ¡Ensure ¡both ¡strings ¡are ¡same ¡len. ¡*/ return ¡p[i] ¡== ¡master_pw[i]; }

  22. Inferring Password via Side Channel • Suppose the attacker’s code can call check_password many times (but not millions) – But attacker can’t breakpoint or inspect the code • How could the attacker infer the master password using side channel information? • Consider layout of p in memory: ... if(check_password(p)) wildGUe$s BINGO(); ...

  23. Spread p across different memory pages: wildGUe$s Arrange for this page to be paged out If master password doesn’t start with ‘w’, then loop exits on first iteration ( i=0 ): for(i=0; ¡p[i] ¡&& ¡master_pw[i]; ¡++i) if(p[i] ¡!= ¡master_pw[i]) return ¡FALSE; If it does start with ‘w’, then loop proceeds to next iteration, generating a page fault that the caller can observe

  24. T0p$eCRET ? No page Ajunk.... fault No page Bjunk.... fault … Page Tjunk.... fault! No page TAunk.... fault No page TBunk.... fault … Page T0unk.... fault! Fix? No page T0Ank.... fault …

  25. bool ¡check_password2(char ¡*p) { static ¡char ¡*master_pw ¡= ¡"T0p$eCRET”; int ¡i; bool ¡is_correct ¡= ¡TRUE; for(i=0; ¡p[i] ¡&& ¡master_pw[i]; ¡++i) if(p[i] ¡!= ¡master_pw[i]) is_correct ¡= ¡FALSE; ¡ if(p[i] ¡!= ¡master_pw[i]) is_correct ¡= ¡FALSE; return ¡is_correct; } Note: still leaks length of master password

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh | Shinyoung Cho | Phillipa Gill Stony Brook University 1 Anonymity on the Internet Tor Network 2 Anonymity on the Internet Does not know the source

261 views • 15 slides
Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith

Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith

CyLab Identity and Identity and anonymity anonymity Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818:

467 views • 46 slides
for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

Anonymity Trilemma not all is lost for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 Universitaet zu Luebeck Anonymous Communication (AC) Networks

449 views • 21 slides
Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb

Free Software, Free Internet, Anonymity & Tor Andrew Lewman andrew@torproject.org 24 Feb 2011 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how

926 views • 51 slides
Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March

Anonymity with Identity Escrow Aybek Mukhamedov and Mark Ryan The University of Birmingham March 30, 2006 Outline Anonymity 1 Anonymity with identity escrow 2 Marshall and Molina-Jiminez protocol 3 Our protocol 4 Verification in

567 views • 20 slides
Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of

Crowds: Anonymity for Web Transactions Paper by: Michael K. Reiter & Aviel D. Rubin of AT&T Labs (August, 1997) Presenter: Craig Bergstrom Overview The Problem At Hand How Crowds Works Levels and Types of Anonymity &

326 views • 19 slides
MI-BEST Workshop 1 JUNE 3 RD , 2020 8:30AM-12:30PM ZOOM Jenny Schanker Erica Orians Precious

MI-BEST Workshop 1 JUNE 3 RD , 2020 8:30AM-12:30PM ZOOM Jenny Schanker Erica Orians Precious

MI-BEST Workshop 1 JUNE 3 RD , 2020 8:30AM-12:30PM ZOOM Jenny Schanker Erica Orians Precious Miller Director of Research and Executive Director Coordinator of MI-BEST Institutional Practice MI-BEST Project Leadership Facilitators Rob

528 views • 30 slides
The Third Data Prefetching Championship (DPC3), in conjunction with ISCA 2019 Bingo Spatial

The Third Data Prefetching Championship (DPC3), in conjunction with ISCA 2019 Bingo Spatial

The Third Data Prefetching Championship (DPC3), in conjunction with ISCA 2019 Bingo Spatial Data Prefetcher 2 Bingo Spatial Data Prefetcher 3 Trigger Event Footp. Event Footp. Event Footp. E1 E1, E2 P1 P1 P1

477 views • 16 slides
1 Why did we focus on readers advisory? Support WCLS strategic plan area #1 Reading by

1 Why did we focus on readers advisory? Support WCLS strategic plan area #1 Reading by

1 Why did we focus on readers advisory? Support WCLS strategic plan area #1 Reading by enhancing staff competencies related to reading and readers advisory Excellent service WCLS seen as resource for books and info about

428 views • 8 slides
County, Inc. is to bring neighbors and resources together to improve lives. The mission of the

County, Inc. is to bring neighbors and resources together to improve lives. The mission of the

The mission of the United Way of Union County, Inc. is to bring neighbors and resources together to improve lives. The mission of the United Way of Union County, Inc. is to bring neighbors and resources together to improve lives. The mission of

682 views • 31 slides
19 April 2018 A seminar organised by and generously hosted by Format and Operator Panellists

19 April 2018 A seminar organised by and generously hosted by Format and Operator Panellists

UK Gaming Sector Update 19 April 2018 A seminar organised by and generously hosted by Format and Operator Panellists Gaming Sector Overview Neil Richmond Panel Session, chaired by Daniel Anning Operator Panellists Byron Evans John

570 views • 22 slides
VIRTUAL CONFERENCE ictcm.com | #ICTCM Learning in the age of Google Amy Bell

VIRTUAL CONFERENCE ictcm.com | #ICTCM Learning in the age of Google Amy Bell

32 nd International Conference on Technology in Collegiate Mathematics VIRTUAL CONFERENCE ictcm.com | #ICTCM Learning in the age of Google Amy Bell CCTech Overcoming the impact of tech on the educational / learning process 32 nd

406 views • 13 slides
Computational Semantics with Haskell Yulia Zinova Winter 2016/2017 We follow Van Eijck and Unger

Computational Semantics with Haskell Yulia Zinova Winter 2016/2017 We follow Van Eijck and Unger

Computational Semantics with Haskell Yulia Zinova Winter 2016/2017 We follow Van Eijck and Unger 2010, electronic access from the library Winter 2016/2017 We follow Van E Yulia Zinova Computational Semantics with Haskell / 24 What next

487 views • 25 slides
Fractal Prefetching B+-Trees: Optimizing Both Cache and Disk Performance Shimin Chen, Phillip B.

Fractal Prefetching B+-Trees: Optimizing Both Cache and Disk Performance Shimin Chen, Phillip B.

Introduction Optimizing I/O Performance Optimizing Cache Performance Evaluation Discussion Fractal Prefetching B+-Trees: Optimizing Both Cache and Disk Performance Shimin Chen, Phillip B. Gibbons, Todd C. Mowry, and Gary Valentin October 3,

341 views • 32 slides

More recommend