anonymous communication and internet freedom
play

Anonymous Communication and Internet Freedom CS 161: Computer - PowerPoint PPT Presentation

Feb 14, 2023 •379 likes •974 views

Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 oday Goals For T State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored Adversaries Anonymous

  1. Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013

  2. oday Goals For T • State-sponsored adversaries • Anonymous communication • Internet censorship

  3. State-Sponsored Adversaries

  6. Anonymous Communication

  7. Anonymity • Anonymity: Concealing your identity • In the context of the Internet, we may want anonymous communications – Communications where the identity of the source and/or destination are concealed • Not to be confused with confidentiality – Confidentiality is about contents, anonymity is about identities

  8. Anonymity • Internet anonymity is hard* – Difficult if not impossible to achieve on your own – Right there in every packet is the source and destination IP address – * But it’s easy for bad guys. Why? • You generally need help • State of the art technique: Ask someone else to send it for you – (Ok, it’s a bit more sophisticated than that…)

  9. Proxies • Proxy: Intermediary that relays our traffic • Trusted 3 rd party, e.g. …

  11. Proxies • Proxy: Intermediary that relays our traffic • Trusted 3 rd party, e.g. … hidemyass.com – You set up an encrypted VPN to their site – All of your traffic goes through them • Why easy for bad guys? Compromised machines as proxies.

  12. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob.

  13. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA {M,Bob} K HMA

  14. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA {M,Bob} K HMA

  15. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA {M,Bob} K HMA

  16. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA Bob {M,Bob} K HMA M

  17. Alice wants to send a message M to Bob … … but ensuring that • Bob doesn’t know M is from Alice, and/or • Eve can ’ t determine that Alice is indeed communicating with Bob. Alice HMA Bob {M,Bob} K HMA M HMA accepts messages encrypted for it. Extracts destination and forwards.

  18. Proxies • Proxy: Intermediary that relays our traffic • Trusted 3 rd party, e.g. … hidemyass.com – You set up an encrypted VPN to their site – All of your traffic goes through them – Why easy for bad guys? Compromised machines as proxies. • Issues? – Performance – $80-$200/year – “Trusted 3 rd Party” – rubber hose cryptanalysis • Government comes a “calling” (Or worse) • HMA knows Alice and Bob are communicating • Can we do better?

  19. Onion Routing

  20. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”)

  21. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie

  22. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  23. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  24. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  25. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  26. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie Alice HMA {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA

  27. Onion Routing • This approach generalizes to an arbitrary number of intermediaries (“mixes”) • Alice ultimately wants to talk to Bob, with the help of HMA, Dan, and Charlie • As long as any of the mixes is honest, no one can link Alice with Bob Alice HMA Charlie {{M, Bob} K Dan ,Dan} K Charlie {{{M, Bob} K Dan ,Dan} K Charlie ,Charlie} K HMA {M, Bob} K Dan Note: this is what the industrial-strength T or Bob Dan anonymity service uses. M ( It also provides bidirectional communication) Key concept: No one relay knows both you and the destination!

  28. Demo • Four volunteers, please

  29. Demo • Look under your seat – if you find an envelope and index card, you’re in! – What advice would you like to give to a student taking (or considering taking) CS 161 in a future semester? Write your advice on the index card. Put it in the small envelope. Address the small envelope to a random Tor relay (2 nd hop), and put it in the large envelope, addressed to another Tor relay (1 st hop). • Tor relays: – When you receive an envelope, open it. If it’s an envelope, pass on its contents to the next hop. If it’s an index card, pass it to me. • Everyone else: you’re an Internet router. Help pass envelopes on to their destination.

  30. Demo • Look under your seat – if you find an envelope and index card, you’re in! – What advice would you like to give to a student taking (or considering taking) CS 161 in a future semester? Write your advice on the index card. Put it in the small envelope. Address the small envelope to a random Tor mix (2 nd hop), and put it in the large envelope, addressed to another Tor mix (1 st hop). • Tor mixes: – When you receive an envelope, open it. If it’s an envelope, pass on its contents to the next hop. If it’s an index card, pass it to me. • Everyone else: you’re an Internet router. Help pass envelopes on to their destination.

  31. Onion Routing Issues/Attacks? • Performance: message bounces around a lot • Attack: rubber-hose cryptanalysis of mix operators – Defense: use mix servers in different countries • Though this makes performance worse :-( • Attack: adversary operates all of the mixes – Defense: have lots of mix servers (Tor today: ~2,000) • Attack: adversary observes when Alice sends and when Bob receives, links the two together – A side channel attack – exploits timing information – Defenses: pad messages, introduce significant delays • Tor does the former, but notes that it’s not enough for defense

  32. Internet Censorship

  33. Internet Censorship • The suppression of Internet communication that may be considered “objectionable,” by a government or network entity • This is frequently (but not exclusively) related to authoritarian regimes • We’re going to skip the politics (sorry), and go to the technical meat

  34. Take these labels with a grain of salt. Read the report for yourself Source: http://www.freedomhouse.org/sites/default/files/FOTN%202012%20summary%20of%20findings.pdf

  35. HOWTO: Censorship • Requirements: – Operate in real time inside of your network – Examine large amounts of network traffic – Be able to block traffic based on black lists, signatures, or behaviors • Sounds a lot like a NIDS… – Spoiler alert: These systems are basically NIDS

  36. On-Path Censor Client Server

  37. On-Path Censors • On-Path device gets a copy of every packet – Packets are forwarded on before the on-path device can act (Wait, what?) • What can we do if we’ve already forwarded the packet?

  38. On-Path Censor Client Server

  39. On-Path Censor RST RST Client Server This is how the elements of the Great Firewall of China operate

  40. Evasion • Evading keyword filters – NIDS evasion techniques: TTLs, overlapping segments, etc. (see lecture 3/10) – Or, simpler: Encryption! • So that’s it right? We’ll just encrypt everything, they can’t stop that ri…

  43. Evasion • Evading keyword filters – NIDS evasion techniques: TTLs, overlapping segments, etc. (see lecture 3/10) – Or, simpler: Encryption! • So that’s it right? We’ll just encrypt everything, they can’t stop that right wrong • This is called an arms race

  44. Evasion • Evading both keyword and IP/Domain blacklists – Simple approach: Use a VPN • If encryption is not banned this is a great solution • Con: Easy to ban the VPN IP , especially if it’s public – More robust approach • Use an onion router like Tor – Despite being built for anonymity, it has good censorship resistance properties – T or is the defacto standard for censorship resistance

  45. Constant arms race between Tor and censoring governments

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ethics of Internet Freedom Promotion Welcome to the World of Human Rights: Please Make Yourself

Ethics of Internet Freedom Promotion Welcome to the World of Human Rights: Please Make Yourself

Ethics of Internet Freedom Promotion Welcome to the World of Human Rights: Please Make Yourself Uncomfortable Henry Corrigan-Gibbs and Bryan Ford Yale University Internet Freedom Internet freedom tools Censorship circumvention Online

517 views • 9 slides
Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt

Motivation Anonymous Communication NISAN Torsk Conclusion Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt theri@mailbox.tu-berlin.de Seminar Computer Security Technische Universitt Berlin 28 July 2011

390 views • 17 slides
CEO & Co-Founder VR is a disruptor like the Internet or Smartphone, will grow to billions

CEO & Co-Founder VR is a disruptor like the Internet or Smartphone, will grow to billions

CEO & Co-Founder VR is a disruptor like the Internet or Smartphone, will grow to billions users over next 10 years Disruptive for 2 reasons: degrees of input freedom, natural communication General use for communication and

232 views • 5 slides
Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network

Internet communication The internet A redundant, decentralized communication network connecting computers all over the world Data is sent in packets between machines Communication between computers is routed using the Internet

464 views • 7 slides
Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon

Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon

Do dummies pay off? Limits of dummy traffic protection in anonymous communication systems Simon Oya , Carmela Troncoso and Fernando Prez-Gonzlez Introduction Anonymous channels hide correspondences (input/output). Dummies are a common

402 views • 18 slides
Freedom of Speech & The Internet Andrew Lewman andrew@torproject.org October 20, 2009

Freedom of Speech & The Internet Andrew Lewman andrew@torproject.org October 20, 2009

Freedom of Speech & The Internet Andrew Lewman andrew@torproject.org October 20, 2009 Universal Declaration of Human Rights Article 19 Everyone has the right to freedom of opinion and expression; this right includes freedom to hold

652 views • 40 slides
The Collateral Damage of Internet Censorship by DNS Injection Anonymous

The Collateral Damage of Internet Censorship by DNS Injection Anonymous

The Collateral Damage of Internet Censorship by DNS Injection Anonymous <zion.vlab@gmail.com> presented by Philip Levis 1 Basic Summary Great Firewall of China injects DNS responses to restrict access to domain names This

574 views • 43 slides
Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet

Communication security over the Internet The big picture Me Internet Resource Internet Server Client Attack vectors MAN DNS LAN Client Internet Back Bone Router Networking WWW overview MITM (Man In The Middle) 3 2 4 5 LAN

244 views • 23 slides
Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April

Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April

Freedom of Expression, Censorship, & The Internet Andrew Lewman andrew@torproject.org April 7, 2010 Universal Declaration of Human Rights Article 19 Everyone has the right to freedom of opinion and expression; this right includes freedom

745 views • 56 slides
DISSENT: Accountable, Anonymous Communication Joan Feigenbaum

DISSENT: Accountable, Anonymous Communication Joan Feigenbaum

DISSENT: Accountable, Anonymous Communication Joan Feigenbaum http://www.cs.yale.edu/homes/jf/ Joint work with Bryan Ford (PI), Henry Corrigan Gibbs, Ramakrishna Gummadi, Aaron

802 views • 59 slides
Internet censorship is everywhere Source:

Internet censorship is everywhere Source:

Internet censorship is everywhere Source: https://freedomhouse.org/report/freedom-net/freedom-net-2016 Commonly censored content Unapproved news (Fake News!!111) Wikipedia (usually partially) Facebook Google (all services), YouTube

539 views • 37 slides
Investigating Internet Controls with OONI Internet Freedom Festival, 7 th March 2017 Arturo

Investigating Internet Controls with OONI Internet Freedom Festival, 7 th March 2017 Arturo

Investigating Internet Controls with OONI Internet Freedom Festival, 7 th March 2017 Arturo Filast & Maria Xynou Free software project (under the Tor Project) aimed at empowering decentralized efforts in increasing transparency of

440 views • 29 slides
K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang

K-anonymous algorithm in protecting privacy in social communication networks Jiacheng Wang 515030910412 ABSTRACT The rapid development of social communication network has increased the risk in privacy protection, the association between people has

385 views • 4 slides
Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine The Free Haven Project http://tor.eff.org/ April 12, CFP 2005 Talk Outline Motivation: Why anonymous communication? Myth 1: This is only for privacy

488 views • 33 slides
PET PhD Course 2012 SWITS The Smart Grid and Anonymous Communication Mechanisms Leonardo

PET PhD Course 2012 SWITS The Smart Grid and Anonymous Communication Mechanisms Leonardo

PET PhD Course 2012 SWITS The Smart Grid and Anonymous Communication Mechanisms Leonardo Martucci Security and Networks Group, ADIT Department of Computer and Information Science About me EE Degree (95-00) + Master in EE (00-02)

625 views • 33 slides
Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven

Tor: Anonymous Communications for the Dept of Defense...and you. Roger Dingledine Free Haven Project Electronic Frontier Foundation http://tor.eff.org/ 17 September 2005 Talk Outline Motivation: Why anonymous communication? Myth 1:

703 views • 47 slides
How your native language shapes your world Daniel Rozenberg Sapir-Whorf hypothesis The principle

How your native language shapes your world Daniel Rozenberg Sapir-Whorf hypothesis The principle

How your native language shapes your world Daniel Rozenberg Sapir-Whorf hypothesis The principle of linguistic relativity (colloquially known as the Sapir-Whorf hypothesis) holds that the structure of a language affects the ways in which its

491 views • 28 slides
MLE/MAP + Nave Bayes MLE / MAP Readings: Nave Bayes Readings: Matt Gormley

MLE/MAP + Nave Bayes MLE / MAP Readings: Nave Bayes Readings: Matt Gormley

10-601 Introduction to Machine Learning Machine Learning Department School of Computer Science Carnegie Mellon University MLE/MAP + Nave Bayes MLE / MAP Readings: Nave Bayes Readings: Matt

891 views • 44 slides
Nave Bayes Matt Gormley Lecture 18 Oct. 31, 2018 1 Reminders Homework 6: PAC Learning /

Nave Bayes Matt Gormley Lecture 18 Oct. 31, 2018 1 Reminders Homework 6: PAC Learning /

10-601 Introduction to Machine Learning Machine Learning Department School of Computer Science Carnegie Mellon University Nave Bayes Matt Gormley Lecture 18 Oct. 31, 2018 1 Reminders Homework 6: PAC Learning / Generative Models

1.06k views • 68 slides
Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few

Some issues in verifying e-voting systems Mark D. Ryan Present-day e-voting offers few security properties [KohnoStubblefieldRubinWallach2004] compared to what is desirable: Eligibility: only eligible voters can vote, and only once.

406 views • 7 slides
Stuttering modification with the young stuttering child - additional slides Peter Schneider

Stuttering modification with the young stuttering child - additional slides Peter Schneider

Stuttering modification with the young stuttering child - additional slides Peter Schneider Schule fr Logopdie am Uniklinikum der RWTH Aachen, Germany Veerle Waelkens Artevelde Hogeschool, Ghent, Belgium ECSF Presymposium Workshop

363 views • 12 slides
Anonymity Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh,

Anonymity Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh,

CSE 484 / CSE M 584: Computer Security and Privacy Anonymity Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov,

556 views • 33 slides
Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi

Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi

CS 642: Computer Security and Privacy Anonymity Spring 2020 Earlence Fernandes earlence@cs.wisc.edu Thanks to Dan Boneh, Franzi Roesner Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee,

881 views • 29 slides
Security II: Security Strikes Back 15-441/641 Spring 2019 Profs Peter Steenkiste & Justine

Security II: Security Strikes Back 15-441/641 Spring 2019 Profs Peter Steenkiste & Justine

Security II: Security Strikes Back 15-441/641 Spring 2019 Profs Peter Steenkiste & Justine Sherry Cryptography Overview Symmetric Asymmetric One-Time Pad Encrypt w/ Public Key Stream Ciphers Confidentiality Block Ciphers Message

620 views • 35 slides

More recommend