design of a blocking resistant anonymity system
play

Design of a blocking-resistant anonymity system Roger Dingledine, - PowerPoint PPT Presentation

Apr 06, 2024 •361 likes •1.07k views

Design of a blocking-resistant anonymity system Roger Dingledine, Nick Mathewson The Tor Project 1 Outline Crash course on Tor Goals for blocking resistance Assumptions (threat model) What Tor offers now Current proxy

  1. Design of a blocking-resistant anonymity system Roger Dingledine, Nick Mathewson The Tor Project 1

  2. Outline ● Crash course on Tor ● Goals for blocking resistance ● Assumptions (threat model) ● What Tor offers now ● Current proxy solutions ● What we need to add to Tor ● All the other issues that come up 2

  3. Tor: Big Picture ● Freely available (Open Source), unencumbered. ● Comes with a spec and full documentation: Dresden and Aachen implemented compatible Java Tor clients; researchers use it to study anonymity. ● Chosen as anonymity layer for EU PRIME project. ● 200000+ (?) active users. ● PC World magazine named Tor one of the Top 100 Products of 2005. 3

  4. Anonymity serves different interests for different user groups. Governments Businesses Anonymity “It's privacy!” Private citizens 4

  5. Anonymity serves different interests for different user groups. Governments Businesses “It's network security!” Anonymity “It's privacy!” Private citizens 5

  6. Anonymity serves different interests for different user groups. Governments Businesses “It's traffic-analysis “It's network security!” resistance!” Anonymity “It's privacy!” Private citizens 6

  7. The simplest designs use a single relay to hide connections. Bob1 Alice1 E(Bob3,“X”) “Y” Relay Alice2 Bob2 “Z” E(Bob1, “Y”) “X” ) ” Z “ , 2 b o B ( E Bob3 Alice3 (example: some commercial proxy providers) 7

  8. But a single relay is a single point of failure. Bob1 Alice1 E(Bob3,“X”) “Y” Evil Alice2 Bob2 Relay “Z” E(Bob1, “Y”) “X” ) ” Z “ , 2 b o B ( E Bob3 Alice3 Eavesdropping on the relay works too. 8

  9. So, add multiple relays so that no single one can betray Alice. Bob Alice R1 R3 R5 R4 R2 9

  10. A corrupt first hop can tell that Alice is talking, but not to whom. Bob Alice R1 R3 R5 R4 R2 10

  11. A corrupt final hop can tell that somebody is talking to Bob, but not who. Bob Alice R1 R3 R5 R4 R2 11

  12. Alice makes a session key with R1 ...And then tunnels to R2...and to R3 Bob Alice R1 R3 Bob2 R5 R4 R2 12

  13. Attackers can block users from connecting to the Tor network ● By blocking the directory authorities ● By blocking all the server IP addresses in the directory ● By filtering based on Tor's network fingerprint 13

  14. Goals ● Attract, and figure out how to use, more relay addresses ● Normalize Tor's network fingerprint ● Solve the discovery problem: how to find relay addresses safely ● Don't screw up our anonymity properties in the process 14

  15. Adversary assumptions aka Threat model ● Aim to defend against a strong attacker – so we inherit defense against weaker attackers ● Have a variety of users in mind – Citizens in China, Thailand, ... – Whistleblowers in corporate networks – Future oppressive situations ● Attackers will be in different stages of the arms race 15

  16. Attacker's goals (1) ● Restrict the flow of certain kinds of information – Embarrassing (rights violations, corruption) – Opposing (opposition movements, sites that organize protests) ● Chill behavior by impression that online activities are monitored 16

  17. Attacker's goals (2) ● Complete blocking is not a goal. It's not even necessary. ● Similarly, no need to shut down or block every circumvention tool. Just ones that are – popular and effective (the ones that work) – highly visible (make censors look bad to citizens -- and to bosses) 17

  18. Attacker's goals (3) ● Little reprisal against passive consumers of information. – Producers and distributors of information in greater danger. ● Censors (actually, govts) have economic, political, social incentives not to block the whole Internet. – But they don't mind collateral damage. 18

  19. Main network attacks ● Block by IP address at firewall ● Keyword searching in TCP packets ● Intercept DNS requests and give bogus responses or redirects 19

  20. Design assumptions (1) ● Network firewall has limited CPU and memory per connection – full steganography not needed, thankfully ● Time lag between attackers sharing notes – Most commonly by commercial providers of filtering tools – Insider threat not a worry initially 20

  21. Design assumptions (2) ● Censorship is not uniform even within each country, often due to different ISP policies ● Attacker can influence other countries and companies to help them censor or track users. 21

  22. Design assumptions (3) ● Assume the users aren't attacked by their hardware and software – No spyware installed, no cameras watching their screens, etc ● Assume the users can fetch a genuine copy of Tor: use GPG signatures, etc. 22

  23. Outline ● Goals ● Assumptions (threat model) ● What Tor offers now ● Current proxy solutions ● What we need to add to Tor ● All the other issues that come up 23

  24. Tor gives three anonymity properties ● #1: A local network attacker can't learn, or influence, your destination – Clearly useful for blocking resistance ● #2: No single router can link you to your destination – The attacker can't sign up relays to trace users ● #3: The destination, or somebody watching it, can't learn your location – So they can't reveal you; or treat you differently. 24

  25. Other Tor design features (1) ● Well-analyzed, well-understood discovery mechanism: directory authorities. ● They automatically aggregate, test, and publish signed summaries of the available routers. ● Tor clients fetch these summaries to learn which routers have what properties. ● Directory information is cached throughout the Tor network. 25

  26. Other Tor design features (2) ● The list of dir authorities is not hard-wired. ● There are defaults, but you can easily specify your own to start using a different (or even overlapping!) Tor network. ● For example, somebody could run a separate Tor network in China. ● (But splitting up our users is bad for anonymity.) 26

  27. Other Tor design features (3) ● Tor automatically builds paths, and rebuilds and rotates them as needed. ● More broadly, Tor is just a tool to build paths given a set of routers. ● Harvard's “Blossom” project makes this flexibility more concrete: – It lets users view Internet resources from any point in the Blossom network. 27

  28. Other Tor design features (4) ● Tor separates the role of “internal relay” from the role of “exit relay”. ● Because we don't force all volunteers to play both roles, we end up with more relays. ● This increased diversity is what gives Tor users their anonymity. 28

  29. Other Tor design features (5) ● Tor is sustainable. It has a community of developers and volunteers. ● Commercial anonymity systems have flopped or constantly need more funding for bandwidth. ● Our sustainability is rooted in Tor's open design: clear documentation, modularity, and open source. 29

  30. Other Tor design features (6) ● Tor has an established user base of hundreds of thousands of people around the world. ● Ordinary citizens, activists, corporations, law enforcement, even govt and military users. ● This diversity contributes to sustainability. ● It also provides many many IP addresses! 30

  31. Anonymity is useful for censorship-resistance too! ● If a Chinese worker blogs about a problem at her factory, and she routes through her uncle's computer in Ohio to do it, ...? ● If any relay can expose dissident bloggers or compile profiles of user behavior, attacker should attack relays. ● ...Or just spread suspicion that they have, to chill users. 31

  32. Outline ● Goals ● Assumptions (threat model) ● What Tor offers now ● Current proxy solutions ● What we need to add to Tor ● All the other issues that come up 32

  33. Relay versus Discovery ● There are two pieces to “proxying” schemes: ● a relay component: building circuits, sending traffic over them ● a discovery component: learning what routers are available 33

  34. Centrally-controller shared proxies ● Existing commercial anonymizers are based on a set of single-hop proxies. ● Typically characterized by two features: – They control and operate the proxies centrally. – Many different users get assigned to each proxy. ● Weak security compared to distributed-trust. ● But easier to deploy, and users don't need new software because they completely trust the proxy already. 34

  35. Independent personal proxies ● Circumventor, CGIProxy, Psiphon ● Same relay strategy, new discovery strategy: “Find a friend to install the relay for you.” ● Great for blocking-resistance, but huge scalability question: ● How does the user in China find a volunteer in Ohio? ● How does the volunteer in Ohio find a user in China? 35

  36. Open proxies ● Google for “open proxy list”. ● Companies sell refined lists. ● Downsides: – Widely varying bandwidth, stability, reachability. – Legally questionable. – Not encrypted in most cases; keyword filtering still works. – “Too convenient” Are they run by the adversary? 36

  37. JAP and blocking-resistance ● Stefan Kopsell's paper from WPES 2004 ● This is the idea that we started from in this blocking-resistance design. ● Uses the JAP anonymity network rather than Tor. ● Discovery is handled by making users solve a CAPTCHA in order to learn a relay address. 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture Damage 1 Balanced Mix Design: ETG Definition Asphalt mix design using performance tests on appropriately conditioned specimens that address

480 views • 46 slides
TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) ,

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) ,

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) , Daniele E. Asoni , Adrian Perrig (ETH Zrich) , David Barrera (Polytechnique Montreal) , George Danezis (UCL) , Carmela Troncoso (EPFL)

1.98k views • 131 slides
Blocking in the 2 k Design Blocking may be required because: we cannot perform all required runs

Blocking in the 2 k Design Blocking may be required because: we cannot perform all required runs

ST 516 Experimental Statistics for Engineers II Blocking in the 2 k Design Blocking may be required because: we cannot perform all required runs under homogeneous conditions; e.g. raw material comes in limited batches; we want to carry out runs

487 views • 23 slides
Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin

Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin

Publius: A robust, tamper-evident, censorship-resistant web publishing system M Waldman, A Rubin and L Cranor Ranjit Randhawa Department of Computer Science Virginia Tech Outline Overview of Publius Anonymity tools Publius in

414 views • 13 slides
Tor and (un)provable privacy Roger Dingledine The Tor Project https://torproject.org/ 1

Tor and (un)provable privacy Roger Dingledine The Tor Project https://torproject.org/ 1

Tor and (un)provable privacy Roger Dingledine The Tor Project https://torproject.org/ 1 Today's plan 0) Crash course on Tor 1) Anonymity attacks 2) Blocking-resistance 2 What is Tor? Online anonymity 1) open source software, 2)

663 views • 52 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
Theory and Design of Low-latency Anonymity Systems (Lecture 4) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 4) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 4) Paul Syverson U.S. Naval Research Laboratory syverson@itd.nrl.navy.mil http://www.syverson.org 1 Course Outline Lecture 1: Usage examples, basic notions of anonymity, types

611 views • 48 slides
Theory and Design of Low-latency Anonymity Systems (Lecture 1) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 1) Paul Syverson U.S. Naval Research

Theory and Design of Low-latency Anonymity Systems (Lecture 1) Paul Syverson U.S. Naval Research Laboratory syverson@itd.nrl.navy.mil http://www.syverson.org 1 Course Outline Lecture 1: Usage examples, basic notions of anonymity, types

918 views • 88 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Non-Blocking Two Phase Commit (2PC) Using Blockchain Paul Ezhilchelvan , Amjad Aldweesh and Aad

Non-Blocking Two Phase Commit (2PC) Using Blockchain Paul Ezhilchelvan , Amjad Aldweesh and Aad

Non-Blocking Two Phase Commit (2PC) Using Blockchain Paul Ezhilchelvan , Amjad Aldweesh and Aad van Moorsel School of Computing, Newcastle University, UK Contributions Non-blocking 2PC in a synchronous database system Impossible when the

631 views • 12 slides
Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of

Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of

Data Blocking Jon K. Nilsen Department of Physics and Scientific Computing Group University of Oslo, N-0316 Oslo, Norway Spring 2008 Computational Physics II FYS4410 Outline Data Blocking Why blocking? What is blocking? Blocking in

626 views • 14 slides
Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The

Anonymity Loves Company: Usability and the network effect Roger Dingledine, Nick Mathewson The Free Haven Project 1 Overview We design and deploy anonymity systems. Version 1: You guys are studying this in academia, and we're

684 views • 25 slides
Hemispheric Blocking Using an Ensemble Mean Forecast System DeVondria D. Reynolds 1 , Anthony R.

Hemispheric Blocking Using an Ensemble Mean Forecast System DeVondria D. Reynolds 1 , Anthony R.

The Predictability of Northern Hemispheric Blocking Using an Ensemble Mean Forecast System DeVondria D. Reynolds 1 , Anthony R. Lupo 1 Andrew D. Jensen 2 and Patrick S. Market 1 1 Atmospheric Science Program, 302 ABNR Building, University of

305 views • 19 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Final Review Logistics Start Midterm next class! Same style as Midterm, 5 questions

Final Review Logistics Start Midterm next class! Same style as Midterm, 5 questions

Final Review Logistics Start Midterm next class! Same style as Midterm, 5 questions Will be cumulative, so I expect your answers to incorporate all that you have learned Due on Wednesday June 10 th Lab 4 Due Friday June 12 th

700 views • 32 slides
Harmony: Collec.on and Analysis of Parallel Block Vectors

Harmony: Collec.on and Analysis of Parallel Block Vectors

Harmony: Collec.on and Analysis of Parallel Block Vectors Melanie Kambadur Kui Tang, Martha Kim Columbia University 1 Parallelism Time 2

605 views • 43 slides
Search on Modern CPUs and GPUs N. Satish, C. Kim, J. Chhugani, A. Nguyen, V. Lee, D. Kim, P. Dubey

Search on Modern CPUs and GPUs N. Satish, C. Kim, J. Chhugani, A. Nguyen, V. Lee, D. Kim, P. Dubey

FAST: Fast Architecture Sensitive Tree Search on Modern CPUs and GPUs N. Satish, C. Kim, J. Chhugani, A. Nguyen, V. Lee, D. Kim, P. Dubey SIGMOD 2010 Presented by: Andy Hwang 2 Motivation Index trees are not optimized for architecture

697 views • 26 slides
Single processor tuning (2/2) Prof. Richard Vuduc Georgia Institute of Technology CSE/CS 8803

Single processor tuning (2/2) Prof. Richard Vuduc Georgia Institute of Technology CSE/CS 8803

Single processor tuning (2/2) Prof. Richard Vuduc Georgia Institute of Technology CSE/CS 8803 PNA: Parallel Numerical Algorithms [L.16] Thursday, February 28, 2008 1 Todays sources CS 267 (Demmel & Yelick @ UCB; Spring 2007) A

961 views • 63 slides
Interrupts and System Calls Don Porter CSE 306 1 CSE 306: Opera.ng Systems Last Time Ok,

Interrupts and System Calls Don Porter CSE 306 1 CSE 306: Opera.ng Systems Last Time Ok,

CSE 306: Opera.ng Systems Interrupts and System Calls Don Porter CSE 306 1 CSE 306: Opera.ng Systems Last Time Ok, heres Open file handle 4 hw1.txt App App App Libraries Libraries Libraries User Super- System Call

619 views • 34 slides
WHEN WE LOSE OUR FOCUS. WHO ARE YOU? What do you KNOW? What is your PASSION? What is

WHEN WE LOSE OUR FOCUS. WHO ARE YOU? What do you KNOW? What is your PASSION? What is

Foundation Series BLOG Who you are What gap do you fi ll Who your target audience is Foundation Series BLOG insure that your blog is intentional from the layout & design to content insure that your blog fi nds readers

858 views • 66 slides
MY TRANSITION FROM SWIFT TO KOTLIN Twitter: @allonsykraken Blog: krakendev.io A LITTLE BIT ABOUT

MY TRANSITION FROM SWIFT TO KOTLIN Twitter: @allonsykraken Blog: krakendev.io A LITTLE BIT ABOUT

MY TRANSITION FROM SWIFT TO KOTLIN Twitter: @allonsykraken Blog: krakendev.io A LITTLE BIT ABOUT ME Twitter: @allonsykraken Blog: krakendev.io > Write and maintain a blog at krakendev.io that gets close to 10K views a week > Spoken about

1.02k views • 55 slides
CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu

CS6 Practical System Skills Fall 2019 edition Leonhard Spiegelberg lspiegel@cs.brown.edu 16.99 Recap Last lectures: Basic + more advanced python - Basic: Comments, Numbers, Strings, Lists, Tuples, Dictionaries, Variables, Functions,

965 views • 35 slides

More recommend