mixminion a next generation anonymous remailer george
play

Mixminion: A next-generation anonymous remailer George Danezis - PowerPoint PPT Presentation

Nov 25, 2023 •310 likes •544 views

Mixminion: A next-generation anonymous remailer George Danezis Roger Dingledine Nick Mathewson 1 Outline Background Related systems A few improvements over past work Secure single-use reply block mechanism 2 Anonymous,

  1. Mixminion: A next-generation anonymous remailer George Danezis Roger Dingledine Nick Mathewson 1

  2. Outline • Background • Related systems • A few improvements over past work • Secure single-use reply block mechanism 2

  3. Anonymous, message-based communication • Forward messages, only Alice remains anonymous • Direct replies, only Bob remains anonymous • Anonymized reply messages where Alice and Bob remain anonymous 3

  4. Threat Model (we hope) • Global passive adversary: can observe all links • Controls some of the nodes/links • Can send, modify, delay, etc some messages We are not real-time, fast, packet-based, or steganographic. 4

  5. Basic building block: Mix ... ... ... E(...M,B) A ... Mix M ... B ... A mix batches, decrypts, and reorders messages 5

  6. Multiple Hops E ...(E (M,to B), to 2) E ...(M,to B) M 1 2 2 A B 1 2 Assume not all hops will collude and reveal A 6

  7. Fixed length messages by re-padding 2 3 1 3 ... ... M M 3 • Add random junk to the bottom to replace the info you strip off. Everything’s encrypted, so it looks ok. 7

  8. Reply block D(D(...(M))) M,"bob" D(M),D("bob") A B 2 1 ... • “bob” = 1 , E 1 (2 , ...E n ( B )) • In Mixminion, replies act like forward messages. 8

  9. Related systems • One-hop: Anonymizer, hotmail, etc • Low-latency: onion routing, Freedom • Remailers: Cypherpunk, Mixmaster, Babel • Other: flash mix, hybrid mix, provable shuffle, etc 9

  10. Integrated directory servers Act as reputation servers too • Mixmaster’s ad hoc scheme opens users up to partitioning attacks. • Directory servers can be out of sync; evil DSs can give out rigged subsets to trace clients. • DSs must successively sign directory bundles; a threshold of servers is assumed good. 10

  11. Link encryption for forward anonymity • Mixmaster uses SMTP for transport • We use TLS over TCP • Link encryption and short-term keys stop many attacks 11

  12. Key rotation / Replay prevention • Mixmaster has no built-in key rotation • ...and sketchy replay detection mechanism • Solve them together: we keep hashes of all messages seen since the last key rotation. 12

  13. Tagging attack on headers • Mixmaster/Babel headers have a hash to integrity- check that hop. Doesn’t check the rest of the header! • We can flip some bits later in the header. If we own the hop that corresponds to the part we just broke, we can recognize the message. • So we make the hash cover the entire header. 13

  14. And payload too... But you can’t know the payload when writing a reply block! • Forward messages want hashes, and replies can’t have them. • If replies are rare relative to forwards, replies are easy to track. 14

  15. Messages have two headers and a payload Build a path out of two legs, one for each header • For forward messages, Alice makes both legs • For direct replies, Alice can use the reply block directly • For anonymized replies, Alice makes the first leg and uses Bob’s reply block for the second. 15

  16. Legs are connected by the Crossover Point • One of the hops in the first header is marked as a crossover point • At the crossover point, we decrypt the second header with a hash of the payload, and then swap the headers. 16

  17. Forward messages are anonymous: • If the second header or the payload are tagged in the first leg, then the second header is unrecover- able. • If tagged in the second leg, we’ve already gotten anonymity from the first. 17

  18. Replies are anonymous: • The adversary can never recognize his tag. 18

  19. Multiple-message tagging attacks • If Alice sends multiple messages along the same path, Mallory can tag some, recognize the pattern at the crossover point, and follow the rest. • Only works if Mallory owns the crossover point. • Fix: Alice spreads over k crossover points (and hopes Mallory doesn’t own most of them) 19

  20. Nymservers and single-use reply blocks • Work like pop/imap servers • User anonymously sends a bunch of reply blocks to receive the mail that’s waiting for him. 20

  21. Future work • Dummy traffic policy • Exit abuse • Directory servers • Synchronous batching • More analysis! 21

  22. Play with our code http://mixminion.net/ (Code, mailing list, design, spec) Do you want to run a server? 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven

Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven

Mixminion: Design of a Type III Anonymous Remailer Protocol Roger Dingledine The Free Haven Project 1 Threat Model (what we aim to defend against) Global passive adversary can observe everything Owns half the nodes We are not

656 views • 41 slides
Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net

Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net

Mixminion Designing a Type-III Anonymous Remailer Protocol Nick Mathewson nickm@freehaven.net Our Goals Fix holes in Mixmaster (Type-II) remailers Conservative design Working implementation; deployed network Our Adversary

447 views • 9 slides
Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine

Mixminion a best-of-breed anonymous remailer (systems track) Nick Mathewson, Roger Dingledine The Free Haven Project {nickm,arma}@freehaven.net Scope Introduction to anonymity How we got started Introduction to mix-nets

649 views • 27 slides
M ixminion: D esign of a T ype III Anonymous Remailer Prot ocol Roger D ingledine T he Free

M ixminion: D esign of a T ype III Anonymous Remailer Prot ocol Roger D ingledine T he Free

M ixminion: D esign of a T ype III Anonymous Remailer Prot ocol Roger D ingledine T he Free Haven Project 1 T hreat M odel ( what we aim t o defend against ) Global passive adversary can observe M ult iple Hops A E ...(E (M,to B),

290 views • 15 slides
Anonymous communications and systems A short introduction George Danezis Computer Security

Anonymous communications and systems A short introduction George Danezis Computer Security

Anonymous communications and systems A short introduction George Danezis Computer Security Group Computer Laboratory 1 Introducing Hiding Two strategies to safeguard assets: protect (guards, walls, safes,

613 views • 25 slides
Bayesian Inference and Traffic Analysis Carmela Troncoso George Danezis September-November

Bayesian Inference and Traffic Analysis Carmela Troncoso George Danezis September-November

Bayesian Inference and Traffic Analysis Carmela Troncoso George Danezis September-November 2008 Microsoft Research Cambridge/ KU Leuven(COSIC) Anonymous Communications T ell me who your friends are. .. => Anonymous

319 views • 29 slides
Anonymous Communications. George Danezis (g.danezis@ucl.ac.uk) With help from: Luca Melis

Anonymous Communications. George Danezis (g.danezis@ucl.ac.uk) With help from: Luca Melis

Privacy Enhancing Technologies Anonymous Communications. George Danezis (g.danezis@ucl.ac.uk) With help from: Luca Melis (luca.melis.14@ucl.ac.uk) Steve Dodier-Lazaro (s.dodier-lazaro.12@ucl.ac.uk) Administration & Labs Enrol into the

819 views • 49 slides
Eclipse and Re-Emergence of Anonymous P2P Storage Network Overlay Services George Danezis Marios

Eclipse and Re-Emergence of Anonymous P2P Storage Network Overlay Services George Danezis Marios

Eclipse and Re-Emergence of Anonymous P2P Storage Network Overlay Services George Danezis Marios Isaakidis g.danezis@ucl.ac.uk m.isaakidis@cs.ucl.ac.uk Department of Computer Science University College London HotPETs - July 22, 2016

291 views • 18 slides
PointGrow: Autoregressively Learned Point Cloud Generation with Self-Attention Anonymous Authors

PointGrow: Autoregressively Learned Point Cloud Generation with Self-Attention Anonymous Authors

PointGrow: Autoregressively Learned Point Cloud Generation with Self-Attention Anonymous Authors Key Ideas Generate realistic point cloud from scratch or conditioned on semantic contexts Recurrent sampling operation Augment with

1.23k views • 21 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons

Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons

Two cool ideas: Anonymous classes Polymorphism Anonymous classes motivation You probably have many buttons and/or menu items in your VectorGraphics project Three approaches for responding to the events from selecting those buttons /

406 views • 6 slides
12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship

12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship

12-STEP PROGRAMS Alcoholics Anonymous The Preamble Alcoholics Anonymous is a fellowship of men and women who share their experience, strength and hope with each other that they may solve their common problem and help others to recover

1.11k views • 76 slides
Analyzing Income Distribution Changes: Anonymous versus Panel Income Approaches Gary S. Fields

Analyzing Income Distribution Changes: Anonymous versus Panel Income Approaches Gary S. Fields

Analyzing Income Distribution Changes: Anonymous versus Panel Income Approaches Gary S. Fields Robert Duval-Hernndez George H. Jakubson Helsinki, September 5 th 2014 WIDER Main Questions Who gains and who is hurt when the distribution of

406 views • 16 slides
Cocaine Anonymous A Presentation to Professionals Presentation Contents Our Aims Today The

Cocaine Anonymous A Presentation to Professionals Presentation Contents Our Aims Today The

Cocaine Anonymous A Presentation to Professionals Presentation Contents Our Aims Today The CA Group Cocaine Anonymous Is The 12 Steps Cocaine Anonymous Is Not Spirituality History of Cocaine Anonymous Sponsorship

700 views • 37 slides
Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and

Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and

Remote Side-Channel Attacks on Anonymous Transactions In Zcash & Monero Florian Tramr and Dan Boneh and Kenny Paterson USENIX Security Symposium Meet Alice the Anonymous Activist Blogger PK A anonymous 2 Alices Lack of Privacy Send

395 views • 21 slides
Task Computability in Unreliable Anonymous Networks Nayuta Yanagisawa DeNA Co., Ltd. Petr

Task Computability in Unreliable Anonymous Networks Nayuta Yanagisawa DeNA Co., Ltd. Petr

Task Computability in Unreliable Anonymous Networks Nayuta Yanagisawa DeNA Co., Ltd. Petr Kuznetsov Telecom ParisTech I am here to talk about ... the computability issues of failure-prone anonymous broadcast models. Anonymous Model

660 views • 21 slides
Belfast CryptoParty Welcome Pete Maynard @pgmaynard October 14, 2014 Belfast CryptoParty

Belfast CryptoParty Welcome Pete Maynard @pgmaynard October 14, 2014 Belfast CryptoParty

Belfast CryptoParty Welcome Pete Maynard @pgmaynard October 14, 2014 Belfast CryptoParty #cryptofast Pete Maynard @pgmaynard 1 What is a CryptoParty? A CryptoParty is free, public and fun. Its a decentralized, global initiative to

760 views • 8 slides
) tra ffi c lights smart grid Honeypots in ICS Environments space station steel mill ( power

) tra ffi c lights smart grid Honeypots in ICS Environments space station steel mill ( power

) tra ffi c lights smart grid Honeypots in ICS Environments space station steel mill ( power plant supertanker death star gas pipeline sewage plant wind turbine ) cypherpunk chaotic neutral privacy activist researcher DI Daniel

656 views • 27 slides
Programming Distributed Systems 13 Blockchains Christian Weilbach & Annette Bieniusa AG

Programming Distributed Systems 13 Blockchains Christian Weilbach & Annette Bieniusa AG

Programming Distributed Systems 13 Blockchains Christian Weilbach & Annette Bieniusa AG Softech FB Informatik TU Kaiserslautern Summer Term 2018 Christian Weilbach & Annette Bieniusa Programming Distributed Systems Summer Term 2018

870 views • 65 slides
Solutions pour la Scurit des rseaux Prof. Gildas Avoine UCL Belgium Introduction

Solutions pour la Scurit des rseaux Prof. Gildas Avoine UCL Belgium Introduction

cole Internationale de Printemps Systmes Rpartis : METIS2008 Architecture, Scurit & Fiabilit Rabat, 20-23 Mai 2008 Solutions pour la Scurit des rseaux Prof. Gildas Avoine UCL Belgium Introduction Confidentiality,

1.85k views • 135 slides
P r i v a c y b y D e f a u l t . P G P / G P G P G P P r e t t

P r i v a c y b y D e f a u l t . P G P / G P G P G P P r e t t

p r e t t y E a s y p r i v a c y N U L L c o n 2 0 1 7 , G o a s v a @ p E p . f o u n d a t i o n h t t p s : / / p E p . f o u n d a t i o n t w i t t e r @ s v a

1.32k views • 85 slides
Distributed Ledger Technology: An introduction to interoperability Andrea Lisi, Paolo Mori

Distributed Ledger Technology: An introduction to interoperability Andrea Lisi, Paolo Mori

Distributed Ledger Technology: An introduction to interoperability Andrea Lisi, Paolo Mori Universit degli studi di Pisa 02/03/20 2009 2 2009 3 2009 Bitcoin is a P2P payment system where nodes share the ledger of money Transactions, the

655 views • 28 slides
The Signal Protocol @ VanLug BorisReitman.com Agenda OTR Double Ratchet X3DH

The Signal Protocol @ VanLug BorisReitman.com Agenda OTR Double Ratchet X3DH

The Signal Protocol @ VanLug BorisReitman.com Agenda OTR Double Ratchet X3DH Sesame Overview First the parties will use X3DH key agreement protocol to agree on a shared secret key. Then, the parties will use the Double

1.12k views • 96 slides
The Redesigned Naturalization Test Office of Citizenship 2 Overview of Presentation

The Redesigned Naturalization Test Office of Citizenship 2 Overview of Presentation

The Redesigned Naturalization Test Office of Citizenship 2 Overview of Presentation Historical Overview of the Redesigned (New) Test Legal Framework The Redesigned Naturalization Test Administration of the Redesigned Test

257 views • 22 slides

More recommend