mixtasy remailing on existing infrastructure
play

Mixtasy: Remailing on Existing Infrastructure Anonymized Email - PowerPoint PPT Presentation

Apr 09, 2023 •30 likes •220 views

Mixtasy: Remailing on Existing Infrastructure Anonymized Email Communication Easily Deployable Using SMTP & OpenPGP Masters thesis presentation @Young Researchers Day 2016 St Johann im Pongau (11.10.2016) by Johannes Burk 1st

  1. Mixtasy: Remailing on Existing Infrastructure Anonymized Email Communication Easily Deployable Using SMTP & OpenPGP Master’s thesis presentation @Young Researchers’ Day 2016 St Johann im Pongau (11.10.2016) by Johannes Burk 1st Reviewer: Dipl.-Inform. David Stezenbach 2nd Reviewer: Priv.-Doz. Mag. DI. DI. Dr.techn. Karl Michael Göschka

  2. Introduction ● Secure messaging is a big research area ● Plain email did not provide any security or privacy feature ○ But it’s still heavily used ● TLS and openPGP, S/MIME isn’t enough ○ Metadata still readable ● Eavesdroppers/Adversaries are everywhere (attention tinfoil hat carriers!) Slide: 2

  3. Objective ● Build a secure and privacy preserving asynchronous messaging prototype solution ● … With good adoption properties (design on top of existing infrastructure) Main Parts of the work ● Requirement Definition ● Technologies & Existing Work ● Design Considerations ● Protocol Specification (wire protocol) ● Protocol Implementation (tool, prototype) Slide: 3

  4. Requirements: Security and Privacy Security ● Confidentiality, integrity and authenticity ○ end-to-end ● Anonymity Preserving ○ conversation security feature must not break transport privacy Privacy ● Participation Anonymity & Global Adversary Resistance ● Unlinkability ● Sender Anonymity Slide: 4

  5. Requirements: Usability and Adoption Usability ● Keep Email Properties ○ asynchronicity ○ message drops/delays ● Easy Initialization Adoption ● Compatibility to existing Infrastructure ● No Additional Service ● Scalable Slide: 5

  6. Existing Work: Remailer ● Based on mix networks ● Different types (evolution caused) ○ Type 0: Pseudonymous/Nym remailer ■ Just for pseudonymization ○ Type 1: Cypherpunk ■ Encryption not mandatory ○ Type 2: Mixmaster ■ Outdated crypto (RSA-1024, (3DES), MD5, …) ○ Type 3: Mixminion ■ Doesn’t support SMTP Slide: 6

  7. Slide: 7 https://crypto.is/blog/remailers_weve_got

  8. The Idea of Mixtasy ● Secure and anonymous emailing ● Reuse existing technologies and infrastructure! Overview ● Mix Network design ● Data Format: Internet Message Format [RFC-5322] ● Encryption: openPGP [RFC-4880] ● Transport: SMTP [RFC-5321] ● Directory Service: openPGP Key Servers (no additional service!) ● Implementation: Postfix Filter Addon (adoption!) + client to send mails Slide: 8 https://crypto.is/blog/what_is_a_remailer

  9. Design Considerations I ● Encryption: confidentiality & prevent tracking by content ○ layered encryption between sender and mixes/receiver ● Mixing Algorithm: blur the trace of a message (anonymity) ○ Timed dynamic-pool mix ● Message Size: prevent tracking by size (anonymity) ○ Uniformed; repadding at each mix Slide: 9

  10. Design Considerations II ● Replay Attack prevention (anonymity) ○ Cache message hashes ● Tagging attack prevention (anonymity) ○ Message data verification ● Dummy Traffic: complicate blending attacks & reduce message delays ○ inject dummy messages ● Abuse & Spam protection ○ cost based spam protection Slide: 10

  11. Mixtasy Design: Receiver’s Provider supports Mixtasy Slide: 11

  12. Message Format ● Original Message ○ As composed by the sender ● Final Mix Message ○ Wraps an original message ● Intermediate Mix Message ○ Contains another intermediate or a final mix message Slide: 12

  13. OpenPGP Message Format Example Slide: 13

  14. Slide: 14

  15. Decryption and re-padding Slide: 15

  16. Keys ● Long-term OpenPGP key (trust establishment) ● Short-term sub-keys (encryption) ● Distribution over public PGP key server ● Discovery via search for “mixtasy@” Slide: 16

  17. Available Prototype on GitHub ● Written in Python, makes use of GnuPG ● CLI Client to create mails ○ Including: Mix discovery and key retrieval, Path selection, constructing single part messages, sending via SMTP ● Postfix Filter to operate a mix node ○ Including: Strip of encryption layer, Verification check, Re-padding to fixed message size ● Not implemented yet: ○ multi part and dummy messages, mixing algorithm, replay attack prevention Slide: 17

  18. Conclusion ● Remailer protocol design and prototype created ○ Mostly specified by composing existing technologies ○ Deployable by upgrading existing MTAs ○ Receiver just needs OpenPGP software ● Future work ○ Implement full specification ○ Detailed evaluation/auditing ○ Research on dynamically change timed dynamic-pool mix parameters ○ Extend the protocol by an anonymous reply feature Slide: 18

  19. Download Slides and Master’s Thesis, Try out or Contribute ● http://mixtasy.net/ ● https://github.com/jojoob/mixtasy/ Slide: 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Existing Infrastructure and Modernization of the Electric Grid March 22, 2016 Agenda

Existing Infrastructure and Modernization of the Electric Grid March 22, 2016 Agenda

New Energy Industry Task Force Existing Infrastructure and Modernization of the Electric Grid March 22, 2016 Agenda Existing Infrastructure Fossil generation and transmission Renewable generation Modernization of the grid

654 views • 34 slides
Server Upgrades 6/25/19 Agenda Existing Server Infrastructure Reasons for upgrading

Server Upgrades 6/25/19 Agenda Existing Server Infrastructure Reasons for upgrading

Revised 6/25/2019 Server Upgrades 6/25/19 Agenda Existing Server Infrastructure Reasons for upgrading Options & Budget Best Solution Server Upgrades 1 1 6/25/2019 Existing Server Infrastructure Server 1: Purchased

277 views • 10 slides
^ c TsL. aa oa^ [ '} | Q )() l^'ntO I oa " _mj aa ^f-^51 Bn JHn ^^r' ITI ,^v

^ c TsL. aa oa^ [ '} | Q )() l^'ntO I oa " _mj aa ^f-^51 Bn JHn ^^r' ITI ,^v

FAIRMS^T ^T^~ lmL ^ c TsL. aa oa^ [ '} | Q )() l^'ntO I oa " _mj aa ^f-^51 Bn JHn ^^r' ITI ,^v Comprehensive Plan Steering Committee March 12, 2019 Agenda City Infrastructure & Services Existing infrastructure

362 views • 10 slides
Re-allocation at consent expiry September 2017 What the RMA says about existing infrastructure

Re-allocation at consent expiry September 2017 What the RMA says about existing infrastructure

Re-allocation at consent expiry September 2017 What the RMA says about existing infrastructure When considering an application [for renewal of resource consent] a consent authority must have regard to the value of the investment of the

169 views • 4 slides
Driveway Profile Discussion Karl Oberjohn Infrastructure Committee 9/10/2018 Can existing

Driveway Profile Discussion Karl Oberjohn Infrastructure Committee 9/10/2018 Can existing

Lower Jackson Road Driveway Profile Discussion Karl Oberjohn Infrastructure Committee 9/10/2018 Can existing sidewalk be preserved? Benefits Maintain a grass strip between sidewalk and street Save money by only replacing damaged

317 views • 15 slides
Program Roadways and Infrastructure June 20, 2019 Roadways and Infrastructure Needs Address

Program Roadways and Infrastructure June 20, 2019 Roadways and Infrastructure Needs Address

2019 Bond Program Roadways and Infrastructure June 20, 2019 Roadways and Infrastructure Needs Address existing transportation infrastructure deficiencies such as: Capacity Congestion Safety Address future capacity needs based

568 views • 34 slides
infrastructure in existing residential buildings? e-MOTICON FINAL EVENT March 26, 2019 Milan,

infrastructure in existing residential buildings? e-MOTICON FINAL EVENT March 26, 2019 Milan,

How to implement charging infrastructure in existing residential buildings? e-MOTICON FINAL EVENT March 26, 2019 Milan, Palazzo Lombardia Christian STEGER-VONMETZ About us We are a federal company owned by the Austrian Federal Ministry of

158 views • 13 slides
Oman Broadband Company Harnessing existing Utility infrastructure for a competitive and rapidly

Oman Broadband Company Harnessing existing Utility infrastructure for a competitive and rapidly

Oman Broadband Company Harnessing existing Utility infrastructure for a competitive and rapidly deployed NBN 9 th of June 2014 Introduction of the speaker Stewart White Regulatory Specialist Stewart is a regulatory lawyer by background with

319 views • 31 slides
Page 1 Rock storage pad Page 3 Reed AEP Longitudinal Section Page 4 Existing Infrastructure at

Page 1 Rock storage pad Page 3 Reed AEP Longitudinal Section Page 4 Existing Infrastructure at

Page 1 Rock storage pad Page 3 Reed AEP Longitudinal Section Page 4 Existing Infrastructure at Reed AEP Construction Camp Page 5 Reed AEP Site looking north, southern reach of Reed Lake approximately 3km in background (August 2012) Page 6

478 views • 24 slides
Technologies for Evaluating Risks to Existing Berth Infrastructure from Larger Vessels 2019

Technologies for Evaluating Risks to Existing Berth Infrastructure from Larger Vessels 2019

Technologies for Evaluating Risks to Existing Berth Infrastructure from Larger Vessels 2019 Facilities Engineering Seminar 1 Risks Posed by Larger Vessels 1. Navigation 2. Passing other docks 3. Maneuvering at berth 4. Berthing 5. Mooring

383 views • 23 slides
Existing data infrastructure and new information technologies to build sustainable data for

Existing data infrastructure and new information technologies to build sustainable data for

Existing data infrastructure and new information technologies to build sustainable data for sustainable development The case in Israel International Seminar on World Statistics: " Sustainable Data for Sustainable Development Xi'an, China,

369 views • 12 slides
Opportunities for Adding Storage at Existing or New Generation Sites Neil Millar, Executive

Opportunities for Adding Storage at Existing or New Generation Sites Neil Millar, Executive

Opportunities for Adding Storage at Existing or New Generation Sites Neil Millar, Executive Director, Infrastructure Development Joanne Bradley, Lead Queue Management Specialist, Infrastructure Contracts & Management ISO PUBLIC ISO PUBLIC

479 views • 21 slides
University College London 1 Introduction Interdependency of Infrastructure Many studies on

University College London 1 Introduction Interdependency of Infrastructure Many studies on

Infrastructure interdependency at Operation level Samane Faramehr Taku Fujiyama University College London 1 Introduction Interdependency of Infrastructure Many studies on existing and obvious interdependencies (e.g. electricity power

295 views • 25 slides
Minehead Seafront - Analysis Existing Constraints Part of Jubilee Gardens is in the

Minehead Seafront - Analysis Existing Constraints Part of Jubilee Gardens is in the

Minehead Seafront - Analysis Existing Constraints Part of Jubilee Gardens is in the Wellington Square Conservation Area. Area east of Jubilee Gardens contains Wessex Water infrastructure and manholes which must stay. Existing clock

124 views • 9 slides
Tourism Infrastructure Committee September 2015 Agenda MGM Resorts Entertainment Overview

Tourism Infrastructure Committee September 2015 Agenda MGM Resorts Entertainment Overview

Presentation to the Southern Nevada Tourism Infrastructure Committee September 2015 Agenda MGM Resorts Entertainment Overview Festivals Existing Arenas New Venues Future Growth, Impact and Infrastructure Needs Q&A 2

422 views • 38 slides
Assessment of transport infrastructure means (EIBURS_100113) Stef Proost - KULeuven (B) Andre de

Assessment of transport infrastructure means (EIBURS_100113) Stef Proost - KULeuven (B) Andre de

Assessment of transport infrastructure means (EIBURS_100113) Stef Proost - KULeuven (B) Andre de Palma ENS Cachan (F) Research questions a) is pricing of existing transport infrastructure efficient and is it an alternative to manage the

314 views • 12 slides
Anonymous Communications (I) 01010010010101010101010101 01001010010010111010100

Anonymous Communications (I) 01010010010101010101010101 01001010010010111010100

010100100101010101010101010101010101001001001011 010100100101110101001011100100101000010101100 100101010001010101010001001000011110 0010101011100110010101001011100 10010101010011101001011100101 Anonymous Communications (I)

641 views • 29 slides
Responsibilities and Undergraduate Courses Issues February 2019 Why being a great TA is good for

Responsibilities and Undergraduate Courses Issues February 2019 Why being a great TA is good for

Quick Overview of TAs Responsibilities and Undergraduate Courses Issues February 2019 Why being a great TA is good for you Keeps you on the job Students are rating TAs and so do instructors. This is a great line on your resume

418 views • 31 slides
Lakehead University Teaching and Learning at Lakehead Dr. Nancy Luckai, Deputy Provost August

Lakehead University Teaching and Learning at Lakehead Dr. Nancy Luckai, Deputy Provost August

Lakehead University Teaching and Learning at Lakehead Dr. Nancy Luckai, Deputy Provost August 2016 Lakehead University Welcome! Todays objectives an overview of Teaching resources at Lakehead University Policies and

429 views • 30 slides
Brand Building through Instagram Social Experience Andy Wise, BCIT Teacher, Hempfield High School

Brand Building through Instagram Social Experience Andy Wise, BCIT Teacher, Hempfield High School

Brand Building through Instagram Social Experience Andy Wise, BCIT Teacher, Hempfield High School and Harrisburg Area Community College Buzz Words Entrepreneurship Branding Data Analysis Community Connections

703 views • 33 slides
Crea%ng Communi%es through Collabora%ve Play: The KSU Alternate

Crea%ng Communi%es through Collabora%ve Play: The KSU Alternate

Crea%ng Communi%es through Collabora%ve Play: The KSU Alternate Reality Game Daniel Ireton, Joelle Pi/s, Ellen Urton, Ben Ward Kansas State University

596 views • 58 slides
PLAY CLOTHS TERRICKA JOHNSON | MAJOR STUDIO 2 | FINAL PROJECT Exploring the connection between

PLAY CLOTHS TERRICKA JOHNSON | MAJOR STUDIO 2 | FINAL PROJECT Exploring the connection between

PLAY CLOTHS TERRICKA JOHNSON | MAJOR STUDIO 2 | FINAL PROJECT Exploring the connection between active lifestyles and electronics to create a more streamlined music listening and control experience Domains: Wearable Technology Physical

415 views • 19 slides
BARTON CAMP INFORMATION FOR PARENTS AND CHILDREN 23 rd and 24 th November 2016 Where is Barton

BARTON CAMP INFORMATION FOR PARENTS AND CHILDREN 23 rd and 24 th November 2016 Where is Barton

BARTON CAMP INFORMATION FOR PARENTS AND CHILDREN 23 rd and 24 th November 2016 Where is Barton Camp? Winscombe, Avon 45 minutes drive from BHJS On the day! Children to come straight in to hall with bags and wait to be registered.

454 views • 9 slides
OFGEMS RPI AT 20 PROJECT ALISTAIR BUCHANAN - CHIEF EXECUTIVE, OFGEM CONTENTS Page 1.

OFGEMS RPI AT 20 PROJECT ALISTAIR BUCHANAN - CHIEF EXECUTIVE, OFGEM CONTENTS Page 1.

SBGI THURSDAY 6 TH MARCH 2008 OFGEMS RPI AT 20 PROJECT ALISTAIR BUCHANAN - CHIEF EXECUTIVE, OFGEM CONTENTS Page 1. Major announcement today of RPI at 20. 3 2. RPI-X: a very successful product for consumers. 6 3. So why

553 views • 31 slides

More recommend