Real-Time Mixes for ISDN
Requirements of real-time communication • Becomes important when using services like telephony where a continuous data stream via channels has to be transmitted • In order to configure an anonymous channel, the requirements of real-time communication must be stated for the network in which such channel is to establish • The network examined is the narrow-band ISDN • The modifications of the protocols are examined in the context of voice and data communication on the ISDN as standardized
Requirements of real-time communication • ISDN networks are actually build by most European PTT`s (post Telegraph Telephone companies) • Anonymous channels can also be applied to other networks as long as a certain delay at the start of a connection is tolerable • This was done for mobile communication based on GSM standard • Similar ideas were applied to synchronous communication over TCP/IP networks • The techniques are based on mixes • In ISDN NW each user is connected to a local exchange via an exclusive wire, where the bandwidth is shared in the long- distance NW • Voice communication means strict real-time during a call and certain upper bound on the setup time
Requirements of real-time communication • The ISDN requirements are that : � Two bit-transparent duplex channels with 64 kbit .s -1 each must be offered on two given data channels of exactly his bandwidth � Any additional signaling channel of 16 kbit .s-1 is available and .. � Any additional messages needed should fit into the signaling structure of the given ISDN
Requirements of real-time communication • Basic mixes as described by chaum are only suitable for non-real time communication as : � There is a significant delay since a mix must wait until it has a sufficiently large amount of message to mix � The asymmetric cryptographic operation on the message that each mix must perform takes a certain time and can only start when at least a long block of the message has arrived and .. � The use of probabilistic encryption results in a significant bandwidth expansion if several mixes are used Thus a modification if the mix concept becomes necessary in order to mix continuous data streams in real time .
Assumptions : 1. Anonymous connections: LE(A) LE(B) NT A NT B B A Long distance NW NW terminating (NT) device of A Anonymity set including B Local exchange of A Other NTs at the same LE as A
1. Anonymity connection • Is understood as follows : � A is only anonymous among the people whose channels are mixed with hers by a local exchange (LE) � All subscribers of one LE build an anonymity set by equally acting to the LE � On the NW side, it is possible to map actions of the anonymity set to a single member � If A is member of the anonymity set LE(A) and B of LE(B) for long distance calls one can only tell if anyone from LE(A) is communicating with anyone from LE(B)
2. Encryption • An asymmetric and symmetric encryption system is needed specifically, the use of RSA and a symmetric system with 128- bit keys like IDEA are used Furthermore OFB is assumed i.e. a pseudo-one-time pad • Thus synchronization as supported by ISDN is a precondition for the protocol such that ach arriving bit can be decrypted at once • The participants must not get out of synch. The usage of synchronized stream cipher allows to be very fast while mixing can be implemented without the function `test-for- replays` • Hybrid encryption of minimal length is used . • If Alice A wants to send a message N to Bob , B she first generates a key K AB
2. Encryption • She appends as much of N to K AB as fits in the same block of the symmetric encryption system and encrypts this block with C B • She encrypts the rest of N with K AB the entire operation is denoted by : + + + = * C ( N ) C ( K , N ), K ( N ) B B AB AB
2. Encryption • The randomly chosen key K AB also makes RSA probabilistic • To prevent attacks from K AB and the rest of the first block should be mingled by symmetric encryption with a globally known key.
3. Mix cascades • For all her channels A uses a fixed mix cascade, say M 1 ,….M m . this does not reduce anonymity • Quite the reverse, if no cascade is used someone who communicates with her more than once might intersect these anonymity set • Mix cascades also reduce timing problems between the mixes as well as the problem that all messages of a batch must be of equal length both are critical for performance • In the ISDN scenario, the cascade will be situated at A `s LE, i.e. between user side and network side of the LE
3. Mix cascades Inclusion of mix cascade in local exchange LE(A) NT A A network Network terminating (NT) Network side of LE device of A Mix cascade User side of LE Each M i for i ≥ 2 initially generates a key pair (C i ,d i ) and publishes C i , and A shares a symmetric key K A1 with M 1
4. Signaling and data channel • With hybrid encryption, the basic mix scheme can be used for very long messages . However each bit on the data channel should be handled at once. Thus it is not enough to use a data channel • Each mix would still have to wait for the whole first block of data to arrive before it can start decrypting, therefore the asymmetric decrypted part is a separate message that will be sent on the signaling channel before the actual data transmission starts • The actual data can then be transmitted in the data channel without any bandwidth expansion and without delay • Note : only simplex channels are considered; duplex channels will be realized as a pair of simplex channels
4. Signaling and data channel • It is distinguished between mix sending channels that keep the sender anonymous and mix receiving channels that keep the recipient anonymous that work other way round • These mix channels will serve as building blocks and will be combined later.
Building blocks :mix channels • By modifying the original mixes accordingly, mix channels are introduced which are a mechanism to mix continuous data streams.
Mix signaling channels • Mix sending channels : � The sender A construct the message for a mix sending channel as follows : N m+1 := N N i := C *i ( D i , N i+1 ) (i=m,m-1,….,2) N 1 := K A1 ( D 1 , N 2 ) N : are signaling data that should be output by the last mix of the cascade D i : are data A wants to give M i in addition to the symmetric key K Ai
Mix sending channels • She sends N 1 to the user side of her LE which passes it to M 1 • M 1 receives all messages of the senders belonging to the same LE � it receives N 1 from A and decrypts it with K A1 • Subsequently, each M i for i ≥ 2 receives N i from M i-1 and decrypts it with d i • Thus each mix processes the data D i in whatever way is intended and forwards N i+1 to M i+1 or , for i=m, further in the NW • the data D i simply comprises a timestamp t i • In contrast to the original mixes this eliminates the need to compare messages of different batches for repeats • Because of the fixed mix cascades, the timestamps only have to be local sequence number of batches of setup messages
Mix sending channels Anonymity set User side of the local exchange (LE) Mix signaling part cl N conn-setu p mix1 mix2 mix3 A Network side of LE Mix cascade in the LE(A) Mix data part Mix sending channel of A Traceable communication Between LE(A) and LE(B) Establishment of a mix sending channel mix1 mix2 mix3 B (Table of stored information) LE user side :in ch � out ch C1 to mix 1 cl Mix 1 :C1 � C2,K A1 :C2 � C3,K A2 Mix 2 Mix cascade in the LE(B) Mix sending channel of B Mix 3 :C3 � C4,K A3 LE network side : C4 � CL, N conn-setup
Mix sending channels • Each M i (i<m) processes this setup message as follows ( M i denoted as mix i) � M i reserves an outgoing data channel C i+1 to M i+1 for the following continuous data. It is sensible to re-order the outgoing channels in the same way as the corresponding setup messages in the output batch � M i tells the position of the outgoing channel to M i+1 , together with the decrypted setup message N i+1 � Mi stores the correspondence between the incoming and the outgoing channel (in ch � out ch) � M i stores K A i as belonging to this correspondence .(the index is only notation; no mix after M 1 knows that the key is from A ) If the setup in done, incoming channels are fixed for the time of sending the data that belong to this connection setup.
Mix receiving channels • Mix receiving channels make recipients anonymous with respect to senders. • These channels have a setup message constructed just like that for a mix sending channel (except for the part N which was left open anyway)
Connecting the two halves • To make A and B both anonymous, a mix channel from A is connected with a mix receiving channel built up by B • The innermost parts, N, of both setup messages contain a common channel label, CL, and, on A `s side, routing information to the mix cascade that B uses • In the ISDN context, this will be the address of B `s local exchange (LE(B)). • The result is called a mix channel
Recommend
More recommend
