Anonymous Network

Peng [email protected]

CSSE University of MelbourneLabSUM∑

Anonymizing Networks

2

Agenda• Introduction

– Background– Threats– Taxonomy

• Different Approaches– Centralized approaches

• Proxy• Crowds

– Distributed approaches• Classical MIX• Tor• Tarzan

• Comparison and Conclusion

3

Background• Internet was designed with accountability in mind

• Anonymous network can be used to:– Support free of speech

– Censorship resistant communication

– Preserve privacy– Distribute materials

• Encryption is not enough to preserve privacy– Encryption can only hide the content of message

– Both initiator and receiver’s anonymity should be preserved

-Identification: Identifies the current datagram -Time-to-Live: Fingerprint of OS-Source Address-Destination Address-Port Number

4

Threats

Profiling attack

Timing attack

Network width traffic analysis, hard to preventMessage volume attack

P2P network is preferred rather than centralized services

Flooding attack

More intermediate nodes in networkCollusion attack

Maintain a temporary database to record processed packet

Replay attack

Message length attack

Re-encrypting message when transmitting packets between nodes, padding

Message coding attack

Prevent MethodsThreats

5

Taxonomy

MIXN/ADistributed and Pseudo-distributed

Web proxyEmail relayCentral

Low latencyHigh latency

•Central/High latency: anon.penet.fi and MixMaster

•Central/Low latency: Anonymizer and SafeWeb

•Pseudo-Distributed/High Latency and Distributed/High Latency: N/A

•Pseudo-Distributed/Low Latency and Distributed/Low latency : Tor, Tarzan and MorphMix

6

Centralized approaches

Client Web server

SSL

Proxy

Proxy:

•Proxy reveals identity

•Adversary blocks access to proxy (DoS)

•Traffic analysis is easy

•Adversary blocks connections from proxy

Client Web server

SSL

Proxy

Client Web server

SSL

Proxy

Example services are:•Anonymizer•SafeWeb

7

Crowds:

1. Register to server and retrieve network topology information

2. Server updates new topology information to every node

3. Initiator sends packet to another randomly selected node

4. The node randomly decides relay the packet again or send out

Centralized approaches cont.

1

3

4

5

2

Crowd

Registration Server

Destination Server

8

Distributed approaches Chaum’s MIX network:

•Layered encryption•Node can only know its successor and predecessor•Packet padding and cover traffic can be applied

Nxt

adr

Nxt

adr

Nxt

adr

(True)

Real Payload

9

Distributed approaches cont.

The Onion Router: (Pseudo-distributed)

•MIX encoding creates encrypted tunnel of relays•Packet forwarding through tunnel

•Small-scale, static network

+ Individual malicious relays cannot reveal identity

-Adversary targets core routers and directory server

-Network-edge analysis still exists

-Scalability is a problem

Alice’sComputer

App1 App2

LP

OR2

OR3

OR1

OR7 OR6WS1

WS2

12

1

2

1

1Directory Service

2

2

10


The Onion Router’s Hidden Service+ Provide anonymity service-- Within TOR network only

1. Server picks some introduction points and build circuits to them2. Server advertises his hidden service “XYZ.onion” at the DB3. Alice hears “XYZ.onion” exists, and she requests information from DB4. Alice writes a message with rendezvous point to hidden server through introduction point5. Alice and hidden server validate one-time secret in rendezvous point6. Tor circuits established between Alice and hidden server

Database

AliceHidden server

IP IP

RP

23

1

1

4

5

4

5

6

11


PNAT

Tarzan and MorphMix: (Distributed)

•No distinction between anon proxies and clientsPeer-to-peer model

•Anonymity against corrupt relaysMIX-net encodingRobust tunnel selectionPrevent adversary spoofing or running many nodes

•Anonymity against global eavesdroppingCover traffic protects all edgesRestrict topology to make cover practicalChoose neighbors in verifiably-random manner

•Application-independenceLow-latency IP-layer redirection

12


PNAT

Tarzan and MorphMix: (Distributed)

•Join the system1. Contacts known peers to learn neighbor lists2. Validates each peer by directly ping

•Cover the traffic within mimics1. Nodes send at some traffic rate per time period2. Traffic rate independent of actual demand3. All packets are same length and link encrypted+ Reduce the network overhead

•Peer selectionAssumption: Adversary nodes are mostly in same IP areaMethod: Randomly select IP address in different subnet

The path of communication is not defined by initiator but choose by intermediate nodes in MorphMix.

13

Comparison and Conclusion

��☺☺☺☺☺Popularity

��☺☺☺☺Usability

☺☺☺☺��Scalability

�☺☺☺☺�R. anon. to S.

☺☺☺☺��S. anon. to R.

TarzanTorAnonymizer

14

Peng DengMEDC Student

SUM Research LabCSSE University of Melbourne

[email protected], May 19, 2008

Thank you

Technology

Anonymous Network