DOCSLIB.ORG

Tor* *Tor's Onion Routing

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Tor* *Tor's Onion Routing Anonymous Communication with emphasis on Tor* *Tor's Onion Routing Paul Syverson U.S. Naval Research Laboratory 1 Dining Cryptographers (DC Nets) ● Invented by Chaum, 1988 ● Strong provable properties ● Versions without collision or abuse problems have high communication and computation overhead ● Don't scale very well 2 Mixes 3 4 5 6 7 8 Mixes ● Invented by Chaum 1981 (not counting ancient Athens) ● As long as one mix is honest, network hides anonymity up to capacity of the mix ● Sort of – Flooding – Trickling ● Many variants – Timed – Pool – ... 9 Anonymous communications Technical Governmental/Social 1. What is it? 2. Why does it matter? 3. How do we build it? 10 1. What is anonymity anyway? 11 Informally: anonymity means you can't tell who did what “Who wrote this blog post?” “Who's been viewing my webpages?” “Who's been emailing patent attorneys?” 12 Formally: anonymity means indistinguishability within an “anonymity set” Alice1 Alice2 Alice3 Alice4 Bob Alice5 .... Alice6 Attacker can't tell which Alice is talking to Bob! Alice7 Alice8 13 Formally: anonymity means indistinguishability within an “anonymity set” Alice1 Alice2 Attacker can't distinguish Alice3 which Alice is talking to Bob Alice4 Alice6 Alice5 Bob . Alice7 Alice8 . 14 Formally: anonymity means indistinguishability within an “anonymity set” Alice1 Alice2 Attacker can't distinguish Alice3 which Alice is talking to Bob Alice4 Alice6 Alice5 Bob . Alice7 Alice8 . ● Can't distinguish? ● Basic anonymity set size ● Probability distribution within anonymity set ● .... 15 We have to make some assumptions about what the attacker can do. Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! Etc, etc. 16 Anonymity isn't confidentiality: Encryption just protects contents. “Hi, Bob!” “Hi, Bob!” Alice <gibberish> attacker Bob 17 Anonymity isn't steganography: Attacker can tell that Alice is talking; just not to whom. Alice1 Bob1 Anonymity Alice2 network Bob2 ... AliceN 18 Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 19 ...since “weak” anonymity... isn't. “You can't prove it was me!” Proof is a very strong word. With statistics, suspicion becomes certainty. Wil l o t h e r s p a r t i e s h a v e “Promise you won't look!” the ability and incentives to keep their promises? “Promise you won't remember!” “Promise you won't tell!” Not what we're talking “I didn't write my name on it!” about. Nope! (More info later.) “Isn't the Internet already anonymous?” 20 2. Why does anonymity matter? 21 Anonymity serves different interests for different user groups. Governments Businesses “It's traffic-analysis “It's network security!” resistance!” Anonymity “It's censorship “It's privacy!” circumvention!” Private citizens Human rights advocates 22 Regular citizens don't want to be watched and tracked. Blogger Hostile Bob “I sell the logs.” Alice 8-year-old Incompetent Bob “Oops, I lost the logs.” Alice Sick Indifferent Bob “Hey, they aren't Alice my secrets.” .... Name, address, age, friends, (the network can track too) Consumer interests Alice (medical, financial, etc), Union unpopular opinions, member illegal opinions.... 23 Alice Many people don't get to see the internet that you can see... 24 and they can't speak on the internet either... 25 It's not only about dissidents in faraway lands 26 Regular citizens don't want to be watched and tracked. “I look for you to Crime Stalker Bob Target do you harm.” Alice Human Censor/Blocker “I control your Rights Bob worldview and who Worker you talk to.” Alice “I imprison you for .... Name, address, seeing/saying the age, friends, Oppressed wrong things.” interests Alice (medical, financial, etc), unpopular opinions, illegal opinions.... 27 Law enforcement needs anonymity to get the job done. Investigated “Why is alice.fbi.gov reading my suspect website?” Officer Sting “Why no, alice.localpolice.gov! Alice target I would never sell counterfeits on ebay!” Organized “Is my family safe if I Crime go after these guys?” Witness/informer Anonymous “Are they really going to ensure Alice tips my anonymity?” 28 Businesses need to protect trade secrets... and their customers. “Oh, your employees are reading Competitor our patents/jobs page/product sheets?” “Hey, it's Alice! Give her the 'Alice' version!” Competitor AliceCorp “Wanna buy a list of Alice's suppliers? Compromised What about her customers? network What about her engineering department's favorite search terms?” Compromised/ “We attack Alice's customers with malicious malware, and watch for hosts when she notices us.” 29 Governments need anonymity for their security “What will you bid for a list of Baghdad Untrusted IP addresses that get email from .gov?” ISP “What bid for the hotel room from which Agent someone just logged in to foo.navy.mil?” Alice Compromised service “What does the CIA Google for?” 30 Governments need anonymity for their security “Do I really want to reveal my Shared internal network topology?” network “Do I want all my partners to know extent/pattern of my comms with Coalition other partners?” member Hostile Alice network “How can I establish communication with locals without a trusted network?” Semitrusted network “How can I avoid selective blocking of my communications?” 31 Governments need anonymity for their security “How can I securely and quickly Homeland exchange vital info with every security sheriff's dept and Hazmat transporter network Govt. without bringing them into my secure web server network? “Do I want every SIPRNET node to Bob Defense in know where all the traffic on it is headed?” Depth “Can I hide where my MLS chat Hidden server/my automated regrader is?” Sevices Can my servers resist DDoS and physical attack even by authorized users?” 32 You can't be anonymous by yourself: private solutions are ineffective... Alice's small Citizen “One of the 25 anonymity net ... Alice users on AliceNet.” Officer Municipal Investigated Alice anonymity net suspect “Looks like a cop.” AliceCorp AliceCorp Competitor/ “It's somebody at anonymity net malware host AliceCorp!” 33 ... so, anonymity loves company! Citizen ... “???” Alice Officer Investigated Alice Shared suspect “???” anonymity net AliceCorp Competitor “???” 34 Don't bad people use anonymity? 35 Current situation: Bad people on internet are doing fine Trojans Viruses Exploits Botnets Zombies Espionage DDoS Spam Phishing Extortion 36 Giving good people a fighting chance -DDoS resistant servers -Enable sharing threat info -Freedom of access Anonymity Network -Resist -Encourage informants -Protect operations and Identity Theft -Protect free speech analysts/operatives -Reduce cyberstalking of kids 37 3. How does anonymity work? 38 Anonymity Systems for the Internet Low-latency High-latency Single-hop Chaum's Mixes proxies (~95-) (1981) Crowds NRL V0 Onion (~96) anon.penet.fi (~91-96) Routing (~96-97) ZKS NRL V1 Onion “Freedom” Remailer networks: Routing (~97-00) (~99-01) cypherpunk (~93), mixmaster (~95), Java Anon Proxy mixminion (~02) Tor (~00-) (01-) ...and more! 39 Low-latency systems are vulnerable to end-to-end correlation attacks. Low-latency: Alice1 sends: xx x xxxx x match! Bob2 gets: xx x xxxx x Alice2 sends: x x xx x x Bob1 gets: x x x x x x match! Time High-latency: Alice1 sends: xx x xxxx Alice2 sends: x x xx x x Bob1 gets: xx xxxx ..... Bob2 gets: x xxxxx ..... These attacks work in practice. The obvious defenses are expensive (like high-latency), useless, or both. 40 Still, we focus on low-latency, because it's more useful. Interactive apps: web, IM, VOIP, ssh, X11, ... # users: millions? Apps that accept multi-hour delays and high bandwidth overhead: email, sometimes. # users: hundreds at most? And if anonymity loves company....? 41 The simplest designs use a single relay to hide connections. Alice1 Bob1 B ob ” 3,“ Y X” “ Relay Alice2 Bob1, “Y” “Z” Bob2 “X “Z” ” b2, Alice3 Bo Bob3 42 But an attacker who sees Alice can see who she's talking to. Alice1 Bob1 B ob ” 3,“ Y X” “ Relay Alice2 Bob1, “Y” “Z” Bob2 “X “Z” ” b2, Alice3 Bo Bob3 43 Add encryption to stop attackers who eavesdrop on Alice. Alice1 Bob1 E(B ob3 ” ,“X “Y ”) Relay Alice2 E(Bob1, “Y”) “Z” Bob2 ”) “X , “Z ” ob2 Alice3 E(B Bob3 (e.g.: some commercial proxy providers, Anonymizer) 44 But a single relay is a single point of failure. Alice1 Bob1 E(B ob3 ” ,“X “Y ”) Evil or Alice2 Compromised E(Bob1, “Y”) Relay “Z” Bob2 ”) “X , “Z ” ob2 Alice3 E(B Bob3 45 But a single relay is a single point of bypass. Alice1 Bob1 E(B ob3 ” ,“X “Y ”) Irrelevant Alice2 E(Bob1, “Y”) Relay “Z” Bob2 ”) “X , “Z ” ob2 Alice3 E(B Bob3 Timing analysis bridges all connections through relay ⇒ An attractive fat target 46 So, add multiple relays so that no single one can betray Alice. Alice Bob R1 R3 R4 R5 R2 47 A corrupt first hop can tell that Alice is talking, but not to whom. Alice Bob R1 R3 R4 R5 R2 48 A corrupt final hop can tell someone is talking to Bob, but not who it is. Alice Bob R1 R3 R4 R5 R2 49 Alice makes a session key with R1 Alice Bob R1 R3 R4 R5 R2 50 Alice makes a session key with R1 ...And then tunnels to R2 Alice Bob R1 R3 R4 R5 R2 51 Alice makes a session key with R1 ...And then tunnels to R2...and to R3 Alice Bob R1 R3 R4 R5 R2 52 Alice makes a session key with R1 ...And then tunnels to R2...and to R3 Then talks to Bob over circuit Alice Bob R1 R3 R4 R5 R2 53 Feasible because onion routing uses (expensive) public-key crypto just to build circuits, then uses (cheaper) symmetric-key crypto to pass data Alice Bob R1 R3 R4 R5 R2 54 Can multiplex many connections through the encrypted circuit Alice Bob R1 R3 Bob2 R4 R5 R2 55 That's Tor* in a nutshell * Tor's Onion Routing 56 Focus of Tor is anonymity of the communications pipe, not the application data that passes through it 57 Tor anonymizes TCP streams only: it needs other applications to clean high-level protocols.
Load more

Recommended publications
  • Cyberstalking to in Your Area and the People You Care About from Posts How to Stay Safe and Protect and Pictures
    How can I prevent someone from stalking me online? • Be careful what personal information you share online including in email, on social networking sites like Facebook and Twitter and chat rooms. It is very easy to glean information about where you live, the places you love to go Cyberstalking to in your area and the people you care about from posts How to stay safe and protect and pictures. • Create a different email account for registering in social yourself online networking sites and other online spaces. It will help avoid spam and your personal email won´t be revealed if the online service doesn't have a good privacy practice. What is cyberstalking? • Do not feel obligated to fill out all fields when registering Cyberstalking includes (repeatedly) sending threats or online or provide identifying information such as birthdates false accusations via email or mobile phone, making and place in required fields. threatening or false posts on websites, stealing a person's • In your online user profile, use a photo that doesn't identity or data or spying and monitoring a person's identify you or your location, so you can't be recognised. computer and internet use. Sometimes the threats can escalate into physical spaces. • Consider using a name that is not your real name or a nickname as your email name, screen name or user ID. And There are just as many predators on the internet as there try not to use common dates such as your birthday as the are in real life. Anyone can be stalked online but the digits in your email name or password.
    [Show full text]
  • Fraud and the Darknets
    OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud And The Darknets Thomas Harper Assistant Special Agent in Charge Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division What is an OIG? • Established by Congress • Independent agency that reports to Congress • Agency head appointed by the President and confirmed by Congress • Mission: protect the taxpayer’s interests by ensuring the integrity and efficiency of the associated agency OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Technology Crimes Division • Investigate criminal cyber threats against the Department’s IT infrastructure, or • Criminal activity in cyber space that threatens the Department’s administration of Federal education assistance funds • Investigative jurisdiction encompasses any IT system used in the administration of Federal money originating from the Department of Education. OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Work Examples • Grade hacking • Computer Intrusions • Criminal Forums online selling malware • ID/Credential theft to hijack Student Aid applications • Misuse of Department systems to obtain personal information • Falsifying student aid applications by U.S. government employees • Child Exploitation material trafficking OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud and the Darknets Special Thanks to Financial Crimes Enforcement Network (FINCEN) OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division Fraud and the Darknets OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S. Department of Education Technology Crimes Division OFFICE OF THE INSPECTOR GENERAL U.S.
    [Show full text]
  • Low-Cost Traffic Analysis Of
    Low-Cost Traffic Analysis of Tor Steven J. Murdoch and George Danezis University of Cambridge, Computer Laboratory 15 JJ Thomson Avenue, Cambridge CB3 0FD United Kingdom {Steven.Murdoch,George.Danezis}@cl.cam.ac.uk Abstract Other systems, based on the idea of a mix, were de- veloped to carry low latency traffic. ISDN mixes [33] Tor is the second generation Onion Router, supporting propose a design that allows phone conversations to be the anonymous transport of TCP streams over the Inter- anonymised, and web-mixes [6] follow the same design pat- net. Its low latency makes it very suitable for common terns to anonymise web traffic. A service based on these tasks, such as web browsing, but insecure against traffic- ideas, the Java Anon Proxy (JAP)1 has been implemented analysis attacks by a global passive adversary. We present and is running at the University of Dresden. These ap- new traffic-analysis techniques that allow adversaries with proaches work in a synchronous fashion, which is not well only a partial view of the network to infer which nodes are adapted for the asynchronous nature of widely deployed being used to relay the anonymous streams and therefore TCP/IP networks [8]. greatly reduce the anonymity provided by Tor. Furthermore, The Onion Routing project has been working on stream- we show that otherwise unrelated streams can be linked level, low-latency, high-bandwidth anonymous communi- back to the same initiator. Our attack is feasible for the cations [35]. Their latest design and implementation, adversary anticipated by the Tor designers. Our theoreti- Tor [18], has many attractive features, including forward se- cal attacks are backed up by experiments performed on the curity and support for anonymous servers.
    [Show full text]
  • August 10, 2011 Broadcasting Board of Governors International
    August 10, 2011 Broadcasting Board of Governors International Broadcasting Bureau Office of Engineering Cohen Building, Room 4300 330 Independence Avenue, SW Washington, DC 20237 Attn: Malita Dyson Dear Ms. Dyson, Below is our thirty-ninth invoice for contract number BBGCON1808C6700, Accounting Appropri­ ation Data 9568-08-0206-E009701048A. There are no travel costs. Services rendered include blocking resistance architecture and testing, scalability and promotion and advocacy for the Tor network, and other detailed tasks under 0001 of our contract as confirmed in our status reports to BBG. Please do not hesitate to email me at [email protected] or call me at (b) (6) if there are any questions. Invoice 39: Period Months Rate Cost 06/17/2011 - 07/17/2011 1 $15,000 $15,000 Thank you. Sincerely, Andrew Lewman Executive Director TorProject Invoice BBG08102011 The Tor Project, Inc. 969 Main Street, Suite 206, Walpole, MA 02081-2972 USA https://www.torproject.org/ From: Andrew Lewman. Executive Director To: Kelly DeYoe, program officer, BBG RE: contract BBGCON1807S6441 Date: August 10, 2011 This report documents progress in July 2011 on contract BBGCON1807S6441 between BBG and The Tor Project. New releases, new hires, new funding New Releases 1. On July 7, we released Torbutton 1.4.0. The addon has been disabled on addons.mozilla.org. Our URL is now canonical. This release features support for Firefox 5.0, and has been tested against the vanilla release for basic functionality. However, it has not been audited for Network Isolation, State Separation, Tor Undiscoverability or Interoperability issues[l] due to toggling under Firefox 5.
    [Show full text]
  • Human Rights Implications of Crime Control in the Digital
    International Journal of Cyber Criminology Vol 2 Issue 1 January 2008 Copyright © 2008 International Journal of Cyber Criminology (IJCC) ISSN: 0974 – 2891 January-June 2008, Vol 2 (1): 271–285 This is an Open Access article distributed under the terms of the Creative Commons Attribution-Non-Commercial-Share Alike License, which permits unrestricted non- commercial use, distribution, and reproduction in any medium, provided the original work is properly cited. This license does not permit commercial exploitation or the creation of derivative works without specific permission. Jurisdictional and definitional concerns with computer-mediated interpersonal crimes: An Analysis on Cyber Stalking Lynne Roberts1 Curtin University of Technology, Australia Abstract Cyber-stalking is a crime that transcends national and jurisdictional boundaries. Victims and perpetrators of cyber-stalking may be geographically separated by physical borders (for example, residing in different countries) when the offences occur. This is problematic for investigating the crime, in determining the jurisdiction in which alleged offences have taken place and in which charges may be filed. Legal definitions of stalking (and cyber-stalking) and applicable sentences vary across jurisdictions, if indeed they exist, further muddying the water. This paper provides an overview of the current state of knowledge on cyber-stalking and ends with an examination of the difficulties in investigating and prosecuting cyber-stalkers. Keywords: Stalking; Cyber Stalking; Victims; Perpetrators; Introduction Cyber-crime is emerging as a major international criminological issue. Networked computers provide the media for new types (or variations on old types) of criminal activity to emerge. Cyber-stalking is one such crime enabled by the Internet.
    [Show full text]
  • The Federal Cyberstalking Statute, Content Discrimination and the First Amendment
    The Federal Cyberstalking Statute, Content Discrimination and the First Amendment James Weinstein* TABLE OF CONTENTS INTRODUCTION ................................................................................. 2555 I. THE CONTESTED SCOPE OF THE RULE AGAINST CONTENT DISCRIMINATION .................................................................... 2559 A. The All-Inclusive Approach v. The Democratic Self- Governance Model ........................................................... 2560 B. Criticism of the All-Inclusive Approach............................ 2566 II. THE FEDERAL CYBERSTALKING STATUTE AND THE ALL- INCLUSIVE APPROACH ............................................................. 2569 III. THE FEDERAL CYBERSTALKING STATUTE AND THE DEMOCRATIC SELF-GOVERNANCE MODEL .............................. 2577 A. An Elaboration and Defense of the Democratic Self- Governance Model ........................................................... 2577 B. The Democratic Self-Governance Model and § 2261A(2)(B) ................................................................ 2580 C. Section 2261A(2)(B) Caselaw ......................................... 2584 * Copyright © 2021 James Weinstein. Dan Cracchiolo Chair in Constitutional Law, Sandra Day O’Connor College of Law, Arizona State University. I am grateful to Arthur Hellman, Robert Post, and the participants in the online symposium on “Cheap Speech Twenty-Five Years Later: Democracy & Public Discourse in the Digital Age” for their helpful comments and suggestions, and to law students Emiley Pagrabs
    [Show full text]
  • I Facebook and Panopticism: Healthy Curiosity Or Stalking?
    Facebook and Panopticism: Healthy Curiosity or Stalking? A thesis presented to the faculty of the Scripps College of Communication of Ohio University In partial fulfillment of the requirements for the degree Master of Arts Mary Catherine Kennedy November 2009 © 2009. Mary Catherine Kennedy. All Rights Reserved. i This thesis titled Facebook and Panopticism: Healthy Curiosity or Stalking? by MARY CATHERINE KENNEDY has been approved for the School of Media Arts and Studies and the Scripps College of Communication by Karen E. Riggs Professor of Media Arts and Studies Gregory J. Shepherd Dean, Scripps College of Communication ii ABSTRACT KENNEDY, MARY C., M.A., November 2009, Telecommunications Facebook and Panopticism: Healthy Curiosity or Stalking? (108 pp.) Director of Thesis: Karen E. Riggs This study deepens existing knowledge concerning social networking sites, with specific interest in the social networking site Facebook and the phenomenon, “Facebook stalking”. By providing insights into lesser-known studies concerning user curiosity and surveillance online, the present research reveals that the terms ‘monitoring’ and ‘keeping up with’ or ‘keeping in touch with’ are most commonly used when referring to social searches within social networks; only when asked to think about surveillance in terms of stalking did interview participants refer to it as such. The present study aims to discover Facebook users’ perception of their friends’ disclosure while delving into the idea of “Facebook stalking”, specifically with regard to how users define it. Facebook’s evolution and prominence in the public sphere is dependent upon user satisfaction with and general understanding of the functionality of social networking websites. A discussion of these issues is beneficial to understanding how Facebook is used as a modern-day panopticon.
    [Show full text]
  • Tor and Circumvention: Lessons Learned
    Tor and circumvention: Lessons learned Nick Mathewson The Tor Project https://torproject.org/ 1 What is Tor? Online anonymity 1) open source software, 2) network, 3) protocol Community of researchers, developers, users, and relay operators Funding from US DoD, Electronic Frontier Foundation, Voice of America, Google, NLnet, Human Rights Watch, NSF, US State Dept, SIDA, ... 2 The Tor Project, Inc. 501(c)(3) non-profit organization dedicated to the research and development of tools for online anonymity and privacy Not secretly evil. 3 Estimated ~250,000? daily Tor users 4 Anonymity in what sense? “Attacker can’t learn who is talking to whom.” Bob Alice Alice Anonymity network Bob Alice Bob 5 Threat model: what can the attacker do? Alice Anonymity network Bob watch Alice! watch (or be!) Bob! Control part of the network! 6 Anonymity isn't cryptography: Cryptography just protects contents. “Hi, Bob!” “Hi, Bob!” Alice <gibberish> attacker Bob 7 Anonymity isn't just wishful thinking... “You can't prove it was me!” “Promise you won't look!” “Promise you won't remember!” “Promise you won't tell!” “I didn't write my name on it!” “Isn't the Internet already anonymous?” 8 Anonymity serves different interests for different user groups. Anonymity “It's privacy!” Private citizens 9 Anonymity serves different interests for different user groups. Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 10 Anonymity serves different interests for different user groups. “It's traffic-analysis resistance!” Governments Anonymity Businesses “It's network security!” “It's privacy!” Private citizens 11 Anonymity serves different interests for different user groups.
    [Show full text]
  • Facebook: Where Privacy Concerns and Social Needs Collide
    Edith Cowan University Research Online Theses: Doctorates and Masters Theses 2020 Facebook: Where privacy concerns and social needs collide Sonya Scherini Edith Cowan University Follow this and additional works at: https://ro.ecu.edu.au/theses Part of the Communication Technology and New Media Commons, Mass Communication Commons, and the Social Media Commons Recommended Citation Scherini, S. (2020). Facebook: Where privacy concerns and social needs collide. https://ro.ecu.edu.au/ theses/2331 This Thesis is posted at Research Online. https://ro.ecu.edu.au/theses/2331 Edith Cowan University Copyright Warning You may print or download ONE copy of this document for the purpose of your own research or study. The University does not authorize you to copy, communicate or otherwise make available electronically to any other person any copyright material contained on this site. You are reminded of the following: Copyright owners are entitled to take legal action against persons who infringe their copyright. A reproduction of material that is protected by copyright may be a copyright infringement. Where the reproduction of such material is done without attribution of authorship, with false attribution of authorship or the authorship is treated in a derogatory manner, this may be a breach of the author’s moral rights contained in Part IX of the Copyright Act 1968 (Cth). Courts have the power to impose a wide range of civil and criminal sanctions for infringement of copyright, infringement of moral rights and other offences under the Copyright Act 1968 (Cth). Higher penalties may apply, and higher damages may be awarded, for offences and infringements involving the conversion of material into digital or electronic form.
    [Show full text]
  • Privacy As Security
    Privacy as Security Dr George Danezis Microsoft Research, Cambridge, UK. [email protected] Dr George Danezis Privacy as Security Key Thesis and Outline What is this talk about? I Explore the relations between notions of `privacy' and `traditional security'. I Key thesis: Privacy is better understood as security! How do we proceed? I Introduction to Privacy. I Revisiting security/privacy properties. Dr George Danezis Privacy as Security Scope Ground rules of this talk: I High-level: keep out the very technical details. Implementation issues, system specific, cryptography, statistics, standards. I Focus on technology and technology policy. There is also law, sociology, political science, and politics. I Look at privacy in the context of computer security Security properties, adversary models, security policies, . I A clear focus on the real world and its constraints. Dr George Danezis Privacy as Security Caricature of the debate: Security or Privacy \Privacy" important but. I . what about abuse and accountability? I . difficulties for Law Enforcement? I . copyright or libel? I (. what does a good, honest person has to hide anyway?) Established wisdom: I Need for a balance... I Control/limit dangerous technology (or research). I Result: Surveillance by design ! no privacy (often). Caricature conclusion: Security is most important! Dr George Danezis Privacy as Security Security and Privacy in Context A brief history of security, and where does privacy fit? I Early days (Pre-1970s): Security for the Government and Military. Focus on confidentiality properties. Some work on Tamper resistance, signal intelligence, . Keep secrets using computer security. I 70s to 90s: Commercial security and security for enterprises.
    [Show full text]
  • State of the Art in Lightweight Symmetric Cryptography
    State of the Art in Lightweight Symmetric Cryptography Alex Biryukov1 and Léo Perrin2 1 SnT, CSC, University of Luxembourg, [email protected] 2 SnT, University of Luxembourg, [email protected] Abstract. Lightweight cryptography has been one of the “hot topics” in symmetric cryptography in the recent years. A huge number of lightweight algorithms have been published, standardized and/or used in commercial products. In this paper, we discuss the different implementation constraints that a “lightweight” algorithm is usually designed to satisfy. We also present an extensive survey of all lightweight symmetric primitives we are aware of. It covers designs from the academic community, from government agencies and proprietary algorithms which were reverse-engineered or leaked. Relevant national (nist...) and international (iso/iec...) standards are listed. We then discuss some trends we identified in the design of lightweight algorithms, namely the designers’ preference for arx-based and bitsliced-S-Box-based designs and simple key schedules. Finally, we argue that lightweight cryptography is too large a field and that it should be split into two related but distinct areas: ultra-lightweight and IoT cryptography. The former deals only with the smallest of devices for which a lower security level may be justified by the very harsh design constraints. The latter corresponds to low-power embedded processors for which the Aes and modern hash function are costly but which have to provide a high level security due to their greater connectivity. Keywords: Lightweight cryptography · Ultra-Lightweight · IoT · Internet of Things · SoK · Survey · Standards · Industry 1 Introduction The Internet of Things (IoT) is one of the foremost buzzwords in computer science and information technology at the time of writing.
    [Show full text]
  • Tor: the Second-Generation Onion Router (2014 DRAFT V1)
    Tor: The Second-Generation Onion Router (2014 DRAFT v1) Roger Dingledine Nick Mathewson Steven Murdoch The Free Haven Project The Free Haven Project Computer Laboratory [email protected] [email protected] University of Cambridge [email protected] Paul Syverson Naval Research Lab [email protected] Abstract Perfect forward secrecy: In the original Onion Routing We present Tor, a circuit-based low-latency anonymous com- design, a single hostile node could record traffic and later munication service. This Onion Routing system addresses compromise successive nodes in the circuit and force them limitations in the earlier design by adding perfect forward se- to decrypt it. Rather than using a single multiply encrypted crecy, congestion control, directory servers, integrity check- data structure (an onion) to lay each circuit, Tor now uses an ing, configurable exit policies, anticensorship features, guard incremental or telescoping path-building design, where the nodes, application- and user-selectable stream isolation, and a initiator negotiates session keys with each successive hop in practical design for location-hidden services via rendezvous the circuit. Once these keys are deleted, subsequently com- points. Tor is deployed on the real-world Internet, requires promised nodes cannot decrypt old traffic. As a side benefit, no special privileges or kernel modifications, requires little onion replay detection is no longer necessary, and the process synchronization or coordination between nodes, and provides of building circuits is more reliable, since the initiator knows a reasonable tradeoff between anonymity, usability, and ef- when a hop fails and can then try extending to a new node.
    [Show full text]