CPSC 257: Information Security in the Real World
Ewa Syta
April 21, 2016
CPSC 257 April 21, 2016 1 / 67 1 Anonymous Communication
2 Attacks on Anonymity
CPSC 257 Outline April 21, 2016 2 / 67 Anonymous Communication
CPSC 257 Anonymous Communication April 21, 2016 3 / 67 Properties of Tor
No individual relay ever knows the complete path. • The random path packets take is extended one hop at a time, and each relay along the way knows only the previous and the next relay.
Neither an eavesdropper nor a compromised relay can link the connection’s source and destination.
However, Tor cannot (and does not attempt to) protect the traffic entering and exiting the network. Nor it protects users from “giving away” their identity.
CPSC 257 Anonymous Communication April 21, 2016 4 / 67 How Tor works? Source: Tor Overview
CPSC 257 Anonymous Communication April 21, 2016 5 / 67 How Tor works?
CPSC 257 Anonymous Communication April 21, 2016 6 / 67 How Tor works?
CPSC 257 Anonymous Communication April 21, 2016 7 / 67 How Tor works?
CPSC 257 Anonymous Communication April 21, 2016 8 / 67 Tor User Statistics
“Mevade botnet responsible for the spike in Tor traffic”, Pierluigi Paganini, September 8, 2013
CPSC 257 Anonymous Communication April 21, 2016 9 / 67 Tor Relay Statistics
CPSC 257 Anonymous Communication April 21, 2016 10 / 67 Visualization of Tor traffic
https://torflow.uncharted.software/
CPSC 257 Anonymous Communication April 21, 2016 11 / 67 Benefits of Tor
https://www.eff.org/pages/tor-and-https
CPSC 257 Anonymous Communication April 21, 2016 12 / 67 Tor Hidden Services Source: TOR Hidden Service Protocol
Tor Hidden Services - Tor also offers protection to servers offering various services (websites, instant messaging) by hiding their location.
• Servers are configured to receive inbound connections through Tor only. • Servers do not have to reveal their IP address. • Servers are accessible only through .onion address. • Tor understands .onion addresses and can properly route data to and from hidden services.
CPSC 257 Anonymous Communication April 21, 2016 13 / 67 Step 1: Service Setup
Bob chooses some relays, asks them to be his IPs, and tells them his new public key.
CPSC 257 Anonymous Communication April 21, 2016 14 / 67 Step 2: Hidden Service Descriptor
HSD contains the public key, a summary of IPs, and is signed by Bob. DB returns a HSD for a specific XYZ.onion.
CPSC 257 Anonymous Communication April 21, 2016 15 / 67 Step 3: Client Setup
Alice gets Bob’s HSD, chooses a rendezvous point and gives it a one-time “rendezvous cookie” to authenticate Bob.
CPSC 257 Anonymous Communication April 21, 2016 16 / 67 Step 4: Client Introduction
Alice encrypts with Bob’s key an introduction message that includes her RP, Bob’s cookie, and her half of DH handshake, then asks Bob’s IP to deliver it to him.
CPSC 257 Anonymous Communication April 21, 2016 17 / 67 Step 5: Server Response
Bob decrypts Alice’s message and creates a circuit to RP. He sends the cookie and completes the DH handshake. RP notifies Alice.
CPSC 257 Anonymous Communication April 21, 2016 18 / 67 Step 6: Connection Established
Alice and Bob have an end-to-end encrypted 6 hop circuit.
CPSC 257 Anonymous Communication April 21, 2016 19 / 67 Attacks on Anonymity
CPSC 257 Attacks on Anonymity April 21, 2016 20 / 67 Limitations of existing schemes
There’s a whole array of attacks on anonymity ranging from exploiting flaws of the anonymous system, leveraging network level information, to exploiting vulnerabilities of the client-side machines.
Method Weakness Mix Nets, Tor (Active) traffic analysis attacks DC Nets Anonymous DoS attacks
CPSC 257 Attacks on Anonymity April 21, 2016 21 / 67 Understanding the Adversary
Many attacks assume a powerful adversary who can see large chunks of the network at the same time or can obtain large amounts of traffic data.
Q: Is an existence of a global adversary a reasonable assumption?
CPSC 257 Attacks on Anonymity April 21, 2016 22 / 67 PRISM1
Perhaps the most infamous but not the most comprehensive NSA mass surveillance program established in 2007.
Geared towards collecting the Internet data stored by nine major companies: Facebook, Google, Yahoo, Microsoft, PalTalk, Skype, YouTube, Apple, and AOL.
The program operates through a secretive judiciary body called the Foreign Intelligence Surveillance Court.
1 The definitive guide to NSA spy programs, Joe Kloc, August 14, 2013 CPSC 257 Attacks on Anonymity April 21, 2016 23 / 67 CPSC 257 Attacks on Anonymity April 21, 2016 24 / 67 CPSC 257 Attacks on Anonymity April 21, 2016 25 / 67 XKEYSCORE1
NSA’s “widest-reaching” program. • It collects nearly everything a typical user does on the Internet, including the content of emails and chats, visible in real time. • It builds a searchable database of both metadata and communications content collected from around the world. • Metadata is stored for 30 days, while the content for as little as a day. • According to a leaked NSA slide, XKEYSCORE database held 41 billion Internet records over a 30 day period.
CPSC 257 Attacks on Anonymity April 21, 2016 26 / 67 XKEYSCORE: Search Capabilities4
Queries using “strong selectors” (e-mail addresses) or “soft selectors” (keywords).
• Users of Tor and people who search for privacy-enhancing software.2 • Extremists aka the readers of Linux Journal.3
2 NSA targets the privacy-conscious, J. Appelbaum, July 3, 2014 3 NSA: Linux Journal is an “extremist forum” and its readers get flagged for extra surveillance, Kyle Rankin, July 3, 2014 4 XKEYSCORE Rules CPSC 257 Attacks on Anonymity April 21, 2016 27 / 67 Where is X-KEYSCORE?5
Approximately 150 sites and over 700 servers.
5 XKEYSCORE: NSA’s Google for the World’s Private Communications, The Intercept, M. Marquis-Boire, G. Greenwald, and M. Lee, July 1, 2015 CPSC 257 Attacks on Anonymity April 21, 2016 28 / 67 Practical Evidence of Traffic Hijacking789
Researchers from network intelligence firm Dyn Research observed numerous live Man-In-the-Middle (MITM) hijacks last year. • Events lasted from minutes to days by attackers from various countries. • Traffic improperly redirected by exploiting implicit trust placed in BGP (border gateway protocol).6 • Huge chunks of Internet traffic of financial institutions, government agencies, and network service providers have repeatedly been diverted.
6 Protocol to exchange routing and reachability information between autonomous systems (AS) 7 The New Threat: Targeted Internet Traffic Misdirection, Jim Cowie, Renesys, November 19, 2013 8 Repeated attacks hijack huge chunks of Internet traffic, researchers warn, Dan Goodin, November 20, 2013 9 Strange snafu hijacks UK nuke maker’s traffic, routes it through Ukraine, Dan Goodin, March 13, 2015 CPSC 257 Attacks on Anonymity April 21, 2016 29 / 67 CPSC 257 Attacks on Anonymity April 21, 2016 30 / 67 CPSC 257 Attacks on Anonymity April 21, 2016 31 / 67 CPSC 257 Attacks on Anonymity April 21, 2016 32 / 67 Traffic Analysis Attack
Traffic analysis10 is the process of analyzing patterns in communication in order to learn some information, frequently the sender’s identity.
• Passive traffic analysis - an adversary monitors the frequency, timing and other properties of communications. • Passive traffic analysis - an adversary affects the communications by performing DoS attacks on chosen nodes, overloading the network on certain links, etc.
10 Sometimes the term is used to describe an adversary simply analyzing one’s network activities. CPSC 257 Attacks on Anonymity April 21, 2016 33 / 67 Traffic Analysis
CPSC 257 Attacks on Anonymity April 21, 2016 34 / 67 Traffic Analysis
CPSC 257 Attacks on Anonymity April 21, 2016 35 / 67 Traffic Analysis
It is very difficult to protect against traffic analysis given a powerful adversary.
All communication links must appear identical. • Everyone transmits at the same rate. • Very inefficient.
CPSC 257 Attacks on Anonymity April 21, 2016 36 / 67 Aqua11
Aqua is an alternative high-bandwidth anonymity system that resists traffic analysis. • Architecture similar to Tor: the core consists of Aqua servers that clients connect to. • Traffic entering and exiting an Aqua network is made indistinguishable through a combination of chaffing and delayed flow start up. • Traffic from a set of k-clients look indistinguishable and consequently the clients themselves.
11 Towards Efficient Traffic-analysis Resistant Anonymity Networks S. Le Blond et al., ACM SIGCOMM 2013 CPSC 257 Attacks on Anonymity April 21, 2016 37 / 67 Intersection Attack
An intersection attack is a type of a traffic analysis attack that focuses on the relation between online availability of users and certain actions. • Assume that a series of anonymous blog posts consistently appears every Monday around 10am. • Then, the set of users who have been online each time a post appears contains the blog owner, as opposed to the much bigger set of users who have been online when some posts appeared. • An adversary can take snapshots of users available during specific times and intersect them.
CPSC 257 Attacks on Anonymity April 21, 2016 38 / 67 Intersection Attack
CPSC 257 Attacks on Anonymity April 21, 2016 39 / 67 Intersection Attack
CPSC 257 Attacks on Anonymity April 21, 2016 40 / 67 Petraeus-Broadwell Debacle12
Jill Kelly complains about receiving a series of anonymous stalking emails which seem to involve Gen. Petraeus (CIA Director).
Mrs. Broadwell was identified as the sender of the emails by comparing times when emails were sent, locations where the emails were sent from, and the lists of all people who were at those locations
The investigation reveals an extramarital affair between Gen. Petraeus and Mrs. Broadwell
12 Online PrivacySurveillance and Security Lessons From the Petraeus Scandal, C. Soghoian, November 13, 2012 CPSC 257 Attacks on Anonymity April 21, 2016 41 / 67 Catching the High Country Bandits13
Two men known as “the High Country Bandits” robbed 16 banks. • FBI didn’t have much luck identifying them. Finally, a witness reported a suspicious person seen before one of the robberies. • FBI asked a judge to approve a full “cell tower dump” from 4 of the robbery locations. • Only a single number was included in 3 of the sets and another number in contact with the first one was in 2 sets. • Further analysis discovered that both numbers were in most of the 16 robbery locations. They belonged to the two robbers.
13 How “cell tower dumps” caught the High Country Bandits – and why it matters, N. Anderson, August 29, 2013 CPSC 257 Attacks on Anonymity April 21, 2016 42 / 67 Harvard Bomb Threat 14
Harvard received a bomb threat during an exam week. • An anonymous email was sent using a temporary mail service. • The mail service was accessed using Tor. • FBI suspected that a Harvard student might have been responsible. • FBI checked if anyone accessed Tor using Harvard’s wifi. • This led them to a handful of students. • Eldo Kim promptly confessed.
Using anonymous tools in not trivial. Maintaining a proper anonymity set is critical.
14 FBI agents tracked Harvard bomb threats despite Tor , R. Brandom, December 18, 2013 CPSC 257 Attacks on Anonymity April 21, 2016 43 / 67 Fingerprinting and Staining Attacks
Fingerprinting attack - an attack that uses specific hardware and/or software specifications of a client’s machine to create a unique label (a fingerprint), than can be later used to identify that client.
Staining attack - an attack that relies on the ability to insert an identifiable “stain” (e.g., a cookie) into a client’s machine, in order to later on use it to identify the client.
CPSC 257 Attacks on Anonymity April 21, 2016 44 / 67 Fingerprinting Attack15 16
Fingerprinting attacks exploit benign characteristics of a browser.
• Browser vendor, version, operating system info, screen characteristics, installed fonts, plugins, etc.
• Java Script and Flash are the main culprits. • In an experiment involving 500k users, 94% were identified. • Top sites “silently track”: Orbitz, T-Mobile, Western Union. • And privacytool.org. And anonymizer.com.
15 FPDetective: Dusting the Web for Fingerprinters. Acat et al. CCS 2013 16 Top sites (and maybe the NSA) track users with “device fingerprinting”. Arstechnica. 10/2013 CPSC 257 Attacks on Anonymity April 21, 2016 45 / 67