Outline
Anonymous communications techniques CSci 5271 Introduction to Computer Security Announcements intermission Day 23: Anonymizing the network Tor basics Stephen McCamant University of Minnesota, Computer Science & Engineering Tor experiences and challenges
Traffic analysis Nymity slider (Goldberg)
Verinymity What can you learn from encrypted Social security number data? A lot Persistent pseudonymity Pen name (“George Eliot”), “moot” Content size, timing Linkable anonymity Who’s talking to who Frequent-shopper card ! countermeasure: anonymity Unlinkable anonymity (Idealized) cash payments
Nymity ratchet? Steganography
It’s easy to add names on top of an One approach: hide real content within anonymous protocol bland-looking cover traffic The opposite direction is harder Classic: hide data in least-significant But, we’re stuck with the Internet as is bits of images So, add anonymity to conceal Easy to fool casual inspection, hard if underlying identities adversary knows the scheme Dining cryptographers Dining cryptographers
Dining cryptographers Dining cryptographers
Dining cryptographers DC-net challenges
Quadratic key setups and message exchanges per round Scheduling who talks when One traitor can anonymously sabotage Improvements subject of ongoing research Mixing/shuffling Anonymous remailers
Anonymizing intermediaries for email Computer analogue of shaking a ballot First cuts had single points of failure box, etc. Mix and forward messages after Reorder encrypted messages by a receiving a sufficiently-large batch random permutation Chain together mixes with multiple Building block in larger protocols layers of encryption Distributed and verifiable variants Fancy systems didn’t get critical mass possible as well of users
Outline Note to early readers
Anonymous communications techniques This is the section of the slides most Announcements intermission likely to change in the final version If class has already happened, make Tor basics sure you have the latest slides for announcements Tor experiences and challenges
Outline Tor: an overlay network
Anonymous communications techniques Tor (originally from “the onion router”) https://www.torproject.org/ Announcements intermission An anonymous network built on top of Tor basics the non-anonymous Internet Designed to support a wide variety of Tor experiences and challenges anonymity use cases Low-latency TCP applications Tor Onion routing
D Tor works by proxying TCP streams Stream from sender to forwarded via A, B, and C (And DNS lookups) One Tor circuit made of four TCP hops Focuses on achieving interactive latency Encrypt packets (512-byte “cells”) as WWW, but potentially also chat, SSH, etc. EA(B; EB(C; EC(D; P))) Anonymity tradeoffs compared to TLS-like hybrid encryption with remailers “telescoping” path setup
Client perspective Entry/guard relays
“Entry node”: first relay on path Install Tor client running in background Entry knows the client’s identity, so particularly sensitive Configure browser to use Tor as proxy Many attacks possible if one adversary Or complete Tor+Proxy+Browser bundle controls entry and exit Browse web as normal, but a lot slower Choose a small random set of “guards” Also, sometimes google.com is in as only entries to use Swedish Rotate slowly or if necessary For repeat users, better than random each time
Exit relays Centralized directory
Forwards traffic to/from non-Tor How to find relays in the first place? destination Straightforward current approach: Focal point for anti-abuse policies central directory servers E.g., no exits will forward for port 25 Relay information includes bandwidth, (email sending) exit polices, public keys, etc. Can see plaintext traffic, so danger of Replicated, but potential bottleneck for sniffing, MITM, etc. scalability and blocking Outline Anonymity loves company
Anonymous communications techniques Diverse user pool needed for anonymity to be meaningful Announcements intermission Hypothetical Department of Defense Anonymity Network Tor basics Tor aims to be helpful to a broad range of (sympathetic sounding) potential Tor experiences and challenges users
Who (arguably) needs Tor? Tor and the US government
Consumers concerned about web Onion routing research started with the tracking US Navy Businesses doing research on the Academic research still supported by competition NSF Citizens of countries with Internet Anti-censorship work supported by the censorship State Department Same branch as Voice of America Reporters protecting their sources But also targeted by the NSA Law enforcement investigating targets Per Snowden, so far only limited success
Volunteer relays Performance Tor relays are run basically by volunteers Increased latency from long paths Most are idealistic A few have been less-ethical researchers, Bandwidth limited by relays or GCHQ Currently 1-2 sec for 50KB, 5-10 sec for Never enough, or enough bandwidth 1MB P2P-style mandatory participation? Historically worse for many periods Unworkable/undesirable Flooding (guessed botnet) fall 2013 Various other kinds of incentives explored Anti-censorship Hidden services
As a web proxy, Tor is useful for Tor can be used by servers as well as getting around blocking clients Unless Tor itself is blocked, as it often is Identified by cryptographic key, use Bridges are special less-public entry special rendezvous protocol points Servers often present easier attack Also, protocol obfuscation arms race surface (currently behind)
Undesirable users Intersection attacks Suppose you use Tor to update a P2P filesharing pseudonymous blog, reveal you live in Discouraged by Tor developers, to little Minneapolis effect Comcast can tell who in the city was Terrorists sending to Tor at the moment you post At least the NSA thinks so an entry Illicit e-commerce Anonymity set of 1000 ! reasonable “Silk Road” and its successors protection But if you keep posting, adversary can keep narrowing down the set
Exit sniffing Browser bundle JS attack Tor’s Browser Bundle disables many Easy mistake to make: log in to an features try to stop tracking But, JavaScript defaults to on HTTP web site over Tor Usability for non-expert users A malicious exit node could now steal Fingerprinting via NoScript settings your password Was incompatible with Firefox Another reason to always use HTTPS auto-updating for logins Many Tor users de-anonymized in August 2013 by JS vulnerability patched in June Traffic confirmation attacks Hidden service traffic conf. If the same entity controls both guard Bug allowed signal to guard when user and exit on a circuit, many attacks can looked up a hidden service link the two connections Non-statistical traffic confirmation “Traffic confirmation attack” For 5 months in 2014, 115 guard nodes Can’t directly compare payload data, (about 6%) participated in this attack since it is encrypted Apparently researchers at CMU’s Standard approach: insert and observe SEI/CERT delays Beyond “research,” they also gave/sold info. to the FBI Protocol bug until last year: covert Apparently used in Silk Road 2.0 channel in hidden service lookup prosecution, etc.
Next time
How usability affects security