Professional Documents
Culture Documents
Lecture 5
Anonymous Communication
Source: https://fossbytes.com/everything-tor-tor-tor-works/
2
Structure of Today’s Lecture
- Anonymity
- High latency anonymity systems
- Low latency anonymity systems
- Private messaging
3
ANONYMITY
4
Anonymity – Informal Definition
After [Syverson09] 5
Anonymity – Formal Definition
Anonymity is the state of being indistinguishable within a set of subjects, called anonymity set.
Anonymity set
Alice 1
Alice 2 Bob
Alice 3
After [Syverson09] 6
What Can the Attacker Do?
Anonymity
Alice Bob
Network
Watch Alice!
After [Syverson09] 7
Anonymity is not Pseudonymity
After [Syverson09] 8
Anonymity is not Confidentiality
Encryption only protects contents, not the fact that Alice and Bob communicate!
“hfabdazger9423jfsd”
Alice Bob
After [Syverson09] 9
Anonymity is not Steganography (1/2)
The attacker knows that Alice communicates, just not with whom.
Bob 1
Anonymity
Alice
Network
Bob 2
After [Syverson09] 10
Anonymity is not Steganography (2/2)
11
Anonymizing Proxies and VPNs do not Help
Alice 1 Bob 1
HTTPS Proxy/
VPN gateway
Alice 2 Bob 2
Destination Source
anonymity only anonymity only
No anonymity
After [Wilson18] 12
Who Needs Anonymity and for What?
After [Syverson09] 13
Anonymity Systems for the Internet
High-latency Low-latency
Chaum’s Mixes (’81) Single-hop proxies (~’95-)
anon.penet.fi (~’91-’96) Crowds (~’96)
Remailer networks such as: NRL V0 Onion Routing (~’96-’97)
cypherpunk (~’93) NRL V1 Onion Routing (~’97-’00)
mixmaster (~’95) ZKS „Freedom” (~’99-’01)
mixminion (~’02) Java Anon Proxy (~’00-)
Tor (’01-)
After [Syverson09] 14
HIGH LATENCY ANONYMITY SYSTEMS
Mix Networks
15
Mixes
A4 B4
Adversary knows senders and receivers,
but cannot link a sent message to a received message After [Wilson18] 16
Mix Networks
A1 B1
A3 B3
A4 B4
17
Mixnets – Pros and Cons
18
LOW LATENCY ANONYMITY SYSTEMS
Onion Routing
19
Why Low Latency?
Countless applications need low latency, e.g., Web, ssh, Chat, X11, …
Anonymity
Alice Network Bob
After [Syverson09] 20
Onion-Routing
Onion-Routing [GRS96,GRS99]:
21
Basic Idea of Onion-Routing: Relay
Relay
Alice 2 “X” Bob 2
Bob1, “Y”
After [Syverson09] 22
Encryption Could Help...
Relay
Alice 2 “X” Bob 2
E𝑝𝑘Relay (Bob1, “Y”)
Problem 1: A compromised Relay can see with which Bob Alice communicates.
After [Syverson09] 23
Onion-Routing uses More Relays
Alice
communicates
Alice with R2
Bob
R1 R3
R2
communicates
with Bob
R4 R2 R5
R1
communicates
with R3
After [Syverson09] 24
Onion-Routing in Detail
𝑘+ 𝑘, 𝑘"
“X”
R1 R3
𝑘+ 𝑘, 𝑘"
“X”
R1 R3
R2
𝑘, Source and
destination anonymity
27
Structure of Onions
28
Tor Bridges
•
29 The IP addresses of Tor relays are publicly accessible
• Many countries block traffic to these IPs (denial-of-service against Tor)
After [Wilson18] 29
Obfuscating Tor Traffic
•
30 Bridges alone may be insufficient to get around all types of censorship
• Deep packet inspection (DPI) can be used to locate and drop Tor frames
• E.g., Iran blocked all encrypted packets for some time (https://blog.torproject.org/iran-partially-blocks-
encrypted-network-traffic)
After [Wilson18] 30
Tor - The Onion Router
31
Tor Browser
https://www.torproject.org/download/
32
Tor: Recommendations
May 8, 2016: FBI Contracted Former Tor Developer To Create Torsploit Malware
„This malware was deployed through malicious websites showing a Flash video. Users
who had Flash enabled in the Tor browser would then be subject to having their real IP
address revealed. That information would be forwarded to a server controlled by the FBI,
along with a timestamp showing when the site was accessed. Torsploit has been quite a
success for the FBI so far. The Bureau was able to reveal identities of 25 suspects with
this malware, 19 of which have been convicted as of press time.”
https://geography.oii.ox.ac.uk/the-anonymous-internet/ 34
Tor – Pros and Cons
35
Tor Hidden Services
After [Syverson09] 36
Tor Hidden Services
Alice can connect to Bob’s server without knowing where or possibly who Bob is (all connections via Tor):
Service Bob's
Lookup Server Intro Point 1 Hidden Server
xyz Service
abc Service
Intro Point 2
Alice
Intro Point 3
Rendezvous
Point
1. Bob creates onion routes to Introduction Points (Intro Point) and sends its public key (𝑝𝑘Bob )
2. Bob publishes xyz.onion address in a Service Descriptor including 𝑝𝑘Bob & Intro Points, signed with 𝑠𝑘Bob
3. Alice uses xyz.onion to get Service Descriptor at Service Lookup Server (from a distributed hash table)
4. Alice creates onion route to Rendezvous Point (RP), a randomly picked relay
5. Alice sends RP address and authorization through an Intro Point to Bob encrypted with 𝑝𝑘Bob
6. If Bob accepts Alice’s request, connects to RP and RP pairs the circuits from Alice and Bob
After [Syverson09] 37
Tor Hidden Services
Bob's
Hidden Server
Alice
Rendezvous
Point
https://www.torproject.org/download/
39
The Dark Web Map
40
PRIVATE MESSAGING
41
Traditional Messaging Systems
42
Traditional Messaging Systems
43
Next Generation Messaging Systems
Private messaging systems are currently being researched. Below are some examples.
• PIR (→ Lecture “PIR”): DP5 [BDG15], OnionPIR [DHS17], Pynchon Gate [SC05], Riffle [KLDF16]
• PIR allows to privately query a database without leaking the query or the queried element
• Presence status is queried via PIR to hide whose presence is queried (DP5)
• Messages are retrieved via PIR to achieve receiver anonymity (OnionPIR, Pynchon Gate, Riffle)
46
Identity-Based Encryption (IBE) [BK01,Cocks01]
• IBE allows to derive public keys from some known identifier, e.g., an email address
• Can be extended to the anytrust setting, e.g., by using multiple PKGs and nested encryption
• AnonRAM [BHKP16]
• Use oblivious RAM (ORAM) to hide logical access patterns from remote database
• Protect access patterns and user’s identity from curious servers
• Yields sender and receiver anonymity
ORAM server
Entry 1
obliviousRead(1)
Entry 3
48
Bibliography
49
Bibliography
[Cocks01] C. Cocks. An identity based encryption scheme based on quadratic residues. In 8. IMA
International Conference on Cryptography and Coding’01.
[DHS17] D. Demmler, M. Holz, T. Schneider. OnionPIR: Effective protection of sensitive
metadata in online communication networks”. In ACNS’17.
[DingledineMS04] R. Dingledine, N. Mathewson, P. Syverson. Tor: The second-generation Onion
Router. In USENIX Security’04.
[Goldreich87] O. Goldreich. Towards a theory of software protection and simulation by oblivious
RAMs. In STOC’87.
[GRS96] D. Goldschlag, M. Reed, P. Syverson. Hiding routing information.
In ACM Information Hiding’96.
[GRS99] D. Goldschlag, M. Reed, P. Syverson. Onion routing for anonymous and private Internet
connections. In Communications of the ACM’99.
50
Bibliography
[HWSDS21] C. Hagen, C. Weinert, C. Sendner, A. Dmitrienko, T. Schneider. All the Numbers are
US: Large-scale Abuse of Contact Discovery in Mobile Messengers. In NDSS’21.
[KLDF16] A. Kwon, D. Lazar, S. Devadas, B. Ford. Riffle: An efficient communication system with
strong anonymity. In PETS'16.
[KRSSW19] D. Kales, C. Rechberger, T. Schneider, M. Senker, C. Weinert. Mobile private
contact discovery at scale. In USENIX Security’19.
[LZ16] D. Lazar, N. Zeldovich. Alpenhorn: Bootstrapping secure communication without leaking
metadata. In OSDI'16.
[SC05] L. Sassaman, B. Cohen, N. Mathewson. The pynchon gate: A secure method of
pseudonymous mail retrieval. In WPES’05.
[Syverson09] P. Syverson. Anonymous Communication with emphasis on Tor.
http://www.cs.umd.edu/~jkatz/security/f09/lectures/syverson.pdf
[Wilson18] C. Wilson. Anonymous Communications.
https://cbw.sh/static/class/5700/slides/22_Anonymous.pptx
51
THANKS FOR YOUR ATTENTION!
52