Professional Documents
Culture Documents
Anonymous Routing in Wireless Networks
Anonymous Routing in Wireless Networks
Abstract: Security and privacy are the major concerns while routing
data through a wired or wireless network. Although encryption is used
to protect data from being read by unintended recipients it still does not
ensure complete safeness. The reason being that information can be
gathered by an eavesdropper by indirect inferences like traffic analysis
etc. In my literature survey project I have focused on the topic of
anonymous routing – onion routing in wired networks and extended it to
wireless networks. In onion routing the data is wrapped in layers of
encryption in a data structure called as an onion, which is transmitted
over the network. The onion is constructed in such a way that it prevents
any eavesdropper from gaining information about the parties involved
in the communication or the nature of their data exchange. Anonymous
routing in wired networks cannot be directly mapped to wireless
networks. This is because wireless networks are more vulnerable to
privacy issues as compared to wired networks due to the mobility of
nodes, limited battery power, and nature of message transmission.
Hence it is more challenging to create anonymous routing protocols for
a wireless scenario.
1 Introduction:
The World Wide Web (WWW) is the most popular and widespread discovery of
the millennium. Although it has been a few years since its inception, security is
still a major concern over the web. Data that is transmitted over the network is
subject to various threats ranging from privacy, confidentiality, integrity etc by an
active or a passive attacker. An active attacker not only snoops over the
communication but also corrupts communication by injecting malicious data. To
minimize the vulnerability of data during transmission encryption is used. A
passive attacker on the other hand simply eavesdrops and gathers information by
observing the ongoing traffic. At times the mere fact that communication is being
carried over a particular link or between two parties could be more valuable than
the actual data that is being transmitted between them. Hence meta data can
sometimes be more sensitive than the actual transmission data content. Meta data
includes the sender and receiver identities, their location, length and time of the
message etc. Hence by analyzing such traffic data, indirect inferences can be made
about the people communicating over a public network like their identities, their
relationships etc. This is in line with evidence gathered by MIT reality mining
project.
2 Traffic Analysis:
2.1 Overview:
Internet data packets have two parts: a data payload and a header used for routing.
The data payload is the information being sent; e.g.: an email message, a
web page etc.
The header consists of the source address, destination address, timing
information, sizing information etc.
Although the data payload is encrypted, traffic analysis still reveals a great deal
about what a communicator is doing and, possibly, what they’re saying. This is
because it focuses on the header, which discloses the source, destination, size,
timing, and other critical information. Thus encryption does not help against these
attackers, since it only hides the content of internet traffic and not the headers. And
it is not possible to encrypt the headers since the destination will not be able to
identify the packet meant for it. Thus by analyzing the data headers and observing
the packet movement trend an attacker can indirectly gather sensitive information
about the communicating parties. A very simple form of traffic analysis might
involve sitting somewhere between sender and recipient on the network, looking at
headers.
3.1 Overview:
Instead of making a socket connection directly with the destination machine, the
sender makes a connection to an onion proxy on a remote machine. This onion
proxy then randomly selects a set of onion routers up to the destination and builds
an anonymous connection to the destination via them. It then constructs a special
data structure called as an onion and routes it through this established connection.
Onion routing relies on public key cryptography. This enables the creation of an
onion which is nothing but the transmission data wrapped in multiple layers of
encryption with the route information in each layer of encryption. It is done in such
a way that when the data moves from one onion router to the next, each onion
router strips a layer of the onion using its private key to find its next hop, and
routes the packet accordingly. This goes on till the packet reaches the receiver.
Thus every onion router knows only its previous and next hop. Padding may be
applied at each onion router to maintain the size of the onion. So data passed along
this anonymous connection appears different to each onion router. Also since an
onion is decrypted at each router there is no correspondence between an incoming
and outgoing onion for a particular router. Hence data cannot be tracked en route
and even a compromised onion router cannot be of much help. Even if an onion
router is compromised only the previous and next hop would be visible but the
actual sender and receiver would still be hidden. This provides added resistance to
an attacker.
Network Infrastructure:
Proxy interfaces:
The proxy links the initiator to the anonymous connection (node W) on the
initiator end and at the responder end it links the anonymous connection to
the responder (node Z). e g: When the initiator sends a request for say a
particular URL; instead of directly connecting to the server where the URL
content is stored, it connects to an onion proxy W. This proxy then randomly
chooses a set of onion routers say X-Y-Z. It then encrypts the packet with
Y’s, X’s and Z’s public key and their addresses and sends it to the first onion
router on the desired root. The data then moves along the route and is
transmitted by Z to the responder. Z also acts as a proxy because it passes
data from the responder to the anonymous connection.
Each onion proxy maintains a list of onion routers on the network and their
IP addresses. There are also directory servers where active routers register
with. So onion proxies can query directory servers from time to time in order
to get an up-to-date list of servers on the network.
Defining a route.
Constructing an anonymous connection.
Moving data through an anonymous connection.
Destroying the anonymous connection.
When an onion proxy receives a message it first randomly selects a set of onion
routers up to the destination by checking in its existing list of onion routers. It then
uses public key cryptography to construct the onions in such a way that only the
intended onion routers can peel off the outer layer. The following example
illustrates the process.
Consider the case where there are n onion routers numbered from 1 to n. The
public and the private key of a particular router say i is denoted by Ipu and Ipr
respectively. The onion proxy knows the public keys of all the onion routers in its
list. The private keys are known only to that particular router. An encryption and
decryption function is used to encrypt and decrypt the data. The encryption
function is Ekey(data) and the decryption function is Dkey(data). Data encrypted
by a public key can be decrypted by a private key and vice versa. Hence we have
DI_public_key ( EI_private_key (data)) = data.
On receiving a packet the onion proxy selects a random sequence of routers from
its list say 4, 3 and 5. So it constructs the onion in the following manner. It first
encrypts the data packet with public key of 5 followed by public key of 3 and
finally 4. So the encrypted data now looks like E4pu (3’s IP address, E3pu ((5’s IP
address, (E5pu (recipient’s IP address, data))))). This is then sent to onion router 4.
Onion router 4 uses its private key to peel the outermost encryption layer. It finds
the IP address of the next hop i.e. router 3. So it passes to router 3 the onion which
now looks like E3pu ((5’s IP address, (E5pu (recipient’s IP address, data)))). Again
router 5 uses its private key to peel the outermost encryption layer. It finds the data
and the recipient’s IP address and concludes that it is the final anonymous hop to
the destination. It simply forwards the packet to the destination.
Thus sending an onion over a chosen path creates a virtual circuit. This circuit is
bidirectional i.e. the destination can also send a message to the source along the
same path. In the given example it simply encrypts the data with its private key and
forwards it to onion router 5. Erecipient_private(IP address, data). Onion router 5
then encrypts it with its private key and forwards it to 3 as E5pr
(Erecipient_private(IP address, data)). Similarly router 3 and 4 also encrypt it step
by step with their private key and outer 4 sends it to the onion proxy that initiated
connection with it. The data that is received by the onion proxy looks like E4pr
(E3pr (E5pr (Erecipient_private(IP address, data)))). The onion proxy now uses the
public keys of these routers and decrypts each layer of the onion, using the
outermost layers key first. It retrieves the data and simply routes it to the sender.
Since the size of the onion reduces as it nears the destination an attacker can infer
details about the destination. To avoid this onions are padded at each onion router
to maintain the size of the onion. Padding is simply adding redundancy. This is a
really big advantage because it complicates traffic analysis, as an attacker cannot
infer location or other details of the destination by getting hold of an onion. Every
onion router has details of only its previous and next hop. So even if an onion
router has been compromised the attacker can only get the encrypted onion with
the next hop. He will not be able to decrypt the onion without the private keys and
hence will not infer any valuable information from it.
Each layer of onion also contains an expiration time. An onion router is to ignore
expired and replayed onions. Further if the connection breaks during the routing
process then all the onion routers are informed via a destroy message. Ensuring
that all onion are of the same size, timing information of the circuit is obfuscated
and adding noise makes traffic analysis very difficult.
This can be mitigated using client puzzles. Here the onion proxy (i.e. the server)
forces a requesting client to complete a puzzle before it allocates resources. This
forces an attacker to find additional resources. But puzzle solving has an impact on
the latency although it reduces DOS vulnerability.
An attacker can record data going on between routers and can compromise a router
at a later stage, to acquire private key and decrypt data. This can be avoided by
using a session key between communicating parties. The session key is used to
encrypt data and is valid only for the duration of the communication.
It is based on onion routing and traffic mixing. Here the keys are distributed using
a RadioGram. RadioGram object is like an onion which has layers of encryption
around the data content. RadioGrams are broadcast into the network and the
intended nodes along the route to the destination decrypt a layer at a time.
4.1.1 Description:
The structure of a radiogram is as follows: [tid] {[sk] [MIC] [^]}{[sk] [MIC] [^]….
{[sk] [MIC] [^]} [content] [padding]
1. The information contained within the curly braces {} represent each layer of
the onion.
2. Transmitter ID i.e. tid: It uniquely defines a radiogram. It is a RSA public
key. It is used to encrypt the session key. And the session key is then used to
encrypt the rest of the fields.
3. Session key i.e. sk: It is a symmetric key encrypted by the public key of the
transmitter.
4. MIC or Checksum: It is the pre-computed hash value of everything the
onion skin wraps except the padding.
5. Control Signals i.e. ^: It tells the receiver what has to be done with the
received message. It also tells about the type of message and the padding.
6. Content: This is the actual data that is being transmitted and can be
interpreted only by the final destination.
7. Padding: This is used just to maintain the size of the onion. Without padding
the onion can grow smaller as it nears the destination and can be analyzed
easily by an attacker.
4.1.2 Example:
When the nodes within the transmission range of A receive the Radiogram they
perform the following steps:
This protocol is also based on onion routing and encrypting the packet header thus
abstaining from using unreliable intermediate node. It does not require the source
node to know the entire network topology unlike the previous WAR protocol. Here
the source node broadcasts a path discovery packet with certain trust requirement.
All intermediate nodes satisfying these requirements add their IDs and a session
key into the path discovery packet and forward it. This goes on till the packet
reaches the destination. On receiving the path discovery packet, the destination
encapsulates the information of all the intermediate nodes in a multilayered
message and sends it on the reverse path to the source node. Each node on the
reverse path decrypt one layer and keep forwarding the message till it reaches the
source node. When the packet reaches the source node it has information about all
the trusted intermediate nodes and their session keys. It uses these keys to encrypt
the data and forwards it along the discovered route.
SDAR is divided into three parts; path discovery, path reverse and data transfer.
Path discovery: This allows the source node S to establish a path up to the
destination using intermediate nodes. But the beauty of this phase is that none of
the intermediate nodes can discover the identity of any of the participating nodes
except its neighbors. The source S creates a path discovery packet and broadcasts
it.
Path reverse: When the receiver receives the path discovery message it puts in the
ids and session keys of all the intermediate nodes into one message. It encrypts this
message again and again with the session keys of the intermediate nodes beginning
from the last node. It then broadcasts the packet. Every node along the reverse path
removes a layer of encryption and broadcasts the packet. So when the source
receives the message it has the ids and keys of all the nodes on the path to the
destination. It uses these keys to encrypt the data and broadcasts it.
Data Transfer: The source encrypts the data using the keys of the intermediate
nodes and broadcasts it. Each node on the way decrypts a layer and forwards it. So
when the message reaches the destination all the encryption layers have been
peeled off and the receiver is able to read the message.
There is no control over the route length since the path to the destination is a
discovery process. Hence it may take a really long time for the actual data
transfer to begin.
If malicious nodes keep forwarding path discovery packet amongst each
other then it may never reach the intended receiver.
The source need not know the topology of the entire network since path
discovery is a dynamic process.
Hence traffic analysis becomes more difficult.
Symmetric keys of intermediate nodes are collected using a global trapdoor
managed by the source and destination nodes, thus providing anonymity and
end to end data privacy.
6 Conclusion:
I] http://en.wikipedia.org/wiki/Traffic_analysis
II]http://www.more.net/technical/netserv/troubleshooting/trafficanalysis.html
III] http://tor.eff.org/overview.html.en
IV] http://en.wikipedia.org/wiki/Onion_routing
3] Yih Chun Hu, Adrian Perrig. “A Survey of Secure Wireless Ad Hoc Routing”.
University of California- Berkeley, Carnegie Mellon University.
4] Adam Back, Ulf Moller, Anton Stiglic. “Traffic Analysis Attacks and Trade-
Offs in Anonymity Providing Systems”. Zero-knowledge Systems Inc.