Professional Documents
Culture Documents
H - Privacy - Anonymous Communications
H - Privacy - Anonymous Communications
H - Privacy - Anonymous Communications
Anonymous Communications
Dr Nesrine Kaaniche
1
Outline
1. Modelling Anonymous Channels
a. Abstract System and Adversary Models
b. Properties: anonymity, unlinkability, pseudonymity, unobservability
2. Anonymous Communications (focus on High-Latency AC)
a. Mixes: Chaum, pool mixes
b. Attacks on Mixes: blending, long-term disclosure attacks
c. Crowds
3. Deployed Systems
4. The Onion Routing
a. TOR
b. (Some) Attacks on TOR
• Diffie & Landau – “Privacy on the line” of the politics of the encryption
“Traffic analysis, not cryptanalysis, is the backbone of communications intelligence.”
App App
Com Com
IP
Alice Bob
Com
Source: https://www.slideserve.com/belle/anonymous-communication
Dr. Nesrine Kaaniche 13
Classical Security Model
• Confidentiality
• Integrity
• Authentication
• Non repudiation
• Availability
Bob
Alice
Eve
Passive / Active
Recipient? Passive/Active
Third Parties? Partial/Global
Set of Alices Internal/External
Set of Bobs
Dr. Nesrine Kaaniche 16
Basic Anonymity Properties
Hiding Sender, Receiver or both
• Sender anonymity: Alice sends to Bob, and Bob cannot trace Alice’s
identity
U4
• Worst case: user with highest probability is
chosen as sender/receiver (U4)
p2
• Anonymity depends on both p1
p3
• Examples:
• Publishing a blog or comments under a pseudonym
• Using a pseudonym to subscribe to a service
• Solution: Unobservability
• Presence is not visible
• Participation in, and volume of communications hidden.
Data Traffic
• Content is unobservable
• Due to encryption
• Source and destination are
trivially linkable
• No anonymity!
HTTPS Proxy
No anonymity!
• Source is Destination
known is known
• Destination Source
anonymity Dr. Nesrine Kaaniche anonymity 28
Anonymizing VPNs
VPN Gateway
No anonymity!
• Source is Destination
known is known
• Destination Source
anonymity Dr. Nesrine Kaaniche anonymity 29
Mixes
Chaumian Mix (Chaum 1982)
• “Securely without identification : transaction systems to make big
brother obsolete”
• Mix: Proxy for anonymous email
• Goal: an adversary observing the input and output of the mix is not able
to relate input messages to output messages
• Bitwise unlinkability:
• The mix performs a decryption on input messages
• Input/Output of the mix cannot be correlated based on content or size
• Present traffic analysis based on message I/O order and timing
• Achieved by batching messages
Mix
Mix
Mix
Method:
Combine many observations (Looking at who receives when Alice sends)
Intuition:
If we observe rounds in which Alice sends, her likely recipients will appear frequently
Result:
We can create a vector that expresses Alice’s sending profile
Hard to conceal persistent communications
• No source anonymity
• Target receives m incoming messages (m may = 0)
• Target sends m + 1 outgoing messages
• Thus, the target is sending something
• Destination anonymity is maintained
• If the source is not sending directly to the receiver
Dr. Nesrine Kaaniche 52
Anonymity in Crowds
• Destination is known
• Obviously
• Source is anonymous
• O(n) possible sources, where n is the number of Jondos
Dr. Nesrine Kaaniche 54
Anonymity in Crowds
• Destination is known
• Evil jondo is able to decrypt the message
• Source is somewhat anonymous
• Suppose there are c evil Jondos in the system
• If pf > 0.5, and n > 3(c + 1), then the source cannot be inferred with
probability > 0.5
Rendezvous
Point
• Onion URL is a hash, allows any Tor user to find the introduction points
Dr. Nesrine Kaaniche 77