程序代写 Anonymizing Network Technologies

Anonymizing Network Technologies
Senior Research Fellow
Cyber Security Cooperative Research Centre (CSCRC)
Some slides modified from Dingledine, Mathewson, Syverson, Xinwen and Savchenko

Copyright By PowCoder代写 加微信 powcoder

School of Computer Science and Engineering

§ What is anonymity?
§ Questions/Comments
School of Computer Science and Engineering

Anonymity describes situations where the acting person’s name is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea here is that a person be non-identifiable, unreachable, or untraceable.
Anonymity is seen as a technique, or a way of realizing, certain other values, such as privacy, or liberty. ~Wikipedia~
School of Computer Science and Engineering

Anonymity serves different interests for different user groups
School of Computer Science and Engineering

Anonymity serves different interests for different user groups
§ Don’t want to be watched and tracked
§ Browsing history, medical records, unpopular or
illegal opinions
§ Hostile, Incompetent and Indifferent Service
§ Trade secrets and competitors analysis § Engineering / R&D search history
School of Computer Science and Engineering

How to achieve Anonymity?
§ Indistinguishability within an anonymity net
§ You are only anonymous within a group if your actions cannot be distinguished from the actions of anyone else within the group
§ The larger the group, the better
School of Computer Science and Engineering

Anonymity loves company!

Website A Website B
Home IoT ICS
Anonymous Network
School of Computer Science and Engineering

School of Computer Science and Engineering

Simplest design:
Single relay (Commercial proxy providers)
School of Computer Science and Engineering

Single Relay => Single point of failure
School of Computer Science and Engineering

Single Relay => Single point of bypass
Timing analysis bridges all connections through relay ⇒ An attractive fat target
School of Computer Science and Engineering

§ Internet surveillance like traffic analysis reveals users privacy (Read a bit about X-Keyscore)
§ Encryption does not work, since packet headers still reveal a great deal about users
§ End-to-end anonymity is needed
§ Solution: a distributed, anonymous network
School of Computer Science and Engineering

A solution is to add multiple relays
School of Computer Science and Engineering

What is Tor?
§ Tor is a distributed anonymous communication service using an overlay network that allows people to improve their privacy and security on the Internet
§ Individuals use Tor to keep websites from tracking them, or to connect to those internet services blocked by their local Internet providers
§ Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site
https://www.torproject.org
School of Computer Science and Engineering

Components of Tor
§ Client/OP:theuseroftheTornetwork,OnionProxy(OP)fetches directories and creates virtual circuits on the network on behalf of users.
n Destination Server: the target TCP applications such as web servers n Tor router (Onion Router): OR relays the application data
n Directory server: Servers holding database of current active ORs
School of Computer Science and Engineering

How does Tor work?
School of Computer Science and Engineering

How does Tor work?
School of Computer Science and Engineering

How Tor Works? — Onion Routing

§ A circuit is built incrementally hop by hop
§ Onion-like encryption
• Alice negotiates an AES key with each router
• Messages are divided into equal sized cells
• Each router knows only its predecessor and successor
• Only the Exit router (OR3) can see the message, however it does not know where the message is from
School of Computer Science and Engineering

How does Tor work?
School of Computer Science and Engineering

§ All data is sent in fixed size (bytes) cells § Similar to cells in ATM
§ Control cell commands: • Padding, create, destroy
§ Relay cell commands:
• Begin, data, connected, teardown, …
School of Computer Science and Engineering

Commands in Use
School of Computer Science and Engineering

Hidden Service (HS or Onion Service)
§ Tor accommodates receiver anonymity by allowing location hidden services
• Bob can offer anonymous TCP services
§ Design goals for location hidden services
• Access Control:
• Filtering incoming requests
• Protection against DDoS attacks
• Robustness:
• Maintain a long-term pseudonymous identity
• Can switch ORs
§ facebookcorewwwi.onion
§ Dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zqqad.onion
School of Computer Science and Engineering

Hidden Services
School of Computer Science and Engineering

Hidden Services
School of Computer Science and Engineering

Hidden Services
School of Computer Science and Engineering

Hidden Services
School of Computer Science and Engineering

Hidden Services
School of Computer Science and Engineering

Hidden Services
School of Computer Science and Engineering

Some current stats
School of Computer Science and Engineering

One more thing …
“A hard-to-use system has fewer users — and because anonymity systems hide users among users, a system with fewer users provides less anonymity. Usability is thus not only a convenience: it is a security requirement”
-Tor Design Document
School of Computer Science and Engineering

Questions about Tor?

Problems with ToR?
§ Entry and Exit OR
• Most users avoid running Exit OR
§ Asymmetric
• About 8000 OR and millions of users/OP
§ Highly centralized • Only 10 DS
§ Relay/path selection algorithm
§ Circuit based
• Only supports TCP
School of Computer Science and Engineering

I2P: The Invisible Internet Project
§ An anonymizing message oriented P2P network
§ No entry and exit nodes
• All nodes are Routers
• Currently around 50,000 nodes
§ Utilizes fully decentralized structure (no DS)
§ Protects the identity of both the sender and
§ Supports multiple applications
§ UDP based (unlike Tor’s TCP streams)
§ Out-proxies used for normal Internet for web
http://www.i2p2.de/en/
School of Computer Science and Engineering

I2P Tunnels
§ An application in I2P is not reachable by IP but through a location independent identifier
§ Message routed through several intermediate devices using layered encryption (Garlic routing)
§ Sender only knows about the inbound Gateway of the receiver
§ Tunnels are maintained for 10 minutes only
School of Computer Science and Engineering

§ A network database based on DHT hosted at Floodfill routers (about 20,000)
§ This contains both “routerInfo” and “leaseSets”
§ rotuerInfo – stores information on specific I2P routers
and how to contact them
§ leaseSets – stores information on a specific destinations (i.e. I2P websites, email servers, etc.)
School of Computer Science and Engineering

Joining the Network
School of Computer Science and Engineering

Establishing a Tunnel
School of Computer Science and Engineering

Establishing a Connection
School of Computer Science and Engineering

Encryption View
http://www.i2p2.de/en/docs/how/intro
School of Computer Science and Engineering

I2P Tunnels and Garlic routing
§ Message routed through several intermediate devices using layered encryption (Garlic routing)
School of Computer Science and Engineering

Comparison: Tor vs. I2P
§ TCP vs. UDP
§ Directory Server vs. NetDB (P2P)
§ Separation of Nodes and Clients vs. Everyone routes traffic
§ Exit Nodes vs. Outproxies
§ Circuits vs. Tunnels
School of Computer Science and Engineering

Questions?
School of Computer Science and Engineering

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com