Anonymizing Network Technologies
Senior Research Fellow
Cyber Security Cooperative Research Centre (CSCRC)
Some slides modified from Dingledine, Mathewson, Syverson, Xinwen and Savchenko
Copyright By PowCoder代写 加微信 powcoder
School of Computer Science and Engineering
§ What is anonymity?
§ Questions/Comments
School of Computer Science and Engineering
Anonymity describes situations where the acting person’s name is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea here is that a person be non-identifiable, unreachable, or untraceable.
Anonymity is seen as a technique, or a way of realizing, certain other values, such as privacy, or liberty. ~Wikipedia~
School of Computer Science and Engineering
Anonymity serves different interests for different user groups
School of Computer Science and Engineering
Anonymity serves different interests for different user groups
§ Don’t want to be watched and tracked
§ Browsing history, medical records, unpopular or
illegal opinions
§ Hostile, Incompetent and Indifferent Service
§ Trade secrets and competitors analysis § Engineering / R&D search history
School of Computer Science and Engineering
How to achieve Anonymity?
§ Indistinguishability within an anonymity net
§ You are only anonymous within a group if your actions cannot be distinguished from the actions of anyone else within the group
§ The larger the group, the better
School of Computer Science and Engineering
Anonymity loves company!
Website A Website B
Home IoT ICS
Anonymous Network
School of Computer Science and Engineering
School of Computer Science and Engineering
Simplest design:
Single relay (Commercial proxy providers)
School of Computer Science and Engineering
Single Relay => Single point of failure
School of Computer Science and Engineering
Single Relay => Single point of bypass
Timing analysis bridges all connections through relay ⇒ An attractive fat target
School of Computer Science and Engineering
§ Internet surveillance like traffic analysis reveals users privacy (Read a bit about X-Keyscore)
§ Encryption does not work, since packet headers still reveal a great deal about users
§ End-to-end anonymity is needed
§ Solution: a distributed, anonymous network
School of Computer Science and Engineering
A solution is to add multiple relays
School of Computer Science and Engineering
What is Tor?
§ Tor is a distributed anonymous communication service using an overlay network that allows people to improve their privacy and security on the Internet
§ Individuals use Tor to keep websites from tracking them, or to connect to those internet services blocked by their local Internet providers
§ Tor’s hidden services let users publish web sites and other services without needing to reveal the location of the site
https://www.torproject.org
School of Computer Science and Engineering
Components of Tor
§ Client/OP:theuseroftheTornetwork,OnionProxy(OP)fetches directories and creates virtual circuits on the network on behalf of users.
n Destination Server: the target TCP applications such as web servers n Tor router (Onion Router): OR relays the application data
n Directory server: Servers holding database of current active ORs
School of Computer Science and Engineering
How does Tor work?
School of Computer Science and Engineering
How does Tor work?
School of Computer Science and Engineering
How Tor Works? — Onion Routing
§ A circuit is built incrementally hop by hop
§ Onion-like encryption
• Alice negotiates an AES key with each router
• Messages are divided into equal sized cells
• Each router knows only its predecessor and successor
• Only the Exit router (OR3) can see the message, however it does not know where the message is from
School of Computer Science and Engineering
How does Tor work?
School of Computer Science and Engineering
§ All data is sent in fixed size (bytes) cells § Similar to cells in ATM
§ Control cell commands: • Padding, create, destroy
§ Relay cell commands:
• Begin, data, connected, teardown, …
School of Computer Science and Engineering
Commands in Use
School of Computer Science and Engineering
Hidden Service (HS or Onion Service)
§ Tor accommodates receiver anonymity by allowing location hidden services
• Bob can offer anonymous TCP services
§ Design goals for location hidden services
• Access Control:
• Filtering incoming requests
• Protection against DDoS attacks
• Robustness:
• Maintain a long-term pseudonymous identity
• Can switch ORs
§ facebookcorewwwi.onion
§ Dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zqqad.onion
School of Computer Science and Engineering
Hidden Services
School of Computer Science and Engineering
Hidden Services
School of Computer Science and Engineering
Hidden Services
School of Computer Science and Engineering
Hidden Services
School of Computer Science and Engineering
Hidden Services
School of Computer Science and Engineering
Hidden Services
School of Computer Science and Engineering
Some current stats
School of Computer Science and Engineering
One more thing …
“A hard-to-use system has fewer users — and because anonymity systems hide users among users, a system with fewer users provides less anonymity. Usability is thus not only a convenience: it is a security requirement”
-Tor Design Document
School of Computer Science and Engineering
Questions about Tor?
Problems with ToR?
§ Entry and Exit OR
• Most users avoid running Exit OR
§ Asymmetric
• About 8000 OR and millions of users/OP
§ Highly centralized • Only 10 DS
§ Relay/path selection algorithm
§ Circuit based
• Only supports TCP
School of Computer Science and Engineering
I2P: The Invisible Internet Project
§ An anonymizing message oriented P2P network
§ No entry and exit nodes
• All nodes are Routers
• Currently around 50,000 nodes
§ Utilizes fully decentralized structure (no DS)
§ Protects the identity of both the sender and
§ Supports multiple applications
§ UDP based (unlike Tor’s TCP streams)
§ Out-proxies used for normal Internet for web
http://www.i2p2.de/en/
School of Computer Science and Engineering
I2P Tunnels
§ An application in I2P is not reachable by IP but through a location independent identifier
§ Message routed through several intermediate devices using layered encryption (Garlic routing)
§ Sender only knows about the inbound Gateway of the receiver
§ Tunnels are maintained for 10 minutes only
School of Computer Science and Engineering
§ A network database based on DHT hosted at Floodfill routers (about 20,000)
§ This contains both “routerInfo” and “leaseSets”
§ rotuerInfo – stores information on specific I2P routers
and how to contact them
§ leaseSets – stores information on a specific destinations (i.e. I2P websites, email servers, etc.)
School of Computer Science and Engineering
Joining the Network
School of Computer Science and Engineering
Establishing a Tunnel
School of Computer Science and Engineering
Establishing a Connection
School of Computer Science and Engineering
Encryption View
http://www.i2p2.de/en/docs/how/intro
School of Computer Science and Engineering
I2P Tunnels and Garlic routing
§ Message routed through several intermediate devices using layered encryption (Garlic routing)
School of Computer Science and Engineering
Comparison: Tor vs. I2P
§ TCP vs. UDP
§ Directory Server vs. NetDB (P2P)
§ Separation of Nodes and Clients vs. Everyone routes traffic
§ Exit Nodes vs. Outproxies
§ Circuits vs. Tunnels
School of Computer Science and Engineering
Questions?
School of Computer Science and Engineering
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com