SlideShare ist ein Scribd-Unternehmen logo

Anon p2p slides

Als PPT, PDF herunterladen
C
chintaan

it

Ingenieurwesen
1 von 66
A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)
Outline of Talk • The theory of anonymity. • Designs for anonymity. • Anonymous file-sharing software. • Some early results from the analysis of file- sharing software.
Introduction • This is a light weight introduction to anonymity: – Definitions – Design – Real Systems – Some Analysis of the Systems • Next week you will see more on the technical definitions and modeling with process calculi.
The Theory of Anonymity Anonymity means different things to different users. The right definitions are key to understand any system. “On the Internet nobody knows you’re a dog”
The Theory of Anonymity • Anonymity is a difficult notion to define. – Systems have multiple agents – which have different views of the system – and wish to hide different actions – to variable levels. • Sometimes you just want some doubt, sometimes you want to act unseen.
The Theory of Anonymity • In a system of anonymous communication you can be: – A sender – A receive / responder – A helpful node in the system – An outsider (who may see all or just some of the communications). • We might want anonymity for any of these, from any of these.
Example: Anonymous File- Sharing One node sends a request for a file (sender) Other nodes receive this request (the nodes) Maybe one of the nodes replies with a file (receiver/responder). The attacker may be any of these or an outside observer. ?
Example: Anonymous File- Sharing • The user may wish to hide – that they are offering files – that they are taking part in data transfer – that they are running the software at all. • The user may want to have plausible deniability or go complete unnoticed. ?
The Theory of Anonymity • There are many definitions. • Some are “too weak”, – Delov-Yao style “Provable Anonymity” • Some are “too strong”, – Information flow. • There will be more on these definitions next week.
Levels of Anonymity Reiter and Rubin provide the classification: • Beyond suspicion: the user appears no more likely to have acted than any other. • Probable innocence: the user appears no more likely to have acted than to not to have. • Possible innocence: there is a nontrivial probability that it was not the user.
Beyond suspicion • All users are Beyond suspicion: Prob Users A B C D E
Beyond suspicion • Only B and D are Beyond suspicion: Prob Users A B C D E
Beyond suspicion • Now, only B is Beyond suspicion: Prob Users A B C D E
Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
Example: The Anonymizer An Internet connection reveals your IP number. The Anonymizer promise “Anonymity” Connection made via The Anonymizer. The Server see only the Anonymizer. S ? The Anonymizer
Example: The Anonymizer The sender is Beyond Suspicion to the server. The server knows The Anonymizer is being used. If there is enough other traffic, you are Probably Innocence to a global observer. The global observer knows you are using the “The Anonymizer” There is no anonymity to the “The Anonymizer”
Example: The Anonymizer • From the small print: • … we disclose personal information only in the good faith belief that we are required to do so by law, or that doing so is reasonably necessary … • … Note to European Customers: The information you provide us will be transferred outside the European Economic Area
Summary: The Theory of Anonymity • There are many agents in a system each of which have different views. • There are a number of different actions. • We need to define the level of anonymity an user has when performing a certain action, given the attacker’s view of the system.
Outline of Talk • The theory of Anonymity. • Designs for anonymity. • Anonymous file-sharing software. • Some early results from the analysis of file- sharing software.
Theoretical Designs for Anonymity • We have seen an example of anonymity from a Proxy. • In Friend-to-Friend networks: – nodes have fixed neighbours, – only direct neighbours know IP addresses, – nodes act as proxies for there neighbours. • Anonymity to your neighbour is by trust or by claiming you are just acting as a proxy.
Ants The Ants protocol is for ah- hoc networking. Each node has a pseudo ID. A node broadcasts a request, labeled with its own ID. Nodes record IDs it receives over each connections. A
Ants If another nodes wishes to reply to the request: It sends packets labeled with its own ID The packets are sent along the most used connection for the to ID.A
MIXes • MIXes are proxies that forward messages between them • A user contacts a MIX to send a message • The MIX waits until it has received a number of messages, then forwards them in different order
MIXes • It is difficult to trace the route of each message. • Provides beyond suspicion S-R unlinkability even w.r.t. a global attacker. • Messages have to be delayed (can be solved with dummy traffic). • More complicated when sending series of packets
Onion Routing • Messages are routed through a number of nodes called Core Onion Routers (COR) • The initiator selects the whole route and encrypts the message with all keys in reverse order • Each node unwraps a layer (onion) and forwards the message to the next one {{{m}k3 }k2 }k1 {{m}k3 }k2 1 2 3 {m}k3 m
Onion Routing • Each node only learns the next one in the path • Can be used together with MIXing. • End-users can run their own COR – Better anonymity • or use an existing one – More efficient – User's identity is revealed to the COR
Crowds • A crowd is a group of n nodes • The initiator selects randomly a node (called forwarder) and forwards the request to it • A forwarder: – With prob. 1-pf selects randomly a new node and forwards the request to him – With prob. pf sends the request to the server server
Crowds • Beyond suspicion w.r.t. the server • Some of the nodes could be corrupted. • The initiator could forward the message to a corrupted node. • Probable innocence w.r.t. a node (under conditions on the number of corrupted nodes).
Dining Cryptographers • Nodes form a ring • Each adjacent pair picks a random number • Each node broadcasts the sum (xor) of the adjacent numbers • The user who wants to send a message also adds the message • The total sum (xor) is: r1 +r2 +r2 +r3 +r3 + r4 +r4 +r5 +r5 +r1 +m = m r1 r4 r5 r3 r2 r1 +r2 r5 +r1 r4 +r5 r3 +r4 r2 +r3 +m
Dinning Cryptographers • It's impossible to tell who added m. • Beyond suspicion even w.r.t. to a global attacker. • Very inefficient: everyone must send the same amount of data as the real sender. • More info in Catuscia's talk
Mutli-casting • Broadcast the message to the whole network. • Provides beyond suspicion for the receiver. • No anonymity for the sender. • Multicasting is an efficient technique for broadcasting messages. • but very inefficient to send just one message.
Spoofed UDP • IP packets on the Internet contain the IP address of the sender • This address is not used by routers, only by higher-level protocols such as TCP • UDP does not use this address • A random address can be used instead to provide sender anonymity • Method prohibited by many ISPs
Summary of methods
Outline of Talk • The theory of anonymity. • Designs for anonymity. • Anonymous file-sharing software. • Some early results from the analysis of file- sharing software.
Mute • Mute is an open source project based on the Ants protocol. • Mute uses a complicated 3 stage time-to-live counter that allows an attack. • In Mute all the probabilistic choices are fixed when a node starts. This protects against statistical attacks.
Ants • Ants is also an open source project based on the Ants protocol. • There is a probabilistic change of dropping a search request. Avoiding some attacks but giving little control over searches. • Ants send most reply packets over the best route but sends some by other routes. This is done for efficiency by it also stops some attacks by inside nodes.
Mantis • Mantis is an academic project that uses the Ants protocol. • But the sender may make its IP address public and receive the file by address spoofed UDP. • Hence only the responder is anonymous, but the system is very efficient.
Anonymous Peer-to-Peer File- Sharing (APFS) • APFS is based on Onion Routing • Volunteer nodes act as proxies. • Centralised servers store an “onion routes” for files. • Searching is carried out by asking a server for an onion route for a file. • Pro: Secure system, Con: Hard to set up and maintain.
Freenet and Free Haven • There are a number of “anonymous publishing system”. • For example Freenet and the MIX based Free Haven. • These systems make the original author of a file anonymous, not the responder. • Nodes will often cache files.Therefore you can “trick” a node into storing and “offering” a file.
Waste • Waste is a friend-to-friend network. It is designed for small groups (under 50 nodes). • The sender and receive are known to network insiders, but anonymous to an outside attacker. • Dummy traffic traffic is sent between nodes whenever they are idle.
Tor • Tor is an anonymous transport layer. • It does not implement a file-sharing but file- sharing software can be run on top of it. • Tor implements onion routing without MIXes. • Its possible that a program run on top of Tor will reveal its IP address.
Some Other Systems AP3 Crowds Mislove et al. Entropy Freenet entrop.stop1984.com GNUnet MIXes gnunet.org I2P Onion routing www.i2p.net Nodezilla Freenet www.nodezilla.net Napshare Ants napshare.sourceforge.net SSMP Secret sharing Dingledine et al. & onion routing
Outline of Talk • The theory of anonymity. • Designs for anonymity. • Anonymous file-sharing software. • Some early results for the analysis of file- sharing software.
Goals for Anonymous File- Sharing using Ants • The attacker is a node in the network and must discover the pseudo ID of its nieghbours. • Sender (requesting files) is Probable Innocence to nodes and responder. • Responder (offering files for download) is Probable Innocence to nodes and sender.
The Model • The model of the network is a connected weighted graph. • The weights are the times it takes for a message to travel along that connection. • Travel times are fixed. • A single attacker, no timed-based attacks. • No time-to-live counter.
The Attackers View • Its connections and the real addresses of the nodes each of these connections leads too. • The pseudo IDs from the messages it has seen. • For each pseudo ID, the ordered over which the attacker receives message • The ``to'' and ``from'' pseudo address of all the messages past across it.
The Attackers View • The attacker may also send messages. • It can form message out of its own random values, its own address or any address is has seen. • In particular, it can send messages the “wrong way”.
Time-Based Attacks • The quickest reply along any connection will come from the direct neighbour. • The attacker may try random request, and note the reply times. • The pseudo ID with the fastest reply time over any connection is assume to be the neighbour. • If a node shares any files at all, it is not anonymous to its neighbour.
Result • Assuming no timed-based attacks, there is still a problem: • The attacker might just see one pseudo ID over a connection. • Or have a unique pseudo ID “bounced back”. • i.e., anonymity depends on how the nodes are connected.
Result • One node on its own is not anonymous. • Only node one node fastest along a connection is not anonymous. N A
Result • Active attacks allow more discrimination. • A receives two IDs first over each connection. • But N3 and N4 are bounced back • Therefore the attack can identify N1 and N2. N1 A N3 N2 N4
Result • If we assume that the attackers neighbours might never share files then Ants is anonymous. • Otherwise: – The Ants protocol can be broken by a timed attack. – If any connection is not used by at least two different pairs of nodes to communicate then the nodes on this connection are not anonymous to each other.
Protected Addresses • Attacker can make a message with another node’s pseudo ID as the from address. • This lets it disrupt communication. • We can generate a key pair and use the authentication key as the pseudo ID. • The sender signs the message ID. • Hence the attacker cannot fake messages.
Other Kinds of Attack • Global Attacker • System Membership • Time-to-Live Attacks (Mute, Mantis) • Multiple Attackers (Mute) • Statistical Attacks (MIXes) • Forced Repeat (Crowds) • Nodes Joining and Leaving • Denial of Service (Mute)
Outline of Talk • The theory of Anonymity. • Designs for Anonymity • Anonymous file-sharing software • Some early results for the analysis of file- sharing software.
Further Work • Ants Protocol: – Finish formal model and testing, – Time delays, – Deciding when a network is safe, – MIXes for file-sharing. • General purpose formal methods for anonymous systems.
Questions?
Example: Anonymous File- Sharing • The user may wish to hide – that they are offering files – that they are taking part in data transfer – that they are running the software at all. • The user may want to have plausible deniability or go complete unnoticed.
Example: Anonymous File- Sharing • The user may wish to hide – that they are offering files – that they are taking part in data transfer – that they are running the software at all. • The user may want to have plausible deniability or go complete unnoticed.
Forced Repeat Attack: Crowds
Time-to-live Attack: Mute
Time-to-live Attack: Mantis

Empfohlen

CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2Hamed Moghaddam
 
20 security
20 security20 security
20 securityabiy2004
 
Network security
Network securityNetwork security
Network securityABHISHEK KUMAR
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
Bittorrent in a P2P social network
Bittorrent in a P2P social networkBittorrent in a P2P social network
Bittorrent in a P2P social networkKailaash Balachandran
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOHAPNIC
 

Empfohlen

CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2CISSP Certification Security Engineering-Part2
CISSP Certification Security Engineering-Part2Hamed Moghaddam
 
20 security
20 security20 security
20 securityabiy2004
 
Network security
Network securityNetwork security
Network securityABHISHEK KUMAR
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
Bh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsBh us-02-kaminsky-blackops
Bh us-02-kaminsky-blackopsDan Kaminsky
 
Bittorrent in a P2P social network
Bittorrent in a P2P social networkBittorrent in a P2P social network
Bittorrent in a P2P social networkKailaash Balachandran
 
NZNOG 2020: DOH
NZNOG 2020: DOHNZNOG 2020: DOH
NZNOG 2020: DOHAPNIC
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecuritySam Bowne
 
CNIT 141: 2. Randomness
CNIT 141: 2. RandomnessCNIT 141: 2. Randomness
CNIT 141: 2. RandomnessSam Bowne
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersSam Bowne
 
7 cryptography
7 cryptography7 cryptography
7 cryptographyUpinder Kaur
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumCNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumSam Bowne
 
Network security
Network securityNetwork security
Network securityPerfect Training Center
 
Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)ceng
 
Network Forensics
Network ForensicsNetwork Forensics
Network ForensicsConferencias FIST
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
Torrent technology
Torrent technologyTorrent technology
Torrent technologyHarsh Malpani
 
Presentation 7- Biology 120
Presentation 7- Biology 120Presentation 7- Biology 120
Presentation 7- Biology 120Maureen Sadim
 
Cough Syrup
Cough SyrupCough Syrup
Cough SyrupMonica Buurmeester
 
The Air in There -- DeVona Alleyne (Presentation 7)
The Air in There -- DeVona Alleyne (Presentation 7)The Air in There -- DeVona Alleyne (Presentation 7)
The Air in There -- DeVona Alleyne (Presentation 7)DeVona Alleyne
 
Chapter 7
Chapter 7Chapter 7
Chapter 7etharakaturi
 
BRONKODILATOR
BRONKODILATORBRONKODILATOR
BRONKODILATORMuhammad Nasrullah
 
Doxophylline and asthma
Doxophylline and asthmaDoxophylline and asthma
Doxophylline and asthmaBALASUBRAMANIAM IYER
 
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELS
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELSLAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELS
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELSSadman_Sakib
 
Syrup
SyrupSyrup
SyrupJoseph Saster
 

Weitere ähnliche Inhalte

Was ist angesagt?

CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecuritySam Bowne
 
CNIT 141: 2. Randomness
CNIT 141: 2. RandomnessCNIT 141: 2. Randomness
CNIT 141: 2. RandomnessSam Bowne
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersSam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. EncryptionSam Bowne
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumCNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumSam Bowne
 
Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)ceng
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 

Was ist angesagt? (14)

CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic SecurityCNIT 141: 3. Cryptographic Security
CNIT 141: 3. Cryptographic Security
 
CNIT 141: 2. Randomness
CNIT 141: 2. RandomnessCNIT 141: 2. Randomness
CNIT 141: 2. Randomness
 
CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersCNIT 141 5. Stream Ciphers
CNIT 141 5. Stream Ciphers
 
7 cryptography
7 cryptography7 cryptography
7 cryptography
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
CNIT 141: 1. Encryption
CNIT 141: 1. EncryptionCNIT 141: 1. Encryption
CNIT 141: 1. Encryption
 
CNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-QuantumCNIT 141: 14. Quantum and Post-Quantum
CNIT 141: 14. Quantum and Post-Quantum
 
Network security
Network securityNetwork security
Network security
 
Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)Cryptography for Penetration Testers (PDF version)
Cryptography for Penetration Testers (PDF version)
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Torrent technology
Torrent technologyTorrent technology
Torrent technology
 

Andere mochten auch

Presentation 7- Biology 120
Presentation 7- Biology 120Presentation 7- Biology 120
Presentation 7- Biology 120Maureen Sadim
 
The Air in There -- DeVona Alleyne (Presentation 7)
The Air in There -- DeVona Alleyne (Presentation 7)The Air in There -- DeVona Alleyne (Presentation 7)
The Air in There -- DeVona Alleyne (Presentation 7)DeVona Alleyne
 
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELS
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELSLAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELS
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELSSadman_Sakib
 
Prospan campaign
Prospan campaign Prospan campaign
Prospan campaign Le Linh
 
Benadryl cough syrup
Benadryl cough syrupBenadryl cough syrup
Benadryl cough syrupPooja Awasthi
 
Brand Extensions Ppt 0111
Brand Extensions Ppt 0111Brand Extensions Ppt 0111
Brand Extensions Ppt 0111navneet525
 
Successful Brand Extension
Successful Brand ExtensionSuccessful Brand Extension
Successful Brand ExtensionFullSurge
 
Brand plan on cough syrup
Brand plan on cough syrup Brand plan on cough syrup
Brand plan on cough syrup Animesh Gupta
 
Product Launch Presentation By Linda Johnson
Product Launch Presentation By Linda JohnsonProduct Launch Presentation By Linda Johnson
Product Launch Presentation By Linda Johnsonlindajohnsonh
 

Andere mochten auch (17)

Presentation 7- Biology 120
Presentation 7- Biology 120Presentation 7- Biology 120
Presentation 7- Biology 120
 
Cough Syrup
Cough SyrupCough Syrup
Cough Syrup
 
The Air in There -- DeVona Alleyne (Presentation 7)
The Air in There -- DeVona Alleyne (Presentation 7)The Air in There -- DeVona Alleyne (Presentation 7)
The Air in There -- DeVona Alleyne (Presentation 7)
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
BRONKODILATOR
BRONKODILATORBRONKODILATOR
BRONKODILATOR
 
Doxophylline and asthma
Doxophylline and asthmaDoxophylline and asthma
Doxophylline and asthma
 
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELS
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELSLAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELS
LAUNCHING NEW PRODUCT & ITS COMMUNICATION CHANNELS
 
Syrup
SyrupSyrup
Syrup
 
Prospan campaign
Prospan campaign Prospan campaign
Prospan campaign
 
Benadryl cough syrup
Benadryl cough syrupBenadryl cough syrup
Benadryl cough syrup
 
Brand Extensions Ppt 0111
Brand Extensions Ppt 0111Brand Extensions Ppt 0111
Brand Extensions Ppt 0111
 
Successful Brand Extension
Successful Brand ExtensionSuccessful Brand Extension
Successful Brand Extension
 
Pharmaceutical Syrup
Pharmaceutical SyrupPharmaceutical Syrup
Pharmaceutical Syrup
 
Drugs used in bronchial asthma
Drugs used in bronchial asthmaDrugs used in bronchial asthma
Drugs used in bronchial asthma
 
Brand plan on cough syrup
Brand plan on cough syrup Brand plan on cough syrup
Brand plan on cough syrup
 
Brand extension
Brand extensionBrand extension
Brand extension
 
Product Launch Presentation By Linda Johnson
Product Launch Presentation By Linda JohnsonProduct Launch Presentation By Linda Johnson
Product Launch Presentation By Linda Johnson
 

Ähnlich wie Anon p2p slides

Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingJose L. Quiñones-Borrero
 
Information security using onion routing(tor)
Information security using onion routing(tor)Information security using onion routing(tor)
Information security using onion routing(tor)Kaustubh Joshi
 
DATA COMMUNICATION PPT
DATA COMMUNICATION PPTDATA COMMUNICATION PPT
DATA COMMUNICATION PPTMajane Padua
 
ProjectTox: Free as in freedom Skype replacement
ProjectTox: Free as in freedom Skype replacementProjectTox: Free as in freedom Skype replacement
ProjectTox: Free as in freedom Skype replacementWei-Ning Huang
 
Agents and P2P Networks
Agents and P2P NetworksAgents and P2P Networks
Agents and P2P NetworksJames Salter
 
Hotnets Slides
Hotnets SlidesHotnets Slides
Hotnets Slidesmahan9
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Alec Muffett
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymityanurag singh
 
Commonly Used Peer to Peer Methods & Applications
Commonly Used Peer to Peer Methods & ApplicationsCommonly Used Peer to Peer Methods & Applications
Commonly Used Peer to Peer Methods & Applications905426
 
Cryptography based misbehavior detection for opportunistic network
Cryptography based misbehavior detection for opportunistic networkCryptography based misbehavior detection for opportunistic network
Cryptography based misbehavior detection for opportunistic networkShahana P H
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Marcus Leaning
 

Ähnlich wie Anon p2p slides (20)

P2P Lecture.ppt
P2P Lecture.pptP2P Lecture.ppt
P2P Lecture.ppt
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
Information security using onion routing(tor)
Information security using onion routing(tor)Information security using onion routing(tor)
Information security using onion routing(tor)
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
 
Rumor riding
Rumor ridingRumor riding
Rumor riding
 
DATA COMMUNICATION PPT
DATA COMMUNICATION PPTDATA COMMUNICATION PPT
DATA COMMUNICATION PPT
 
ProjectTox: Free as in freedom Skype replacement
ProjectTox: Free as in freedom Skype replacementProjectTox: Free as in freedom Skype replacement
ProjectTox: Free as in freedom Skype replacement
 
Agents and P2P Networks
Agents and P2P NetworksAgents and P2P Networks
Agents and P2P Networks
 
Hotnets Slides
Hotnets SlidesHotnets Slides
Hotnets Slides
 
Black hole attack
Black hole attackBlack hole attack
Black hole attack
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5
 
Onion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and AnonymityOnion routing and tor: Fundamentals and Anonymity
Onion routing and tor: Fundamentals and Anonymity
 
WEEK-01.pdf
WEEK-01.pdfWEEK-01.pdf
WEEK-01.pdf
 
VPN
VPNVPN
VPN
 
Commonly Used Peer to Peer Methods & Applications
Commonly Used Peer to Peer Methods & ApplicationsCommonly Used Peer to Peer Methods & Applications
Commonly Used Peer to Peer Methods & Applications
 
Cryptography based misbehavior detection for opportunistic network
Cryptography based misbehavior detection for opportunistic networkCryptography based misbehavior detection for opportunistic network
Cryptography based misbehavior detection for opportunistic network
 
Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR Dark Side of the Net Lecture 4 TOR
Dark Side of the Net Lecture 4 TOR
 
Dmk bo2 k8_ccc
Dmk bo2 k8_cccDmk bo2 k8_ccc
Dmk bo2 k8_ccc
 
ch07.ppt
ch07.pptch07.ppt
ch07.ppt
 

Kürzlich hochgeladen

VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...SUHANI PANDEY
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSrknatarajan
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfSuman Jyoti
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Christo Ananth
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 

Kürzlich hochgeladen (20)

(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 

Anon p2p slides

  • 1. A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)
  • 2. Outline of Talk • The theory of anonymity. • Designs for anonymity. • Anonymous file-sharing software. • Some early results from the analysis of file- sharing software.
  • 3. Introduction • This is a light weight introduction to anonymity: – Definitions – Design – Real Systems – Some Analysis of the Systems • Next week you will see more on the technical definitions and modeling with process calculi.
  • 4. The Theory of Anonymity Anonymity means different things to different users. The right definitions are key to understand any system. “On the Internet nobody knows you’re a dog”
  • 5. The Theory of Anonymity • Anonymity is a difficult notion to define. – Systems have multiple agents – which have different views of the system – and wish to hide different actions – to variable levels. • Sometimes you just want some doubt, sometimes you want to act unseen.
  • 6. The Theory of Anonymity • In a system of anonymous communication you can be: – A sender – A receive / responder – A helpful node in the system – An outsider (who may see all or just some of the communications). • We might want anonymity for any of these, from any of these.
  • 7. Example: Anonymous File- Sharing One node sends a request for a file (sender) Other nodes receive this request (the nodes) Maybe one of the nodes replies with a file (receiver/responder). The attacker may be any of these or an outside observer. ?
  • 8. Example: Anonymous File- Sharing • The user may wish to hide – that they are offering files – that they are taking part in data transfer – that they are running the software at all. • The user may want to have plausible deniability or go complete unnoticed. ?
  • 9. The Theory of Anonymity • There are many definitions. • Some are “too weak”, – Delov-Yao style “Provable Anonymity” • Some are “too strong”, – Information flow. • There will be more on these definitions next week.
  • 10. Levels of Anonymity Reiter and Rubin provide the classification: • Beyond suspicion: the user appears no more likely to have acted than any other. • Probable innocence: the user appears no more likely to have acted than to not to have. • Possible innocence: there is a nontrivial probability that it was not the user.
  • 11. Beyond suspicion • All users are Beyond suspicion: Prob Users A B C D E
  • 12. Beyond suspicion • Only B and D are Beyond suspicion: Prob Users A B C D E
  • 13. Beyond suspicion • Now, only B is Beyond suspicion: Prob Users A B C D E
  • 14. Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
  • 15. Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
  • 16. Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
  • 17. Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
  • 18. Probable Innocence • All users are Probably Innocence Prob Users A B C D E 50%
  • 19. Example: The Anonymizer An Internet connection reveals your IP number. The Anonymizer promise “Anonymity” Connection made via The Anonymizer. The Server see only the Anonymizer. S ? The Anonymizer
  • 20. Example: The Anonymizer The sender is Beyond Suspicion to the server. The server knows The Anonymizer is being used. If there is enough other traffic, you are Probably Innocence to a global observer. The global observer knows you are using the “The Anonymizer” There is no anonymity to the “The Anonymizer”
  • 21. Example: The Anonymizer • From the small print: • … we disclose personal information only in the good faith belief that we are required to do so by law, or that doing so is reasonably necessary … • … Note to European Customers: The information you provide us will be transferred outside the European Economic Area
  • 22. Summary: The Theory of Anonymity • There are many agents in a system each of which have different views. • There are a number of different actions. • We need to define the level of anonymity an user has when performing a certain action, given the attacker’s view of the system.
  • 23. Outline of Talk • The theory of Anonymity. • Designs for anonymity. • Anonymous file-sharing software. • Some early results from the analysis of file- sharing software.
  • 24. Theoretical Designs for Anonymity • We have seen an example of anonymity from a Proxy. • In Friend-to-Friend networks: – nodes have fixed neighbours, – only direct neighbours know IP addresses, – nodes act as proxies for there neighbours. • Anonymity to your neighbour is by trust or by claiming you are just acting as a proxy.
  • 25. Ants The Ants protocol is for ah- hoc networking. Each node has a pseudo ID. A node broadcasts a request, labeled with its own ID. Nodes record IDs it receives over each connections. A
  • 26. Ants If another nodes wishes to reply to the request: It sends packets labeled with its own ID The packets are sent along the most used connection for the to ID.A
  • 27. MIXes • MIXes are proxies that forward messages between them • A user contacts a MIX to send a message • The MIX waits until it has received a number of messages, then forwards them in different order
  • 28. MIXes • It is difficult to trace the route of each message. • Provides beyond suspicion S-R unlinkability even w.r.t. a global attacker. • Messages have to be delayed (can be solved with dummy traffic). • More complicated when sending series of packets
  • 29. Onion Routing • Messages are routed through a number of nodes called Core Onion Routers (COR) • The initiator selects the whole route and encrypts the message with all keys in reverse order • Each node unwraps a layer (onion) and forwards the message to the next one {{{m}k3 }k2 }k1 {{m}k3 }k2 1 2 3 {m}k3 m
  • 30. Onion Routing • Each node only learns the next one in the path • Can be used together with MIXing. • End-users can run their own COR – Better anonymity • or use an existing one – More efficient – User's identity is revealed to the COR
  • 31. Crowds • A crowd is a group of n nodes • The initiator selects randomly a node (called forwarder) and forwards the request to it • A forwarder: – With prob. 1-pf selects randomly a new node and forwards the request to him – With prob. pf sends the request to the server server
  • 32. Crowds • Beyond suspicion w.r.t. the server • Some of the nodes could be corrupted. • The initiator could forward the message to a corrupted node. • Probable innocence w.r.t. a node (under conditions on the number of corrupted nodes).
  • 33. Dining Cryptographers • Nodes form a ring • Each adjacent pair picks a random number • Each node broadcasts the sum (xor) of the adjacent numbers • The user who wants to send a message also adds the message • The total sum (xor) is: r1 +r2 +r2 +r3 +r3 + r4 +r4 +r5 +r5 +r1 +m = m r1 r4 r5 r3 r2 r1 +r2 r5 +r1 r4 +r5 r3 +r4 r2 +r3 +m
  • 34. Dinning Cryptographers • It's impossible to tell who added m. • Beyond suspicion even w.r.t. to a global attacker. • Very inefficient: everyone must send the same amount of data as the real sender. • More info in Catuscia's talk
  • 35. Mutli-casting • Broadcast the message to the whole network. • Provides beyond suspicion for the receiver. • No anonymity for the sender. • Multicasting is an efficient technique for broadcasting messages. • but very inefficient to send just one message.
  • 36. Spoofed UDP • IP packets on the Internet contain the IP address of the sender • This address is not used by routers, only by higher-level protocols such as TCP • UDP does not use this address • A random address can be used instead to provide sender anonymity • Method prohibited by many ISPs
  • 38. Outline of Talk • The theory of anonymity. • Designs for anonymity. • Anonymous file-sharing software. • Some early results from the analysis of file- sharing software.
  • 39. Mute • Mute is an open source project based on the Ants protocol. • Mute uses a complicated 3 stage time-to-live counter that allows an attack. • In Mute all the probabilistic choices are fixed when a node starts. This protects against statistical attacks.
  • 40. Ants • Ants is also an open source project based on the Ants protocol. • There is a probabilistic change of dropping a search request. Avoiding some attacks but giving little control over searches. • Ants send most reply packets over the best route but sends some by other routes. This is done for efficiency by it also stops some attacks by inside nodes.
  • 41. Mantis • Mantis is an academic project that uses the Ants protocol. • But the sender may make its IP address public and receive the file by address spoofed UDP. • Hence only the responder is anonymous, but the system is very efficient.
  • 42. Anonymous Peer-to-Peer File- Sharing (APFS) • APFS is based on Onion Routing • Volunteer nodes act as proxies. • Centralised servers store an “onion routes” for files. • Searching is carried out by asking a server for an onion route for a file. • Pro: Secure system, Con: Hard to set up and maintain.
  • 43. Freenet and Free Haven • There are a number of “anonymous publishing system”. • For example Freenet and the MIX based Free Haven. • These systems make the original author of a file anonymous, not the responder. • Nodes will often cache files.Therefore you can “trick” a node into storing and “offering” a file.
  • 44. Waste • Waste is a friend-to-friend network. It is designed for small groups (under 50 nodes). • The sender and receive are known to network insiders, but anonymous to an outside attacker. • Dummy traffic traffic is sent between nodes whenever they are idle.
  • 45. Tor • Tor is an anonymous transport layer. • It does not implement a file-sharing but file- sharing software can be run on top of it. • Tor implements onion routing without MIXes. • Its possible that a program run on top of Tor will reveal its IP address.
  • 46. Some Other Systems AP3 Crowds Mislove et al. Entropy Freenet entrop.stop1984.com GNUnet MIXes gnunet.org I2P Onion routing www.i2p.net Nodezilla Freenet www.nodezilla.net Napshare Ants napshare.sourceforge.net SSMP Secret sharing Dingledine et al. & onion routing
  • 47. Outline of Talk • The theory of anonymity. • Designs for anonymity. • Anonymous file-sharing software. • Some early results for the analysis of file- sharing software.
  • 48. Goals for Anonymous File- Sharing using Ants • The attacker is a node in the network and must discover the pseudo ID of its nieghbours. • Sender (requesting files) is Probable Innocence to nodes and responder. • Responder (offering files for download) is Probable Innocence to nodes and sender.
  • 49. The Model • The model of the network is a connected weighted graph. • The weights are the times it takes for a message to travel along that connection. • Travel times are fixed. • A single attacker, no timed-based attacks. • No time-to-live counter.
  • 50. The Attackers View • Its connections and the real addresses of the nodes each of these connections leads too. • The pseudo IDs from the messages it has seen. • For each pseudo ID, the ordered over which the attacker receives message • The ``to'' and ``from'' pseudo address of all the messages past across it.
  • 51. The Attackers View • The attacker may also send messages. • It can form message out of its own random values, its own address or any address is has seen. • In particular, it can send messages the “wrong way”.
  • 52. Time-Based Attacks • The quickest reply along any connection will come from the direct neighbour. • The attacker may try random request, and note the reply times. • The pseudo ID with the fastest reply time over any connection is assume to be the neighbour. • If a node shares any files at all, it is not anonymous to its neighbour.
  • 53. Result • Assuming no timed-based attacks, there is still a problem: • The attacker might just see one pseudo ID over a connection. • Or have a unique pseudo ID “bounced back”. • i.e., anonymity depends on how the nodes are connected.
  • 54. Result • One node on its own is not anonymous. • Only node one node fastest along a connection is not anonymous. N A
  • 55. Result • Active attacks allow more discrimination. • A receives two IDs first over each connection. • But N3 and N4 are bounced back • Therefore the attack can identify N1 and N2. N1 A N3 N2 N4
  • 56. Result • If we assume that the attackers neighbours might never share files then Ants is anonymous. • Otherwise: – The Ants protocol can be broken by a timed attack. – If any connection is not used by at least two different pairs of nodes to communicate then the nodes on this connection are not anonymous to each other.
  • 57. Protected Addresses • Attacker can make a message with another node’s pseudo ID as the from address. • This lets it disrupt communication. • We can generate a key pair and use the authentication key as the pseudo ID. • The sender signs the message ID. • Hence the attacker cannot fake messages.
  • 58. Other Kinds of Attack • Global Attacker • System Membership • Time-to-Live Attacks (Mute, Mantis) • Multiple Attackers (Mute) • Statistical Attacks (MIXes) • Forced Repeat (Crowds) • Nodes Joining and Leaving • Denial of Service (Mute)
  • 59. Outline of Talk • The theory of Anonymity. • Designs for Anonymity • Anonymous file-sharing software • Some early results for the analysis of file- sharing software.
  • 60. Further Work • Ants Protocol: – Finish formal model and testing, – Time delays, – Deciding when a network is safe, – MIXes for file-sharing. • General purpose formal methods for anonymous systems.
  • 62. Example: Anonymous File- Sharing • The user may wish to hide – that they are offering files – that they are taking part in data transfer – that they are running the software at all. • The user may want to have plausible deniability or go complete unnoticed.
  • 63. Example: Anonymous File- Sharing • The user may wish to hide – that they are offering files – that they are taking part in data transfer – that they are running the software at all. • The user may want to have plausible deniability or go complete unnoticed.

Hinweis der Redaktion

  1. Bad Defs is where a lot of systems go wrong. IP address and time -> ISP -> bill info Normal we assume that each node has a unique ID
  2. Bad Defs is where a lot of systems go wrong.
  3. Give examples: Comms systems when the sender and rec. know each other (and keys) Do you trust the insider notes?
  4. Getting sued and being guilty are different levels. Anonynmity does not mean that you can’t be picked out.
  5. If the attacker know how likely you are to perform certain actions is covered next week. For now we assume nothing about it. Assuming that all nodes are equal likely is wrong.
  6. Also guilt And total unknowable.
  7. Using the Anonymizer may act as a flag to get you notice. While the prommise is full Anonymity the truth is very different. Until stand the defs is important.
  8. Pseduo ID is random can be independently replaced at any time.
  9. N.B. Ants not designed for anonymity, there are some issues with a time-to-live counter Say to be the way in which ants find food. Ah-hoc ants has more feely routing.
  10. Stat analy. N-1 attack
  11. Analy by math Repeat message attack
  12. Mutli-cast protocol
  13. No control, not good for sending large files.
  14. Time to live attack.
  15. Cannot make a simple calculi model because the network changes. Cannot model like crowds because network architecture matters. Multiple attacks can be simulated as a single attacker.
  16. The connection on which these messages arrive is defined by the previous list of connections.
  17. The connection on which these messages arrive is defined by the previous list of connections.