Anonymous Routing in Wireless Networks: Onion Routing

1
Anonymous Routing in Wireless Networks Onion
Routing

• Priyanka Banerjee

2
Organization

• Introduction
• Traffic Analysis overview
• Onion Routing in Wired Networks
• Onion Routing in Wireless Networks
• conclusion

3
Introduction

• Types of Attackers on the web
• Active Attackers
• Passive attackers

4
Traffic Analysis

• Intercept traffic
• Capture packets
• Analyze packets
• Deduce useful information

5

• Traffic analysis focuses on the headers, which
  contain meta data like source address,
  destination address, timing information etc
• Hence even if the packet content is encrypted,
  Traffic analysis can reveal useful information

6
Importance of Traffic Analysis

• Although traffic analysis provides lower quality
  information, it is preferred over cryptanalysis
  because it is easier than breaking complex
  encrypted messages 2
• It is also cheaper because traffic data can be
  automatically collected and processed to provide
  a high degree of intelligence 2
• It is used for military purposes 2 and by
  various organizations to track unpleasant events
  over the internet

7
Onion Routing

• Onion routing is the the mechanism in which the
  sender (initiator) and the receiver (responder)
  nodes communicate with each other anonymously by
  means of some intermediate nodes called as onion
  routers
• It relies on public key cryptoraphy

8
Infrastructure for Onion Routing

• Network Infrastructure
• Proxy Interfaces

9
Steps in Onion Routing

• Defining a route
• Constructing an anonymous connection
• Moving data through an anonymous connection
• Destroying the anonymous connection

10
Example

• Let onion routers 4, 3, and 5 be randomly
  selected by the onion proxy

11

• The proxy encrypts the data with 5s public key
  followed by 3 and then 4
• Thus an onion is created which looks like
• E4pu (3s IP address, E3pu ((5s IP address,
  (E5pu (recipients IP address, data)))))

12

• The proxy then sends the onion to the first onion
  router i.e. 4
• Onion router 4 peels the outer layer of the onion
  using its private key
• It forwards the onion to 3 which now looks like
  E3pu ((5s IP address, (E5pu (recipients IP
  address, data))))

13

• Onion router 3 peels the outer layer of the onion
  using its private key
• It forwards the onion to 5 which now looks like
  (E5pu (recipients IP address, data))

14

• Onion router 5 now peels the outer layer of the
  onion using its private key
• It finds plain data and the destination address
  and forwards it to the destination

15
Problems and solutions

• The size of the onion reduces as it nears the
  destination
• Hence an attacker can infer details about the
  destination
• To avoid this onions are padded at each onion
  router to maintain the size of the onion (Onions
  can be padded to same or different sizes )

16

• Every onion router has details of only its
  previous and next hop
• So even if an onion router has been compromised
  the attacker can only get the encrypted onion .He
  will not be able to decrypt the onion without the
  private keys and hence will not infer any
  valuable information from it

17

• Suppose an attacker records data going on between
  routers and is able to compromise a router at a
  later stage, to acquire private key and decrypt
  data.
• This can be avoided by using a session key
  between communicating parties.
• The session key is used to encrypt data and is
  valid only for the duration of the communication.

18

• Packet delivery is not ensured
• If an onion router fails on the way then the
  message will not reach the destination

19

• It is susceptible to denial of service attacks.
  This can be done by forcing onion routers to do a
  large number of cryptographic operations by many
  sending packets to it. Eventually the router
  simply ends up doing cryptographic operations and
  is not able to forward packets
• This can be mitigated using client puzzles. Here
  the onion proxy/router (i.e. the server) forces a
  requesting client to complete a puzzle before it
  allocates resources
• But puzzle solving has an impact on the latency

20
Challenges in Wireless Networks

• In a wireless medium there is node mobility and
  lack of infrastructure. There is no central point
  governing the flow of traffic.
• So nodes rely on intermediate nodes to relay
  their data. If intermediate nodes are compromised
  then onion routing fails
• Also packets are broadcast into the network. Thus
  traffic analysis becomes easier and may go
  undetected

21

• Lack of central management makes it susceptible
  to active attacks
• It takes longer to construct paths due to the
  dynamic nature of the environment.
• Key distribution for encrypting traffic is a
  challenge.

22
Wireless Anonymous Routing (WAR)

• It is based on onion routing and traffic mixing
• Here the keys are distributed using a RadioGram
• RadioGram object is like an onion which has
  layers of encryption around the data content
• RadioGrams are broadcast into the network and the
  intended nodes along the route to the destination
  decrypt a layer at a time

23

• The structure of a radiogram is as follows
• tid sk MIC sk MIC . sk
  MIC content padding
• The information contained within the curly braces
  represent each layer of the onion
• Transmitter ID i.e. tid It uniquely defines a
  radiogram. It is a RSA public key. It is used to
  encrypt the session key. And the session key is
  then used to encrypt the rest of the fields
• Session key i.e. sk It is a symmetric key
  encrypted by the public key of the transmitter

24

• MIC or Checksum It is the pre-computed hash
  value of everything the onion skin wraps except
  the padding
• Control Signals i.e. It tells the receiver
  what has to be done with the received message. It
  also tells about the type of message and the
  padding
• Content This is the actual data that is being
  transmitted and can be interpreted only by the
  final destination
• Padding This is used just to maintain the size
  of the onion

25
Example

• A.id B.sk B.MIC B. C.sk C.MIC C.
  content padding
• A generates the content content.
• It then generates a random session key (16 byte)
  C.sk .
• It sets the control signal C. appropriately i.e.
  type MESSAGE and padding k bits .
• It prepends C. to content
• It computes a 16 byte MIC over C.sk C.
  content and calls it C.MIC.
• It encrypts C.MIC C. content under C.sk .
• It encrypts C.sk using Cs public key and calls
  it C.sk .
• It prepends C.sk to C.MIC C. content .
• Append any padding if reqired.
• It renames C.sk C.MIC C. content to
  content
• It repeats the above steps for (all other
  intermediate nodes) B.

26

• When the nodes within the transmission range of
  A receive the Radiogram they perform the
  following steps
• They strip A.id and save it
• They strip B.MIC and save it.
• They strip the encrypted B.sk.
• They try to decrypt B.sk to B.sk using their
  private key. (If it succeeds then they are the
  intended recipient else they simply drop the
  packet. Only B is able to decrypt B.sk as it was
  encrypted with his public key.)
• B assumes that the message is for him and now
  uses B.sk to decrypt the remainder of the message
  i.e. B.MIC B. content
• B checks B. to determine where the padding
  begins and the other rules it is supposed to
  follow.
• B computes B.MIC over B.sk B. content.
• It compares B.MIC to B.MIC. If they are equal B
  checks B. for further information. If they are
  unequal it implies that the packet has been
  altered and B drops it or logs it as required.
• It then prepends his transmitter id and puts the
  packet which looks like B.id C.sk C.MIC
  C. content padding on the outgoing queue
  and broadcasts it.
• Again all the nodes in Bs range perform the
  above steps. But only C is able to decrypt the
  message and read it.

27
Drawbacks of WAR

• Key distribution is a problem
• Time taken for a packet to be delivered to a
  destination is long because of RSA encryption and
  decryption. This algorithm relies on public key
  cryptography
• The sender needs to know the topology of the
  entire network as there is no route discovery
• It does not ensure packet delivery because if an
  intermediate node on the destination path fails
  then the packet will never reach the destination

28

• A node has to perform a certain number of
  decryptions just so that it can determine if it
  is the intended node on the route to the
  destination
• It is susceptible to DDOS attacks because an
  attacker can send keep broadcasting packets and
  force the legitimate nodes on a route to do a
  large number of decryptions. Thus a valid packet
  may not be transmitted

29
Secure Distributed Anonymous Routing Protocol
(SDAR)

• This protocol is also based on onion routing
• It does not require the source node to know the
  entire network topology unlike the previous WAR
  protocol
• It is divided into three phases
• Path discovery
• Path reverse
• Data Forward

30

• Path discovery
• This allows the source node S to establish a path
  up to the destination using intermediate nodes.
• The beauty of this phase is that none of the
  intermediate nodes can discover the identity of
  any of the participating nodes except its
  neighbors.
• The source S creates a path discovery packet and
  broadcasts it.

31

• Path reverse
• When the receiver receives the path discovery
  message it puts in the ids and session keys of
  all the intermediate nodes into one message
• It encrypts this message again and again with the
  session keys of the intermediate nodes beginning
  from the last node. It then broadcasts the packet
• Every node along the reverse path removes a layer
  of encryption and broadcasts the packet
• So when the source receives the message it has
  the ids and keys of all the nodes on the path to
  the destination. It uses these keys to encrypt
  the data and broadcasts it

32

• Data Transfer
• The source encrypts the data using the keys of
  the intermediate nodes and broadcasts it
• Each node on the way decrypts a layer and
  forwards it
• So when the message reaches the destination all
  the encryption layers have been peeled off and
  the receiver is able to read the message

33
Drawbacks of the SDAR protocol

• There is no control over the route length since
  the path to the destination is a discovery
  process. Hence it may take a really long time for
  the actual data transfer to begin
• If malicious nodes keep forwarding path discovery
  packet amongst each other then it may never reach
  the intended receiver

34
Advantages of the SDAR protocol

• The source need not know the topology of the
  entire network since path discovery is a dynamic
  process

35
(No Transcript)
36
References

• I http//en.wikipedia.org/wiki/Traffic_analysis
• II http//www.more.net/technical/netserv/troubles
  hooting/trafficanalysis.html
• III http//tor.eff.org/overview.html.en
• IV http//en.wikipedia.org/wiki/Onion_routing
• 1 Mary Elisabeth Gaup Moe. Security Models for
  Anonymous Routing. Norwegian University of
  Science and Technology.
• 2 George Danezis. Introducing traffic Analysis-
  Attacks, Defenses and public Policy Issues.
  Invited Talk.
• 3 Yih Chun Hu, Adrian Perrig. A Survey of
  Secure Wireless Ad Hoc Routing. University of
  California- Berkeley, Carnegie Mellon University.
• 4 Adam Back, Ulf Moller, Anton Stiglic. Traffic
  Analysis Attacks and Trade-Offs in Anonymity
  Providing Systems. Zero-knowledge Systems Inc.
• 5 Marc O Morain, Vladislav Titov, Wendy
  Verbuggen. Onion Routing for Anonymous
  Communication.
• 6 Michael G. Reed, Paul F. Syverson, David M.
  Goldschlag. Proxies for anonymous Routing.
  Naval Research Laboratory, Washington DC.
• 7 Nicholas A. Fraser, Richard A. Raines, Rusty
  O. Baldwin. Tor An Anonymous Routing Network
  for Covert On-line Operations. Air Force
  Institute of Technology, Wright Patterson AFB.
• 8 Michael E. Locasto, Clayton Chen, Ajay Nambi.
  WAR Wireless Anonymous Routing. Department of
  Computer Science, Columbia University.
• 9 Liu Yang, Markus Jacobson, Susanne Wetzel.
  Discount Anonymous On Demand Routing for Mobile
  Ad hoc Networks.
• 10 Azzedine Boukerche, Khalil El-Khatib, Li Xu,
  Larry Korba. SDAR A Secure Distributed
  Anonymous Routing Protocol. University of
  Ottawa.
• 11 Dehn Sy, Rex Chen, Lichun Bao. ODAR
  On-Demand Anonymous Routing in Ad-Hoc Networks.
  University of California.
• 12 Stefaan Seys, Bart Preneel. ARM Anonymous
  Routing Protocol for Mobile Ad hoc Networks.
  Department of Electrical Engineering-ESAT,
  SCD/COSIC