On Anonymization Overlays

1
On Anonymization Overlays
Jayanthkumar Kannan, Network Group Meeting,
03/08/06
2
On Anonymization Overlays
Jayanthkumar Kannan, Network Group Meeting,
03/08/06
Post-Mortem Of An Abandoned Course Project
Vitaly Shmatikov  http//www.cs.utexas.edu/shmat
/courses/cs378_spring05/23anon.ppt.
3
The beginning Chaumian Mixes
B
A
C
E
D
Mix
Adversary knows all senders and all receivers,
but cannot link a sent message with a received
message

• Untraceable Electronic Mail, Return Addresses,
  and Digital Pseudonyms, D. Chaum, Comm. ACM,
  1981.

4
Then Onion Routing
R
R4
R
R
R3
R
R1
R
R2
Alice
R
Bob

• Sender chooses a random sequence of routers
• Some routers are honest, some controlled by
  attacker
• Sender controls the length of the path

Goldschlag, Reed, Syverson, "Hiding Routing
Information," LLNCS 1174, 1996
5
Onion Routing (2)
R2
R4
Alice
R3
Bob
R1
Mpk(B)
B,k4pk(R4), k4
R4,k3pk(R3),
k3
R3,k2pk(R2),
k2

• Routing info for each link encrypted with
  routers public key
• Each router learns only the identity of the next
  router

6
What is deployed TOR

• Second-generation onion routing network
• http//tor.eff.org
• Developed by Roger Dingledine, Nick Mathewson and
  Paul Syverson
• Specifically designed for low-latency anonymous
  Internet communications
• Running since October 2003
• 100 nodes on four continents, thousands of users
• Easy-to-use client proxy
• Freely available

7
TOR (2)
8
TOR (3)
9
Unsolved Issues

• PKI
• Limited Connectivity
• Do not separate between clients and servers
• Dynamicity
• Solutions
• Dining Cryptographers Chaum No PKI, Limited
  Connectivity, No Separation, Dynamicity
  Herbivore, P5
• Good Anonymity, Not very scalable

10
Forget PKI Crowds

• Probabilistic Forwarding
• Soln Each node simply chooses random neighbor,
  and forwards
• Some anonymity properties provided assuming the
  graph is complete
• Basically, Onion Routing PKI
• Loses confidentiality property that is ok?

Michael Reiter, Avi Rubin, Crowds Anonymity For
Web Transactions, TISSEC, 1998
11
Connection to a DHT?

• Takes care of limited connectivity, peer-to-peer,
  and dynamicity
• Two questions
• Is the graph of a DHT a good forwarding
  structure?
• Can you provide a put(), get() with anonymous
  properties?

12
(No Transcript)
13
Soln Expander Graphs

• Pointed out that expander graphs are a good
  choice for low-degree graphs
• Soln Take a random walk, for log(N) hops
• In log(N) hops, cannot correlate between start
  vertex and end-vertex
• Connection between mixing time and anonymity
  metric
• Expander graphs
• A (K,A) expander has the property that any subset
  S of vertices (with less than K vertices) has
  atleast AS neighbors
• Deterministic Constructions
• Randomized Constructions A bi-partite graph with
  degree of 3 is likely to be expander with a high
  probability

George Danezis, Mix-networks with Restricted
Routes, PET 2003
14
Since then

• Few papers that crossed between networking and
  security
• Common Thread Proposed using a DHT for
  probabilistic forwarding
• Two problems

15
Dynamic Maintanence

• How do you build and maintain a graph that is whp
  an expander?
• Use the randomized construction
• Lots of Issues to deal with
• Joining Process?
• Leave Process?
• TCP?

16
Dynamic Maintanence

• How do you build and maintain a graph that is an
  expander with probability1?
• Stronger notion of anonymity
• Expander graphs have several useful properties
• Connection to the Secure DHT problem
• Secure DHT Assumptions required
• Bounded Churn, Randomized Oracle
• Bounded Churn
• How about a RNS (Random Number Service)?
• Seems to be a useful primitive in many systems
• Analogy to e-cash?

17
(No Transcript)