Anonymous Communication Flashcards
Alternative to cookies for user tracking
Browser fingerprinting based on features and configuration settings of the browser (language etc) that are accessible without any permission.
Sender anonymity
Adversary knows receiver
adversary may learn message
sender is unknown
receiver anonymity
adversary knows sender
adversary may choose message
receiver is unknown
Sender-receiver unklinkability
adversary knows senders and receivers
link between senders and receivers is unknown
anonymity -> unlinkability
unobservability
adversary cannot tell whether any com. is taking place
Wireless:: DSSS
Wired: always send
unobservability -> anonymity
Batching and mixing
- proxy collects number of messages before forwarding and mix order of messages.
- messages need to be indistinguishable.
- use multiple proxies (mixes) to avoid single point of failure
- layered encryption
ISSUE:
- Intersection attack possible (without cover traffic)
- low performance (mainly due to batching)
Intersection attack
- everytime a message is seen by the target, register sets of destinations
- narrow it down over time
Solution: Covertraffic fopr unobservability
Direct circuit setup
- establish state on relays by using normal packets
- sender knows the established keys in advance (based on long-term public keys of relays)
- -> no forward secrecy
Telescopic circuit setup
- keys are negotiated one relay at a time
- ID of R2 is encrypted with ephemeral session key of R1
- slower but offers immediate forward secrecy.
Circuit tear-down
- can be initiated by sender and by intermediate relays
- ## sender communicates tear-down to one relay at a time, starting from the furthest away
Attacks on circuit based systems
- traffic analysis: flow fingerprinting, webseite fingerprinting
- TCP fingerprinting: analize TCP protocol implementation (sol: per hop tcp)
- trick users into downloading malware
- any gap will break anonymity
Tor basics
circuits over 3 relays
- per hop tcp
- per hop tls (except last hop)
- features: cencorship resistance (bridges), exit policies, hidden services
Tor relay_early
relay_early enforces maximal path length of 9 to prevent cheap DoS.
- extend cells can only be contained in relay_early cells.
- each relay allows only 8 relay_early cells per circuit
hidden services
- anonymize server (Bob)
- hash of Bobs public key is identifier of hidden service
- Bob has connection so a set of introduction points
- Alice connects to IP and suggests rendezvous
- traffic never leaves tor network
directory authorities
- 10 directory authorities (DA) run consensus to keep state of relays
- weakness: adversary needs to compromise 5 authority servers
