Anonymity on the Web: A Brief

Overview

By: Nipun Arora

uni-na2271

What is Anonymity?What is Anonymity?

“Anonymity is the state of being not identifiable within a set of subjects.”

◦ There is no such thing as absolute anonymity First suggested by David Chaum in his seminal paper[1] on

anonymous remailer systems Anonymity deals with hiding identity of the user

◦ Relationship between users is hidden

◦ Perfect Forward secrecy: defending against statistical analysis attacks

◦ Confidentiality/Availability/Integrity is preserved Services available even though hidden and integrity of the connection is

maintained

Why we require Why we require anonymity?anonymity?

Defends against a common form of Internet surveillance

known as "traffic analysis."

Internet traffic analysis allows adversaries to model user

behavior and interests

Confidentiality (Encryption) does not prevent adversaries

from determining the identity of the user and his/her peers.

OverviewOverview

Goal of Anonymity

◦Inititator Anonymity responder(server) cannot determine the identity of the

client(initiator)

◦Responder Anonymity attacker cannot determine who the intended receiver of

the particular package is

◦Unlikability: attacker may determine senders and receivers but not

the associations between them (attacker doesn’t know who communicates with whom)

Types of adversaries against anonymity◦Outsiders

Global Passive Adversary: Attacker which can have a Global view of the internet and monitor internet activity

◦Insiders Local eavesdropper : Attacker monitoring activity on

some restricted domain Compromised router , or malicious server

Threat Model

Taxonomy of Anonymity Taxonomy of Anonymity SystemsSystems

Recent anonymyzing systems can be divided in broadly two categories

◦ Low Latency Anonymizers: Low latency anonymity systems are used for interactive applications. Such systems guarantee low response time essential to interactive applications such as web browsing. TOR: The Onion Router is one of the most commonly used

Low Latency Anonymizers JAP- Java Anonymous Proxy An.on/Anonymizer.com

Latency Tolerant Anonymizers: Delay Tolerant anonymizers are used for applications which do not require the low response time essential to interactive applications. Eg. E=mail

Mixminion: Type III anonymous remailer system

Mix nets & Mix CascadesMix nets & Mix Cascades

David Chaum. “Untraceable electronic mail, return addresses, and digital pseudonyms”. Communications of the ACM, February 1981.

Set of anonymizing relays/proxies to evade an eavesdropper from linking initiator and the responder.

Mixes- Each relay in the network is a ‘mix’

Mix Cascade’sMix Cascade’s

String A, B and C are passed as packets to Mix1

Mix 1 randomly forwards it to Mix 2, Mix 3, Mix 4

A cascade is several such mixes put in a relay

It is extremely difficult for an adversary to make an end to end connection between sender and reveiver in case of mix cascade

Layered Encryption: Layered Encryption: ‘‘OnionOnion’’

• Several layers of data• The data being sent is encapsulated

in something similar to an ‘onion’.• At each hop in the mixed cascade the

onion is peeled to find the next relay point.

• This concept forms the basis paradigm of the onion routing project.

Address of first relay

Address of the 2nd relay

Data

Overview of Tor Architecture

What is Tor ?

- The Onion Routing Project (currently in second gen.)

Key Features:

- Network of proxies -Uses “3-hop” relays (ORs) by default

- – The three relay points are called Entry Node ,

Middleman and Exit Node .

* Although can be extended to as many hops as possible.

- Many connections can be multiplexed over the same Tor

Circuit.

Key Features(continued...)

- Encrypted connections to connect the Entry Node ,

Middle Man and Exit Node(uses SSL encryption)

-All the information is not stored in a single Onion Router

(makes it more secure)

- Provides hidden services:

- Services not accessible for an outsider

- Tor creates a new url for the server (a string ,

NOT DNS NAME) within the .onion domain.

The Tor circuit

Client (Alice) fetches the directory

listing of ORs from the directory

service (Dave)

Here Dave contains all the addresses

of the complete Tor network. Alice

creates the onion with complete

addresses of all the relay points it has

to pass through.

<IP address> : 9002

Circut made completely...

Sources of Vulnerabilities for Sources of Vulnerabilities for AnonymizersAnonymizers

Attacks strategies are mostly based on monitoring internet activity

Statistics being used are

◦ Round Trip Time

◦ Throughput

◦ Latency

◦ Clock Skew: TCP timestamp clock drift error , helps in identifying hosts which have a similar drift

An attack by a truly ‘Global Passive Adversary’ cannot be defended.

ConclusionConclusionAnonymity is Necessary!!!Used in places to maintain secrecy

in blogspots or for journalists making comments on contentious issues.

Hiding personal information mantained in histories of several servers

Secure Banking passwordsAvoiding Spams

ReferencesReferences1. D. L. Chaum. Untraceable Electronic Mail, Return

Addresses, and Digital Pseudonyms. Communincations of the ACM, 24(2):84–90, February 1981.

2. R. Dingledine, N. Mathewson, and P. Syverson Tor: The Second-Generation Onion Router. In Proceedings of the 13th USENIX Security Symposium, pages 303–319, August 2004.

Thank You