Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

Number of users ≈ 0

Anonymity & Censorship-free Communication

Remailers

Type-1 (Cypherpunk)

Sustainability

  • Mix decrypts messages
  • Uses PGP
  • CAST5 & ElGamal

Mixmaster (1998–)

  • Layered encryption
  • Batching and re-ordering
  • Based on Chaum Mix (1981)
  • 3DES & RSA (PKCS #1 v1.5)

There is no one security criterion for anonymity

Quantifying and Measuring Anonymity, Murdoch

Who needs anonymity?

  • Military personnel
  • Law enforcement
  • Bloggers
  • Activists and whistle-blowers
  • Ordinary people

Encryption doesn't work

TLS, PGP, S/MIME only hide what is being said

  • Alice uploaded a gigabyte to CNN 6 hours before footage of human rights abuses were aired
  • Bob, who just joined our criminal organization sent an encrypted email to the FBI a week before our boss got arrested
  • Charlie keeps browsing our website of illegal material, maybe we should give him fake data?

Abuse

← 98% 2% →

Onion service

The Web

3.67% of the most popular 1,000 websites block Tor

Directory crypto

  • List of nodes and their public keys maintained by 8 directory authorities
  • Consensus algorithm to create agreed set and together signed with RSA-2048
  • Each node signs descriptor with RSA-1024
  • Will be moving to ED25519 to replace RSA-1024 and 2048

Node selection for security and performance

Metrics for Security and Performance in Low-Latency Anonymity Systems, Murdoch and Watson

Link encryption

  • Confidentiality and integrity
  • Weak resistance to traffic analysis
  • Covertness (not so useful now)
  • TLS configured in similar way to web browser and client (RSA-1024 authenticating ECDH P-256 & AES)
  • Server to client authenticated
  • (client to server uses custom auth)

Do You See What I See? Differential Treatment of Anonymous Users, Khattak et al.

E2E encryption

  • E2E MAC verified by exit node
  • When MAC is verified to end of the path has been reached
  • Some bits set to zero to optimise the check
  • Payload contains command, Stream ID and data

Equivalent systems

Circuit encryption

  • Cannot expand ciphertext so as to hide path length without padding
  • AES CTR, with no MAC (malleable)
  • Keys negotiated using nTor algorithm
  • One-way authenticated Diffie Hellman (approx.)
  • Curve25519 elliptic curves
  • Cells contain Circuit ID

Nymble

Open proxies ≈ penet.fi

VPN (IPSEC) ≈ Type-0

MixMinion ≈ Tor

Censorship resistance

Fingerprinting and developing blocking rules

SoK: Making Sense of Censorship Resistance Systems, Khattak et al.

Steven J. Murdoch

VASCO & University College London

penet.fi (1993–1996)

  • Simply stripped headers off emails sent via remailer
  • Allowed replies to be sent
  • Easy to use, but single point of compromise
  • Shut down following compromise by CoS

Incentives

  • Many users are unable to pay (tragedy of the commons)
  • Giving better performance to users who contribute could reduce anonymity
  • If money is changing hands, volunteers may give up

Mixminion (2002–)

  • Fixed many problems
  • Introduced replies
  • AES, SHA-1, RSA OEAP
  • LIONESS wide-block cipher to resist tagging

Web browsing is hard to secure

  • Requires low latency
  • High variability
  • Low tolerance to padding
Learn more about creating dynamic, engaging presentations with Prezi