1 15-744: Computer Networking L-23 Privacy 2 Overview • Routing privacy • Web Privacy • Wireless Privacy slide 3 Randomized Routing • Hide message source by routing it randomly • Popular technique: Crowds, Freenet, Onion routing • Routers don’t know for sure if the apparent source of a message is the true sender or another router Onion Routing • Sender chooses a random sequence of routers • Some routers are honest, some controlled by attacker • Sender controls the length of the path slide 4 R R4 R1 R2 R R R3 Bob R R R Alice2 slide 5 Route Establishment R4 R1 R2 R3 Bob Alice {R2,k1}pk(R1),{ }k1 {R3,k2}pk(R2),{ }k2 {R4,k3}pk(R3),{ }k3 {B,k4}pk(R4),{ }k4 {M}pk(B) Routing info for each link encrypted with router’s public key Each router learns only the identity of the next router Tor • Second-generation onion routing network • http://tor.eff.org • Developed by Roger Dingledine, Nick Mathewson and Paul Syverson • Specifically designed for low-latency anonymous Internet communications • Running since October 2003 • 100s nodes on four continents, thousands of users • “Easy-to-use” client proxy • Freely available, can use it for anonymous browsing slide 6 How does Tor work? How does Tor work?3 Tor Circuit Setup (1) • Client proxy establish a symmetric session key and circuit with Onion Router #1 slide 9 Tor Circuit Setup (2) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #2 • Tunnel through Onion Router #1 (don’t need ) slide 10 Tor Circuit Setup (3) • Client proxy extends the circuit by establishing a symmetric session key with Onion Router #3 • Tunnel through Onion Routers #1 and #2 slide 11 Using a Tor Circuit • Client applications connect and communicate over the established Tor circuit • Datagrams are decrypted and re-encrypted at each link slide 124 Location Hidden Servers • Goal: deploy a server on the Internet that anyone can connect to without knowing where it is or who runs it • Accessible from anywhere • Resistant to censorship • Can survive full-blown DoS attack • Resistant to physical attack • Can’t find the physical server! slide 13 Creating a Location Hidden Server slide 14 Server creates onion routes to “introduction points” Server gives intro points’ descriptors and addresses to service lookup directory Client obtains service descriptor and intro point address from directory Using a Location Hidden Server slide 15 Client creates onion route to a “rendezvous point” Client sends address of the rendezvous point and any authorization, if needed, to server through intro point If server chooses to talk to client, connect to rendezvous point Rendezvous point mates the circuits from client & server 16 Overview • Routing privacy • Web Privacy • Wireless Privacy5 17 An “Old” Problem • Many governments/companies trying to limit their citizens’ access to information • Censorship (prevent access) • Punishment (deter access) • China, Saudi Arabia, HP • How can we defeat such attempts? • Circumvent censorship • Undetectably Proxy-Based Web Censorship • Government manages national web firewall • Not optional---catches ALL web traffic • Block certain requests • Possibly based on content • More commonly on IP address/publisher • China: Western news sites, Taiwan material • Log requests to detect troublemakers • Even without blocking, may just watch traffic • But they don’t turn off the whole net • Creates a crack in their barrier 18 Goal • Circumvent censor via innocent web activity • Normal web server and client cooperate to create covert channel • Without consequence for client • And without consequence for server • Broad participation increases system robustness • Ensure offering service doesn’t lead to trouble • e.g., loss of business through being blocked • Also, “law knows no boundaries” 19 The Big Picture 206 Requirements • Client deniability • Detection could be embarrassing or worse • Client statistical deniability • Even suspicion could be a problem • Server covertness/statistical deniability • If server detected, can be blocked • Communication robustness • Even without detecting, censor could scramble covert channel • Performance (bandwidth, latency) 21 (Un)related Work • SSL • Encrypted connection---can’t tell content • Suspicious! • Doesn’t help reach blocked servers • Govt. can require revealing SSL keys • Anonymizing Proxies • Prevent servers from knowing identity of client • But proxy inside censor can’t reach content • And proxy outside censor can be blocked • And use of proxy is suspicious 22 23 Safeweb/Triangle boy • Operation • Client contacts triangle-boy “reflector” • Reflector forwards requests to blocked server • Server returns content to client (IP spoof) • Circumvents censorship • But still easily detected • “Local monitoring of the user only reveals an encrypted conversation between User and Triangle Boy machine.” (Safeweb manual) 24 Summary • Easy to hide what you are getting • Just use SSL • And easy to circumvent censors • Safeweb • But hard to hide that you are doing it7 25 Circumventing Censors • Censors allow certain traffic • Use to construct a covert channel • Talk to normal servers • Embed requests for censored content in normal-seeming requests • Receive censored content hidden in normal-seeming responses • Requester: client asking for hidden content • Responder: server covertly providing it System Architecture 26 27 Receiving Content is Easier Half • Responder is a normal web server, serving images (among other things) • Encrypt data using requestor key • Embed in “unimportant, random” bits of images • E.g., high order color bits • Watermarking • Encrypted data looks random---only requestor can tell it isn’t (and decrypt) 28
View Full Document