Privacy: anonymous routing, mix nets (Tor), and user trackingAnonymous web browsingCurrent state of the world ICurrent state of the world IIPart 1: network-layer privacy1st attempt: anonymizing proxyAnonymizing proxy: securityHow proxy works2nd Attempt: MIX netsMIX nets [C’81]Eavesdropper’s view at a single MIXPerformance3rd Attempt: Tor MIX circuit-based methodThe Tor designCreating circuitsOnce circuit is createdSending dataPropertiesPrivoxyAnonymity attacks: watermarkingAnonymity attacks: congestionWeb-based user tracking3rd party cookiesCan we block 3rd party cookies?Effectiveness of 3rd party blockingTracking through the history fileContext-aware PhishingSafeHistory/SafeCache [JBBM’06]Machine fingerprintingMachine fingerprints [Khono et al.’05]De-anonymizing dataProblem statementIncorrect approachCorrect approachTHE ENDPrivacy:anonymous routing, mix nets (Tor), anduser trackingAnonymous web browsingWhy?1. Discuss health issues or financial matters anonymously2. Bypass Internet censorship in parts of the world3. Conceal interaction with gambling sites4. Law enforcementTwo goals:Hide user identity from target web site: (1), (4)Hide browsing pattern from employer or ISP: (2), (3)Stronger goal: mutual anonymity (e.g. remailers)Current state of the world IISPs tracking customer browsing habits:Sell information to advertisersEmbed targeted ads in web pages (1.3%)Example: MetroFi (free wireless)[Web Tripwires: Reis et al. 2008] Several technologies used for tracking at ISP:NebuAd, Phorm, Front PorchBring together advertisers, publishers, and ISPsAt ISP: inject targeted ads into non-SSL pagesTracking technologies at enterprise networks:Vontu (symantec), Tablus (RSA), VericeptCurrent state of the world IIEU directive 2006/24/EC: 3 year data retentionFor ALL traffic, requires EU ISPs to record:Sufficient information to identify endpoints(both legal entities and natural persons)Session duration… but not session contentsMake available to law enforcement… but penalties for transfer or other access to dataFor info on US privacy on the net:“privacy on the line” by W. Diffie and S. LandauPart 1: network-layer privacyGoals: Hide user’s IP address from target web siteHide browsing destinations from network1st attempt: anonymizing proxyHTTPS:// anonymizer.com ? URL=targetUser1User2User3anonymizer.comWeb1Web2Web3SSLHTTPAnonymizing proxy: securityMonitoring ONE link: eavesdropper gets nothingMonitoring TWO links:Eavesdropper can do traffic analysisMore difficult if lots of traffic through proxyTrust: proxy is a single point of failureCan be corrupt or subpoenaedExample: The Church of Scientology vs. anon.penet.fi Protocol issues:Long-lived cookies make connections to site linkableHow proxy worksProxy rewrites all links in response from web siteUpdated links point to anonymizer.comEnsures all subsequent clicks are anonymizedProxy rewrites/removes cookies and some HTTP headersProxy IP address:if a single address, could be blocked by site or ISPanonymizer.com consists of >20,000 addressesGlobally distributed, registered to multiple domainsNote: chinese firewall blocks ALL anonymizer.com addressesOther issues: attacks (click fraud) through proxy2nd Attempt: MIX netsGoal: no single point of failureEpk2( R3, Epk3( R6, MIX nets [C’81]Every router has public/private key pairSender knows all public keysTo send packet:Pick random route: R2 R3 R6 srvrPrepare onion packet:R3R5R4R1R2R6Epk6( srvr , msg)msgsrvrpacket =Eavesdropper’s view at a single MIX•Eavesdropper observes incoming and outgoing traffic•Crypto prevents linking input/output pairs•Assuming enough packets in incoming batch •If variable length packets then must pad all to max len•Note: router is statelessuser1user2user3RibatchPerformanceMain benefit:Privacy as long as at least one honest router on pathProblems:High latency (lots of public key ops)Inappropriate for interactive sessionsMay be OK for email (e.g. Babel system)No forward securityHomework puzzle: how does server respond?hint: user includes “response onion” in forward packetR3R2R6srvr3rd Attempt: Tor MIXcircuit-based methodGoals: privacy as long as one honest router on path,andreasonable performanceThe Tor designTrusted directory contains list of Tor routersUser’s machine preemptively creates a circuitUsed for many TCP streamsNew circuit is created once a minuteR1R2R3R4srvr1srvr2R5R6one minute laterstream1stream1stream2stream2Creating circuitsR1R2TLS encrypted TLS encryptedCreate C1D-H key exchangeK1K1Relay C1 Extend R2D-H key exchangeK2K2Extend R2Once circuit is createdUser has shared key with each router in circuitRouters only know ID of successor and predecessorR1R2R3R4K1, K2, K3, K4K1K2K3K4Sending dataR1R2Relay C1 Begin site:80Relay C2 Begin site:80TCP handshakeRelay C1 data HTTP GETRelay C2 data HTTP GETHTTP GETK1K2respRelay C2 data respRelay C1 data respPropertiesPerformance:Fast connection time: circuit is pre-establishedTraffic encrypted with AES: no pub-key on trafficTor crypto:provides end-to-end integrity for trafficForward secrecy via TLSDownside:Routers must maintain state per circuitEach router can link multiple streams via CircuitIDall steams in one minute interval share same CircuitIDPrivoxyTor only provides network level privacyNo application-level privacye.g. mail progs add “From: email-addr” to outgoing mailPrivoxy:Web proxy for browser-level privacyRemoves/modifies cookiesOther web page filteringAnonymity attacks: watermarkingGoal: R1 and R3 want to test if user is communicating with serverBasic idea: R1 and R3 share sequence: 1, 2, … , n {-10,…,10}R1: introduce inter-packet delay to packets leaving R1 and bound for R2 . Packet i delayed by i (ms)Detect signal at R3R1R2R3Anonymity attacks: congestionMain idea: R8 can send Tor traffic to R1 and measure load on R1 Exploit: malicious server wants to identify userServer sends burst of packets to user every 10 secondsR8 identifies when bursts are received at R1 Follow packets from R1 to discover user’s IDR1R2R3R8Web-based user trackingBrowser provides many ways to track users:1.3rd party cookies ; Flash cookies2.Tracking
View Full Document