Enforcing Anonymity and Improving Pseudonymity in Tails
-
Upload
emerald-orr -
Category
Documents
-
view
26 -
download
2
description
Transcript of Enforcing Anonymity and Improving Pseudonymity in Tails
![Page 1: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/1.jpg)
Enforcing Anonymity and Improving Pseudonymity in TailsDavid WolinskyYale University
![Page 2: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/2.jpg)
What Is Nymix
Alice
InternetAlice’s Laptop
Cloud StorageNyms
![Page 3: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/3.jpg)
The Leaky Boat
![Page 4: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/4.jpg)
Application Level Attacks
Bob’s Booby-trap
Blog
Alice Tor-based Secure Channel
Unsecured Channel:
“Here’s my IP”
Javascript ExploitFreetopia
Repressistan
Alice’s Laptop
Alice in Repressistan
![Page 5: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/5.jpg)
Bob
Correlation Attacks
InternetBob’s Laptop
Bob of Freetopia
![Page 6: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/6.jpg)
Confiscation Attacks
Carol
Carol the Landofopportunian
Border patrol
![Page 7: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/7.jpg)
Attack Recap
![Page 8: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/8.jpg)
Nymix – One Layer Deeper
Alice
InternetAlice’s Laptop
Cloud Storage
Nym Manager
CommVMAnonVM
![Page 9: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/9.jpg)
Attacks Executed in Nymix
![Page 10: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/10.jpg)
Application Level Attacks
Bob’s Booby-trap
Blog
Alice Tor-based Secure Channel
Unsecured Channel:
“Here’s my IP”
Javascript ExploitFreetopia
Repressistan
Alice’s Laptop
Alice in Repressistan
![Page 11: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/11.jpg)
Application Level Attacks
Bob’s Booby-trap
Blog
Alice Tor-based Secure Channel
Javascript ExploitFreetopia
Repressistan
Alice’s Laptop
Alice in Repressistan
![Page 12: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/12.jpg)
Attacks Executed in Nymix
![Page 13: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/13.jpg)
Bob
Correlation Attacks
InternetBob’s Laptop
Bob of Freetopia
![Page 14: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/14.jpg)
Bob
Correlation Attacks
InternetBob’s Laptop
Bob of Freetopia
Alice’s Laptop
![Page 15: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/15.jpg)
Attacks Executed in Nymix
![Page 16: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/16.jpg)
Confiscation Attacks
Carol
Carol the Landofopportunian
Border patrol
![Page 17: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/17.jpg)
Confiscation Attacks
Carol
Carol the Landofopportunian
![Page 18: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/18.jpg)
Confiscation Attacks
Carol
Carol the Landofopportunian
Border patrolX
![Page 19: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/19.jpg)
Attacks Executed in Nymix
![Page 20: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/20.jpg)
Evaluation• I7 – 4 cores at 2.7 GHz• 8 GB Ram• Connects to a test deployment of Tor
• 10 Mbit bandwidth• 200 ms latency• 3 relays
• Nym memory usage• AnonVM – 384 MB RAM, 128 MB Disk (stored in RAM)• CommVM – 128 MB RAM, 16 MB Disk (stored in RAM)
![Page 21: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/21.jpg)
CPU Evaluations
![Page 22: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/22.jpg)
Memory Usage
![Page 23: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/23.jpg)
Network Overhead
![Page 24: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/24.jpg)
Nymix is not… It is…• Not a complete solution• An exploration of pseudonymity potential with
virtualization
• A ready to use system• A research prototype looking at potential integration
with tails
![Page 25: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/25.jpg)
Implementation• Ubuntu 14.04• Qemu (KVM) for virtualization• OverlayFS for union file system• Google Chromium (required in order to support a
circumvention software)
![Page 26: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/26.jpg)
Integration with Tails• To CommVM or not CommVM
• Each VM is not cheap• Must share a common Tor guard
• Sharing a common base image with Tails• Tails is well hardened• Tails has many configurations undesirable for AnonVM
• Persistence Models• Store all data in the cloud• Encrypted (LUKS) volume, store header elsewhere
![Page 27: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/27.jpg)
Futher Challenges• Resolution of VMM• Fingerprintable CPU• VMM timing channels• Accessing local hardware / data
![Page 28: Enforcing Anonymity and Improving Pseudonymity in Tails](https://reader036.fdocuments.us/reader036/viewer/2022062408/56813498550346895d9b88ac/html5/thumbnails/28.jpg)
Going Forward• Tomorrow – 15:00 – 16:00 – Follow up discussion• Slides available
• PDF http://goo.gl/XUVZmC• PPTX http://goo.gl/0pkHM5
• Text available http://arxiv.org/abs/1312.3665• Github https://github.com/DeDiS/WiNoN