Security in P2P environments Anonymity on the internet.
-
Upload
hailey-worthington -
Category
Documents
-
view
221 -
download
0
Transcript of Security in P2P environments Anonymity on the internet.
![Page 1: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/1.jpg)
Security in P2P environments
Anonymity on the internet
![Page 2: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/2.jpg)
What is anonymity?
• “Generally speaking, our purpose is to hide the relationship between an observable action (for example, a message sent across a public network) and the identity of the users involved with this action”*
* A Survey of Anonymous Peer-to-Peer File-Sharing (Tom Chothia and Konstantinos Chatzikokolakis)
![Page 3: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/3.jpg)
So who knows?
The internet service provider (ISP) know who you are.
For example my IP address is: [Example]
Visit www.Al-Qaeda.evil
An e-mail [Example]
The ISP would know that I did that
![Page 4: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/4.jpg)
So?
Your IP address is your digital fingerprint, the ISP can link that to you
So if, for example, you are sharing music in an unprotected system, the RIAA / IFPI / whatever, can file a subpoena against your ISP to tell them who you are
Then you will properly get a nasty letter
![Page 5: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/5.jpg)
A more extreme case
•Companies •Health insurance (Visiting netdoktor.dk a lot?)•Marketing (Only visiting book sites?)
•Governments•Perhaps I am a potential terrorist
Who could be interested in your
browsing habits?
![Page 6: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/6.jpg)
People using the internet for nasty stuff
Hackers
Terrorists
Copyright infringement
People watching child pornography
![Page 7: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/7.jpg)
People using the internet for “illegal” stuff
Political activist in, for example, China
![Page 8: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/8.jpg)
People using the internet for legal stuff
Us? (Active session)
![Page 9: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/9.jpg)
A few examples
Journalist (Investigative reporters)?
Socially sensitive communication (Illness, abuse)?
Law enforcement (Anonymous tips)?
People with marketing paranoia
Just to name a few
![Page 10: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/10.jpg)
Is it relevant ?
This summer, France suggested that in EU, the internet traffic should be monitored so you could be “excluded” from the internet, if you did something they deemed illegal 3 times.
The Swedish “FRA-lov” allows the Swedish government to monitor all traffic going in and out of Sweden (using a very powerful computer).
Last Wednesday, the Danish ISP Tele2, was force to close access to the bit torrent site “Pirate Bay”
![Page 11: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/11.jpg)
You could encrypt your message but
That does not ensure anonymity
It is still known who sent it, and where it was sent to
![Page 12: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/12.jpg)
You could go to an internet cafe but
You are properly logged and videotaped while being there / going there (extreme case)
People will properly remember you being there (again extreme case)
![Page 13: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/13.jpg)
You could use a proxy server but
You can find a proxy server at http://www.anonymizer.com/
Can you trust the proxy server?
Single point of failure
Single point of “lawsuit”
![Page 14: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/14.jpg)
You can install a Trojan on another computer
It’s tedious
It’s illegal
It’s only complicating the search for you, somewhere you properly still left a digital fingerprint
![Page 15: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/15.jpg)
Agenda
TOR
Freenet
MUTE
![Page 16: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/16.jpg)
TOR
![Page 17: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/17.jpg)
Archiving anonymity
Problems with basic routing
Routing – chain of nodes
Cryptostuff
The onion reveals!
Breakable?
![Page 18: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/18.jpg)
Basic routing
![Page 19: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/19.jpg)
Every router knows YOU!
![Page 20: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/20.jpg)
ECHELON is listening !!
![Page 21: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/21.jpg)
Claims
Total client anonymity, hidden routing information
Compromised routers/proxies does not break anonymity!
Traffic analysis in practice impossible
![Page 22: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/22.jpg)
TOR solves this - http://tor.eff.org
The Onion Router
![Page 23: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/23.jpg)
Remember Ogres = TOR
![Page 24: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/24.jpg)
But how ???!
Connects through a chain of proxynodes
Encrypts messages in layers for each node
Each node only knows its neighbors in the chain
Routing information is also encrypted (important)
![Page 25: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/25.jpg)
Routing chain 1
![Page 26: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/26.jpg)
Routing chain 2
![Page 27: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/27.jpg)
Routing chain 3
![Page 28: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/28.jpg)
Cryptostuff
![Page 29: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/29.jpg)
Cryptostuff
![Page 30: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/30.jpg)
Cryptostuff
Public/private key encryption is slow
TOR uses this only for estabilishing symmetric key based encrypted link (faster)
![Page 31: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/31.jpg)
Hiding routing info
1 •Client establishes routing path
2 •Each message is encrypted in layers with nodes public key
3 •Each node can unwrap their layer
4 •Each node decrypts the information and only gets encrypted ciphertext and IP on next node
5 •And so forth…
![Page 32: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/32.jpg)
Requirements
Volunteers
You can't get anonymity alone
Distributed trust (more than one node)
Preferably nodes are as worldwide and spread as possible
Security increases with larger network (makes traffic analysis harder)
![Page 33: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/33.jpg)
Neat features
General purpose TCP proxy – not just HTTP
Low latency
Easy to participate
Configurable – only relay HTTP traffic for example
Comes with bundled browser
[Example]and Vuze [Example]
![Page 34: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/34.jpg)
Breakable?
Active session – what weaknesses can you see in this approach?
• Identification of a client is possible, by comparing the list of known ”stable” nodes, with nodes hopping on and off (probably end clients)
• Is 3 hops enough?• How about DNS lookups? If your ISP logs your DNS requests, it is
easy to see which sites you're visiting
![Page 35: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/35.jpg)
Freenet
![Page 36: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/36.jpg)
INTERNET
![Page 37: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/37.jpg)
![Page 38: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/38.jpg)
INTERNET
FREENET
YOU
![Page 39: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/39.jpg)
CLIENTS
SERVERS
END-POINTS
![Page 40: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/40.jpg)
DECENTRALIZEDPUBLISHERS
CONSUMERS
![Page 41: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/41.jpg)
![Page 42: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/42.jpg)
HOW DO I LOCATE
MY NEIGHBORS?
Somewhat
paranoid
Opennet
Truly paranoidDarknet
![Page 43: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/43.jpg)
Content distribution
Publishing websites or 'freesites'
Communicating via message boards
Sending e-mail messages
Reading/updating wikis
WHAT IS FREENET USED FOR?
![Page 44: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/44.jpg)
UNIQUE RESOURCE IDENTIFIERS
Content Hash Key (CHK)
• Great for content that does not change• Examples: images, audio files, copies of secret CIA documents
Signed Subspace Key (SSK)
• Like an Internet domain name, but using crypto stuff• Useful for content that changes (sites, discussions, etc.)
Keyword-Signed Keys (KSK)
• Easy to remember, but not very secure
![Page 45: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/45.jpg)
HARD DRIVE SPACE
BANDWIDTH BY DEMAND
![Page 46: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/46.jpg)
![Page 47: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/47.jpg)
![Page 48: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/48.jpg)
DEMO
![Page 49: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/49.jpg)
MUTE
![Page 50: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/50.jpg)
Mute is a P2P file sharing system
Designed with anonymity in mind
Classical search (you may know this)
Uses an algorithm inspired by ants
Designed for ad-hoc networks
[Example]
What is MUTE
![Page 51: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/51.jpg)
So how does it work?
Each node have a pseudo identity
To search the network, a node broadcasts a message with its own pseudo identity, a unique message identifier and a time to live (TTL) counter.
This is sent to all the nodes neighbours and they send it to their neighbours
Until the TTL expire
![Page 52: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/52.jpg)
Uses a non-deterministic time-to-live counter (decided up start up)
There are three phases
First phase: A count down to zero (To hide the originating node)
Second phase: Standard 5 hop counter
Third phase: Non-deterministic forwarding (A node will drop a message with ¾ probability and forward the message to n neighbours with 1 / (3*22)
![Page 53: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/53.jpg)
When a node receives a message it records the pseudo address of the sender and the connection upon it was received
Each node builds and maintains this routing table for all the pseudo identities it sees
A node can respond over the most used connection (if it already has it in the routing table) or send the response to all its neighbours
You neighbours know your IP address but they do NOT know your virtual address
Each neighbour connection is encrypted so even though you could tap into the traffic between your neighbour, it would be unreadable
![Page 54: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/54.jpg)
![Page 55: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/55.jpg)
![Page 56: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/56.jpg)
![Page 57: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/57.jpg)
Normal P2P system
113.18.92.15: Madonna_Holiday.m
p3
In MUTE7213..DCA5:
Madonna_Holiday.mp3
So how would this look?
![Page 58: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/58.jpg)
Should you trust these systems?
Winny (P2P file sharing)
2 people using it got arrested (movie sharing)
And the author (Researcher at Tokyo CS department)
![Page 59: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/59.jpg)
REFERENCES
• @book{oram01peer, title = {Peer-To-Peer: Harnessing the Benefits of a Disruptive Technology}, editor = {Andy Oram}, publisher = {O'Reilly \& Associates}, year = {2001}}
• @article{surveyP2P, title = {A Survey of Anonymous Peer-to-Peer File-Sharing}, author= {Tom Chothia and Konstantinos Chatzikokolakis}, year = {2005}}
![Page 60: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/60.jpg)
• @article{piCalculus, title = {Analysing the MUTE Anonymous File-Sharing System Using the Pi-Calculus}, author= {Tom Chothia}, year = {2006}}
• @webpages{MUTE, FreeNet and TOR respectively:http://mute-net.sourceforge.net/http://freenetproject.org/http://www.torproject.org/
}
![Page 61: Security in P2P environments Anonymity on the internet.](https://reader036.fdocuments.us/reader036/viewer/2022062322/56649ca65503460f94968300/html5/thumbnails/61.jpg)
• @article{lowcost, title = {Low-Cost Traffic Analysis of Tor}, author= {Steven J. Murdoch and George Danezis}, year = {2005}}
• @slides{tor, title = {Anonymous Communications for the United States Department of Defense...and you}, author= {Roger Dingledine}, year = {2005}}