This document summarizes different approaches for anonymizing networks, including centralized approaches like proxies and Crowds, as well as distributed approaches like Mix networks, Tor, and Tarzan. It discusses the threats each aims to prevent, provides a taxonomy of the approaches based on latency and distribution, and compares the anonymity and scalability of representative systems like Anonymizer, Tor, and Tarzan. The goal is to introduce anonymizing network techniques and compare their properties and tradeoffs.
3. Background
• Internet was designed with accountability in mind
• Anonymous network can be used to:
– Support free of speech
– Censorship resistant communication
– Preserve privacy -Identification: Identifies the current datagram
-Time-to-Live: Fingerprint of OS
– Distribute materials
-Source Address
-Destination Address
-Port Number
• Encryption is not enough to preserve privacy
– Encryption can only hide the content of message
– Both initiator and receiver’s anonymity should be preserved
3
4. Threats
Threats Prevent Methods
Message coding attack Re-encrypting message when transmitting packets
Message length attack between nodes, padding
Replay attack Maintain a temporary database to record processed
packet
Collusion attack More intermediate nodes in network
Flooding attack P2P network is preferred rather than centralized
services
Message volume attack Network width traffic analysis, hard to prevent
Timing attack
Profiling attack
4
5. Taxonomy
High latency Low latency
Central Email relay Web proxy
Distributed and N/A MIX
Pseudo-distributed
•Central/High latency: anon.penet.fi and MixMaster
•Central/Low latency: Anonymizer and SafeWeb
•Pseudo-Distributed/High Latency and Distributed/High Latency: N/A
•Pseudo-Distributed/Low Latency and Distributed/Low latency : Tor, Tarzan and MorphMix
5
6. Centralized approaches
Proxy:
•Proxy reveals identity SSL
•Adversary blocks access to proxy (DoS) Client Proxy Web server
SSL
•Traffic analysis is easy Client Proxy Web server
•Adversary blocks connections from proxy SSL
Client Proxy Web server
Example services are:
•Anonymizer
•SafeWeb
6
7. Centralized approaches cont.
Crowds: Registration
Server 1
2
5
Destination
3 Server
4 Crowd
1. Register to server and retrieve network topology information
2. Server updates new topology information to every node
3. Initiator sends packet to another randomly selected node
4. The node randomly decides relay the packet again or send out
7
8. Distributed approaches
Chaum’s MIX network:
Nxt
Nxt
adr
Nxt
adr
adr Real Payload
(True)
•Layered encryption
•Node can only know its successor and predecessor
•Packet padding and cover traffic can be applied
8
9. Distributed approaches cont.
The Onion Router: (Pseudo-distributed)
Alice’s
Computer
OR2
App1 App2
1
2 2
OR1
1
LP 1
OR3 WS2
2
2
OR7 OR6
Directory Service 1 WS1
•MIX encoding creates encrypted tunnel of relays
•Packet forwarding through tunnel
•Small-scale, static network
+ Individual malicious relays cannot reveal identity
-Adversary targets core routers and directory server
-Network-edge analysis still exists
-Scalability is a problem 9
10. Distributed approaches cont.
The Onion Router’s Hidden Service
+ Provide anonymity service 3 2
-- Within TOR network only Database
4
4
1
IP IP
1
Alice
5 Hidden server
RP
6 5
1. Server picks some introduction points and build circuits to them
2. Server advertises his hidden service “XYZ.onion” at the DB
3. Alice hears “XYZ.onion” exists, and she requests information from DB
4. Alice writes a message with rendezvous point to hidden server through introduction point
5. Alice and hidden server validate one-time secret in rendezvous point
6. Tor circuits established between Alice and hidden server
10
11. Distributed approaches cont.
Tarzan and MorphMix: (Distributed)
PNAT
•No distinction between anon proxies and clients
Peer-to-peer model
•Anonymity against corrupt relays
MIX-net encoding
Robust tunnel selection
Prevent adversary spoofing or running many nodes
•Anonymity against global eavesdropping
Cover traffic protects all edges
Restrict topology to make cover practical
Choose neighbors in verifiably-random manner
•Application-independence
Low-latency IP-layer redirection
11
12. Distributed approaches cont.
Tarzan and MorphMix: (Distributed)
•Join the system
1. Contacts known peers to learn neighbor lists PNAT
2. Validates each peer by directly ping
•Cover the traffic within mimics
1. Nodes send at some traffic rate per time period
2. Traffic rate independent of actual demand
3. All packets are same length and link encrypted
+ Reduce the network overhead
•Peer selection
Assumption: Adversary nodes are mostly in same IP area
Method: Randomly select IP address in different subnet
The path of communication is not defined by initiator but
choose by intermediate nodes in MorphMix.
12
13. Comparison and Conclusion
Anonymizer Tor Tarzan
S. anon. to R. ☺
R. anon. to S. ☺
Scalability ☺
Usability ☺
Popularity ☺ ☺
13
14. Thank you
Peng Deng
MEDC Student
SUM Research Lab
CSSE University of Melbourne
pdeng@students.csse.unimelb.edu.au
Monday, May 19, 2008
14