Privacy Privacy and Anonymityand Anonymity

CS432 - Security in Computing

Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University

Section OverviewSection Overview

Browser Privacy IssuesBrowser Privacy Issues

Web Server TrackingWeb Server Tracking

Phishing Attacks Phishing Attacks

Anonymous BrowsingAnonymous Browsing

High Latency AnonymityHigh Latency Anonymity

Low Latency AnonymityLow Latency Anonymity

ReferencesReferences

Security in Computing, 3Security in Computing, 3rdrd Ed. Ed. Chapter 7 (pg. 453)Chapter 7 (pg. 453) Chapter 9 (pgs. 595-603)Chapter 9 (pgs. 595-603)

View of most internet View of most internet users…users…

Source: Peter SteinerSource: Peter Steiner, The New Yorker, (Vol.69 (LXIX) no. 20), 1993

Email AddressesEmail Addresses

Enables online communicationEnables online communication Often users have severalOften users have several Disposable email accounts Disposable email accounts

(pseudonyms)(pseudonyms) Easily forgedEasily forged

Social engineering attacksSocial engineering attacks User anonymity?User anonymity? Email header analysisEmail header analysis

Browser PrivacyBrowser Privacy

History of sites visitedHistory of sites visited Saved form informationSaved form information Saved passwordsSaved passwords Page cachePage cache DownloadsDownloads CookiesCookies

HTML CookiesHTML Cookies

Introduced by NetscapeIntroduced by Netscape Stores information about sites visitedStores information about sites visited

Read and written to by Web ServerRead and written to by Web Server Contains user web site preferences, etc.Contains user web site preferences, etc. Map of user interestsMap of user interests

Passes this information when site is visitedPasses this information when site is visited Advertisement imagesAdvertisement images Browser SettingsBrowser Settings

Accept all cookiesAccept all cookies Accept only those cookies that get sent back to Accept only those cookies that get sent back to

originating serveroriginating server Do not except cookiesDo not except cookies

Web Server TrackingWeb Server Tracking

Web Server log filesWeb Server log files Web Site registration databasesWeb Site registration databases Web BugsWeb Bugs

1x1 pixel or transparent GIF images1x1 pixel or transparent GIF images Site logs IP address and cookie Site logs IP address and cookie

informationinformation Referring page for “credit”Referring page for “credit” Can appear in HTML emailsCan appear in HTML emails

PhishingPhishing

Identify Theft AttackIdentify Theft Attack Appears sent from legitimate institution Appears sent from legitimate institution Warns of information compromiseWarns of information compromise Link to “legitimate institution” siteLink to “legitimate institution” site Asks to verify personal informationAsks to verify personal information

PasswordsPasswords Bank Account NumbersBank Account Numbers Social Security NumbersSocial Security Numbers

Need for AnonymityNeed for Anonymity

Discussion of Medical ConditionsDiscussion of Medical Conditions Whistle BlowingWhistle Blowing Political/Religious CensorshipPolitical/Religious Censorship Electronic VotingElectronic Voting Transaction Privacy (Digital Cash)Transaction Privacy (Digital Cash) Corporate researchCorporate research Law Enforcement investigationsLaw Enforcement investigations

Anonymous CommunicationAnonymous Communication

Sender AnonymitySender Anonymity Receiver AnonymityReceiver Anonymity Sender/Receiver unlinkabilitySender/Receiver unlinkability UnobservabilityUnobservability

Anonymity Set: Must not be able to Anonymity Set: Must not be able to identify one member within a set of identify one member within a set of people.people.

Anonymity & LatencyAnonymity & Latency

High latency systemsHigh latency systems Email/Newsgroup servicesEmail/Newsgroup services Good resistance to attacksGood resistance to attacks Slow!!!Slow!!!

Low latency systemsLow latency systems Need quick response to requestsNeed quick response to requests Web and interactive servicesWeb and interactive services Less resistant to attacksLess resistant to attacks

Pseudo-anonymous Pseudo-anonymous RemailerRemailer

alice@cs.iupui.edualice@cs.iupui.edu bob@cs.iupui.edubob@cs.iupui.edu

Real AddressReal Address Anonymous addressAnonymous address

alice@cs.iupui.edualice@cs.iupui.edu an20439@anon.penean20439@anon.penet.fit.fi

bob@cs.iupui.edubob@cs.iupui.edu an50714@anon.penean50714@anon.penet.fit.fi

anon.penet.fianon.penet.fi

““Legal Attacks”Legal Attacks”

Anonymous RemailersAnonymous Remailers

David Chaum MixesDavid Chaum Mixes Server order (chains) pickedServer order (chains) picked Message encrypted in reverse order using each Message encrypted in reverse order using each

server’s public keyserver’s public key Server decrypts message to see where to send Server decrypts message to see where to send

nextnext

SourceSource DestinationDestinationA@z.comA@z.com B@y.comB@y.com C@x.comC@x.com

Type I RemailerType I Remailer

““Cypherpunk”Cypherpunk” PGP BasedPGP Based Subject to traffic analysisSubject to traffic analysis

Messages immediately deliveredMessages immediately delivered Message size changesMessage size changes

Nym ServersNym Servers Reply block chainReply block chain Reused (often)Reused (often)

Type II RemailersType II Remailers

““Mixmasters”Mixmasters” Follows (much) of Chaum’s modelFollows (much) of Chaum’s model Internally implemented PKEInternally implemented PKE Fixed payload & message splittingFixed payload & message splitting Message pools/Bogus messagesMessage pools/Bogus messages No reply blocksNo reply blocks

Type III RemailersType III Remailers

““Mixminion”Mixminion” Implements Type II featuresImplements Type II features Fixed message size (32KB)Fixed message size (32KB) Single use reply blocksSingle use reply blocks Custom delivery protocolCustom delivery protocol

No longer using SMTPNo longer using SMTP User implementedUser implemented

Proxy AnonymizersProxy Anonymizers

www.cs.iupui.eduwww.cs.iupui.edu

UserUserWorkstationWorkstation

WebAnonymizer

Enter Web Site

SubmitSubmit ResetReset

Browser

www.cs.iupui.edu

WebWebAnonymizerAnonymizer

CrowdsCrowds

UserUserWorkstationWorkstation www.cs.iupui.eduwww.cs.iupui.edu

Each member passes web request to another Each member passes web request to another member of crowd or to destination server member of crowd or to destination server depending on randomly generated probabilitydepending on randomly generated probability

Onion RoutingOnion Routing

UserUserWorkstationWorkstation www.cs.iupui.eduwww.cs.iupui.edu

Using the mix model, get the public keys from Using the mix model, get the public keys from each onion router then encrypt the request with each onion router then encrypt the request with each key starting from last hop and finishing with each key starting from last hop and finishing with nearest one.nearest one.

Tor RoutingTor Routing

UserUserWorkstationWorkstation

www.cs.iupui.eduwww.cs.iupui.edu

www.eff.orgwww.eff.org

User creates a virtual circuit by securely establishing User creates a virtual circuit by securely establishing session keys with each Tor router. Once the circuit is session keys with each Tor router. Once the circuit is set up, communication to remote hosts can occur set up, communication to remote hosts can occur when neededwhen needed

Dining CryptographersDining Cryptographers

The waiter tells 3 cryptographers who are having The waiter tells 3 cryptographers who are having dinner that the bill has been taken care of.dinner that the bill has been taken care of.

The payer chooses to be anonymousThe payer chooses to be anonymous One of the cryptographersOne of the cryptographers Their boss – the NSATheir boss – the NSA

Diners will only agree if the NSA isn’t buying Diners will only agree if the NSA isn’t buying How do they decide?How do they decide?

Each flips a coin that only he and the diner to is right can Each flips a coin that only he and the diner to is right can see.see.

Each diner looks at his coin and the one to his leftEach diner looks at his coin and the one to his left Not buying: announces whether the coins are the same or Not buying: announces whether the coins are the same or

differentdifferent Buying: lies by announcing the oppositeBuying: lies by announcing the opposite

Odd number of “different”, someone at the table is buyingOdd number of “different”, someone at the table is buying

DC ExampleDC Example

AliceAlice

BobBob

ScottScott

““Different”Different”

““Same”Same”

““Same”Same”

Someone at the TableSomeone at the Table(Scott) is buying(Scott) is buying

[odd # of “Different”][odd # of “Different”]

AliceAlice

BobBob

ScottScott

““Different”Different”

““Different”Different”

““Same”Same”

The NSA is buyingThe NSA is buying[even # of “Different”][even # of “Different”]

DC-NetsDC-Nets

Also proposed by David ChaumAlso proposed by David Chaum Need secure channel between adjacent Need secure channel between adjacent

proxiesproxies Each proxy generates random bitEach proxy generates random bit

Non-sender: announce xor (its bit, neighbor bit)Non-sender: announce xor (its bit, neighbor bit) Sender: announce xor (its bit, neighbor bit, Sender: announce xor (its bit, neighbor bit,

message bit)message bit) Xor (all announcements) = message bitXor (all announcements) = message bit

ImpracticalImpractical Need to be able to generate lots of randomnessNeed to be able to generate lots of randomness Huge communication overheadHuge communication overhead