Download Anonymous Communication -- a brief survey Pan Wang North Carolina State University

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts

Peering wikipedia, lookup

Computer network wikipedia, lookup

SIP extensions for the IP Multimedia Subsystem wikipedia, lookup

Airborne Networking wikipedia, lookup

Zero-configuration networking wikipedia, lookup

Recursive InterNetwork Architecture (RINA) wikipedia, lookup

Distributed firewall wikipedia, lookup

Cracking of wireless networks wikipedia, lookup

Deep packet inspection wikipedia, lookup

Routing in delay-tolerant networking wikipedia, lookup

Transcript
Anonymous Communication
-- a brief survey
Pan Wang
North Carolina State University
1
Outline
•
•
•
•
Why anonymous communication
Definitions of anonymities
Traffic analysis attacks
Some anonymous communication protocols for
Internet
• Some anonymous communication schemes for
MANET and sensor networks
• Potential research problems
2
Why Anonymous Communication
• Privacy issue
• Some covert missions may require anonymous
communication
• In hostile environments, end-hosts may need
hidden their communications to against being
captured
3
Anonymity in terms of unlinkability*
• Sender anonymity
– A particular message is not linkable to any sender and that
to a particular sender, no message is linkable
• Recipient anonymity
– A particular message cannot be linked to any recipient and
that to a particular recipient, no message is linkable
• Relationship anonymity
– The sender and the recipient cannot be identified as
communicating with each other, even though each of them
can be identified as participating in some communication.
•
A. Pfizmann and M. Waidner, Networks without User Observability.
Computers & Security 6/2 (1987) 158-166
4
Traffic Analysis Attacks against an
Anonymous Communication System
• Contextual attacks
– Communication pattern attacks
– Packet counting attacks
– Intersection attack
•
•
•
•
•
Brute force attack
Node flushing attack
Timing attacks
Massage tagging attack
On flow marking attack
5
Some Anonymous Communication
Protocols for Internet
• Mix-NET
– Feb 1981, D. Chaum
• Crowd
– June 1997, Michael K. Reiter and Aviel D. Rubin
• Tarzan
– Nov 2002, Michael J. Freedman and Robert Morris
• K-Anonymous Message Transmission
– Oct, 2003, Luis von Ahn, Andrew Bortz and
Nicholas J. Hopper
6
Mix-NET*
• Basic idea:
– Traffic sent from sender to destination should pass one or
more Mixes
– Mix relays data from different end-to-end connections,
reorder and re-encrypt the data
– So, incoming and outgoing traffic cannot be related
•
*D. Chaum, Untraceable Electric Mail, Return Address and Digital Pseudonyms,
Communication of A.C.M 24.2 (Feb 1981), 84-88
7
Mix-NET (cont-1)
8
Mix-NET (cont-2)
•MIX1
•MIX2
•MIX3
Trust one mix server: the entire
Mix-NET provides anonymity
9
Crowds*
•
P2P anonymizer network for Web
Transactions
•
Uses a trusted third party (TTP) as
centralized crowd membership server
(“blender”)
•
Provides sender anonymity and relationship
anonymity
*M. Reiter and A. Rubin, Crowd: Anonymity for Web Transactions. ACM
Transactions on Information and System Security, 1(1) June 1998
10
Crowd (cont)
A nodes decide randomly whether to forward the
request to another node or to send it to the server
Webserver
11
Tarzan*
• All nodes act as relays, Mix-net encoding
• Each node selects a set of mimics
• Tunneling data traffic through mimics
• Exchanging cover traffic with mimics
– Constant packet sending rate and uniformed packet size
• Network address translator
• Anonymity against corrupt relays and global
eavesdropping
M. Freedman and R. Morris, Tarzan: A Peer-to-Peer Anonymizing Network Layer,
CCS 2002, Washington DC
12
Tarzan (cont-1)
PNAT
User
13
Tarzan (Cont-2)
PNAT
User
Real
IP
Address
Tunnel Private Address
Public
Alias
Address
14
k-Anonymous Message Transmission*
• Based on secure multiparty sum protocol
• Local group broadcast
• The adversaries, trying to determine the
sender/receiver of a particular message, cannot
narrow down its search to a set of k suspects
• Robust against selective non-participations
•
L.Ahn, A.Bortz and N.Hopper, k-Anonymous Message Transmission, CCS 2003,
Washington DC
15
k-Anonymous Message Transmission (cont)
•Group-D
•Group-S
16
Some anonymous communication schemes
for MANET and sensor networks
• Anonymous on demand routing (ANODR)
– Jun 2003, Jiejun Kong and Xiaoyan Hong
• Phantom flooding protocol
– Jun 2005, Pandurang Kamat, Yanyong Zhang,
Wade Trappe and Celal Ozturk
17
ANODR*
• Assuming salient adversaries
• Broadcast with trapdoor
• Route pseudonym
•
J.Kong and X.Hong, ANODR: Anonymous On Demand Routing with Untraceable for
Mobile Ad-hoc Networks, MobiHoc, 2003, Annapolis, MD
18
ANODR (cont)
19
Source-Location Privacy in Sensor network
• Network model:
– A sensor reports its measurement to a centralized
base station (sink)
• Attack model:
– Adversaries may use RF localization to hop-byhop traceback to the source’s location
• Why location privacy
20
Phantom Flooding Protocol*
• Random work plus local broadcast
P. Kamat, et. al., Enhancing Source-Location Privacy in Sensor Network Routing,
ICDCS 2005, Columbus, OH
21
Potential Research Problems
• Anonymity vs accountability
• Detect malicious users
• Efficiency vs anonymity
• More?
22
Questions?
23