Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S 14/
Class 13Introduction to Anonymity
CIS 755: Advanced Computer SecuritySpring 2014
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S14/
Anonymity Concepts
• Privacy– Confidentiality
• Anonymity/Pseudonymity– Unobservability– Unlinkability
Dining Cryptographers
• Three people toss coins: heads=1, tails=0• Menus hide right-hand coin• XOR your coin flip result and left
neighbor’s result• Report value to everyone• Report opposite value to send a single bit• If the sum is odd, someone sent a message
Dining Cryptographers II
• Slow• Error-prone• Needs tamper detection• Does not scale• Provides unobservability
Unobservability
• k-anonymity (scalable dining cryptographers)– Must be implemented very carefully
• Link padding– Inefficient– Cover traffic knowledge
Unlinkability
• Sender can’t identify receiver• Receiver can’t identify sender• Neither knows who the other is
– How do we handle authentication?
• Unobservability implies unlinkability (?)
For Bob For Bob from Alicefrom AliceFor Carol For Carol from Alicefrom AliceFor David For David from Alicefrom Alice
Onion Encryption
Message for BobWrapping for CarolWrapping for Doug
Onion Encryption IIBob
Alice
Wrapping for Edward
Edward
Doug
Carol
Anonymous Reply
• Address for replies:
• Reply:
• Mix0 decrypts N,A; sends:
• Mix decrypting reply does not know destination• Mix encrypting reply does not know source
Problems with MixMinon
• Centralized entities required– Availability failure– Anonymity failure (how?)
• Malicious nodes:– Control entry and exit– Unlikely
Anonymous Email
• High-latency• Low-throughput• Provides unlinkability
– Have to be careful about authentication
• No default end-to-end confidentiality (PGP)– Actually, there is for replies
• Secure against global adversary
Anonymous Web Browsing
• Low-latency• Medium-throughput• Server does not know client• Provides sender unlinkability
– Have to be careful about authentication
• No default end-to-end confidentiality (SSL)• NOT secure against global adversary
Anonymous Web Services
• Web service does not know client• Client does not know web service• Provides sender and receiver unlinkability
• Rendezvous