Message splitting against the partial adversary
Sponsored Links
This presentation is the property of its rightful owner.
1 / 32

Message Splitting Against the Partial Adversary PowerPoint PPT Presentation


  • 72 Views
  • Uploaded on
  • Presentation posted in: General

Message Splitting Against the Partial Adversary. Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory. Outline. Mix Systems. Criticisms. too strong threat model(!) intersection attack when >1 msg (too much data) sent Weaker threat model

Download Presentation

Message Splitting Against the Partial Adversary

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Message Splitting Against the Partial Adversary

Andrei Serjantov

The Free Haven Project (UK)

Steven J Murdoch

University of Cambridge Computer Laboratory


Outline

  • Mix Systems. Criticisms.

    • too strong threat model(!)

    • intersection attack when >1 msg (too much data) sent

  • Weaker threat model

  • Sending each message via random route

    • “non connection-based system”

  • Empirical observations about Mixmaster Mixminion

  • Characteristic delay function [Dan04] is difficult to esitmate


Mix Systems

  • Well known to this audience

  • Implemented

    • Mixmaster

    • Mixminion

  • Threat Model

    • Global Passive Adversary (GPA)

    • GPA with some (all but one?) compromised mixes


Criticisms

  • GPA does not exist

    • (a matter of some debate)

  • The mix system (Chaum 81) allows one fixed-sized message to be sent anonymously

    • Great for votes

    • Ok for email

    • Bad for Web Browsing

    • Awful for Bit Torrent

  • If >1 message (more than 32K data), anonymity is degraded


1

1

1

D

A

Mix 3

Mix 1

1

1

E

B

1

2

Mix 2

2

2

Mix 4

F

C

Intersection Attack

Receivers

Senders

Attacker


Traffic


Intersection Attack

  • [BPS00] On the Disadvantages of Free Mix Routes (PET2001)

  • [WALS02] An Analysis of the Degradation of Anonymous Protocols (NDSS’02)

  • [KAP02] Limits of Anonymity in Open Environments (IH2002)

  • [Dan03] Statistical Disclosure (I-NetSec03)

    • [DS04] (IH2004)

  • [Dan04] The traffic analysis of continuous-time mixes (PET2004)

    etc


  • The Common Wisdom

    • Intersection attacks are:

      • Realistic

      • Powerful (reduce anonymity quickly)

      • Hard to protect against

        • Require lots of dummy traffic


    Attacker observes:

    not all inputs

    not all outputs

    Not

    interesting

    A Weaker Model

    1

    1

    1

    A

    D

    Mix 1

    2

    Mix 2

    2

    2

    E

    B

    Mix 3

    Mix 4

    F

    C


    A Better Threat Model

    • A Partial Adversary

      • Does not observe all Sender to Mix links

      • (alternatively not all mixes which senders can send to)

      • Ignore compromised mixes


    Observed Mix

    Attacker sends all his messages via one single route theough

    the mix system

    1

    1

    1

    A

    D

    Mix 1

    Mix 2

    2

    2

    2

    B

    Mix 3

    E

    Mix 4


    Splitting Data

    Sender B splits his stream of data and sends each message via a

    randomly chosen route

    1

    1

    1

    A

    E

    Mix 1

    Mix 2

    2

    1

    1

    2

    Mix 3

    1

    Mix 4

    B

    F

    1

    The problem: how do you choose

    the first mix?

    C


    The Details

    • Problem:

      • mixes to send to

        • compromised, the rest not (but no idea which ones)

      • P packets

      • What are the s.t. a random subset (attacker)

        of size gives least information about

      • Note that (dummy traffic)

      • No proof or optimal solution in this paper!

        • See one possible solution next


    One possible scheme

    • Pick (uniformly) at random a sequence of mixes

    • Pick from a geometric distribution with mean . Set

    • Pick from a geometric distribution with mean . Set

    • etc

    • Another in the paper (with some analysis)


    Part II

    • (Looking at a particular intersection attack and finding it not as easy as it looks at first glance)


    Another Intersection Attack

    • Danezis 2004 (thanks for the diagrams)

    • The Idea:


    The Details


    The Characteristic Delay Function

    • What is this for

      • Mixes

      • Mixmaster

      • Mixminion

      • Tor

    • This maybe unfair – Danezis intended his attack for lwo latency systems (Tor)

    • Nevertheless interesting


    The Characteristic Delay Function

    • Theory:

      • What is the delay of a mix (cascade/network)

      • Can say not very much about it (as usual)

        • Details in the paper

    • Practice:

      • Steven wrote a disciplined pinger

        • Does not ping too often, hope not to affect the results by sampling


    Results


    Results


    Comparing

    • Nothing surprising

      • Mixmaster has longer delay

      • Heavy tails


    Conclusions I

    • It is well known that the intersection attack is powerful

      • No reason to abandon investigation!

    • New interesting, mathematically well defined threat model

    • Splitting traffic amongst first nodes

      • Does not have the efficiency of Tor or other connection-based systems

      • Does gain anonymity advantage (but only by means of a weaker threat model)


    Conclusions II

    • Characteristic function of Mixmaster, Mixminion difficult to work out in theory or estimate empirically

    • Data at:

    • All references at “Anonymity Bibliography”

      Thank you


    The Anonymity Advantage

    100

    The Network

    (Mixmaster)

    17

    Alice

    10

    87

    5

    Total observed packets

    100

    The Network

    (Mixmaster)

    170

    10

    87

    Alice

    5


    Attacker

    Intersection Attack

    Receivers

    Senders

    Mixes


    Attacker observes:

    not all inputs

    not all outputs

    Not

    interesting

    A Weaker Model


    Observed Mix

    Attacker sends all his messages via one single route theough

    the mix system


    Splitting Data

    Attacker splits his stream of data and sends each message via a

    randomly chosen route

    The problem: how do you choose

    The first mix?


    Results


    Results


    Comparing

    • Nothing surprising

      • Mixmaster has longer delay

      • Heavy tails


  • Login