1 / 10

Anonymity (Privacy)

anonymizing proxy. clear. SSL. Anonymity (Privacy) . Suppose you are surfing the Web. You don’t want Web site to know your IP address And you don’t want your ISP to sniff your traffic. Possible solution: use anonymizing proxy. Proxify.com. Just go to a website and enter URL.

keisha
Download Presentation

Anonymity (Privacy)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. anonymizing proxy clear SSL Anonymity (Privacy) • Suppose you are surfing the Web. • You don’t want Web site to know your IP address • And you don’t want your ISP to sniff your traffic. • Possible solution: use anonymizing proxy Introduction

  2. Proxify.com • Just go to a website and enter URL. • No software to install. • Script on page causes browser to create SSL session between browser and proxify. • Anonymous browsing is free • To post, must pay fee • Problem: Proxify.com still knows which IP addresses are visiting which sites. Introduction

  3. Tor: Chaining proxies • Features: • Proxy servers are chained, making it more difficult to trace which IPs visited which servers • Anyone can contribute a proxy server (P2P) • Open-source, cannot have any backdoors • Uses SOCKS for proxy protocol: can be used with all application layer protocols. • Brief History: • Originally supported by the Navy, later also by Electronic Frontier Foundation. • In 2002 the code was given to Roger Dingledine and Nick Mathewson, two Boston-based programmers Introduction

  4. How it works • Basic Principles: • List of servers is obtained from directory server • Data is sent through 3 randomly chosen servers • Encryption is applied in a layered manner, each of the servers peels off a layer (like in an onion). • The path changes every minute. Introduction

  5. Layered encryption: Overview Suppose Alice wants to communicate with Bob (Web server), via two servers. • Establishing keys and circuit: • Alice has certificates for both servers. • Alice first does a D-H exchange with Server 1, establishing a session key KA1. • She then does a D-H exchange with Server 2, via Server 1, establishing a session key KA2. • “Circuit” is now established between Alice and Server 2. • Sending message m to Bob • Alice encrypts twice: KA1(KA2(m)), sends to Server 1. • Server 1 decrypts, obtains KA2(m), sends to Server 2 • Server 2 decrypts, sends m to Bob. Introduction

  6. Diffie-Hellman exchange between Alice and first server • RSA, hashing and handshaking is used to prevent man-in-middle attack and provide perfect “forward secrecy” • So Alice knows she’s talking with server and not with Trudy • So if someone obtains K1-in the future, will not get gxy x c = K1+(gx) gy, H( gxy ) y First server in chain with keys K1+ and K1- They now both have KA1 = gxy Alice Introduction

  7. What can woman-in-middle do? • Can Trudy pretend to Alice that she is first server? • If Trudy records all messages and in future obtains K1-,will she be able to decrypt? Introduction

  8. Tor protocol: Two onion-ring proxies One layer of encryption has been removed Note the double braces, encryption has been applied twice Introduction

  9. What do the servers know? Server 1 knows: • AliceIP wants to communicate with some dest IP; but doesn’t learn the dest IP. • Server 1 never gets Alice’s certificate, so only knows of AliceIP and not Alice. • Doesn’t see m. Server 2 knows: • Some IP address wants to communicate with Bob, but doesn’t see the IP address. • Sees m. • Since Bob doesn’t use encryption, last server necessarily sees m Introduction

  10. Anonymity: Summary • Proxy server + encryption can provide a degree of anonymity • But what if you can’t trust the proxy server? • Chaining proxy servers provide more protection. • As long as the server don’t collude Introduction

More Related