CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz Administrative items Midterm next week – Based on everything from last midterm through today Zero knowledge (ZK) ZK proofs can offer deniability and secrecy A zero-knowledge protocol for graph 3- colorability Warning: the aim here is simplicity, and many subtleties and details are purposely being ignored Applications of zero-knowledge (Deniable) authentication – Generalization of the protocol we saw last time – Again, many subtleties and details omitted! Anonymous credentials Group signatures/trusted computing Anonymity vs. pseudonymity Anonymity – No one can identify the source of any messages – Unlinkability – cannot even tell that messages originated from the same person Pseudonymity – No one can identify the source of a set of messages… – …but they can tell that they all came from the same person, with a known pseudonym There is a broad scale of achievable anonymity… – Best you can hope for is limited by the network size! Traffic analysis May be possible to learn who is communicating with whom using traffic analysis Typically, even if communication is encrypted the headers are not – Need unencrypted headers for routing How is it possible to communicate anonymously? Anonymous communication You are sitting around a table with n people How do you send an anonymous message to another person? How do you broadcast a message to everyone without revealing your identity? – Linear-round protocol? – Constant-round protocol (DC-nets) Is this secure only for “honest-but-curious” behavior, or also for malicious behavior? Anonymizers Single anonymizer proxy… How to achieve bidirectional communication – Note: one side need not know the other Anonymizers already exist! – Email – http Anonymizers Issues/drawbacks? – Robustness – Useful for hiding the source from the destination; less useful for preventing full-fledged traffic analysis… • Unless encryption is used, which it typically would not be Possible attacks – Latency vs. timing correlation • 0-latency solution using spurious messages? – One user sending multiple messages to the same server – Message sizes – Replay attacks