CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz Administrative items Midterm next week – Based on everything from last midterm through today Discussion of HW2… Anonymous communication Anonymizers Single anonymizer proxy… How to achieve bidirectional communication – Note: one side need not know the other Anonymizers already exist! – Email – http Anonymizers Issues/drawbacks? – Robustness – Useful for hiding the source from the destination; less useful for preventing full-fledged traffic analysis… • Unless encryption is used, which it typically would not be Possible attacks – Latency vs. timing correlation • 0-latency solution using spurious messages? – One user sending multiple messages to the same server – Message sizes – Replay attacks Onion routing Use multiple servers… Send “onions”; strip off a layer at each hop – Only the initiator knows the entire route! Bidirectional communication? – Routing tables – Reply onions (pre-compute keying material) Security issues? – Payload sizes? (Use random padding) – Forward secrecy – Is it suspicious to contact an onion router? Peer-to-peer anonymizers Every node can act as an onion router! Why does this improve anonymity? Tor All nodes also act as proxies Negotiate pairwise keys between links – Forward secrecy Routes maintained for ~10 minutes, then refreshed Even the initiator does not know the path Mix Nets Useful as a tool within specific protocols – Primarily voting Each mix-net server receives a set of encrypted votes, “randomizes” and permutes them, and forwards then along to the next server – How to prove correctness? Covert channels Anonymous communication is also possible using covert channels – May not even leak the fact that communication is happening at all! – May be a route for communication that is disallowed Examples – Sending a print job – TCP timestamps/sequence numbers – Timeslicing Steganography E.g., embed messages into low-order bits of images More securely, use rejection sampling on any source Kleptography Embed a covert channel (into crypto software/hardware) that leaks the secret key! Known to be possible for standard crypto algorithms…