CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz

advertisement
CMSC 414
Computer and Network Security
Lecture 21
Jonathan Katz
Administrative items
 Midterm next week
– Based on everything from last midterm through today
 Discussion of HW2…
Anonymous communication
Anonymizers
 Single anonymizer proxy…
 How to achieve bidirectional communication
– Note: one side need not know the other
 Anonymizers already exist!
– Email
– http
Anonymizers
 Issues/drawbacks?
– Robustness
– Useful for hiding the source from the destination; less
useful for preventing full-fledged traffic analysis…
• Unless encryption is used, which it typically would not be
 Possible attacks
– Latency vs. timing correlation
• 0-latency solution using spurious messages?
– One user sending multiple messages to the same server
– Message sizes
– Replay attacks
Onion routing
 Use multiple servers…
 Send “onions”; strip off a layer at each hop
– Only the initiator knows the entire route!
 Bidirectional communication?
– Routing tables
– Reply onions (pre-compute keying material)
 Security issues?
– Payload sizes? (Use random padding)
– Forward secrecy
– Is it suspicious to contact an onion router?
Peer-to-peer anonymizers
 Every node can act as an onion router!
 Why does this improve anonymity?
Tor
 All nodes also act as proxies
 Negotiate pairwise keys between links
– Forward secrecy
 Routes maintained for ~10 minutes, then refreshed
 Even the initiator does not know the path
Mix Nets
 Useful as a tool within specific protocols
– Primarily voting
 Each mix-net server receives a set of encrypted
votes, “randomizes” and permutes them, and
forwards then along to the next server
– How to prove correctness?
Covert channels
 Anonymous communication is also possible using
covert channels
– May not even leak the fact that communication is
happening at all!
– May be a route for communication that is disallowed
 Examples
– Sending a print job
– TCP timestamps/sequence numbers
– Timeslicing
Steganography
 E.g., embed messages into low-order bits of
images
 More securely, use rejection sampling on any
source
Kleptography
 Embed a covert channel (into crypto
software/hardware) that leaks the secret key!
 Known to be possible for standard crypto
algorithms…
Download