13. Anonymity protocols Flashcards
What can encryption not hide on the internet?
Routing information
What is anonymity?
A user may user a service or resource without disclosing the users identity
What does 3DC stand for (protocol)?
Three-party dinning cryptographers
What does the 3DS protocol do?
Reveals if the NSA paid or one of the cryptographers (but not which cryptographer)
What is the 3DS protocol?
- Each cryptographer flips a coin and shows it to left neighbour
- Each cryptographer announces if the two coins are same, (if the cryptographer pays he lies)
- odd number of same => NSA paid, even number of same => a cryptographer paid
What makes 3DS protocol impractical?
- requires secure channels between participants to share coin flips
- requires large amounts of randomness
What’s the idea behind Crowds protocol?
Randomly route requests through a crowd of users
How does the Crowds protocol work?
- Initiator picks forwarded from crowd and sends request
- Forwarder sends request either to server or a new forwarder with some probability (and records request)
- Response follows same route
What is the Crowd protocol not resistant against?
An attacker which sees the whole network
How does Chaum’s work?
- Users send messages to a trusted mix server
- Messages are padded and buffered to prevent
- Dummy messages are generated
Why are messages buffered in Chaum’s Mix?
Avoid time correlation attack’s
Why are dummy messages sent in Chaum’s mix?
If the attacker sends n - 1 messages to mix (with capacity n) he can link the sender of the nth message
How can you deal with the problem that some mixes may be corrupted in Chaum’s mix?
Send messages through a sequence of mixes, as long as a single mix is honest you have guaranteed anonymity
What are the limitations of Chaum’s mix?
- Asymmetrical encryption is not efficient
- Dummy messages are inefficient
- Buffering is inefficient
What does onion routing not defend against?
- Attacker that sees the whole network
- End to end timing attacks
How does onion routing work?
- Originator chooses a random chain of nodes
- Originator establishes secret key with entry node, then second node (relayed through entry), till exit node
- Once the chain is complete data can be sent anonymously by encrypting/decrypting with layers of secret keys
How does an end-to-end timing attack work on Tor?
An attacker that controls the entry and exit node can delay a message, if the message was delayed at the exit node then they likely came from the client connecting to the entry node
Why does the client not do DNS requests before onion routing?
Tor works over TCP, DNS is UDP so it would not be anonymous
How does DNS work with Tor?
The exit node performs DNS on the address
What are Tor onion services?
Services that can only be accessed via the Tor network, protecting the anonymity of the user and the server
