Shaahin Madani
RMIT University
18 February 2011
[email protected]
Routing in Internet

 every packet has as distinct sender and receiver
 IP addresses make everyone traceable
 communicating parties know each other
 all the routers know communicating parties
 the same for any eavesdropper!
 encryption does not hide identities
What Can Go Wrong?

 user habits are known to many parties
 ISP, Service Provider, Governments ...
 behavior profiles can be created
 communicating parties may need to be anonymous
 anonymous publishing, blogging (Wikileaks...)
 anonymous email services
 censorship is very easy
Existing Solutions

 Single-hop proxies
 Anonymizer: www.anonymizer.com
 Glype Proxy Script: www.glype.com
 VPN connections: www.strongvpn.com
 Anonymous Communication Networks
 Tor: P2P, TCP-based, with largest user base
 Freenet: censorship-resistant distributed file system
 I2P, GNUnet, Bunzilla, iMule, Phantom, Crowds ...
Tor: The Onion Router

 an Overlay Network
 Onion: multiple layers of encryption
anonymized
node
SSL+onion protected
4 layers
unprotected
channel
Internet
relay nodes
geographically distributed
exit-node
Problems with Tor

 Onion layers (typically 3 layers)
 3 layers of encryption
 nodes on the path must perform (per message):
1.
2.
SSL decryption and encryption
asymmetric decryption/encryption
 process intensive and very slow
 geographically spread nodes
 fixed algorithm: no trade off between more secure
and higher communication speed
Distributed Routing

SSL+symmetric encryption
2 layers
anonymized
node
unprotected
channel
2
1
4
5
3
dissembler
relay nodes
no geo distribution
assembler node
exit-node
Internet
A Real Example

assembler node
anonymized
node
Internet
assembler node
exit-node
unprotected
channel
Dis-/As-semble Traffic

 Unlimited algorithms may be employed
Various Roles

 each node in the network may be:





Traffic Dissembler
Traffic Assembler
Router (basic Dissembler)
User
Exit-node
 each node may have multiple roles
 this causes uncertainty for the attacker
Discussion

 communicating parties’ anonymity is preserved
 traffic analysis is made substantially more tedious
 Tor is one variation of dissembler
 suitable for users with different needs:




Simple routing for high speed
Geographical distribution for more security
Cover traffic, padding, mixing, all are dissembling
User customizable dissembler
Questions?
