Ways to reduce the risks - PowerPoint Presentation

Slide1

Ways to reduce the risks of Crowds and further study of web anonymity

By:

Manasi

N PradhanSlide2

We have seen the paper ‘Crowds: Anonymity for web transactions’ by Michael K. Reiter and

Aviel

Rubin.

Problem trying to solve:

We will see particular limitations of crowds and try to propose an effective way to reduce the probability of these limitations being exploited by the attackers. We

ll

also look briefly at some other methods in use that provide anonymity over the web.

Approach:

As mentioned in the proposal, I am mainly

researching paper related to crowds. Finding if other methods to counter these limitations are proposed and study them. Making a unifying report of the

crowds and related works,

and suggesting different ways to increase the anonymity provided by the crowds.

Also, papers related to Anonymizer, TOR, Tarzan are taken into consideration. Slide3

CROWD SECURITY- ATTACKSLocal Eavesdropper:

With local eavesdropper, the sender anonymity is exposed as message in is not equal to message out. If the local eavesdropper collaborated with other

jondos

, tracking a particular message will be easy. If the attacker is lucky enough, even the receiver web server will be known.

Suggested solution

: If the senders send dummy messages in a random manner, the local eavesdroppers while collaborating with the other

jondos

, can be thrown off their trail. (

the local eavesdropper will still sense that the message is sent).

Maybe the dummy messages will not be directed to the web servers at all, merely the address of some other

jondo

is given in the destination address. As a result, the message will go in a loop to some intermediate

jondo

. This can also confuse the global passive adversary. (But paths are not dynamic. What to do?)Slide4

CROWD SECURITY- ATTACKS

Collaborating

jondos

:

With collaborating

jondos

, the main goal is to expose the sender, but they can only suspect the previous

jondo

, unless the sender is explicitly mentioned in the plain text. Also, as the address of the end server is known to the

jondos

, the end server is exposed to the attacker.

Suggested solution:

There can be one more layer of protection before the web servers, called as end

jondos

. Instead of writing the address of the end servers, the address of these

jondos

are mentioned in the destination addresses. The address of the end server is also added, but is encrypted by the end

jondo’s

public key. This

jondo

can decrypt the address of the end server and can forward the message. (The anonymity of end server is still threatened by local eavesdropper attacking the end

jondo

as it will forward the message with probability of 1 and not flip the coin)Slide5

CROWD SECURITY- ATTACKS

Other types of attacks:

Active attacks by collaborating

jondos

like changing the requests to the web server

Denial of service attacks

But these attacks do not affect the anonymity directly.

Firewalls too pose a problem.

Brief Review of improves on this related research:

Anonymizer

LPWA- Lucent Personalized Web Assistant

TOR- The Onion Routing

Tarzan : A peer to peer approach to web anonymitySlide6

http://avirubin.com/crowds.pdf

http://www.csl.mtu.edu/cs6461/www/Slide/Crowds.pdf

http://people.cs.vt.edu/~kafura/cs6204/Presentations/Slides/Crowds.pdf

https://en.wikipedia.org/wiki/Anonymizer

http://theory.stanford.edu/~matias/papers/lpwa-cacm.pdf

Michael J. Freedman, Robert Morris. 

Tarzan: A Peer-to-Peer Anonymizing Network Layer

.http://freehaven.net/anonbib/cache/tarzan:ccs02.pdf

RESOURCES AND REFERENCES: