of Crowds and further study of web anonymity By Manasi N Pradhan We have seen the paper Crowds Anonymity for web transactions by Michael K Reiter and Aviel Rubin Problem trying to solve ID: 419683
Download Presentation The PPT/PDF document "Ways to reduce the risks" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Ways to reduce the risks of Crowds and further study of web anonymity
By:
Manasi
N PradhanSlide2
We have seen the paper ‘Crowds: Anonymity for web transactions’ by Michael K. Reiter and
Aviel
Rubin.
Problem trying to solve:
We will see particular limitations of crowds and try to propose an effective way to reduce the probability of these limitations being exploited by the attackers. We
ll
also look briefly at some other methods in use that provide anonymity over the web.
Approach:
As mentioned in the proposal, I am mainly
researching paper related to crowds. Finding if other methods to counter these limitations are proposed and study them. Making a unifying report of the
crowds and related works,
and suggesting different ways to increase the anonymity provided by the crowds.
Also, papers related to Anonymizer, TOR, Tarzan are taken into consideration. Slide3
CROWD SECURITY- ATTACKSLocal Eavesdropper:
With local eavesdropper, the sender anonymity is exposed as message in is not equal to message out. If the local eavesdropper collaborated with other
jondos
, tracking a particular message will be easy. If the attacker is lucky enough, even the receiver web server will be known.
Suggested solution
: If the senders send dummy messages in a random manner, the local eavesdroppers while collaborating with the other
jondos
, can be thrown off their trail. (
the local eavesdropper will still sense that the message is sent).
Maybe the dummy messages will not be directed to the web servers at all, merely the address of some other
jondo
is given in the destination address. As a result, the message will go in a loop to some intermediate
jondo
. This can also confuse the global passive adversary. (But paths are not dynamic. What to do?)Slide4
CROWD SECURITY- ATTACKS
Collaborating
jondos
:
With collaborating
jondos
, the main goal is to expose the sender, but they can only suspect the previous
jondo
, unless the sender is explicitly mentioned in the plain text. Also, as the address of the end server is known to the
jondos
, the end server is exposed to the attacker.
Suggested solution:
There can be one more layer of protection before the web servers, called as end
jondos
. Instead of writing the address of the end servers, the address of these
jondos
are mentioned in the destination addresses. The address of the end server is also added, but is encrypted by the end
jondo’s
public key. This
jondo
can decrypt the address of the end server and can forward the message. (The anonymity of end server is still threatened by local eavesdropper attacking the end
jondo
as it will forward the message with probability of 1 and not flip the coin)Slide5
CROWD SECURITY- ATTACKS
Other types of attacks:
Active attacks by collaborating
jondos
like changing the requests to the web server
Denial of service attacks
But these attacks do not affect the anonymity directly.
Firewalls too pose a problem.
Brief Review of improves on this related research:
Anonymizer
LPWA- Lucent Personalized Web Assistant
TOR- The Onion Routing
Tarzan : A peer to peer approach to web anonymitySlide6
http://avirubin.com/crowds.pdf
http://www.csl.mtu.edu/cs6461/www/Slide/Crowds.pdf
http://people.cs.vt.edu/~kafura/cs6204/Presentations/Slides/Crowds.pdf
https://en.wikipedia.org/wiki/Anonymizer
http://theory.stanford.edu/~matias/papers/lpwa-cacm.pdf
Michael J. Freedman, Robert Morris.
Tarzan: A Peer-to-Peer Anonymizing Network Layer
.http://freehaven.net/anonbib/cache/tarzan:ccs02.pdf
RESOURCES AND REFERENCES: