Crack The Code

Anonymous Communications Systems

By David Phillips

June 4, 2009

 

            Anonymous communication systems seek to obscure the end-points of communication while a data packet is in route from a sender to a receiver.  Consider the following example:

 

 

Host A sends the message “Hello Host B” to Host B.  Along the way, Host C is eavesdropping on the communication channel and notices that Host A just sent a “Hello Host B” message to Host B.  At the receiving end, Host B sees that Host A just sent it a “Hello Host B” message.

 

In the previously described scenario, the message contains a source address, a destination address and some data.  Anyone who looks at the message can determine who sent the message, where the message is going, and what it data it contains (assuming no encryption is in use).

 

Anonymous communication systems attempt to blur the information being exchanged so that the original sender and receiver difficult to ascertain.

 

 

In the anonymous communication system, Host A sends out the message “Hello Host B” to somewhere in the network where it is bounced around from host to host until it finally arrives at Host B.  Host B will see the message that A sent, but it does not know that A was the original sender of the message because the actual message arrived from someplace other than A.  Host C is sniffing the packets and sees A originate the message, but it is unable to determine whether or not A actually originated the message to the final end point or whether it was just forwarding the message from another machine.

The Crowds anonymity system attempts to provide anonymity to web transactions by forming large groups of computers called “crowds” that exchange messages back and forth on behalf of one-another.  The effect is to blend messages into the crowd such that ascertaining the original sender is very hard.

 

            Crowds works via a central server called the “blender” that services computers that are participating in the crowd.  Each participant computer is running an application called a ‘Jondo’ (as in John Doe).  When the Jondo starts up, it contacts the blender and registers itself as a member of the crowd.  The blender sends out a broadcast to all of its registered Jondos that a new Jondo has entered the crowd.  All of the participating Jondos keep track of the other Jondos.  If A wants to send a message to B, it flips a coin.  If the coin is heads then A selects a random Jondo ‘R’ from its list and forwards the message to it.  If the coin lands as tails then A would just send the message directly to B.  In the case of forwarding, the selected Jondo R will receive the message from A and flip a coin.  If tails, R will forward the message to another random Jondo in the network, otherwise it will forward the message directly to B.  The process repeats itself until someone eventually forwards the message to B.  From B’s perspective, the message that it receives is just as likely to have been originated by any computer in the crowd since it only knows who gave it the message (not who initiated the message).  Likewise, an eavesdropper sniffing messages from the communication channel has no way of concluding that A was initiating a message to R or if it was just forwarding a message to R on behalf of another computer in the crowd.  The circular design of the system prevents any of the computers (even crowd members) from knowing who the original initiator of the message is.

 

            Crowds can be easily foiled if the originating host reveals itself to the end-server by opening a direct connection via a Java Applet or ActiveX type of plugin.  Thus, it is recommended that users of crowds disable these features of their browsers to prevent being revealed.  It can also be susceptible to Denial of Service attacks if a member of the crowd becomes corrupted and refuses to forward the messages that it receives from other members.  There is also the possibility of rogue crowd members compromising data integrity by modifying the content of the messages that they forward.  It also cannot protect against a “local eavesdropper” who can see the local host send out a message without first receiving a message and then conclude that its host is the message originator.

 

            The Onion Routing (Tor) system consists of a group of “Onion Router” computers that accept and forward messages that are encrypted in multiple layers to form a shape similar to an onion.

 

 

            Each message is originated at a host and transmitted to the destination host via a series of proxy servers.  The sending host begins by selecting a group of proxy routers that will function as the path from the sender to the receiver.  Each router in the path has a public key associated with it.  The sender host generates a message for each router in the path that contains information for that router, such as which node is next in the path, as well as the symmetric key that will be used to encrypt/decrypt the message content intended for that router.  Each message is encrypted with the corresponding public key of each router and the messages are then sent.  The routers receive their messages and decrypt them with their private keys; the path from the sender to the receiver is then considered to be established.

 

            The next step is for the sender to prepare the message that it wants to send to the host.  It begins by encrypting the message with the symmetric keys that were sent to the routers along the path during the path-establishment step.  The message is first encrypted with the symmetric key of the last router in the path and then re-encrypted with the symmetric key of the second-to-last router in the path.  The process is repeated until the message is finally re-encrypted with the symmetric key of the first router in the path.  The original message has now been encrypted multiple times.  In order to extract the original message, the encrypted message (called ‘the onion’) is then sent to the first router along the path which decrypts the message with the symmetric key that it received during the establishment step.  The router then sends the message to the next router in the path (which it was given during the establishment step).  The second router in the path receives the message and decrypts it with the symmetric key that it received during the establishment step and forwards the message to the next router in the path.  The process repeats until the message finally arrives at the final router in the path where it is decrypted with the final symmetric key and then forwarded to the destination host.

 

            The sender and the receiver achieve anonymity because each proxy along the path can only determine which node sent the message to it which may or may not be the host that originated the message.  An attacker would need to compromise all nodes along the path in order to re-construct the path and determine the original sender and receiver.  Privacy is achieved because the message is encrypted in many different layers and each node only has enough information to decrypt a single layer.  Thus an attacker cannot decrypt the message unless they compromise all of the symmetric keys being used by tge routers along the path. 

 

Tor does not protect against “local eavesdroppers” which is an attacker who is monitoring a single node to see if messages are sent or received.  Furthermore, an attacker can monitor the time elapsed between when a single router receives a message and how soon it later sends a message.  If there is a very short time period between a message received and a message sent, the attacker might conclude that a message is being forwarded.  To counter this timing analysis threat, an onion router might wait for a random period of time before it forwards message.  Attackers can also monitor the state of the onion routers on the network and watch as routers join and leave the network and use the information determine which routers are likely along the path of a session that is still open and functioning (knowing that the recently joined/left nodes could not be on the path).  Attacks can also deduce information about the path if they are able to compromise one of the nodes in the path and watches as new communication sessions are established over and over again by the same host with same destination, the compromised node will often see the first router in the path if it performs a historical analysis of the traffic and be able to deduce who the originated host is by performing further traffic analysis.  Also, the final node in the path is able to decrypt the original message into plaintext before transmitting to the destination host.  Therefore, if an attacker is able to compromise the final node in the path then they will be able to see the entire content of the sent message.  Therefore, Tor is typically not used to send highly sensitive information.

 

Sources

 

http://en.wikipedia.org/wiki/Secure_communication

http://en.wikipedia.org/wiki/Anonymous_P2P

http://en.wikipedia.org/wiki/Crowds

http://en.wikipedia.org/wiki/Onion_routing

http://en.wikipedia.org/wiki/Tor_(anonymity_network)