Strengthening the Anonymity of Anonymous Communication Systems

In this work, we examine why a popular anonymity network, Tor, is vulnerable to timing side-channel attacks. We explore removing this vulnerability from Tor without sacrificing its low-latency which is important for usability. We find that Tor is vulnerable because inter-packet delays propagate along the network path from the source to the destination. This provides an easily detected signature. We explore techniques for making the timing signature either expensive or impossible to detect. If each packet took a unique, disjoint path from source to destination the inter-packet delay signature would be undetectable. Jitter and latency would change packet arrival orders. This is impractical since the overhead for constructing these circuits would be prohibitive. We scaled this idea back to reflect how the BitTorrent protocol creates a large number of possible paths from a small number of nodes. We form a fully connected network with the source, destination, and a small number of nodes. The number of paths through this network from source to destination grows quickly with the addition of each node. Paths do not have to include every node, so the delay of each path is different. By transmitting consecutive packets on different paths, the network delays will mask the inter-packet delay signature

Using Markov Models and Statistics to Learn, Extract, Fuse, and Detect Patterns in Raw Data

Many systems are partially stochastic in nature. We have derived data driven approaches for extracting stochastic state machines (Markov models) directly from observed data. This chapter provides an overview of our approach with numerous practical applications. We have used this approach for inferring shipping patterns, exploiting computer system side-channel information, and detecting botnet activities. For contrast, we include a related data-driven statistical inferencing approach that detects and localizes radiation sources.Comment: Accepted by 2017 International Symposium on Sensor Networks, Systems and Securit

Enhancing The Anonymity Of Electronic Transactions

Πολλοί διαφορετικοί τύποι διαδικτυακών πληρωμών έχουν αναπτυχτεί τις περασμένες δεκαετίες. Μέσα από αυτά τα συστήματα δίνεται η δυνατότητα στις συναλλαγές να πραγματοποιούνται αποτελεσματικότερα από τις παραδοσιακές συναλλαγές. Επίσης, οι συναλλαγές ολοκληρώνονται χωρίς να απαιτείται η χρήση φυσικού χρήματος. Παρόλα αυτά, όλα τα διαδικτυακά συστήματα πληρωμών χρησιμοποιούν υποχρεωτικά μια κεντρική οντότητα, η οποία έχει την δυνατότητα να αντιστοιχίσει μια συναλλαγή στους χρήστες που συμμετέχουν σε αυτή. Από το 2009, ένα νέο και καινοτόμο είδος διαδικτυακών πληρωμών σχεδιάστηκε, γνωστό ως κρυπτονόμισμα. Το συγκεκριμένο μοντέλο επέτρεπε στους πελάτες να πραγματοποιούν συναλλαγές με άλλους χρηστές χωρίς να απαιτείται η παρουσία και η χρήση της κεντρικής οντότητας. Αντίθετα με τα πρότερα συστήματα, στα κρυπτονομίσματα οι συναλλαγές υπογράφονται με κρυπτογραφικές τεχνικές και επιβεβαιώνονται από τα υπόλοιπα άτομα του δικτύου. Εξαιτίας του γεγονότος ότι οι συναλλαγές επιβεβαιώνονται από τους χρηστές του δικτύου και όχι από μια κεντρική οντότητα, κάθε συναλλαγή αποθηκεύεται σε ένα δημόσιο πίνακα. Σε αυτόν τον πίνακα έχουν πρόσβαση όλοι οι χρήστες που αποτελούν μέρος του δικτύου. Για να μπορέσουν τα κρυπτονομίσματα να προσφέρουν μια κάποια μορφή ανωνυμίας, τα σχετικά πρωτόκολλα έχουν σχεδιαστεί με τέτοιο τρόπο ώστε οι χρηστές να αντιπροσωπεύονται από ψευδώνυμα. Όμως η τεχνική αυτή εγγυάται μόνο ότι όταν ένας χρηστής εκκινήσει μια συναλλαγή δεν θα είναι δυνατόν να χάσει την ανωνυμία του, από έναν επιτιθέμενο που παρατηρεί αποκλειστικά αυτή τη συναλλαγή. Σε θεωρητικό επίπεδο, από τη στιγμή που όλες οι συναλλαγές αποθηκεύονται στο δημόσιο πίνακα, οι επιτιθέμενοι μπορούν να παραβιάσουν την ανωνυμία τους εκμεταλλευόμενοι τις υπόλοιπες πληροφορίες που τους παρέχει το δίκτυο. Η εργασία αυτή αναλύει σε βάθος τρόπους για να ενισχύσουμε την ανωνυμία των χρηστών στα δίκτυα των κρυπτονομισμάτων, έτσι ώστε οι επιτιθέμενοι να μην μπορούν να αντιστοιχίσουν συναλλαγές με χρήστες. Η κύρια τεχνική που εξετάζουμε είναι τα mixing services.Many kinds of online payment systems have been invented during the last decades that allow transactions to be implemented in a more efficient way than the traditional purchases. Also, the online payments do not require physical money. Nevertheless, all such systems utilize a central authority that has the ability to link transactions back to payees and payers. Since 2009, a new type of independent online monetary system known as cryptocurrency has emerged, permitting clients and recipients to create transactions that are not controlled by a central entity. Such transactions are cryptographically signed transfers of money from client to recipient confirmed by other peers in a global payment network. Due to the fact that confirmation is offered by peers in the network, rather than a central entity, every transaction has to be recorded on a public ledger. This ledger is accessible from every peer inside the network. To offer some form of anonymity to users in the network, cryptocurrencies like Bitcoin and Ethereum have created their protocols to be pseudo-anonymous. However, this technique only guarantees that a user that generates a transaction cannot be deanonymized if the attacker is observing only one transaction. From a theoretical point of view, since all transactions are visible by peers, attackers can expose the real identities of peers by utilizing other information that is revealed by the network. In this thesis we perform an in depth analysis of ways to enhance anonymity in cryptocurrencies, and make the de-anonymization of the peers participating in the corresponding network impossible or at least very hard. The main way to achieve this is through mixing services

Security and Privacy in the Internet of Things

The Internet of Things (IoT) is an emerging paradigm that seamlessly integrates electronic devices with sensing and computing capability into the Internet to achieve intelligent processing and optimized controlling. In a connected world built through IoT, where interconnected devices are extending to every facet of our lives, including our homes, offices, utility infrastructures and even our bodies, we are able to do things in a way that we never before imagined. However, as IoT redefines the possibilities in environment, society and economy, creating tremendous benefits, significant security and privacy concerns arise such as personal information confidentiality, and secure communication and computation. Theoretically, when everything is connected, everything is at risk. The ubiquity of connected things gives adversaries more attack vectors and more possibilities, and thus more catastrophic consequences by cybercrimes. Therefore, it is very critical to move fast to address these rising security and privacy concerns in IoT systems before severe disasters happen. In this dissertation, we mainly address the challenges in two domains: (1) how to protect IoT devices against cyberattacks; (2) how to protect sensitive data during storage, dissemination and utilization for IoT applications. In the first part, we present how to leverage anonymous communication techniques, particularly Tor, to protect the security of IoT devices. We first propose two schemes to enhance the security of smart home by integrating Tor hidden services into IoT gateway for users with performance preference. Then, we propose a multipath-routing based architecture for Tor hidden services to enhance its resistance against traffic analysis attacks, and thus improving the protection for smart home users who desire very strong security but care less about performance. In the second part of this dissertation, we explore the solutions to protect the data for IoT applications. First, we present a reliable, searchable and privacy-preserving e-healthcare system, which takes advantage of emerging cloud storage and IoT infrastructure and enables healthcare service providers (HSPs) to realize remote patient monitoring in a secure and regulatory compliant manner. Then, we turn our attention to the data analysis in IoT applications, which is one of the core components of IoT applications. We propose a cloud-assisted, privacy-preserving machine learning classification scheme over encrypted data for IoT devices. Our scheme is based on a three-party model coupled with a two-stage decryption Paillier-based cryptosystem, which allows a cloud server to interact with machine learning service providers (MLSPs) and conduct computation intensive classification on behalf of the resourced-constrained IoT devices in a privacy-preserving manner. Finally, we explore the problem of privacy-preserving targeted broadcast in IoT, and propose two multi-cloud-based outsourced-ABE (attribute-based encryption) schemes. They enable the receivers to partially outsource the computationally expensive decryption operations to the clouds, while preventing attributes from being disclosed

TorSNIP Hidden Service Proxy with End-to-End Security

The onion router (Tor) is a software that provides an opportunity to access the blocked content over the Internet. It also provides anonymity to its users with the help of a protocol called Hidden Service (HS) protocol. It provides the ability to the users to conduct confidential communication without the possibility of getting trace back. It allows the operators to publish anonymous content without compromising their anonymity. The ‘.onion’ address can only be accessed using Tor browser. To access the HS with a regular Internet browser, for example, Google Chrome, Firefox etc., a service called Tor2web is used. It is a proxy server, which receives the user’s request and forwards it to the targeted HS. The main issue identified in this service is that the service is not end-to-end secure and is prone to various attacks including content injection and content modification. One of the possible solutions to this problem is to make an HTTPS connection directly to the onion site, rather than decrypting the packet at the intermediate node. This could make the communication secure from the user’s browser until termination at the onion site i.e. makes it end-to-end secure. This is achievable with the deployment of TLS’s Server Name Indication (SNI), which identifies the server name in the initial request. The idea is to register a domain name and add an ‘A’ and ‘AAAA’ records and get a valid certificate from the certificate authority. Then create a hidden service and obtain its onion address. Map an onion:domain address and obtain a valid certificate for it. Modify the SNI script file according to the requirements and update the ‘Table’ field in the script. Finally, choose a virtual port and delegate the onion service name and all subsequent packets to the targeted hidden service

Improving the Tor Hidden Service Protocol Aiming at Better Performances

Offering services anonymously on the Internet using so-called location-hidden services requires complex protocols with many different nodes involved. These properties result in performance problems, e.g. a simple website request taking tens of seconds. This work describes a setup to measure the performance of hidden services using the worldwide Tor network. It analyzes the results and proposes changes to the protocol to improve the performance without losing anonymity

Message in a bottle: Sailing past censorship

Exploiting recent advances in monitoring technology and the drop of its costs, authoritarian and oppressive regimes are tightening the grip around the virtual lives of their citizens. Meanwhile, the dissidents, oppressed by these regimes, are organizing online, cloaking their activity with anti-censorship systems that typically consist of a network of anonymizing proxies. The censors have become well aware of this, and they are systematically finding and blocking all the entry points to these networks. So far, they have been quite successful. We believe that, to achieve resilience to blocking, anti-censorship systems must abandon the idea of having a limited number of entry points. Instead, they should establish first contact in an online location arbitrarily chosen by each of their users. To explore this idea, we have developed Message In A Bottle, a protocol where any blog post becomes a potential “drop point ” for hidden messages. We have developed and released a proof-of-concept application using our system, and demonstrated its feasibility. To block this system, censors are left with a needle-in-a-haystack problem: Unable to identify what bears hidden messages, they must block everything, effectively disconnecting their own network from a large part of the Internet. This, hopefully, is a cost too high to bear.

Hardening Tor Hidden Services

Tor is an overlay anonymization network that provides anonymity for clients surfing the web but also allows hosting anonymous services called hidden services. These enable whistleblowers and political activists to express their opinion and resist censorship. Administrating a hidden service is not trivial and requires extensive knowledge because Tor uses a comprehensive protocol and relies on volunteers. Meanwhile, attackers can spend significant resources to decloak them. This thesis aims to improve the security of hidden services by providing practical guidelines and a theoretical architecture. First, vulnerabilities specific to hidden services are analyzed by conducting an academic literature review. To model realistic real-world attackers, court documents are analyzed to determine their procedures. Both literature reviews classify the identified vulnerabilities into general categories. Afterward, a risk assessment process is introduced, and existing risks for hidden services and their operators are determined. The main contributions of this thesis are practical guidelines for hidden service operators and a theoretical architecture. The former provides operators with a good overview of practices to mitigate attacks. The latter is a comprehensive infrastructure that significantly increases the security of hidden services and alleviates problems in the Tor protocol. Afterward, limitations and the transfer into practice are analyzed. Finally, future research possibilities are determined