Professional Documents
Culture Documents
1 Introduction 1
1.1 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Overview 2
3 Web Proxies 4
5 Onion Routing 9
6 Crowds 11
7 Evaluation 13
8 Conclusion 15
ii
List of Figures
iii
Acknowledgments
I’m pleased to thank Dr. Chamath Keppetiyagama for the guidance he
gave me as the supervisor and very helpful discussions. Also I would like
thank Dr. H.L.Premarathna, the coordinator of this course module for giv-
ing us the useful tips and sample latex codes. And Mr. Malik Silva for
conducting latex sessions for us to improve our knowledge. Finally I like to
thank every one who have supported me to make this survey a success.
iv
Chapter 1
Introduction
With the growth of the internet, business organizations have identified the
greater potential in online businesses. As a result of that many companies
have their own online stores and number of people who purchase goods via
the internet are increased. With this growth cyber criminals who steal per-
sonal information and tracking online activities are also increasing. Hence
people need to be more careful when exposing or giving out any personal
information about them. The most important thing is internet users are
looking for privacy even in the unsafe internet. Therefore a reliable anony-
mous communication system on internet is really important.
1.1 Outline
The rest of the report is organized in the following way: Chapter 2 presents
an overview about the anonymous communication. Chapter 3 describes the
Web Proxies. Chapter 4 describes the Mix[2] based system. Chapter 5
describes the architecture Onion Routing[3] which is based on the virtual
circuits. Chapter 6 describes the Crowds[4] anonymous system. Chapter 7
presents the Evaluation and Chapter 8 presents some concluding remarks.
1
Chapter 2
Overview
1. Sender Anonymity.
2. Receiver Anonymity.
2. Relationship Unobservability.
1. Web Proxies.
2
2. MIX Based Systems.
For the category type 3, I’ll talk about Onion Routing[3] and Crowds[4]
anonymous communication Systems.
3
Chapter 3
Web Proxies
Many internet users are now looking for services which provide anonymous
browsing on the web. Currently there can be found a number of different
services which claim to provide anonymous browsing. Some of them are
free services and some are paid, with more or fewer features. Among these
systems simplest anonymizing system will be Proxy browsing since no addi-
tional softwares need to download and fewer configurations.
• Anonymizer - http://www.anonymizer.com
• the-Cloak - http://www.the-cloak.com
• Proxify.com - http://www.proxify.com
• Proxy.org - http://www.proxy.org
Figure 3.1 shows the operation of a web proxy and Let’s see how can we
achieve sender anonymity from the receiver using a single-hop proxy.
3. The web server replies with sending an HTML document to the Proxy.
4
Figure 3.1: Functionality of a Single-Hop Proxy
4. The proxy will first rewrite all the links in that document so that they
will point back to the proxy instead of the web server. Finally it sends
the document back to the user with all links rewritten.
Lets see what is happing in the link rewriting(See [5] for more informa-
tion). As an example, I’ll consider the free service of the anonymizer.com.
A link to http://www.news.lk/BreakingNews will rewritten to,
http://anon.free.anonymizer.com/http://www.news.lk/BreakingNews.
Apart from hiding the user’s IP address from the web server proxies pro-
vide some extra functionalities. Some of these are,
Filtering cookies, Filtering or rewriting JavaScripts, Filtering advertisements
and banners and Faking the HTTP user agent field in the HTTP header
(user’s OS and browser information will not reveal.)
Proxies only provide Sender anonymity from the receiver if the proxy
itself remains uncompromised. But a Caching Proxy[5] (extension of a web
proxy) will be able to provide sender and receiver unlikability property. In
most of the free proxies the connection between the user and the proxy
is not encrypted. Hence an attacker may be able analyze the web traffic.
Therefore when you are using a web proxy for anonymous web browsing, be
careful whether it provides a encrypted connection or not.
5
Chapter 4
One of the common vulnerabilities in the proxy browsing was traffic anal-
ysis attack. But there exist a system called Mix[2] which is not vulnerable to
this attack. The concept of a Mix was first introduced by David Chaum in
1981. A MIX is simply a computer connected via the internet which actually
is an enhanced proxy. A Mix is empowered to use public key cryptography
to achieve anonymity properties. In order to connect to a Mix the user must
use another proxy so that all the communications with the Mix is carried
out by this proxy. For example, Key exchanges, message encryption and
decryption are done by the proxy deployed in the user’s computer.
6
Figure 4.1: Functionality of a Mix
Figure 4.1 illustrates the functionality of a Mix node and how can we
achieve sender and receiver anonymity. Notations used in Figure 4.1,
7
The use of Mixes in anonymous communication is really important when
designing an anonymous e-mail system because, using Mixes and public
key cryptography we can generate an untraceable return address so that
recipient can sends back a response without the real address of the sender.
Usually Mixes are used in a sequence called Mix cascade. Therefore even
if all the Mixes are compromised except one, that uncompromised Mix is
enough to provide anonymous communication properties. Because of these
robust properties in Mixes most of the anonymous communication systems
are extensions of Mix-nets. For example Web Mixes[6] is an extension of the
Mixes and it can be used for anonymous web browsing.
8
Chapter 5
Onion Routing
In this approach Initiator’s proxy selects a path through the network to the
Responder’s proxy and builds a virtual circuit using layered objects called
”Onions”(Hence the name Onion Routing). The Onion is a data packet
which is encrypted using a sequence of Keys which are the session key and
the public key of each Routing Node along that path. Each layer of a Onion
contains session keys and the address of the next node in the virtual circuit.
Since the circuit is built upon several servers and this layered encryption,
each Routing Node knows its previous and next nodes and no other nodes
in that virtual circuit. Onions which, flow down the circuit are fixed-size
cells, which are unwrapped by the session key at each node(like peeling off
the layers of an onion). When the circuit is broken these session keys are
destroyed.
9
Figure 5.1: Onion Routing Network
10
Chapter 6
Crowds
In this section I’ll talk about another system which is totally different
in the operation than previously discussed systems. The approach is based
on the concept of being in a ”Crowd” (hence the name). It operates by
forming a large group of users whose locations may even be geographically
different(for better anonymity it must be). These users in the group col-
lectively issues requests on behalf of each other so that one user’s actions
are hidden within many other users’ actions. The users issue web requests
to different web servers and receive replies from them. Hence the users are
the ”Senders” and web servers are the ”Receivers”. The Crowds basically
provides sender’s anonymity from the receivers and attackers.
In order to use the system for web browsing, a user must first join to
a crowd of many users. A user is represented in the crowd by a special
proxy running on the user’s computer called a ”Jondo”. When the user
starts the Jondo on his computer it contacts a special server called the
”Blender”(which manages the crowds membership) to request the permis-
sion to enter the crowd. If permission granted, the Blender replies with all
the necessary information that would enables this Jondo to join the crowd.
The user’s Jondo acts as a simple proxy between the browser and the web
server which will remove identity information from the HTTP header before
sending the request to another Jondo. All the communications between the
Jondos are encrypted using a shared key called ”path key” which is created
by the Jondo who initiate the path. And this key is shared among all the
Jondos on a path. Therefore an outside observer won’t be able to find out
the content of a web request or reply, and the identity of the sender. But it
is obvious that an attacker who has the control of his own Jondo can decrypt
the content. But he also won’t be able to figure out who is the initiator of
the request.
11
Figure 6.1: Paths in a Crowd
Figure 6.1 illustrates the paths that will be established when the users’
requests are sent to web servers. On the other hand server replies will send
back along this path on the reverse order.
When a user request a document from a web server the request is first
sent to a randomly chosen member(Jondo) in the crowd. That member may
either submit the request directly to the end server or forward it to another
randomly chosen member. When the web request is ultimately submitted
to the web server, it is submitted by a random member. Therefore the web
server cannot identify the real initiator of the web request because it seems
to be originated from any member in the crowd. Apart from that even a
fellow crowd member cannot identify the true initiator of a request because
his predecessor may be just forwarding the request on behalf of another.
12
Chapter 7
Evaluation
Figure 7.1 present the level of anonymity provided by each system that
I have discussed earlier. According to the table Mix nets and Onion Rout-
ing provides better anonymity level than Crowds and Proxies does. On
the other hand Mix-nets and Onion Routing consumes a lot of bandwidth
for generating cover traffic and increase the CPU work load by number of
encryptions and decryptions. A user must therefore find the right balance
between the usability and the level of security provided by a system.
Among the solutions which can be found in the literature, some of them
even don’t have a proper usable implementation. The designer deploys a
prototype and he keeps it running for quite some time and suddenly the
13
system is no longer available. And in some cases the system can be used
but attackers have found vulnerabilities and no design updates or new ver-
sions are coming. Therefore the system cannot be trusted anymore. Some
times commercial systems are the only available anonymity systems. So
the internet users have a problem of finding a usable, reliable and available
solution.
14
Chapter 8
Conclusion
There are some systems whose level of security provided is quite remark-
able. As a result of that even the Lawful authorities are unable to figure
out the origin of some illegal activities. For example, some people have used
these systems to send e-mails which contain child pornography and the au-
thorities were unable to track who send these e-mails. In the worst case
scenario thieves, smugglers and terrorists will use these systems to carry
out their dirty work. In a system like caching proxy[5], the legality is yet
to be determined because the system stores the copyrighted contents other
than in the original location. Like in the many scientific innovations, these
systems also have negative outcomes as well as positive outcomes.
References
[4] Michael Reiter and Aviel Rubin. Crowds: Anonymity for web transac-
tions. International Workshop on Information Hiding, 1(1):66–92, 1998.
Cambridge, UK.
[5] Anna M. Shubina and Sean W. Smith. Using caching for browsing
anonymity. ACM SIGecom Exchanges, 4(2), September 2003.
[6] Hannes Federrath, Oliver Berthold and Stefan Köpsell. Web mixes: A
system for anonymous and unobservable internet access. Workshop on
Design Issues in Anonymity and Unobservability, 2001. Springer-Verlag,
Heidelberg.
[7] Paul Syverson, Roger Dingledine and Nick Mathewson. Tor: The second-
generation onion router. Technical report, Tor Documentation.
16