Privacy at the communication layer

Similar documents
DELIS-TR Provable Unlinkability Against Traffic Analysis already after log(n) steps!

Security in Sensor Networks. Written by: Prof. Srdjan Capkun & Others Presented By : Siddharth Malhotra Mentor: Roland Flury

Wireless Network Security Spring 2016

Lecture 23: Media Access Control. CSE 123: Computer Networks Alex C. Snoeren

Mathematical Problems in Networked Embedded Systems

Secure Distributed Computation on Private Inputs

So Near and Yet So Far: Distance-Bounding Attacks in Wireless Networks

Wireless Network Security Spring 2011

CS 261 Notes: Zerocash

Reliable and Efficient RFID Networks

Wireless ad hoc networks. Acknowledgement: Slides borrowed from Richard Y. Yale

Ultra-Low Duty Cycle MAC with Scheduled Channel Polling

Juan Garay (Yahoo Labs) Clint Givens (Maine School of Science and Mathematics) Rafail Ostrovsky (UCLA) Pavel Raykov (ETH)

- A CONSOLIDATED PROPOSAL FOR TERMINOLOGY

Lecture 8: Media Access Control. CSE 123: Computer Networks Stefan Savage

CS434/534: Topics in Networked (Networking) Systems

Analysis of Workflow Graphs through SESE Decomposition

Achieving Network Consistency. Octav Chipara

Wireless Network Security Spring 2014

Introduction to Algorithms / Algorithms I Lecturer: Michael Dinitz Topic: Algorithms and Game Theory Date: 12/4/14

DEEJAM: Defeating Energy-Efficient Jamming in IEEE based Wireless Networks

Wireless Sensor Networks

BMT 2018 Combinatorics Test Solutions March 18, 2018

Ad Hoc Networks - Routing and Security Issues

Understanding and Mitigating the Impact of Interference on Networks. By Gulzar Ahmad Sanjay Bhatt Morteza Kheirkhah Adam Kral Jannik Sundø

From Shared Memory to Message Passing

Link State Routing. Brad Karp UCL Computer Science. CS 3035/GZ01 3 rd December 2013

Robust Key Establishment in Sensor Networks

Time Iteration Protocol for TOD Clock Synchronization. Eric E. Johnson. January 23, 1992

Public-key Cryptography: Theory and Practice

AS-MAC: An Asynchronous Scheduled MAC Protocol for Wireless Sensor Networks

Distributed Engineered Autonomous Agents : Satoshi Fantasy

Grundlagen der Rechnernetze. Introduction

Summary of Basic Concepts

Lecture 28: Applications of Crypto Protocols

DIY Pencil-and-Paper Encryption

Solution Paper: Contention Slots in PMP 450

Basic Communication Operations (cont.) Alexandre David B2-206

Block Ciphers Security of block ciphers. Symmetric Ciphers

Design of an energy efficient Medium Access Control protocol for wireless sensor networks. Thesis Committee

Link State Routing. Stefano Vissicchio UCL Computer Science CS 3035/GZ01

M U LT I C A S T C O M M U N I C AT I O N S. Tarik Cicic

Cognitive Wireless Network : Computer Networking. Overview. Cognitive Wireless Networks

Pseudorandom Number Generation and Stream Ciphers

Computer Networks. Week 03 Founda(on Communica(on Concepts. College of Information Science and Engineering Ritsumeikan University

Lecture 8: Media Access Control

Wireless Network Security Spring 2015

Wireless Communication

CS649 Sensor Networks IP Lecture 9: Synchronization

Low-Latency Multi-Source Broadcast in Radio Networks

Cellular systems 02/10/06

A Message Scheduling Scheme for All-to-all Personalized Communication on Ethernet Switched Clusters

VP3: Using Vertex Path and Power Proximity for Energy Efficient Key Distribution

Prevention of Selective Jamming Attack Using Cryptographic Packet Hiding Methods

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Background: Cellular network technology

Cryptography s Application in Numbers Station

Cooperation in Random Access Wireless Networks

From Wireless Network Coding to Matroids. Rico Zenklusen

A 32 Gbps 2048-bit 10GBASE-T Ethernet Energy Efficient LDPC Decoder with Split-Row Threshold Decoding Method

ROM/UDF CPU I/O I/O I/O RAM

Towards Location and Trajectory Privacy Protection in Participatory Sensing

Exercise Data Networks

GPS-Based Navigation & Positioning Challenges in Communications- Enabled Driver Assistance Systems

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

Energy-Efficient Data Management for Sensor Networks

Foundations of Distributed Systems: Tree Algorithms

Detection and Prevention of Physical Jamming Attacks in Vehicular Environment

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Random Bit Generation and Stream Ciphers

Bitcoin and Blockchain for Pythoneers

Privacy preserving data mining multiplicative perturbation techniques

Two Improvements of Random Key Predistribution for Wireless Sensor Networks

M2M massive wireless access: challenges, research issues, and ways forward

/633 Introduction to Algorithms Lecturer: Michael Dinitz Topic: Algorithmic Game Theory Date: 12/6/18

Interleaving And Channel Encoding Of Data Packets In Wireless Communications

Wireless Network Security Spring 2015

Jamming Wireless Networks: Attack and Defense Strategies

Principles of Ad Hoc Networking

Introduc)on to Computer Networks

Multicasting over Multiple-Access Networks

Luca Schenato joint work with: A. Basso, G. Gamba

Network Layer (Routing)

Single Error Correcting Codes (SECC) 6.02 Spring 2011 Lecture #9. Checking the parity. Using the Syndrome to Correct Errors

Detecting and Correcting Bit Errors. COS 463: Wireless Networks Lecture 8 Kyle Jamieson

wireless transmission of short packets

Diffie s Wireless Phone: Heterodyning-Based Physical-Layer Encryption

Safeguarding Wireless Service Access

Increasing Broadcast Reliability for Vehicular Ad Hoc Networks. Nathan Balon and Jinhua Guo University of Michigan - Dearborn

CSE 100: RED-BLACK TREES

Information flow over wireless networks: a deterministic approach

Distributed Broadcast Scheduling in Mobile Ad Hoc Networks with Unknown Topologies

6.1 Multiple Access Communications

Sharing Multiple Messages over Mobile Networks! Yuxin Chen, Sanjay Shakkottai, Jeffrey G. Andrews

Design of Parallel Algorithms. Communication Algorithms

Wireless Internet Routing. IEEE s

Lecture 4: Wireless Physical Layer: Channel Coding. Mythili Vutukuru CS 653 Spring 2014 Jan 16, Thursday

Hypercube Networks-III

LTE Direct Overview. Sajith Balraj Qualcomm Research

Energy-Efficient MANET Routing: Ideal vs. Realistic Performance

Transcription:

Privacy at the communication layer The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability David Chaum 1988 CS-721 Carmela Troncoso http://carmelatroncoso.com/ (borrowed slides from G. Danezis)

The Dining Cryptographers Did the NSA pay? I didn t pay m a =0 I paid m r =1 Ron Adi I didn t pay m w =0 Wit

The Dining Cryptographers Did the NSA pay? I didn t pay m a =0 c ar I paid m r =1 Ron c rw Adi c wa I didn t pay m w =0 Wit

The Dining Cryptographers Did the NSA pay? b r = m r + c ar + c rw I didn t pay m a =0 c ar I paid m r =1 Ron c rw b a = m a + c ar + c wa Adi c wa I didn t pay m w =0 Wit b w = m w + c wa + c rw

The Dining Cryptographers Did the NSA pay? b r = m r + c ar + c rw I didn t pay m a =0 c ar I paid m r =1 Ron c rw b a = m a + c ar + c wa Adi Combine: B = b a + b r + b w = = m a + m r +m w = m r (mod 2) c wa Wit I didn t pay m w =0 b w = m w + c wa + c rw

The Dining Cryptographers Generalization Towards Large messages: bit string c ar Ron c rw Adi c wa Wit

The Dining Cryptographers Generalization Towards Large messages: sum mod 2 m b r = m r + c ar + c rw I am not sending m a =0 c ar I want to send m r =10101010 b a = m a + c ar + c wa Adi Ron c rw Repeat one bit per round Combine: B = b a + b r + b w = = m a + m r +m w = m r (mod 2) c wa Wit I am not sending m w =0 b w = mw + cwa + c rw OR Parallel Xors

The Dining Cryptographers Generalization Towards Large messages: sum mod 2 m I am not sending m a =0 c ar I want to send m r =message Ron c rw Adi c wa I am not sending m w =0 Wit

The Dining Cryptographers Generalization Towards Large messages: sum mod 2 m b r = m r + c ar - c rw I am not sending m a =0 c ar I want to send m r =message Ron c rw b a = m a - c ar + c wa Adi c wa Combine: B = b a + b r + b w = = m a + m r +m w = m r (mod 2 m ) Wit I am not sending m w =0 b w = m w - c wa + c rw

Key sharing graph - Security Alice broadcasts b a = c ab + c ac + m a C B A Shared key Kab

Key sharing graph - Security Alice broadcasts b a = c ab + c ac + m a If B and C corrupt C B A Shared key Kab

Key sharing graph - Security Alice broadcasts b a = c ab + c ac + m a If B and C corrupt C Adversary s view b a = c ab + c ac + m a + c ab + c ac No Anonymity!! B A Shared key Kab

Key sharing graph - Security Adversary nodes partition the graph into a red and yellow subgraphs C B A

Key sharing graph - Security Adversary nodes partition the graph into a red and yellow subgraphs Calculate: B red = b j, j is red B yellow = b i, i is yellow C Substract known keys B red + K red-green = m j B yellow + K yellow-green = m i B A

Key sharing graph - Security Adversary nodes partition the graph into a red and yellow subgraphs Calculate: B red = b j, j is red B yellow = b i, i is yellow C Substract known keys B red + K red-green = m j B yellow + K yellow-green = m i B Anonymity set size = 4 (not 11 or 8!) A Discover the originating subgraph Reduction in anonymity!!

Implementing DC-nets b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast Combine: B = Σb i = m r (mod 2 m ) Aggregator

Implementing DC-nets: P2P b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring?

Implementing DC-nets: P2P b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Tree?

Predecessor attack, does it work? b i broadcast graph Combine: B = Σb i = m r (mod 2 m ) Aggregator

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring?

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring? A

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring? A B

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring? A B

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring? A B

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring? A B

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring? YES!! A B

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring? A B B A

Predecessor attack, does it work? b i broadcast graph No DoS unless split in graph Communication in 2 phases: 1) Key sharing (off-line) 2) Round sync & broadcast (peer-to-peer?) Ring? YES!! A B B A

The Dining Cryptographers Collisions b r = m r + c ar - c rw I am not sending m a =0 c ar I want to send m r =message Ron c rw b a = m a - c ar + c wa Adi c wa I am not sending m w =message Wit b w = m w - c wa + c rw

The Dining Cryptographers Collisions b r = m r + c ar - c rw I am not sending m a =0 c ar I want to send m r =message Ron c rw b a = m a - c ar + c wa Adi c wa Combine: B = b a + b r + b w = = m a + m r +m w = collision (mod 2 m ) Wit b w = m w - c wa + c rw I am not sending m w =message

How to resolve collisions? Ethernet: detect collision and random re-transmission DC-nets: Collisions do not destroy all information B = b a + b r + b w = m a + m r +m w = = collision (mod m) = message 1 + message 2 (mod m)

How to resolve collisions? Ethernet: detect collision and random re-transmission DC-nets: Collisions do not destroy all information B = b a + b r + b w = m a + m r +m w = = collision (mod m) = message 1 + message 2 (mod m) N collisions can be decoded in N transmissions!

DC-net takeaways Security is great! Full key sharing graph perfect anonymity Communication cost BAD (N broadcasts for each message!) Naive: O(N 2 ) cost, O(1) Latency Not so naive: O(N) messages, O(N) latency Ring structure for broadcast Expander graph: O(N) messages, O(logN) latency? Centralized: O(N) messages, O(1) latency Not practical for large(r) N! Local wireless communications? Perfect Anonymity

Hervibore Entry control Distribute nodes Avoid choice Cost to enter min(size)=k Round Reserve Transmission Exit (avoid intersection)

We have seen several techniques for anonymous communications And different attacks Next week Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback