Post on 04-Jun-2018
8/13/2019 Onion Routingppt226
1/36
Anonymous Routing in
Wireless Networks: OnionRouting
Priyanka Banerjee
8/13/2019 Onion Routingppt226
2/36
Organization
Introduction
Traffic Analysis overview
Onion Routing in Wired Networks
Onion Routing in Wireless Networks
conclusion
8/13/2019 Onion Routingppt226
3/36
Introduction
Types of Attackers on the
web:
Active Attackers
Passive attackers
8/13/2019 Onion Routingppt226
4/36
Traffic Analysis
Intercept traffic
Capture packets
Analyze packets
Deduce useful information
8/13/2019 Onion Routingppt226
5/36
Traffic analysis focuses on the headers, which
contain meta data like source address,
destination address, timing information etc
Hence even if the packet content is encrypted,
Traffic analysis can reveal useful information
8/13/2019 Onion Routingppt226
6/36
Importance of Traffic Analysis
Although traffic analysis provides lower qualityinformation, it is preferred over cryptanalysis because itis easier than breaking complex encrypted messages [2]
It is also cheaper because traffic data can beautomatically collected and processed to provide a highdegree of intelligence [2]
It is used for military purposes [2] and by various
organizations to track unpleasant events over theinternet
8/13/2019 Onion Routingppt226
7/36
Onion Routing
Onion routing is the themechanism in which thesender (initiator) and thereceiver (responder) nodescommunicate with each other
anonymously by means ofsome intermediate nodescalled as onion routers
It relies on public keycryptoraphy
8/13/2019 Onion Routingppt226
8/36
Infrastructure for Onion Routing
Network Infrastructure
Proxy Interfaces
8/13/2019 Onion Routingppt226
9/36
Steps in Onion Routing
Defining a route
Constructing an anonymous connection
Moving data through an anonymous connection
Destroying the anonymous connection
8/13/2019 Onion Routingppt226
10/36
Example
Let onion routers 4, 3, and 5 be randomlyselected by the onion proxy
8/13/2019 Onion Routingppt226
11/36
The proxy encrypts the
data with 5s public keyfollowed by 3 and then 4
Thus an onion is createdwhich looks like
E4pu (3s IP address,E3pu ((5s IP address,(E5pu (recipients IPaddress, data)))))
8/13/2019 Onion Routingppt226
12/36
The proxy then sends the
onion to the first onion
router i.e. 4
Onion router 4 peels the
outer layer of the onion
using its private key
It forwards the onion to 3
which now looks like E3pu
((5s IP address, (E5pu(recipients IP address,
data))))
8/13/2019 Onion Routingppt226
13/36
Onion router 3 peels
the outer layer of theonion using its privatekey
It forwards the onionto 5 which now lookslike (E5pu (recipientsIP address, data))
8/13/2019 Onion Routingppt226
14/36
Onion router 5 now peels
the outer layer of the onionusing its private key
It finds plain data and the
destination address andforwards it to thedestination
8/13/2019 Onion Routingppt226
15/36
Problems and solutions
The size of the onion reduces as it nears thedestination
Hence an attacker can infer details about thedestination
To avoid this onions are padded at each onion
router to maintain the size of the onion (Onionscan be padded to same or different sizes )
8/13/2019 Onion Routingppt226
16/36
Every onion router has details of only its
previous and next hop
So even if an onion router has been
compromised the attacker can only get the
encrypted onion .He will not be able to decrypt
the onion without the private keys and hence will
not infer any valuable information from it
8/13/2019 Onion Routingppt226
17/36
Suppose an attacker records data going onbetween routers and is able to compromise a
router at a later stage, to acquire private key anddecrypt data.
This can be avoided by using a session key
between communicating parties.
The session key is used to encrypt data and isvalid only for the duration of the communication.
8/13/2019 Onion Routingppt226
18/36
Packet delivery is not ensured
If an onion router fails on the way then the
message will not reach the destination
8/13/2019 Onion Routingppt226
19/36
It is susceptible to denial of service attacks. Thiscan be done by forcing onion routers to do alarge number of cryptographic operations by
many sending packets to it. Eventually the routersimply ends up doing cryptographic operationsand is not able to forward packets
This can be mitigated using client puzzles. Herethe onion proxy/router (i.e. the server) forces arequesting client to complete a puzzle before itallocates resources
But puzzle solving has an impact on the latency
8/13/2019 Onion Routingppt226
20/36
Challenges in Wireless Networks
In a wireless medium there is node mobility andlack of infrastructure. There is no central pointgoverning the flow of traffic.
So nodes rely on intermediate nodes to relaytheir data. If intermediate nodes arecompromised then onion routing fails
Also packets are broadcast into the network.Thus traffic analysis becomes easier and maygo undetected
8/13/2019 Onion Routingppt226
21/36
Lack of central management makes itsusceptible to active attacks
It takes longer to construct paths due to thedynamic nature of the environment.
Key distribution for encrypting traffic is achallenge.
8/13/2019 Onion Routingppt226
22/36
Wireless Anonymous Routing
(WAR) It is based on onion routing and traffic mixing
Here the keys are distributed using a RadioGram
RadioGram object is like an onion which has layersof encryption around the data content
RadioGrams are broadcast into the network and the
intended nodes along the route to the destinationdecrypt a layer at a time
8/13/2019 Onion Routingppt226
23/36
The structure of a radiogram is as follows:
[tid] {[sk] [MIC] [^]} {[sk] [MIC] [^]} . {[sk] [MIC] [^]}
[content] [padding]
The information contained within the curly braces { }
represent each layer of the onion
Transmitter IDi.e. tid: It uniquely defines a radiogram.
It is a RSA public key. It is used to encrypt the session
key. And the session key is then used to encrypt the
rest of the fields
Session key i.e. sk:It is a symmetric key encrypted by
the public key of the transmitter
8/13/2019 Onion Routingppt226
24/36
MIC or Checksum: It is the pre-computed hashvalue of everything the onion skin wraps except thepadding
Control Signalsi.e. ^:It tells the receiver what has tobe done with the received message. It also tellsabout the type of message and the padding
Content:This is the actual data that is beingtransmitted and can be interpreted only by the finaldestination
Padding:This is used just to maintain the size of theonion
E l
8/13/2019 Onion Routingppt226
25/36
Example [A.id] [B.sk] [B.MIC] [B.^] [C.sk] [C.MIC] [C.^] [content]
[padding]
A generates the content [content]. It then generates a random session key (16 byte) C.sk .
It sets the control signal C.^ appropriately i.e. type=MESSAGE and padding = k bits .
It prepends [C.^] to [ content]
It computes a 16 byte MIC over [C.sk] [C.^] [content] and callsit C.MIC.
It encrypts [C.MIC] [C.^] [content] under C.sk .
It encrypts C.sk using Cs public key and calls it C.sk .
It prepends [C.sk] to [C.MIC] [C.^] [content] .
Append any padding if reqired. It renames [C.sk] [C.MIC] [C.^] [content] to [content]
It repeats the above steps for (all other intermediate nodes) B.
8/13/2019 Onion Routingppt226
26/36
When the nodes within the transmission range of A receive theRadiogram they perform the following steps:
They strip A.id and save it
They strip B.MIC and save it.
They strip the encrypted B.sk.
They try to decrypt B.sk to B.sk using their private key. (If it succeedsthen they are the intended recipient else they simply drop the packet.Only B is able to decrypt B.sk as it was encrypted with his public key.)
B assumes that the message is for him and now uses B.sk to decryptthe remainder of the message i.e. [B.MIC] [B.^] [content]
B checks B.^ to determine where the padding begins and the other
rules it is supposed to follow. B computes B.MIC over [B.sk] [B.^] [content].
It compares B.MIC to B.MIC. If they are equal B checks B.^ for furtherinformation. If they are unequal it implies that the packet has beenaltered and B drops it or logs it as required.
It then prepends his transmitter id and puts the packet which looks like
[B.id] [C.sk] [C.MIC] [C.^] [content] [padding] on the outgoing queue andbroadcasts it.
Again all the nodes in Bs range perform the above steps. But only C isable to decrypt the message and read it.
D b k f WAR
8/13/2019 Onion Routingppt226
27/36
Drawbacks of WAR Key distribution is a problem
Time taken for a packet to be delivered to adestination is long because of RSA encryptionand decryption. This algorithm relies on publickey cryptography
The sender needs to know the topology of theentire network as there is no route discovery
It does not ensure packet delivery because if anintermediate node on the destination path failsthen the packet will never reach the destination
8/13/2019 Onion Routingppt226
28/36
A node has to perform a certain number ofdecryptions just so that it can determine if it isthe intended node on the route to the destination
It is susceptible to DDOS attacks because anattacker can send keep broadcasting packetsand force the legitimate nodes on a route to do a
large number of decryptions. Thus a valid packetmay not be transmitted
8/13/2019 Onion Routingppt226
29/36
Secure Distributed Anonymous
Routing Protocol (SDAR)
This protocol is also based on onion routing
It does not require the source node to know the
entire network topology unlike the previous WAR
protocol It is divided into three phases:
Path discovery
Path reverseData Forward
8/13/2019 Onion Routingppt226
30/36
Path discovery: This allows the source node S to establish a
path up to the destination using intermediate
nodes.
The beauty of this phase is that none of theintermediate nodes can discover the identity of
any of the participating nodes except its
neighbors.
The source S creates apath discoverypacket
and broadcasts it.
Path reverse:
8/13/2019 Onion Routingppt226
31/36
Path reverse:
When the receiver receives thepath discoverymessage it puts in the ids and session keys of all the
intermediate nodes into one message
It encrypts this message again and again with thesession keys of the intermediate nodes beginning fromthe last node. It then broadcasts the packet
Every node along the reverse path removes a layer ofencryption and broadcasts the packet
So when the source receives the message it has theids and keys of all the nodes on the path to thedestination. It uses these keys to encrypt the data andbroadcasts it
8/13/2019 Onion Routingppt226
32/36
Data Transfer:
The source encrypts the data using the keys ofthe intermediate nodes and broadcasts it
Each node on the way decrypts a layer andforwards it
So when the message reaches the destinationall the encryption layers have been peeled offand the receiver is able to read the message
Drawbacks of the SDAR
8/13/2019 Onion Routingppt226
33/36
Drawbacks of the SDAR
protocol:
There is no control over the route length sincethe path to the destination is a discoveryprocess. Hence it may take a really long time forthe actual data transfer to begin
If malicious nodes keep forwarding pathdiscovery packetamongst each other then it
may never reach the intended receiver
8/13/2019 Onion Routingppt226
34/36
Advantages of the SDAR
protocol:
The source need not know the topology of the
entire network since path discovery is a dynamic
process
8/13/2019 Onion Routingppt226
35/36
8/13/2019 Onion Routingppt226
36/36
References: I] http://en.wikipedia.org/wiki/Traffic_analysis
II] http://www.more.net/technical/netserv/troubleshooting/trafficanalysis.html
III] http://tor.eff.org/overview.html.en
IV] http://en.wikipedia.org/wiki/Onion_routing
1] Mary Elisabeth Gaup Moe. Security Models for Anonymous Routing.Norwegian University ofScience and Technology.
2] George Danezis. Introducing traffic Analysis-Attacks, Defenses and public Policy Issues.Invited Talk.
3] Yih Chun Hu, Adrian Perrig. A Survey of Secure Wireless Ad Hoc Routing.University ofCalifornia- Berkeley, Carnegie Mellon University.
4] Adam Back, Ulf Moller, Anton Stiglic. Traffic Analysis Attacks and Trade-Offs in AnonymityProviding Systems.Zero-knowledge Systems Inc.
5] Marc O Morain, Vladislav Titov, Wendy Verbuggen. Onion Routing for AnonymousCommunication.
6] Michael G. Reed, Paul F. Syverson, David M. Goldschlag. Proxies for anonymous Routing.Naval Research Laboratory, Washington DC.
7] Nicholas A. Fraser, Richard A. Raines, Rusty O. Baldwin. Tor: An Anonymous RoutingNetwork for Covert On-line Operations.Air Force Institute of Technology, Wright Patterson AFB.
8] Michael E. Locasto, Clayton Chen, Ajay Nambi. WAR: Wireless Anonymous Routing.Department of Computer Science, Columbia University.
9] Liu Yang, Markus Jacobson, Susanne Wetzel. Discount Anonymous On Demand Routing for
Mobile Ad hoc Networks. 10] Azzedine Boukerche, Khalil El-Khatib, Li Xu, Larry Korba. SDAR: A Secure Distributed
Anonymous Routing Protocol.University of Ottawa.
11] Dehn Sy, Rex Chen, Lichun Bao. ODAR: On-Demand Anonymous Routing in Ad-HocNetworks. University of California.
12] Stefaan Seys, Bart Preneel. ARM: Anonymous Routing Protocol for Mobile Ad hocNetworks. Department of Electrical Engineering-ESAT, SCD/COSIC
http://en.wikipedia.org/wiki/Traffic_analysishttp://en.wikipedia.org/wiki/Traffic_analysishttp://www.more.net/technical/netserv/troubleshooting/trafficanalysis.htmlhttp://tor.eff.org/overview.html.enhttp://en.wikipedia.org/wiki/Onion_routinghttp://en.wikipedia.org/wiki/Onion_routinghttp://tor.eff.org/overview.html.enhttp://www.more.net/technical/netserv/troubleshooting/trafficanalysis.htmlhttp://en.wikipedia.org/wiki/Traffic_analysis