nym: an anonymous, secure, peer-to-peer instant messenger
DESCRIPTION
Nym: An anonymous, secure, peer-to-peer instant messenger. By Seth Cooper, Adam Hoel, Elliott Hoel, Jeff Holschuh, and Hilde Schmitt. AOL Instant Messenger. AOL. IP Addresses. Dan Rather: 162.27.1.102 Bill O’Reilly: 24.26.105.25 John Doe: 137.22.4.60. Server. Dan Rather 162.27.1.102. - PowerPoint PPT PresentationTRANSCRIPT
Nym: An Nym: An anonymous, anonymous,
secure, peer-to-secure, peer-to-peer instant peer instant messengermessengerBy Seth Cooper, Adam Hoel, By Seth Cooper, Adam Hoel,
Elliott Hoel, Jeff Holschuh, and Elliott Hoel, Jeff Holschuh, and Hilde SchmittHilde Schmitt
AOL Instant MessengerAOL Instant MessengerAOL
Dan Rather
162.27.1.102
Bill O’Reilly
24.26.105.25
John Doe
137.22.4.60
Server
Dan Rather: 162.27.1.102
Bill O’Reilly: 24.26.105.25
John Doe: 137.22.4.60
IP Addresses
AOL Instant MessengerAOL Instant MessengerAOL
Dan Rather Bill O’Reilly
John Doe
Server
Confidential Information
Dan Rather: 162.27.1.102
Bill O’Reilly: 24.26.105.25
John Doe: 137.22.4.60
IP Addresses
AOL Instant MessengerAOL Instant MessengerAOL
Dan Rather Bill O’Reilly
John Doe
Server
Confidential Information
Dan Rather: 162.27.1.102
Bill O’Reilly: 24.26.105.25
John Doe: 137.22.4.60
IP Addresses
AOL Instant MessengerAOL Instant MessengerAOL
Dan Rather Bill O’Reilly
John Doe
Big Tobacco
Lawsuit
Server
Dan Rather: 162.27.1.102
Bill O’Reilly: 24.26.105.25
John Doe: 137.22.4.60
IP Addresses
AOL Instant MessengerAOL Instant MessengerAOL
Dan Rather Bill O’Reilly
John Doe
Big Tobacco
John Doe: 137.22.4.60
Server
Dan Rather: 162.27.1.102
Bill O’Reilly: 24.26.105.25
John Doe: 137.22.4.60
IP Addresses
AOL Instant MessengerAOL Instant MessengerAOL
Dan Rather Bill O’Reilly
John Doe
Big Tobacco
Lawsuit and job loss
Server
Dan Rather: 162.27.1.102
Bill O’Reilly: 24.26.105.25
John Doe: 137.22.4.60
IP Addresses
Nym: Not just another Nym: Not just another AIMAIM
John DoeDan Rather
Amy Csizmar Dalal
Bill O’Reilly
Jeff Ondich
Nym: Not just another Nym: Not just another AIMAIM
John Doe 137.22.4.60Dan Rather
162.27.1.102
Amy Csizmar Dalal 207.251.23.142
Bill O’Reilly 24.26.105.25
Jeff Ondich 82.65.100.55
Nym: Not just another Nym: Not just another AIMAIM
John Doe john_doeDan Rather
dan_rather
Amy Csizmar Dalal amy_csizmar_dalal
Bill O’Reilly bill_oreilly
Jeff Ondich jeff_ondich
Nym: Not just another Nym: Not just another AIMAIM
John Doe john_doeDan Rather
dan_rather
Bill O’Reilly bill_oreilly
Confidential Information
To bill_oreilly
To dan_rather
Nym: Not just another Nym: Not just another AIMAIM
John Doe john_doeDan Rather
dan_rather
Bill O’Reilly bill_oreilly
Confidential Information
To bill_oreilly
Nym: Not just another Nym: Not just another AIMAIM
John Doe john_doeDan Rather
dan_rather
Bill O’Reilly bill_oreilly
Big Tobacco
?Lawsuit
Job = Safe
GoalsGoals
Implement a peer-to-peer network Implement a peer-to-peer network that provides: that provides: DecentralizationDecentralization AnonymityAnonymity SecuritySecurity ReliabilityReliability ScalabilityScalability
DecentralizationDecentralization
Significantly minimize the Significantly minimize the application’s reliance on a central application’s reliance on a central serverserver Peer-to-peer communicationPeer-to-peer communication Normally centralized tasks are Normally centralized tasks are
distributed among nodesdistributed among nodes
Decentralization in NymDecentralization in Nym
Message routing, searching, Message routing, searching, presence updates and text presence updates and text messaging functionality occurs messaging functionality occurs between peers without the help of between peers without the help of any central servers.any central servers.
However, on first launch a client However, on first launch a client connects to a node that caches the connects to a node that caches the IP addresses of other Nym clients.IP addresses of other Nym clients.
AnonymityAnonymity
Anonymity is the state of having an Anonymity is the state of having an undisclosed identity.undisclosed identity.
On a network, anonymous On a network, anonymous communication must ensure that communication must ensure that information related to the source of information related to the source of a message (e.g. the originating a message (e.g. the originating machine’s IP address) cannot be machine’s IP address) cannot be determined.determined.
Why is anonymity Why is anonymity important?important?
According to the Electronic Frontier According to the Electronic Frontier Foundation:Foundation:
““Anonymity is a shield from the Anonymity is a shield from the tyranny of the majority...It thus tyranny of the majority...It thus exemplifies the purpose behind the exemplifies the purpose behind the Bill of Rights, and of the First Bill of Rights, and of the First Amendment in particular: to protect Amendment in particular: to protect unpopular individuals from unpopular individuals from retaliation…at the hand of an retaliation…at the hand of an intolerant society.”intolerant society.”
Anonymity in NymAnonymity in Nym
PseudonymsPseudonyms Virtual addressingVirtual addressing DecentralizationDecentralization SecuritySecurity Nondeterministic/probabilistic Nondeterministic/probabilistic
routingrouting
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
Packet sent
Packet sent
Broadcast
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
Packet sent
Packet sent
Broadcast
Broadcast
Broadcast
Packet sent
Packet sent
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
Packet sent
Packet sent
Broadcast
Broadcast
Broadcast
Packet sent
Packet sentPacket received
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
Responsepacket sent
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
Responsepacket sent
Packet sent
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
Responsepacket sent
Packet sent
Packet sent
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
B
Responsepacket sent
Packet sent
Packet sent
Packet received
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
B
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
B
Node E Bill O'Reilly
Packet sentNym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
B
Node E Bill O'Reilly
Packet sent
Packet sent
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
B
Node E Bill O'Reilly
Packet sent
Packet sent
Packet sent
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill Dan
B C
Node E Bill O'Reilly
Packet sent
Packet sent
Packet sent
Packet received Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Packet sent
Packet sent
Broadcast
Node A’s Channel ListBill Dan
B C
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Packet sent
Packet sent
Broadcast
Broadcast
Broadcast
Packet sent
Packet sent
Node A’s Channel ListBill Dan
B C
Packet receivedNode E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan RatherResponse
packet sent
Node A’s Channel ListBill Dan
B C
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan RatherResponse
packet sent
Node A’s Channel ListBill Dan
B C
Packet sent
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan RatherResponse
packet sent
Node A’s Channel ListBill Dan
B C
Packet sent
Packet sent
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan RatherResponse
packet sent
Node A’s Channel ListBill DanC B
C
Packet sent
Packet sent
Packet received
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Routing DemoRouting Demo
Node D Dan Rather
Node A’s Channel ListBill DanC B
C
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
The channel list builds The channel list builds up…up…
Node D Dan Rather
Node A’s Channel ListBill DanC BB CC CB C
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Now, we can route!Now, we can route!
Node D Dan Rather
Node A’s Channel ListBill DanC BB CC CB C
Node E Bill O'Reilly
Nym Network
Node A John Doe
Node B
Node C
Now, we can route!Now, we can route!
Node D Dan Rather
Node A’s Channel ListBill DanC BB CC CB C
Node E Bill O'Reilly
Select a node at random from the Dan column:
Nym Network
Node A John Doe
Node B
Node C
Now, we can route!Now, we can route!Node A’s Channel ListBill DanC BB CC CB C
Node E Bill O'Reilly
So send to node C:
Node D Dan Rather
Nym Network
Node A John Doe
Node B
Node C
Note that there is a natural Note that there is a natural weighting of nodes in the weighting of nodes in the
listlistNode A’s Channel ListBill DanC BB CC CB C
Node E Bill O'Reilly
This means that there are preferred routes.
Node D Dan Rather
Nym Network
Node A John Doe
Node B
Node C
Sometimes, we pick at Sometimes, we pick at random from an random from an
unweighted channel listunweighted channel list
Node D Dan Rather
Node A’s Channel ListBill DanC BB CC CB C
Node E Bill O'Reilly
This prevents any routing patterns that may occur.
Nym Network
SecuritySecurity
ConfidentialityConfidentiality Information should be kept secret from Information should be kept secret from
unauthorized parties.unauthorized parties. IntegrityIntegrity
Information should be tamper evident.Information should be tamper evident. The authenticity of the source of The authenticity of the source of
information should be verifiable.information should be verifiable. AvailabilityAvailability
Services should be resilient to malicious Services should be resilient to malicious attacksattacks
Security in NymSecurity in Nym
Link-to-link encryptionLink-to-link encryption Digital signing and verifying of text Digital signing and verifying of text
messagesmessages
Link-to-link versus end-Link-to-link versus end-to-endto-end
Link-to-link encryptionLink-to-link encryption Messages are encrypted and decrypted at Messages are encrypted and decrypted at
each node in the networkeach node in the network Messages intercepted by parties outside Messages intercepted by parties outside
the network will be unable to read the the network will be unable to read the encrypted textencrypted text
End-to-end encryptionEnd-to-end encryption Messages are encrypted with a secret Messages are encrypted with a secret
key by the sender and are not decrypted key by the sender and are not decrypted until they reach the recipientuntil they reach the recipient
The Man-in-the-MiddleThe Man-in-the-Middle
Secure end-to-end encryption is Secure end-to-end encryption is impossible in an anonymous networkimpossible in an anonymous network An intermediary node between the An intermediary node between the
sender and recipient can easily sender and recipient can easily intercept a key exchange.intercept a key exchange.
Link-to-link encryptionLink-to-link encryption More robust against man in the middle More robust against man in the middle
attacksattacks
Link to link (Symmetric Link to link (Symmetric key)key)
A 56-bit DES key is generated and A 56-bit DES key is generated and exchanged when a connection is exchanged when a connection is made with a neighbor made with a neighbor
Both parties share this key, but no Both parties share this key, but no one else knows itone else knows it
Much quicker than asymmetric Much quicker than asymmetric encryptionencryption
RSA public/private key RSA public/private key pairpair
RSA key pair is generated from username RSA key pair is generated from username and passwordand password
Public key is essentially the virtual addressPublic key is essentially the virtual address Asymmetric key pair is only used for Asymmetric key pair is only used for
digital signaturesdigital signatures To send a message to someone, sign it To send a message to someone, sign it
with your private keywith your private key The recipient uses your public key to The recipient uses your public key to
validate itvalidate it
Digital SignaturesDigital Signatures
Allow us to verifyAllow us to verify who a message is fromwho a message is from that the message has not been changed that the message has not been changed
since it was sentsince it was sent Use the SHA-1 hash algorithmUse the SHA-1 hash algorithm
Takes the message (under 2^64 bits)Takes the message (under 2^64 bits) Returns 160 bit “message digest”Returns 160 bit “message digest”
Use RSA key pairUse RSA key pair
How digital signatures How digital signatures workwork
User A User BAt Login
Username A
Password A
Public Key A
Private Key AUsername B
Password B
Public Key B
Private Key B
VirtualAddress B
VirtualAddress A
How digital signatures How digital signatures workwork
User A User BPublic Key A
Private Key APublic Key B
Private Key B
How digital signatures How digital signatures workwork
User A
Message text
User B
How digital signatures How digital signatures workwork
User A
Message text
Messagedigest
SHA-1
User B
How digital signatures How digital signatures workwork
User A
Message text
Messagedigest
SHA-1
Encrypt with Private key A
Digitalsignature
User B
How digital signatures How digital signatures workwork
User A
Message text
Messagedigest
SHA-1
Encrypt with Private key A
Digitalsignature
User B
Message
How digital signatures How digital signatures workwork
User A
Message text
Messagedigest
SHA-1
Encrypt with Private key A
Digitalsignature
User B
Message text
Digitalsignature
Message
Message
How digital signatures How digital signatures workwork
User A
Message text
Messagedigest
SHA-1
Encrypt with Private key A
Digitalsignature
User B
Message text
Messagedigest
SHA-1
Digitalsignature
Message
Message
How digital signatures How digital signatures workwork
User A
Message text
Messagedigest
SHA-1
Encrypt with Private key A
Digitalsignature
User B
Message text
Messagedigest
SHA-1
Digitalsignature
Decrypt with Public key A
Messagedigest
Message
Message
How digital signatures How digital signatures workwork
User A
Message text
Messagedigest
SHA-1
Encrypt with Private key A
Digitalsignature
User B
Message text
Messagedigest
SHA-1
Digitalsignature
Decrypt with Public key A
Messagedigest
Compare
Message
Message
Instant MessagingInstant Messaging
Text communicationText communication Presence notificationPresence notification Contact list maintenanceContact list maintenance Distributed searchDistributed search User friendly interfaceUser friendly interface
DEMODEMO
Tradeoffs and Tradeoffs and LimitationsLimitations
AnonymityAnonymity Statistical analysisStatistical analysis Textual analysisTextual analysis Accidental disclosureAccidental disclosure
ScalabilityScalability Test results and predictionsTest results and predictions
ReliabilityReliability Routing loop avoidanceRouting loop avoidance
ExtensionsExtensions
Increased fault tolerance for Increased fault tolerance for dropped packets and routing loopsdropped packets and routing loops
Group chatGroup chat Testing and research on anonymity Testing and research on anonymity
schemescheme
AcknowledgementsAcknowledgements
Amy Csizmar Dalal and the CS Amy Csizmar Dalal and the CS department for guidance and supportdepartment for guidance and support
Michael N. Tie and ITS for helping Michael N. Tie and ITS for helping make our equipment workmake our equipment work
MUTE and Jason RohrerMUTE and Jason Rohrer Our friends and family for putting up Our friends and family for putting up
with uswith us You all for being here todayYou all for being here today
ReferencesReferences
Rohrer, Jason. “MUTE Technical Rohrer, Jason. “MUTE Technical Details” Details” http://mute-net.sourceforge.net/technicalDetahttp://mute-net.sourceforge.net/technicalDetails.shtmlils.shtml
http://www.bouncycastle.org/http://www.bouncycastle.org/ Sun Microsystems Sun Microsystems http://java.sun.comhttp://java.sun.com Freenet Freenet http://freenet.sourceforge.nethttp://freenet.sourceforge.net RFC 3921: XMPP RFC 3921: XMPP http://www.xmpp.orghttp://www.xmpp.org ““The Gnutella Protocol Specification The Gnutella Protocol Specification
v0.4” v0.4” http://www9.limewire.com/developer/http://www9.limewire.com/developer/gnutella_protocol_0.4.pdf