nym: an anonymous, secure, peer-to-peer instant messenger

Nym: An Nym: An anonymous, anonymous,

secure, peer-to-secure, peer-to-peer instant peer instant messengermessengerBy Seth Cooper, Adam Hoel, By Seth Cooper, Adam Hoel,

Elliott Hoel, Jeff Holschuh, and Elliott Hoel, Jeff Holschuh, and Hilde SchmittHilde Schmitt

AOL Instant MessengerAOL Instant MessengerAOL

Dan Rather

162.27.1.102

Bill O’Reilly

24.26.105.25

John Doe

137.22.4.60

Server

Dan Rather: 162.27.1.102

Bill O’Reilly: 24.26.105.25

John Doe: 137.22.4.60

IP Addresses


Dan Rather Bill O’Reilly

John Doe

Server

Confidential Information

Dan Rather: 162.27.1.102


John Doe: 137.22.4.60

IP Addresses



John Doe

Big Tobacco

Lawsuit

Server

Dan Rather: 162.27.1.102


John Doe: 137.22.4.60

IP Addresses



John Doe

Big Tobacco

John Doe: 137.22.4.60

Server

Dan Rather: 162.27.1.102


John Doe: 137.22.4.60

IP Addresses



John Doe

Big Tobacco

Lawsuit and job loss

Server

Dan Rather: 162.27.1.102


John Doe: 137.22.4.60

IP Addresses

Nym: Not just another Nym: Not just another AIMAIM

John DoeDan Rather

Amy Csizmar Dalal

Bill O’Reilly

Jeff Ondich


John Doe 137.22.4.60Dan Rather

162.27.1.102

Amy Csizmar Dalal 207.251.23.142

Bill O’Reilly 24.26.105.25

Jeff Ondich 82.65.100.55


John Doe john_doeDan Rather

dan_rather

Amy Csizmar Dalal amy_csizmar_dalal

Bill O’Reilly bill_oreilly

Jeff Ondich jeff_ondich



dan_rather



To bill_oreilly

To dan_rather



dan_rather



To bill_oreilly



dan_rather


Big Tobacco

?Lawsuit

Job = Safe

GoalsGoals

Implement a peer-to-peer network Implement a peer-to-peer network that provides: that provides: DecentralizationDecentralization AnonymityAnonymity SecuritySecurity ReliabilityReliability ScalabilityScalability

DecentralizationDecentralization

Significantly minimize the Significantly minimize the application’s reliance on a central application’s reliance on a central serverserver Peer-to-peer communicationPeer-to-peer communication Normally centralized tasks are Normally centralized tasks are

distributed among nodesdistributed among nodes

Decentralization in NymDecentralization in Nym

Message routing, searching, Message routing, searching, presence updates and text presence updates and text messaging functionality occurs messaging functionality occurs between peers without the help of between peers without the help of any central servers.any central servers.

However, on first launch a client However, on first launch a client connects to a node that caches the connects to a node that caches the IP addresses of other Nym clients.IP addresses of other Nym clients.

AnonymityAnonymity

Anonymity is the state of having an Anonymity is the state of having an undisclosed identity.undisclosed identity.

On a network, anonymous On a network, anonymous communication must ensure that communication must ensure that information related to the source of information related to the source of a message (e.g. the originating a message (e.g. the originating machine’s IP address) cannot be machine’s IP address) cannot be determined.determined.

Why is anonymity Why is anonymity important?important?

According to the Electronic Frontier According to the Electronic Frontier Foundation:Foundation:

““Anonymity is a shield from the Anonymity is a shield from the tyranny of the majority...It thus tyranny of the majority...It thus exemplifies the purpose behind the exemplifies the purpose behind the Bill of Rights, and of the First Bill of Rights, and of the First Amendment in particular: to protect Amendment in particular: to protect unpopular individuals from unpopular individuals from retaliation…at the hand of an retaliation…at the hand of an intolerant society.”intolerant society.”

Anonymity in NymAnonymity in Nym

PseudonymsPseudonyms Virtual addressingVirtual addressing DecentralizationDecentralization SecuritySecurity Nondeterministic/probabilistic Nondeterministic/probabilistic

routingrouting

Node A John Doe

Node B

Node C

Routing DemoRouting Demo

Node D Dan Rather

Node E Bill O'Reilly

Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather

Node A’s Channel ListBill Dan


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


Packet sent

Packet sent

Broadcast


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


Packet sent

Packet sent

Broadcast

Broadcast

Broadcast

Packet sent

Packet sent


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


Packet sent

Packet sent

Broadcast

Broadcast

Broadcast

Packet sent

Packet sentPacket received


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


Responsepacket sent


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


Responsepacket sent

Packet sent


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


Responsepacket sent

Packet sent

Packet sent


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


B

Responsepacket sent

Packet sent

Packet sent

Packet received


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


B


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


B


Packet sentNym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


B


Packet sent

Packet sent

Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


B


Packet sent

Packet sent

Packet sent

Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather


B C


Packet sent

Packet sent

Packet sent

Packet received Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather

Packet sent

Packet sent

Broadcast


B C


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather

Packet sent

Packet sent

Broadcast

Broadcast

Broadcast

Packet sent

Packet sent


B C

Packet receivedNode E Bill O'Reilly

Nym Network

Node A John Doe

Node B

Node C


Node D Dan RatherResponse

packet sent


B C


Nym Network

Node A John Doe

Node B

Node C



packet sent


B C

Packet sent


Nym Network

Node A John Doe

Node B

Node C



packet sent


B C

Packet sent

Packet sent


Nym Network

Node A John Doe

Node B

Node C



packet sent

Node A’s Channel ListBill DanC B

C

Packet sent

Packet sent

Packet received


Nym Network

Node A John Doe

Node B

Node C


Node D Dan Rather

Node A’s Channel ListBill DanC B

C


Nym Network

Node A John Doe

Node B

Node C

The channel list builds The channel list builds up…up…

Node D Dan Rather

Node A’s Channel ListBill DanC BB CC CB C


Nym Network

Node A John Doe

Node B

Node C

Now, we can route!Now, we can route!

Node D Dan Rather



Nym Network

Node A John Doe

Node B

Node C

Now, we can route!Now, we can route!

Node D Dan Rather



Select a node at random from the Dan column:

Nym Network

Node A John Doe

Node B

Node C

Now, we can route!Now, we can route!Node A’s Channel ListBill DanC BB CC CB C


So send to node C:

Node D Dan Rather

Nym Network

Node A John Doe

Node B

Node C

Note that there is a natural Note that there is a natural weighting of nodes in the weighting of nodes in the

listlistNode A’s Channel ListBill DanC BB CC CB C


This means that there are preferred routes.

Node D Dan Rather

Nym Network

Node A John Doe

Node B

Node C

Sometimes, we pick at Sometimes, we pick at random from an random from an

unweighted channel listunweighted channel list

Node D Dan Rather



This prevents any routing patterns that may occur.

Nym Network

SecuritySecurity

ConfidentialityConfidentiality Information should be kept secret from Information should be kept secret from

unauthorized parties.unauthorized parties. IntegrityIntegrity

Information should be tamper evident.Information should be tamper evident. The authenticity of the source of The authenticity of the source of

information should be verifiable.information should be verifiable. AvailabilityAvailability

Services should be resilient to malicious Services should be resilient to malicious attacksattacks

Security in NymSecurity in Nym

Link-to-link encryptionLink-to-link encryption Digital signing and verifying of text Digital signing and verifying of text

messagesmessages

Link-to-link versus end-Link-to-link versus end-to-endto-end

Link-to-link encryptionLink-to-link encryption Messages are encrypted and decrypted at Messages are encrypted and decrypted at

each node in the networkeach node in the network Messages intercepted by parties outside Messages intercepted by parties outside

the network will be unable to read the the network will be unable to read the encrypted textencrypted text

End-to-end encryptionEnd-to-end encryption Messages are encrypted with a secret Messages are encrypted with a secret

key by the sender and are not decrypted key by the sender and are not decrypted until they reach the recipientuntil they reach the recipient

The Man-in-the-MiddleThe Man-in-the-Middle

Secure end-to-end encryption is Secure end-to-end encryption is impossible in an anonymous networkimpossible in an anonymous network An intermediary node between the An intermediary node between the

sender and recipient can easily sender and recipient can easily intercept a key exchange.intercept a key exchange.

Link-to-link encryptionLink-to-link encryption More robust against man in the middle More robust against man in the middle

attacksattacks

Link to link (Symmetric Link to link (Symmetric key)key)

A 56-bit DES key is generated and A 56-bit DES key is generated and exchanged when a connection is exchanged when a connection is made with a neighbor made with a neighbor

Both parties share this key, but no Both parties share this key, but no one else knows itone else knows it

Much quicker than asymmetric Much quicker than asymmetric encryptionencryption

RSA public/private key RSA public/private key pairpair

RSA key pair is generated from username RSA key pair is generated from username and passwordand password

Public key is essentially the virtual addressPublic key is essentially the virtual address Asymmetric key pair is only used for Asymmetric key pair is only used for

digital signaturesdigital signatures To send a message to someone, sign it To send a message to someone, sign it

with your private keywith your private key The recipient uses your public key to The recipient uses your public key to

validate itvalidate it

Digital SignaturesDigital Signatures

Allow us to verifyAllow us to verify who a message is fromwho a message is from that the message has not been changed that the message has not been changed

since it was sentsince it was sent Use the SHA-1 hash algorithmUse the SHA-1 hash algorithm

Takes the message (under 2^64 bits)Takes the message (under 2^64 bits) Returns 160 bit “message digest”Returns 160 bit “message digest”

Use RSA key pairUse RSA key pair

How digital signatures How digital signatures workwork

User A User BAt Login

Username A

Password A

Public Key A

Private Key AUsername B

Password B

Public Key B

Private Key B

VirtualAddress B

VirtualAddress A


User A User BPublic Key A

Private Key APublic Key B

Private Key B


User A

Message text

User B


User A

Message text

Messagedigest

SHA-1

User B


User A

Message text

Messagedigest

SHA-1

Encrypt with Private key A

Digitalsignature

User B


User A

Message text

Messagedigest

SHA-1


Digitalsignature

User B

Message


User A

Message text

Messagedigest

SHA-1


Digitalsignature

User B

Message text

Digitalsignature

Message

Message


User A

Message text

Messagedigest

SHA-1


Digitalsignature

User B

Message text

Messagedigest

SHA-1

Digitalsignature

Message

Message


User A

Message text

Messagedigest

SHA-1


Digitalsignature

User B

Message text

Messagedigest

SHA-1

Digitalsignature

Decrypt with Public key A

Messagedigest

Message

Message


User A

Message text

Messagedigest

SHA-1


Digitalsignature

User B

Message text

Messagedigest

SHA-1

Digitalsignature

Decrypt with Public key A

Messagedigest

Compare

Message

Message

Instant MessagingInstant Messaging

Text communicationText communication Presence notificationPresence notification Contact list maintenanceContact list maintenance Distributed searchDistributed search User friendly interfaceUser friendly interface

DEMODEMO

Tradeoffs and Tradeoffs and LimitationsLimitations

AnonymityAnonymity Statistical analysisStatistical analysis Textual analysisTextual analysis Accidental disclosureAccidental disclosure

ScalabilityScalability Test results and predictionsTest results and predictions

ReliabilityReliability Routing loop avoidanceRouting loop avoidance

ExtensionsExtensions

Increased fault tolerance for Increased fault tolerance for dropped packets and routing loopsdropped packets and routing loops

Group chatGroup chat Testing and research on anonymity Testing and research on anonymity

schemescheme

AcknowledgementsAcknowledgements

Amy Csizmar Dalal and the CS Amy Csizmar Dalal and the CS department for guidance and supportdepartment for guidance and support

Michael N. Tie and ITS for helping Michael N. Tie and ITS for helping make our equipment workmake our equipment work

MUTE and Jason RohrerMUTE and Jason Rohrer Our friends and family for putting up Our friends and family for putting up

with uswith us You all for being here todayYou all for being here today

ReferencesReferences

Rohrer, Jason. “MUTE Technical Rohrer, Jason. “MUTE Technical Details” Details” http://mute-net.sourceforge.net/technicalDetahttp://mute-net.sourceforge.net/technicalDetails.shtmlils.shtml

http://www.bouncycastle.org/http://www.bouncycastle.org/ Sun Microsystems Sun Microsystems http://java.sun.comhttp://java.sun.com Freenet Freenet http://freenet.sourceforge.nethttp://freenet.sourceforge.net RFC 3921: XMPP RFC 3921: XMPP http://www.xmpp.orghttp://www.xmpp.org ““The Gnutella Protocol Specification The Gnutella Protocol Specification

v0.4” v0.4” http://www9.limewire.com/developer/http://www9.limewire.com/developer/gnutella_protocol_0.4.pdf

nym: an anonymous, secure, peer-to-peer instant messenger

Documents

ratherbill oreilly bill

aimjohn doe john

dalalbill oreilly bill

bill oreilly24

bill of rights

john doe137

ip addressesnym

oreillyto dan