EISST - Enterprise Information Security Systems & Technologies

June, 09. 2008

Who cares about my ip address?

The second dimension of Internet users’ privacy is that of anonymity and online identity management. It is a well-known fact that simple analysis of the data header packets generated by Internet traffic can disclose the source (IP address), destination, size, timing and possibly even the content of the surfing activity. Similar to the issue of securing the local surfing data, no integrated solution is currently offered for protecting Internet users against traffic analysis, and thus their traffic privacy is de facto left totally exposed. However, the question often asked is: why should the average user care about disclosing his source IP when browsing over the Internet?

Who cares about my ip address?

Knowing the origin and destination of Internet traffic allows any third party to track a user’s online behavior and interests. Most frequently, the monitoring party is also the Web content provider, interested in profiling visitors’ geographical location, browsing activity, subject preferences and social status. The data collected can be later used and sold to allow targeted advertising or to enforce price and even service level discrimination. In other cases, traffic analysis can allow foreign government authorities to scan Internet visitors based on their countries of origin, thereby facilitating subtle forms of censorship using preferential routing and keyword filtering. Protecting network anonymity can also safeguard against prejudice during socially sensitive communications, such as those occurring in chat rooms and Web forums for political dissidents, rape and abuse survivors or people with severe and disabling illnesses. Companies are also systematically gathering data about their employees and online customers, who typically are totally unaware of the information they are handing over during their transactions and of the subsequent use made of such information.

On the other hand, security concerns have resulted in legislation concerning the surveillance and monitoring of Internet use in several countries. Although distinct from filtering, these have many parallels in their potential impact upon online freedom of expression and access to information. Recent and controversial EU legislation is aimed at regulating the surveillance of traffic data and its retention. The European Data Retention Directive, which will become effective for Internet traffic by March 2009, requires ISPs in the various nations to retain data pertaining to Internet access, e-mail and telephony for a minimum period of six months but not exceeding two years. Through the formal establishment of common procedures for data retention, this directive should facilitate the tracing of illegal content and to identify those who use the electronic communications networks for terrorist activities and organized crime. Privacy groups across all the member states, however, are voicing their concerns about the rights of ISPs, search engines and Web companies to retain data and monitor people’s online habits for up to twenty-four months, which seems like an unjustifiable length of time.

These examples help us better understand the growing demand for tools to counteract traffic analysis and to allow end users to choose if and when to disclose their Internet identities. A popular resource is the Electronic Frontier Foundation’s Tor toolset, which employs Onion routing , a technique for pseudonymous (or anonymous) communication over a computer network, developed by David Goldschlag, Michael Reed and Paul Syverson.

The basic idea behind Onion routing is to distribute the connections randomly over several Internet nodes, so that no single node can recover the complete path (including the origin and destination) that a data packet has followed.

Before each hop along the circuit, the end user’s client negotiates a separate set of encryption keys to ensure that a node cannot trace the connections passing through it. Because of the distributed and encrypted nature of Tor paths, using this technology for anonymous surfing may (and in most cases will) substantially degrade the Web browsing speed with respect to clear direct connections. Onion routing, however, is also implemented in private networks owned by companies selling anonymity services to customers who are willing to pay a premium for a large bandwidth guarantee. In such cases, the service providers look at their private Onion network of virtual tunnels both as the technical means for ensuring anonymity and as the legal means for avoiding legal liabilities for the end users’ online activity. In fact, the nature of Onion routing complicates noticeably the task of packet tracing even when all network nodes are controlled by the same entity. It is also worth mentioning that the Onion routing approach provides better anonymity protection than the “anonymizing proxy” approach shown in the picture below, where all communications appear to come from a proxy server and not from the true originator:

This technique has the advantage of a simpler architecture, focusing traffic through one server that screens the identities of all the originating locations. A more careful analysis, however, also reveals that the “anonymizing proxy” approach suffers from the main disadvantage of requiring the users to place all their trust on one single entity. This “trusted entity” is de facto a single point of failure, where a compromise or successful attack is enough to reveal the identities of all the users.

The Tor public service, on the other hand, suffers from a known vulnerability that can be easily spotted by looking at the routing diagram: the last node through which traffic passes in the network has to decrypt the communication before delivering it to its final destination . In other words, the entity operating that node sees the communication passing through it in the clear. This vulnerability points to the difference between protecting anonymity and assuring confidentiality or integrity, something that, unfortunately, Tor users don’t yet seem to fully appreciate. Recently, Dan Egerstad, a Swedish computer security consultant, posted online the user names and passwords for 100 e-mail accounts intercepted by hosting five Tor exit nodes placed in different locations on the Internet as a research project .

This was a dramatic demonstration of how an opportunistic attacker could exploit a Tor exit node to view and manipulate the traffic of a large numbers of users—which in this case also included people from embassies belonging to Australia, Japan, Iran, India and Russia—without the need to compromise key parts of the Internet infrastructure. Of course, the use of end-to-end encryption (e.g. via SSL connectivity) would force the traffic to leave the Tor exit node still encrypted, thereby preserving the integrity and confidentiality of the communication. The lack of ubiquitous cryptography in network communication protocols, however, leaves the unaware Tor end-user often exposed to this form of attack to the privacy of his anonymous Web sessions.

« Back to section


COMPANY	SERVICES	PRODUCTS	PARTNERS	RESOURCES	SUPPORT

	Articles
	June, 09. 2008 Who cares about my ip address? The second dimension of Internet users’ privacy is that of anonymity and online identity management. It is a well-known fact that simple analysis of the data header packets generated by Internet traffic can disclose the source (IP address), destination, size, timing and possibly even the content of the surfing activity. Similar to the issue of securing the local surfing data, no integrated solution is currently offered for protecting Internet users against traffic analysis, and thus their traffic privacy is de facto left totally exposed. However, the question often asked is: why should the average user care about disclosing his source IP when browsing over the Internet? Knowing the origin and destination of Internet traffic allows any third party to track a user’s online behavior and interests. Most frequently, the monitoring party is also the Web content provider, interested in profiling visitors’ geographical location, browsing activity, subject preferences and social status. The data collected can be later used and sold to allow targeted advertising or to enforce price and even service level discrimination. In other cases, traffic analysis can allow foreign government authorities to scan Internet visitors based on their countries of origin, thereby facilitating subtle forms of censorship using preferential routing and keyword filtering. Protecting network anonymity can also safeguard against prejudice during socially sensitive communications, such as those occurring in chat rooms and Web forums for political dissidents, rape and abuse survivors or people with severe and disabling illnesses. Companies are also systematically gathering data about their employees and online customers, who typically are totally unaware of the information they are handing over during their transactions and of the subsequent use made of such information. On the other hand, security concerns have resulted in legislation concerning the surveillance and monitoring of Internet use in several countries. Although distinct from filtering, these have many parallels in their potential impact upon online freedom of expression and access to information. Recent and controversial EU legislation is aimed at regulating the surveillance of traffic data and its retention. The European Data Retention Directive, which will become effective for Internet traffic by March 2009, requires ISPs in the various nations to retain data pertaining to Internet access, e-mail and telephony for a minimum period of six months but not exceeding two years. Through the formal establishment of common procedures for data retention, this directive should facilitate the tracing of illegal content and to identify those who use the electronic communications networks for terrorist activities and organized crime. Privacy groups across all the member states, however, are voicing their concerns about the rights of ISPs, search engines and Web companies to retain data and monitor people’s online habits for up to twenty-four months, which seems like an unjustifiable length of time. These examples help us better understand the growing demand for tools to counteract traffic analysis and to allow end users to choose if and when to disclose their Internet identities. A popular resource is the Electronic Frontier Foundation’s Tor toolset, which employs Onion routing , a technique for pseudonymous (or anonymous) communication over a computer network, developed by David Goldschlag, Michael Reed and Paul Syverson. The basic idea behind Onion routing is to distribute the connections randomly over several Internet nodes, so that no single node can recover the complete path (including the origin and destination) that a data packet has followed. Before each hop along the circuit, the end user’s client negotiates a separate set of encryption keys to ensure that a node cannot trace the connections passing through it. Because of the distributed and encrypted nature of Tor paths, using this technology for anonymous surfing may (and in most cases will) substantially degrade the Web browsing speed with respect to clear direct connections. Onion routing, however, is also implemented in private networks owned by companies selling anonymity services to customers who are willing to pay a premium for a large bandwidth guarantee. In such cases, the service providers look at their private Onion network of virtual tunnels both as the technical means for ensuring anonymity and as the legal means for avoiding legal liabilities for the end users’ online activity. In fact, the nature of Onion routing complicates noticeably the task of packet tracing even when all network nodes are controlled by the same entity. It is also worth mentioning that the Onion routing approach provides better anonymity protection than the “anonymizing proxy” approach shown in the picture below, where all communications appear to come from a proxy server and not from the true originator: This technique has the advantage of a simpler architecture, focusing traffic through one server that screens the identities of all the originating locations. A more careful analysis, however, also reveals that the “anonymizing proxy” approach suffers from the main disadvantage of requiring the users to place all their trust on one single entity. This “trusted entity” is de facto a single point of failure, where a compromise or successful attack is enough to reveal the identities of all the users. The Tor public service, on the other hand, suffers from a known vulnerability that can be easily spotted by looking at the routing diagram: the last node through which traffic passes in the network has to decrypt the communication before delivering it to its final destination . In other words, the entity operating that node sees the communication passing through it in the clear. This vulnerability points to the difference between protecting anonymity and assuring confidentiality or integrity, something that, unfortunately, Tor users don’t yet seem to fully appreciate. Recently, Dan Egerstad, a Swedish computer security consultant, posted online the user names and passwords for 100 e-mail accounts intercepted by hosting five Tor exit nodes placed in different locations on the Internet as a research project . This was a dramatic demonstration of how an opportunistic attacker could exploit a Tor exit node to view and manipulate the traffic of a large numbers of users—which in this case also included people from embassies belonging to Australia, Japan, Iran, India and Russia—without the need to compromise key parts of the Internet infrastructure. Of course, the use of end-to-end encryption (e.g. via SSL connectivity) would force the traffic to leave the Tor exit node still encrypted, thereby preserving the integrity and confidentiality of the communication. The lack of ubiquitous cryptography in network communication protocols, however, leaves the unaware Tor end-user often exposed to this form of attack to the privacy of his anonymous Web sessions. « Back to section

		Login Register	Search:

Articles

Who cares about my ip address?