anonymity without sacrificing performance enhanced nymble system with distributed architecture cs...
TRANSCRIPT
![Page 1: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/1.jpg)
Anonymity without Anonymity without Sacrificing Performance Sacrificing Performance Enhanced Nymble System with Distributed Architecture
CS 858 Project PresentationOmid Ardakanian*
Nam Pham*
*David R. Cheriton School of Computer Science, University of Waterloo
![Page 2: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/2.jpg)
OutlineOutline Introduction
◦ Review of Nymble
◦ New goals
Ring Signature for dummies!
Proposed Solution
◦ Distributed Pseudonym Manager
◦ Distributed Nymble Manager
Analysis
Future Work
Summary
![Page 3: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/3.jpg)
Review of NymbleReview of Nymble
![Page 4: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/4.jpg)
Nymble WeaknessesNymble Weaknesses
Collusion between NM and PM◦De-anonymizes the network
◦Reveals user behavior
TTPs are single point of failureScalability problem
![Page 5: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/5.jpg)
Related WorkRelated WorkBLacklistable Anonymous Credential
(BLAC)
◦ Pros: Eliminates the reliance of TTPs
◦ Cons: Suffers from severe bottleneck at the side of Service Providers
PEREA
◦ Pros: Computation is linear in the size of the blacklist
◦ Cons: Performance is still a problem
![Page 6: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/6.jpg)
New goalsNew goals
Maintaining security properties of original Nymble Design◦Mis-authentication resistance
◦Blacklistability
◦Anonymity and Non-frameability
Enhancements◦Unconditional Anonymity
◦Scalability & Robustness
![Page 7: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/7.jpg)
Proposed SolutionsProposed Solutions
Consists of two main parts:
◦Distributing Pseudonym Manager
◦Distributing Nymble Manager
![Page 8: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/8.jpg)
Ring SignatureRing Signature
By Rivest, Shamir and Tauman◦A group member can sign a message
on behalf of the group without revealing her identity.
◦Ring signature is created on demand! No setup procedure or agreement
![Page 9: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/9.jpg)
Distributing Pseudonym Distributing Pseudonym ManagerManager
User PM
IP address
pnym
Previously
Motivation If a pseudonym can
represent an IP, why don’t we use it recursively?
![Page 10: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/10.jpg)
Alice PMi
IPA
Round 1Round 1
PM1
PM2
PMn
Alice◦Chooses a random index i◦Connects to PMi directly with her IPA
◦Requests a pseudonym for the next round
![Page 11: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/11.jpg)
Alice PMj
IPAIPA
Round 1 (cont’d)Round 1 (cont’d)
PM1
PM2
PMn
PMi ◦Generates a codename for Alice◦Signs using a ring signature scheme◦Informs all other PMs
“IPA has been issued a pseudonym in round 1”
IPA
IPA
![Page 12: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/12.jpg)
Alice PMi
Codename +
AckIPA
Round 1 (cont’d)Round 1 (cont’d)
PM1
PM2
PMn
PMi ◦Waits for Acknowledgements from
other PMs◦Sends ‘codename’ back to Alice
Ack
Ack
![Page 13: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/13.jpg)
Somebody PMj
codename
Round 2Round 2
PM1
PM2
PMn
Alice◦Chooses another random index j
◦Connects to PMj anonymously using Tor
◦Requests a pseudonym to connect to NM
![Page 14: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/14.jpg)
Somebody PMj
codenamecodename +
Round 2 (cont’d)Round 2 (cont’d)
PM1
PM2
PMn
PMj ◦Verifies the validity of <codename,
signature>◦Creates a pnym for that ‘somebody’
◦Signs pnym using a ring signature scheme◦ Informs all other PMs: “The guy with ‘codename’
has been issued a pseudonym in round 2”
codename
codename
![Page 15: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/15.jpg)
Somebody PMjpnym +
Ack
Round 2 (cont’d)Round 2 (cont’d)
PM1
PM2
PMn
PMj ◦Waits for Acknowledgement from other
PMs◦Sends <pnym, signature> back to the
user
Ack
Ack
![Page 16: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/16.jpg)
Aspects of DPMAspects of DPMAlice’s IP address is protected by
one more security levelIt’s not feasible for Alice to obtain
more than one pseudonym with her IP
![Page 17: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/17.jpg)
Tor Network
Distributing NMDistributing NM
NM
PMi PMj
Cod
enam
e ac
quis
ition
Pseud
onym
acq
uisitio
n
NymbleTicket acquisition
![Page 18: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/18.jpg)
Distributing NMDistributing NM
Tor Network
Service Provider
Serve
r Auth
entic
ation
![Page 19: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/19.jpg)
Distributing NMDistributing NMService Provider
NM’
Linking Token Extraction
Tor Network
NM
![Page 20: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/20.jpg)
Distributing NM - Distributing NM - RequirementsRequirements
![Page 21: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/21.jpg)
Distributing NM (cont’d)Distributing NM (cont’d)Seed HkhkN
(pnym,sid,w)
How should we generate the seed?◦ S1: Ask another NM to create the hash of
server id with his own key Seed will not be unique
◦ S2: Ask another NM to create the hash of server id with the shared key Vulnerable to brute force attack
![Page 22: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/22.jpg)
AnalysisAnalysisOur Solution:
◦Provides collusion prevention without eliminating TTPs No proof generation and proof verification
needed Better performance than BLAC and PEREA
◦Decreases the number of required signature
◦Eliminates unnecessary key sharing
◦Makes use of an efficient ring signature scheme with efficient size
![Page 23: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/23.jpg)
Future WorkFuture Work
Dynamic ForgivenessMultiple Rounds for Pseudonym
RegistrationOptimal Ring SignatureExperimental Analysis
![Page 24: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/24.jpg)
SummarySummaryWe introduced an anonymous
blocking system based on Nymble◦Using distributed TTPs architecture◦With collusion resistance feature◦With less computation cost◦With increased usability
![Page 25: Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *](https://reader035.vdocuments.site/reader035/viewer/2022070307/551b3c7c550346dd1a8b544e/html5/thumbnails/25.jpg)
Thank You!Thank You!