minx a simple and efficient mix packet formatpdf.pdfVIP

Minx: A Simple and Efficient Mix Packet Format George Danezis University of Cambridge, Computer Lab. (Thanks to CMI grant) Ben Laurie ALD Ltd. Outline ● What is a mix packet format – na?ve constructions ● Attacks against mix formats ● Minx – our construction ● Conclusions Warning: This talk abstracts away a lot of boring details – read the paper for full (gory) details. What is a mix? ● Building block for anonymous communications. ● Router that hides correspondences. ● Two components: – Changes the bit patterns using a secret – Distrupts the timing patterns – another subject altogether Mix Input message 1 Input message 2 Output message A Output message B What is a mix packet format? ● Cryptographic format that allows the bit patterns to change – so that it is hard to trace a message. – The sender encodes a message. – The mix decodes the message and sends it along. ● Na?ve construction: Secret K A to Mix: {B,M}PubK Mix Mix to B: M Anonymous replies ● Similar construction for anonymous reply blocks: ● Support for anonymous replies – Indistinguishable from normal messages. – Secure against all attacks. Secret K B to Mix: {A,KA}PubK,M Mix Mix to A: {M}KA Multiple Mixes ● Mix networks distribute trust and load. ● Use a chain of mixes instead of one: ● Strip the packet layer by layer ● Hide length of path / position Mix 1 Mix 2 Mix 3 A to Mix 1: {Mix 2,{B,M}PubK2}PubK1 Mix 1 to Mix 2: {B,M}PubK2 Mix 2 to B: M The real world – red in tooth and claw ● Na?ve examples so far would not stand a chance. ● Attacks: – Attacker can watch all packets coming in and out of mix. – The attacker controls a subset of nodes on the path. – Attacker can modify/tag messages to trace them – the killer attack. ● Example: Using AES CBC for encryption ... What if {.}K = AES CBC ● Use hybrid RSA / AES CBC to encrypt message: ● Attack: flip one bit of some input block Mix A to Mix: {B,Ks}PubK,{M}Ks RSA Mix to B: M RSA Surely this is trivial ... ● Other cryptographic constructions: – AES