Anonymous Communication on Internet

S.M.Udara Rusiri Siyasinghe

2005/CS/130
smudararusiri@yahoo.com

Supervisor: Dr.Chamath Keppetiyagama

June 22, 2008

 Abstract

In the modern economic world purchasing products from online stores is

rapidly increasing. At the same time cyber criminals who steal personal
information and tracking online activities are also increasing. Hence people
need to be more careful when exposing or giving out any personal infor-
mation about them. On the other hand people may prefer to send private
messages or emails in a way that, the sender and the receiver cannot be
detected by an external observer. Therefore a reliable anonymous com-
munication system on Internet is very crucial. In this literature I’ll discuss
about some of the available Anonymous Communication systems which, cer-
tain systems may good for real time practical applications while others may
not within acceptable limits.
Contents

1 Introduction 1
1.1 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

2 Overview 2

3 Web Proxies 4

4 MIX Based System 6

5 Onion Routing 9

6 Crowds 11

7 Evaluation 13

8 Conclusion 15

ii
List of Figures

3.1 Functionality of a Single-Hop Proxy . . . . . . . . . . . . . . 5

4.1 Functionality of a Mix . . . . . . . . . . . . . . . . . . . . . . 7

5.1 Onion Routing Network . . . . . . . . . . . . . . . . . . . . . 10

6.1 Paths in a Crowd . . . . . . . . . . . . . . . . . . . . . . . . . 12

7.1 Level of Anonymity . . . . . . . . . . . . . . . . . . . . . . . . 13

iii
 Acknowledgments
I’m pleased to thank Dr. Chamath Keppetiyagama for the guidance he
gave me as the supervisor and very helpful discussions. Also I would like
thank Dr. H.L.Premarathna, the coordinator of this course module for giv-
ing us the useful tips and sample latex codes. And Mr. Malik Silva for
conducting latex sessions for us to improve our knowledge. Finally I like to
thank every one who have supported me to make this survey a success.

iv
Chapter 1

Introduction

With the growth of the internet, business organizations have identified the
greater potential in online businesses. As a result of that many companies
have their own online stores and number of people who purchase goods via
the internet are increased. With this growth cyber criminals who steal per-
sonal information and tracking online activities are also increasing. Hence
people need to be more careful when exposing or giving out any personal
information about them. The most important thing is internet users are
looking for privacy even in the unsafe internet. Therefore a reliable anony-
mous communication system on internet is really important.

Anonymous communication means communicating without revealing the

identity to each other or to an outside observer. Here, the communica-
tion maybe carried out over the general Telephone networks or the Mobile
Phone networks or the Internet. Many researchers have proposed solutions
for achieving Anonymous communication over these types of communication
methods. These solutions can be found in the literature as well as in the
World Wide Web. For example, ISDN Mixes[1] can be used to take Anony-
mous telephone calls. But Local telephone exchange should implement the
system. In this literature I’m focusing on Anonymous communication on
Internet.

1.1 Outline
The rest of the report is organized in the following way: Chapter 2 presents
an overview about the anonymous communication. Chapter 3 describes the
Web Proxies. Chapter 4 describes the Mix[2] based system. Chapter 5
describes the architecture Onion Routing[3] which is based on the virtual
circuits. Chapter 6 describes the Crowds[4] anonymous system. Chapter 7
presents the Evaluation and Chapter 8 presents some concluding remarks.

1
Chapter 2

Overview

In the context of anonymous communication we first need to understand

what is meant by ”Anonymity” and ”Unobservability”. The anonymity is
”the state of being unidentified within a set of communicating parties”. For
example, someone needs to send an email to a lawful authority in such a
way that, the receiving authority shouldn’t be able to find out who sent the
mail. This unidentifiability is called Anonymity. There are three levels of
anonymity,

1. Sender Anonymity.

2. Receiver Anonymity.

3. Sender and Receiver Anonymity(Unlinkability).

Unobservability(which is stronger than anonymity) means that exchange

of a message cannot be detected by an outside observer. For example, when
two people are chatting over the internet an outside observer shouldn’t be
able to figure out whether they are chatting or not. This difficulty of detec-
tion is called unobservability. There are two unobservability levels,

1. Sender (or Recipient) Unobservability.

2. Relationship Unobservability.

If a person needs a perfect anonymous communication system he should

go for a system which provides both anonymity and unobservability prop-
erties. But with practical considerations it will be really difficult find a
perfect solution. Researchers have proposed many solutions for anonymous
communication with various approaches. For ease I’ll divide them in to three
categories.

1. Web Proxies.

2
 2. MIX Based Systems.

3. Other Anonymous Communication Systems.

For the category type 3, I’ll talk about Onion Routing[3] and Crowds[4]
anonymous communication Systems.

3
Chapter 3

Web Proxies

Many internet users are now looking for services which provide anonymous
browsing on the web. Currently there can be found a number of different
services which claim to provide anonymous browsing. Some of them are
free services and some are paid, with more or fewer features. Among these
systems simplest anonymizing system will be Proxy browsing since no addi-
tional softwares need to download and fewer configurations.

In this approach an additional ”trusted third party” which is a proxy

is introduced between the sender and receiver in a way that, user’s all web
requests are redirected to the proxy. So the proxy will made the request from
the web server on behalf of the user. Hence the sender’s identity is hidden
from the receiver. Following is a list of available proxies which provides
anonymous web browsing,

• Anonymizer - http://www.anonymizer.com

• the-Cloak - http://www.the-cloak.com

• Proxify.com - http://www.proxify.com

• Proxy.org - http://www.proxy.org

Figure 3.1 shows the operation of a web proxy and Let’s see how can we
achieve sender anonymity from the receiver using a single-hop proxy.

1. The user(Web browser) issues an HTTP request for the URL(www.news.lk)

from the proxy server.

2. The proxy server immediately issues an HTTP request to the Web

server for this URL. Now the HTTP request appears to be originated
at the proxy server and not at the user’s computer.

3. The web server replies with sending an HTML document to the Proxy.

4
 Figure 3.1: Functionality of a Single-Hop Proxy

4. The proxy will first rewrite all the links in that document so that they
will point back to the proxy instead of the web server. Finally it sends
the document back to the user with all links rewritten.

Lets see what is happing in the link rewriting(See [5] for more informa-
tion). As an example, I’ll consider the free service of the anonymizer.com.
A link to http://www.news.lk/BreakingNews will rewritten to,
http://anon.free.anonymizer.com/http://www.news.lk/BreakingNews.

Apart from hiding the user’s IP address from the web server proxies pro-
vide some extra functionalities. Some of these are,
Filtering cookies, Filtering or rewriting JavaScripts, Filtering advertisements
and banners and Faking the HTTP user agent field in the HTTP header
(user’s OS and browser information will not reveal.)

Proxies only provide Sender anonymity from the receiver if the proxy
itself remains uncompromised. But a Caching Proxy[5] (extension of a web
proxy) will be able to provide sender and receiver unlikability property. In
most of the free proxies the connection between the user and the proxy
is not encrypted. Hence an attacker may be able analyze the web traffic.
Therefore when you are using a web proxy for anonymous web browsing, be
careful whether it provides a encrypted connection or not.

5
Chapter 4

MIX Based System

One of the common vulnerabilities in the proxy browsing was traffic anal-
ysis attack. But there exist a system called Mix[2] which is not vulnerable to
this attack. The concept of a Mix was first introduced by David Chaum in
1981. A MIX is simply a computer connected via the internet which actually
is an enhanced proxy. A Mix is empowered to use public key cryptography
to achieve anonymity properties. In order to connect to a Mix the user must
use another proxy so that all the communications with the Mix is carried
out by this proxy. For example, Key exchanges, message encryption and
decryption are done by the proxy deployed in the user’s computer.

Mixes hide the sender’s identity from the receiver by cryptographically

altering the messages being exchanged. At the same time Mixes buffer the
incoming data and divide them in to equal sized chunks. When the sender or
the receiver is idle the Mix sends the dummy traffic which is also same sized
chunks. As a result of these techniques an out side observer cannot determine
who is communicating with whom and when they are communicating.

6
 Figure 4.1: Functionality of a Mix

Figure 4.1 illustrates the functionality of a Mix node and how can we
achieve sender and receiver anonymity. Notations used in Figure 4.1,

KM S - Public Key of the Mix Node.

KR - Public Key of the Receiver.
AdrsR - Address of the Receiver.
Msg - Message to be sent.

When the sender needs to send an anonymous message, first he should

encrypt the message with receiver’s public key KR (M sg). Then the resul-
tant message should be encrypted along with the Address of the receiver
using Mix node’s public key KM S [KR (M sg), AdrsR ]. When the encrypted
message arrived at the Mix node, first it will decrypt the message using
it’s private key. Then it can find out the address of the recipient along
with the encrypted message. After, the Mix will send the message to the
recipient KR (M sg) with or without encrypting it because it is already en-
crypted. Finally when the message received by the recipient’s proxy it will
decrypt the message using it’s private key. At last sender has sent a mes-
sage anonymously to the receiver so that recipient or an out side observer
cannot determine who send the message and because of the dummy traffic
an adversary cannot determine when they are communicating.

7
 The use of Mixes in anonymous communication is really important when
designing an anonymous e-mail system because, using Mixes and public
key cryptography we can generate an untraceable return address so that
recipient can sends back a response without the real address of the sender.
Usually Mixes are used in a sequence called Mix cascade. Therefore even
if all the Mixes are compromised except one, that uncompromised Mix is
enough to provide anonymous communication properties. Because of these
robust properties in Mixes most of the anonymous communication systems
are extensions of Mix-nets. For example Web Mixes[6] is an extension of the
Mixes and it can be used for anonymous web browsing.

8
Chapter 5

Onion Routing

Unlike previously discussed systems, the Onion Routing is a distributed

anonymous communication system which is resistant to traffic analysis at-
tack. It is designed to anonymize TCP based applications like web brows-
ing(HTTP), Secure Shell(SSH), FTP and SMTP. The architecture provides
anonymous socket connections via proxy servers like in MIX-nets.

In this approach Initiator’s proxy selects a path through the network to the
Responder’s proxy and builds a virtual circuit using layered objects called
”Onions”(Hence the name Onion Routing). The Onion is a data packet
which is encrypted using a sequence of Keys which are the session key and
the public key of each Routing Node along that path. Each layer of a Onion
contains session keys and the address of the next node in the virtual circuit.
Since the circuit is built upon several servers and this layered encryption,
each Routing Node knows its previous and next nodes and no other nodes
in that virtual circuit. Onions which, flow down the circuit are fixed-size
cells, which are unwrapped by the session key at each node(like peeling off
the layers of an onion). When the circuit is broken these session keys are
destroyed.

Figure 5.1 illustrates an established Virtual Circuit in an Onion Rout-

ing network with five nodes. Among these Nodes, Node A and Node F
are Proxy/Routing nodes and others(B,C,D and E) are Routing Nodes(also
called Onion Routers.) Node A is the Initiator’s proxy and it has been es-
tablished a circuit to the Node F which is the Responder’s proxy by first
encrypting the Onion for the Node F and then for the preceding Nodes B,
C and D. All the connections between Routing nodes and Routing/Proxy
nodes are link encrypted connections. Therefore it is really difficult to use
traffic analysis attack to determine who is communicating with whom.

9
 Figure 5.1: Onion Routing Network

Onion Routing can be used to provide real time, bidirectional, anonymous

communication for TCP based applications which can be configured to use
proxy services. Onion Routing is really useful in anonymous e-mail systems.
Because a Reply Onion can be included with a messages so that it allows a
later reply to the sender without knowing his real address and even when
the original virtual circuit was broken.

10
Chapter 6

Crowds

In this section I’ll talk about another system which is totally different
in the operation than previously discussed systems. The approach is based
on the concept of being in a ”Crowd” (hence the name). It operates by
forming a large group of users whose locations may even be geographically
different(for better anonymity it must be). These users in the group col-
lectively issues requests on behalf of each other so that one user’s actions
are hidden within many other users’ actions. The users issue web requests
to different web servers and receive replies from them. Hence the users are
the ”Senders” and web servers are the ”Receivers”. The Crowds basically
provides sender’s anonymity from the receivers and attackers.

In order to use the system for web browsing, a user must first join to
a crowd of many users. A user is represented in the crowd by a special
proxy running on the user’s computer called a ”Jondo”. When the user
starts the Jondo on his computer it contacts a special server called the
”Blender”(which manages the crowds membership) to request the permis-
sion to enter the crowd. If permission granted, the Blender replies with all
the necessary information that would enables this Jondo to join the crowd.

The user’s Jondo acts as a simple proxy between the browser and the web
server which will remove identity information from the HTTP header before
sending the request to another Jondo. All the communications between the
Jondos are encrypted using a shared key called ”path key” which is created
by the Jondo who initiate the path. And this key is shared among all the
Jondos on a path. Therefore an outside observer won’t be able to find out
the content of a web request or reply, and the identity of the sender. But it
is obvious that an attacker who has the control of his own Jondo can decrypt
the content. But he also won’t be able to figure out who is the initiator of
the request.

11
 Figure 6.1: Paths in a Crowd

Figure 6.1 illustrates the paths that will be established when the users’
requests are sent to web servers. On the other hand server replies will send
back along this path on the reverse order.

When a user request a document from a web server the request is first
sent to a randomly chosen member(Jondo) in the crowd. That member may
either submit the request directly to the end server or forward it to another
randomly chosen member. When the web request is ultimately submitted
to the web server, it is submitted by a random member. Therefore the web
server cannot identify the real initiator of the web request because it seems
to be originated from any member in the crowd. Apart from that even a
fellow crowd member cannot identify the true initiator of a request because
his predecessor may be just forwarding the request on behalf of another.

12
Chapter 7

Evaluation

Identity theft is becoming a major problem in the internet. Therefore

internet users must be well aware and be prepared to defend them selves
against it. There are may different solutions which claim to provide anonymity
in the internet. But their usability is questionable because some systems
even do not have a implementation. A particular system may be good at
one specific use while it will not suitable as a general solution. But some
systems can be used as a general purpose anonymizing system with less
protection but within acceptable limits.

Figure 7.1: Level of Anonymity

Figure 7.1 present the level of anonymity provided by each system that
I have discussed earlier. According to the table Mix nets and Onion Rout-
ing provides better anonymity level than Crowds and Proxies does. On
the other hand Mix-nets and Onion Routing consumes a lot of bandwidth
for generating cover traffic and increase the CPU work load by number of
encryptions and decryptions. A user must therefore find the right balance
between the usability and the level of security provided by a system.

Among the solutions which can be found in the literature, some of them
even don’t have a proper usable implementation. The designer deploys a
prototype and he keeps it running for quite some time and suddenly the

13
system is no longer available. And in some cases the system can be used
but attackers have found vulnerabilities and no design updates or new ver-
sions are coming. Therefore the system cannot be trusted anymore. Some
times commercial systems are the only available anonymity systems. So
the internet users have a problem of finding a usable, reliable and available
solution.

In my point of view instead of developing more and more new systems, an

existing reliable, usable system should improve, deploy and further support
it. As I believe, the Tor network[7] would be the right candidate because it
is the Successor of Onion Routing, and it can be used with any application
which can we configured to use a proxy service, And it is a community based
system(like Crowds) so when the number of users are increasing the level of
security will also be increased.

14
Chapter 8

Conclusion

There are some systems whose level of security provided is quite remark-
able. As a result of that even the Lawful authorities are unable to figure
out the origin of some illegal activities. For example, some people have used
these systems to send e-mails which contain child pornography and the au-
thorities were unable to track who send these e-mails. In the worst case
scenario thieves, smugglers and terrorists will use these systems to carry
out their dirty work. In a system like caching proxy[5], the legality is yet
to be determined because the system stores the copyrighted contents other
than in the original location. Like in the many scientific innovations, these
systems also have negative outcomes as well as positive outcomes.
References

[1] Michael Waidner, Andreas Pitzmann and Birgit Pitzmann. Isdn-mixes:

Untraceable communication with very small bandwidth overhead. 7th
IFIP International Conference on Information Security (IFIP/Sec ’91),
1991. Elsevier, Amsterdam.

[2] David Chaum. Untraceable electronic mail, return addresses,and digital

pseudonyms. Communications of the ACM, 4(2):84–88, February 1981.

[3] Paul F. Syverson, David M. Goldschlag and Michael G. Reed. Hiding

routing information. International Workshop on Information Hiding,
May 1996. Cambridge, UK.

[4] Michael Reiter and Aviel Rubin. Crowds: Anonymity for web transac-
tions. International Workshop on Information Hiding, 1(1):66–92, 1998.
Cambridge, UK.

[5] Anna M. Shubina and Sean W. Smith. Using caching for browsing
anonymity. ACM SIGecom Exchanges, 4(2), September 2003.

[6] Hannes Federrath, Oliver Berthold and Stefan Köpsell. Web mixes: A
system for anonymous and unobservable internet access. Workshop on
Design Issues in Anonymity and Unobservability, 2001. Springer-Verlag,
Heidelberg.

[7] Paul Syverson, Roger Dingledine and Nick Mathewson. Tor: The second-
generation onion router. Technical report, Tor Documentation.

16