Anonymous communications

[lokni]

Is truly anonymous communications even possible today? Does routing through various systems, outside of the US provide any layer of security against the prying eyes of the government?

What i am thinking of is a VOIP system routed to several other phone/VOIP systems in different countries. Each forwarded to a different system in a different world. How about on a call back system? What if there were 5 hops across 5 different countries, originating in the US and ending at a pager (which could be discarded and changed at any time). Return calls would be made from a pre-paid celluar phone, which again could be purchased and discarded at any time.

Would that provide any layer of security? Anonymity? Could it possibly stymie wiretaps targeted against a specific individual or address?

 

[Malak]

Why would it matter? There's no reason for anonymity.

 

[The Boston Dangler]

Only terrorists would need to be anonymous.

 

[Xyo II]

Originally posted by: The Boston Dangler
Only terrorists would need to be anonymous.

And this belongs in networking.

 

[MrDudeMan]

i dont see how it could ever be completely anonymous because each 'router' would know where it came from and where it sent the info to. so if someone really wanted to know, couldnt they do a RARP and find out where the original sender was? i think so...someone correct me if im wrong.

 

[lokni]

But my understanding is that RARP would have to be run on each router, no? Thus the suggestion for running through servers in multiple countries. What are the chances of international co-operation between sysadmins for doing something such as RARP?

And as for there being no need for anonymity... yeah, and cars have no need for gasoline.

 

[MrDudeMan]

Originally posted by: lokni
But my understanding is that RARP would have to be run on each router, no? Thus the suggestion for running through servers in multiple countries. What are the chances of international co-operation between sysadmins for doing something such as RARP?

And as for there being no need for anonymity... yeah, and cars have no need for gasoline.

cars wont function without gasoline. we can still operate as human beings if people know who we are. try again.

 

[Matthias99]

Originally posted by: lokni
But my understanding is that RARP would have to be run on each router, no? Thus the suggestion for running through servers in multiple countries. What are the chances of international co-operation between sysadmins for doing something such as RARP?

If you're Joe Blow? Slim to none. If "they" *really* wanted to know for some reason? Could be pretty high. If you send data through an anonymous proxy that doesn't store any information on what data is going through it, there's no way to trace it directly -- but at least in the US, the feds could subpoena whichever ISP is hosting the proxy to a) find out who is operating it and haul them in for questioning, and b) get access to its inbound traffic (essentially putting a 'wiretap' on the server). Most countries' governments can probably do the same.

Truly "anonymous" Internet communications are essentially impossible to guarantee -- all traffic can be traced backwards to the source (this is built in as part of the IP communications that are used between servers on the Internet). Even if you send traffic through an 'anonymizer', you're dependent on the owner/operator of that server to not store or report the data (and their ISP to not let the feds eavesdrop on it). Ultimately, any traffic can be traced at least to the ISP it came from, or to the ISP of the last anonymous relay you went through. Unless you keep jumping around to different proxies, they can work backwards to find you. Increasing the number of hops makes it less likely that you will be found by 'brute force', but also adds more chances for someone to rat you out (since if any of the servers you go through are compromised, you've lost your anonymity).

Secure communications are easier, since you can use mathematically secure end-to-end encryption/signatures to guarantee that your messages are not being tampered with and cannot be read except by the intended recipient. Or, if you are transmitting to someone you have communicated with securely before, you can use prearranged codes/cyphers to transmit your messages.

 

[AnthraX101]

Originally posted by: Matthias99

Originally posted by: lokni
But my understanding is that RARP would have to be run on each router, no? Thus the suggestion for running through servers in multiple countries. What are the chances of international co-operation between sysadmins for doing something such as RARP?

If you're Joe Blow? Slim to none. If "they" *really* wanted to know for some reason? Could be pretty high. If you send data through an anonymous proxy that doesn't store any information on what data is going through it, there's no way to trace it directly -- but at least in the US, the feds could subpoena whichever ISP is hosting the proxy to a) find out who is operating it and haul them in for questioning, and b) get access to its inbound traffic (essentially putting a 'wiretap' on the server). Most countries' governments can probably do the same.

Truly "anonymous" Internet communications are essentially impossible to guarantee -- all traffic can be traced backwards to the source (this is built in as part of the IP communications that are used between servers on the Internet). Even if you send traffic through an 'anonymizer', you're dependent on the owner/operator of that server to not store or report the data (and their ISP to not let the feds eavesdrop on it). Ultimately, any traffic can be traced at least to the ISP it came from, or to the ISP of the last anonymous relay you went through. Unless you keep jumping around to different proxies, they can work backwards to find you. Increasing the number of hops makes it less likely that you will be found by 'brute force', but also adds more chances for someone to rat you out (since if any of the servers you go through are compromised, you've lost your anonymity).

Secure communications are easier, since you can use mathematically secure end-to-end encryption/signatures to guarantee that your messages are not being tampered with and cannot be read except by the intended recipient. Or, if you are transmitting to someone you have communicated with securely before, you can use prearranged codes/cyphers to transmit your messages.

Depends on your definition of "mathematically secure". With no pre-shared secret, there is no provably secure encryption algorithm. There is no provably secure signing algorithm period, since the entire concept of digital signatures relies on the existence of one-way functions.

It's -hard- to do proper anonymity in the Internet. What you're going to have to settle for is some system with plausible deniability. I don't think that there will be any way to do this for VoIP traffic, it's just too time sensitive. For other traffic you could use something like Tor, an onion routing network. You could also try Freenet which uses a key based routing protocol. Both make it difficult for an attacker to prove that a user specifically requested any particular data vs. just forwarding a request from another node.

Both systems have problems, as designing a system like this in the real world is hard. It's probably the best that you're going to get at this point in time.

AnthraX101

 

[Matthias99]

Originally posted by: AnthraX101

Originally posted by: Matthias99
Secure communications are easier, since you can use mathematically secure end-to-end encryption/signatures to guarantee that your messages are not being tampered with and cannot be read except by the intended recipient. Or, if you are transmitting to someone you have communicated with securely before, you can use prearranged codes/cyphers to transmit your messages.

Depends on your definition of "mathematically secure". With no pre-shared secret, there is no provably secure encryption algorithm. There is no provably secure signing algorithm period, since the entire concept of digital signatures relies on the existence of one-way functions.

Yes, I sort of glossed over this stuff. Encryption is only as good as the algorithm used (and for some algorithms, as good as the RNG used).

Without some sort of pre-shared information, there is no way to create a truly secure communications channel. If neither party has any information about the other, all you can do is send plaintext.

Digital signing is problematic in a few ways, but you can do a reasonably good job of assuring that a message has not been tampered with. However, this sort of thing is very hard to do well (see, for instance, the problems found with MD5 hashing last year).

 

[VirtualLarry]

Originally posted by: AnthraX101
It's -hard- to do proper anonymity in the Internet. What you're going to have to settle for is some system with plausible deniability.

One might even argue that anonymity is a "false goal", and a wrong choice, when in fact the true goal is "security". (Resistance against network intrusion by unwanted entities.) The reason being, reputation-based systems are likely a better choice for that, and anonymity works directly against that sort of system. Human beings tend to develop their own trust networks instinctively, I tend to think those as being a better choice of models.

 

[DrPizza]

Originally posted by: Matthias99

Without some sort of pre-shared information, there is no way to create a truly secure communications channel.

You guys are probably more knowledgeable than I am on this subject. However, isn't it possible, by sending the communication back and forth twice, for it to remain encrypted? (I have minimal information on what specific encryption algorithms are actually used.)

Here's a suggestion: I have a message. I encode my message by putting it into a matrix form, and multiplying by another matrix of HUGE prime numbers. Now, person B would need my matrix, or the inverse of my matrix, to decode the message, or else, person B could use brute force for the next quite a few years. But, instead, person B re-encodes the same way, and sends the message back to me. I remove my encryption and send it back to B; it's now encrypted with B's encryption alone. B receives it and deciphers it.

very simple example, somewhat unrealistic because it's too simple, but hopefully you get the idea: I use the prime number 7 to represent the letter "A". I encrypt it by multiplying it by 13. I send the 91. Person B doesn't know what 91 is, because he can't factor it.. he encodes it by multiplying by 11. He returns 1001. I divide 1001 by 13, I get 77 and resend it to him. He removes the encryption of 11 and gets "7" which is "A" Imagine this process with products of huge prime numbers; virtually unfactorable via brute force.

Now, of course, this only works if he knows what "A" is. Then again, it can easily be argued that if I always use "7" for "A", in this message, and if this message is long enough, it becomes a simple cryptogram to decipher. i.e., if I'm only sending text, the recipient will have 26 huge prime numbers, and merely has to figure out which prime stands for which letter.

Now, even this would be somewhat simple to crack, assuming you intercepted all the communications. But imagine some other sort of commutative trap door function being employed by both parties...

 

[mrscintilla]

In your two-way encryption example, you are assuming that both parties know that their encryptions are "additive" in the sense that adding one encryption does not change the ability to reverse the other. This assumption needs to be "pre-shared" between the two parties.

 

[smack Down]

Originally posted by: mrscintilla
In your two-way encryption example, you are assuming that both parties know that their encryptions are "additive" in the sense that adding one encryption does not change the ability to reverse the other. This assumption needs to be "pre-shared" between the two parties.

That information can be sent over the channel in plain text so it doesn't have to be pre-shared.

That said I don't think DrPizza method provides more protection then regular public key encription.

 

[Matthias99]

Originally posted by: mrscintilla
In your two-way encryption example, you are assuming that both parties know that their encryptions are "additive" in the sense that adding one encryption does not change the ability to reverse the other. This assumption needs to be "pre-shared" between the two parties.

I think there are also problems if the second party happens to choose the same 'key' that you did to originally encrypt the message. Since you cannot tell them what it is, they could choose it by mistake.

Also, if someone intercepted all the messages, they could tell what both your keys are, and hence read the unencrypted message. If the sender's and receiver's matrices are represented by A and B respectively, the eavesdropper would have (message * A, message * A * B, and message * B). With all of those, you could compute the original message. This is a general problem with using symmetric (two-way) functions for encryption -- hence the need for a pre-shared key to maintain security.

Edit: It's actually not a problem for this algorithm if both people choose the same key. This can be an issue for some similar types of communcation, though.

 

[AnthraX101]

Originally posted by: Matthias99

Originally posted by: mrscintilla
In your two-way encryption example, you are assuming that both parties know that their encryptions are "additive" in the sense that adding one encryption does not change the ability to reverse the other. This assumption needs to be "pre-shared" between the two parties.

I think there are also problems if the second party happens to choose the same 'key' that you did to originally encrypt the message. Since you cannot tell them what it is, they could choose it by mistake.

Also, if someone intercepted all the messages, they could tell what both your keys are, and hence read the unencrypted message. If the sender's and receiver's matrices are represented by A and B respectively, the eavesdropper would have (message * A, message * A * B, and message * B). With all of those, you could compute the original message. This is a general problem with using symmetric (two-way) functions for encryption -- hence the need for a pre-shared key to maintain security.

Edit: It's actually not a problem for this algorithm if both people choose the same key. This can be an issue for some similar types of communcation, though.

I think that people in here are confusing the term "shared secret" with "shared information". It is easy for two individuals to derive a shared secret in the clear without any pre-shared secret. This is mainly thanks to two individuals, Whitfield Diffie and Martin Hellman.

In 1976 they came up with a concept called Diffie-Hellman Key Exchange. This is the first public discovery of public key encryption. The algorithm, with some caveats, remains secure to this day.

Fundamentally how it works is this:

Each user calculates (g^k) mod p = result, where g is some value (known as the generator). This can be shared in the clear. p is an extremely large prime number (also known as the public modulus), also shared in the clear. k (the private key) is a large secret number that has to satisfy some particular mathematical restrictions.

Once this is calculated, the users share their results and use this value as the new generator. Since exponentiation is commutative over the modulus, they are in effect solving:

(G^k1)^k2 mod p
(G^k2)^k1 mod p

Anyone who has taken algebra will tell you that these two statements are equivalent. Provided the discrete logarithm problem is indeed hard, this allows two users to establish a shared secret when communicating over a passively tapped line.

You can then use this shared secret to establish Confidentiality and Integrity in any number of ways using symmetric cryptography. One thing that this does not provide is Authentication or Non-repudiation. Those things can not be done without some form of pre-shared secret.

It is actually pretty easy to add authentication to standard DH key exchange. Instead of sharing a public generator g, create a generator in some manner from a pre-shared secret. (This has to be done carefully, there are a lot of ways to do it wrong and make a week system). This has an advantage of being a zero-knowledge password proof. This means that even if you do one of these handshakes with an attacker, they can not discover your shared secret faster then brute force.

AnthraX101