We will present the state of the art in deployed anonymous communication systems, and in particular Mixminion, for anonymous email, and Tor, for anonymous web browsing. We will focus on the concrete future challenges to deploy and strengthen theses systems. In the last few years there has been a renewed interest in anonymous communications, both in terms of accademic work but most importantly in terms of implemented and deployed systems. This talk will be geared towards those at the cross section of practice and reaserch that are interested in developing or strengthening applications that provide some anonymity protection. We will describe two systems that are based on solid theoretical work, and should provide a high degree of security: Mixminion, is a high latency remailer, that can be used to anonymise email, while Tor is a low latency Onion Router, supporting the transport of any TCP stream. The two architectures are complementary, and provide very different security properties. While deployed, for testing, they Mixminion and Tor are both works in progress, and many practical as well as research challenges need to be resolved before they become widely used. The talk will first give an overview of Mixminion and Tor, highlight their architectural similarities and differences. Some attention will be paid to the threat models that they try to protect against and the features that they provide. The key attack techniques will be presented, but without going into the mathematical details. Pointers for further reading will be provided for those who are keen. Then we shall focus on the issues that remain to be resolved to widely deploy these systems, and further strengthen them. These issues are both research questions or concern the practical implemetation of anonymous infrastructure and services. On the one hand there is a need to build more services merely to support anonymous communications: from the implementation of pseudonym servers, directory services, or integration into client applications to research on DoS prevention and flooding. On the other hand the communication infrastructure is only there to be used by higher level applications. Therefore there is a need to understand which applications can be used without modifications over anonymous communications, and which will require to be modified not to compromise identity information. As a result of this talk participants should feel confortable with the basic design of anonymity systems, and know where to find additional information to use or build on these systems. If they choose to further look into the subject they will know what the main issues are where more work is required, and know the venues where this work can be presented, used, and appreciated.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.