}

Internet Communications Security III: Anonymity

2013/06/01 Leturia Azkarate, Igor - Informatikaria eta ikertzaileaElhuyar Hizkuntza eta Teknologia Iturria: Elhuyar aldizkaria

Within this package of articles on security of communications on the Internet, we have analysed how confidentiality can be guaranteed (not detecting a private message by third parties) and authentication (check what our interlocutor says). On this occasion, we will work by way to ensure anonymity on the Internet, and as we will see, as in the two previous ones, cryptography with public key is at the base of it.
400

The first reaction of many people to hear the methods of speaking on the Internet anonymously is mistrust. When we want to act anonymously we think it will be to do something wrong: act on something illegal, stumble into comments from some media, etc.

But there are cases in which anonymity must be guaranteed. There is the right to privacy of citizenship, for example, that, as in any other area of life, we can do what we want on the net without any government, service provider or search engine knowing what we do. As well as guaranteeing the right of navigation in countries that apply censorship on the network. Or facilitate the anonymity and security of journalists' informers, as in the case of Wikileaks. And many more.

The first thing that would happen to us is to go to a cybercafe, but its disadvantages are many and tangible: that witnesses can identify themselves, that the need for geographical proximity, that we change often...

Another way is to use proxy or anonymous routers. These are services that allow us to access the address of the website to which we want to access through the same orders and return the page. These are also not very appropriate: suppliers of these services know who has acted; they are often paid or with annoying advertising, they only serve to navigate and not to send mail, for example...

One of the ways that can use those who have great resources or computer knowledge (intelligence services or criminals) is the control of the computers of ordinary people through a malware and, without the owners knowing it, direct requests or messages through them without leaving a trace. But this form is not available to anyone, and of course it is not legal.

Software and free networks Tor

Today, the most secure and accessible way for everyone to express themselves anonymously on the Internet is to use Tor. Tor means The Onion Router, that is, a rough onion. A curious name, but with reason to be, as we will then see.

Tor is a free software and an open network that allows us to channel communications from our network by jumping on several computers from a network of volunteers. The passage of messages across multiple computers hinders backtracking, but Tor also gets none of these computers or nodes on the track to know the message itself and its origin and destination; each node only knows the previous node and the attachment, does not know the number one node on that route and cannot read the message. How is it achieved? Again, by public key cryptography.

As indicated in the previous articles of the Lot, in the cryptography with public key a message is encoded or encrypted with its public key that the recipient has made available to anyone, but the message can not be deciphered back with this key, but with a private key that only the recipient knows how to read the message.

Encryption of onion

When we use Tor to send a message, the first thing this software does is to choose a path through several random computers that form the Tor network. Below is the message and the final goal of the message using the public key of the last node of this route. Below is all this message already encrypted and the address of the last node of the track using the public key of the last node of the path. And so it goes back with each of the nodes of the track, encrypting with the public key of the node all the required message and the address of the next node.

When everything is ready, send the message to the first node of the route; the Tor software that is in the same deciphers the message with its private key, thus getting the address of the next node and sending it the remaining message; the next one does the same, decrypts it, gets the following address and passes it to it, and so to the end. As seen, the nodes of the track know nothing more than the previous and the subsequent, since everything goes encrypted in keys that do not have themselves. And if the recipient or anyone who has intercepted the message would like to know what its origin is, it should decipher several layers of cryptography with public key, and if, as we said, it is not possible to break with current media this type of cryptography, think of several layers.

Therefore, hence its name as a lighter of onions: the message, like onions, has several layers of encryption on each other that are deciphering or eliminating in the way.

The only way to know the content, purpose or origin of a message can be to infiltrate (introduce satizo computers into the Tor network) or gain control of nodes. But in the Tor network there are many computers and long paths are made, so it is impossible that all nodes of the track are sators or controlled in practice.

On the other hand, we can configure Tor so that the last node of the road belongs to a given country, thus overcoming the censorship of certain websites with respect to some countries (imposed often by the government of the country to their compatriots) or geographical windows of exploitation that apply to certain cultural or audiovisual content online.

At present, Tor is the instrument with the highest guarantee of anonymity and is available to anyone. And it is true that it can also be used for illegal matters. That is why (or perhaps with the excuse) some countries want to ban the use of To (for example, Japan). If they did, many other permitted and necessary uses would become impossible. And cars or weapons are not prohibited because they are used to steal banks...