XeroBank and other Proxies not us secure as most think?

Discussion in 'privacy technology' started by arran, Dec 5, 2009.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    I have heard that encrypted packets, other than the actual content in the encrypted packets shows other information such packet headers and the "Size" of the encrypted packet.

    Because of this it would be possible to look at every ones encrypted packets
    going into the proxy server and compare and match them all with the unencrypted packets coming out of the proxy server. Its a bit like a jigsaw puzzle, matching unencrypted data streams with encrypted data streams. probably of course you would need expensive traffic analyzing equipment, but certainly can be done.
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Other proxies being insecure, yes; XeroBank, no. The kind of analysis you are talking about is netflow analysis, whereby you watch outgoing packets and see if you can correlate it to incoming packets. In regular proxies, they are one-hop, so observing the node is simple and can be done trivially. This is easy to do on a regular proxy because they do not have multiplexing across multiple nodes or crowding optimization on data streams. That means any telco or anyone with the power or access to a telco can do this with a single computer, it is why we warn people that they are not actually anonymous when using other networks.

    XeroBank uses lots of techniques to minimize the attack opportunity, using multiplexing, crowding optimization, and multiple nodes. This attack cannot be performed trivially against XeroBank users, and not a local, domestic, national, or non-specialized multinational organization has adequate capability to defeat our techniques.

    In XeroBank's network it requires a global adversary who can watch and analyze all traffic on an entry node in one country, and watch and analyze all traffic of an exit node in another country. That means you would need to wake up one of the 15 super-spy organizations and get them very interested in you to the tune of millions of dollars of dedicated surveillance and analysis.

    The end result is that if you are anything less than a hunted spy carrying the most important state secrets, you're safe with XeroBank's consumer-level VPN service. Now imagine what our custom and business-level services can do...
     
  3. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358
    Would something like this be possible retroactively if we assume the single node doesn't keep logs? My main concern is making sure no record of my online activities are available at a future time. I'm not as concerned about someone trying to monitor me in real-time, although it would be nice to have a defense against that.

    In other words, I would like to see this broken down into two categories: retroactive and real-time. To the best of my knowledge, a single node that doesn't keep logs is effective against retroactive analysis, but correct me if I'm wrong.

    I don't think this is correct. Encrypted data is just a stream of nonsense with no apparent headers. I think you can try to match the volume of data and the time of transmission, but I don't think you can analyze the packets/headers themselves unless you break or bypass the encryption somehow. But I'm not an expert, just a guy with a packet sniffer.

    As an example, with OpenVPN I'm able to look at both the encrypted stream and all the data prior to encryption. With SmartSniff, if you choose to monitor the TAP adapter, you see all the unencrypted data. If you choose to monitor the host adapter, you see just a stream of encrypted data. They look nothing alike, except for the total volume of data.
     
  4. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Hi thanks steve. hope you have time to answer these questions.


    You said here in this thread
    https://www.wilderssecurity.com/showthread.php?t=252916
    that you supply a crowded single hop service.

    1. Lets say I was using XeroBank crowded single hop service, how much protection does this give, would it also require one of the 15 super-spy organizations to get you? What is crowding? is it something which prevents netflow analysis? also is crowding a software or hardware device?

    2. Who are the 15 super-spy organizations? how much would their traffic analyzing equipment be worth?

    3.Given the fact that there is logging all over the internet whether it be ISP or upstream provider or what ever. let say for arguments sake that one of the 15 super-spy organizations came after you could they find out with existing LOGs or would they have to setup there surveillance and analysis equipment and get you when you are next LIVE?

    4. In general what is the point of multihop servers? because lets say they all see the unencrypted coming out of the exit node they put a packet tracer on the exit node and see that the traffic is coming from proxy number 4 in said country. so they put a packet tracer on proxy number 4 and see that the traffic is coming from proxy number 3 in said country, eventually they can trace it all the way to the first proxy in the chain and put a packet tracer on the first proxy and see everybodies private IP's connecting to it. So in general what is the point of multihop proxies?
     
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139

    I wonder if it all depends on the type and level of encryption? ie SSL v SSH

    except for the total volume of data, this is kinda like what I was talking about. for example you have 40 users connecting to a proxy. the unencrypted
    traffic at the end of a proxy chain shows that some one is downloading large amounts of about 100 gig at a given time. It would be quite easy to find out which person it was by looking at the amount of data each of the 40 users have downloaded.
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Hmmm. Step back. Who is your adversary? Is it the same people that can do attack correlation on the multiplexed nodes, or the adversary who does weak attacks against single-hop systems?

    The global adversary also perform global unique traffic logging, including all encrypted traffic. That means they can analyze the data in the past, which is how almost all anonymity attacks occur, as rarely does live analysis happen.

    The lesser adversary does not have historic access to logs or the resources to collect extensive general logs. However if you are a specific target and have weak traffic protection, they can log everything you do and attempt to perform correlation.
     
  7. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    The single-hop service would likely require a similar level of sophistication as the 15 super-spy agencies, as they would need to attempt to do traffic analysis to discover the single-hop data streams that are different than the multi-hop data streams. I have not personally read an attack report of how the single-hop service will work, but it likely blends well.

    https://xerobank.com/support/articles/top-10-anonymity-myths/Myth-1-the-more-ip-addresses-you-have-the-greater-your-anonymity/

    Loosely speaking, they are made of up intelligence units in ASIS (Australia), CSIS (Canada), DGSE (France), BND (Germany), Mossad (Israel), AISE (Italy), GRU/SVR (Russia), GCHQ (United Kingdom), SID (India), PSIA (Japan), MSS (China), and NSA (United States).

    The cost of global internet traffic collection and analysis for one year is approximately 3.5b ~ 5.4b USD.

    Superpowers almost exclusively perform netflow analysis in the past with collected data.

    For XeroBank, it is not possible to trivially do that, because our cascades are multiplexed. That means there is not an attributable data stream from destination, to "proxy 4" to "proxy 3" and so on. All traffic on the cascades are multiplexed, which means that we take all the streams and re-encrypt them into a single stream. So hundreds/thousands of communication streams are chopped up and poured down a single encrypted pipe, effectively making trivial "packet tracing" impossible, meaning that entry/exit traffic correlation is what would have to happen to figure it out. There is no attributable stream to trace that belongs to just you, with XeroBank. This is directly opposite of something like Tor, which has highly-attributable data streams called "circuits", allowing for a global adversary to immediately follow the stream back to the source.
     
  8. I no more

    I no more Registered Member

    Joined:
    Sep 18, 2009
    Posts:
    358

    I thought Tor did multiplexing between the guard (first) and relay (second) node. Here's an article from 2007 about securing the Tor network where it's mentioned that multiplexing occurs between these two nodes. But I suppose there isn't going to be too much traffic between any two particular Tor nodes (because there are so many of them), which probably makes the multiplexing less effective.

    Reference: http://www.defcon.org/images/defcon-15/dc15-presentations/Perry/Whitepaper/dc-15-perry-WP.pdf


    Also, regarding entry/exit traffic correlation, is this type of evidence really proof? Sure, it may lead someone to your front door, but does it actually prove the origin of the traffic. My suspicion is that this evidence alone wouldn't stand up in a court of law.
     
  9. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Exactly. Multiplexing just a few streams isn't multiplexing at all, because there isn't a sufficient crowd set to obfuscate the streams.

    Traffic correlation may be sufficient as evidence if you have a believable enough expert network forensic witness to testify about it. However, the people doing the hunting don't care about evidence, court, or laws, as they operate with effective sovereign immunity.
     
  10. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Multiplexing combines every bodies individual data streams into one correct?
    And multiplexing can only take place through out the proxy chain correct? because you can't multiplex traffic coming into the first entry proxy and coming out of the exit node or ie last proxy on the chain.

    Now the point I was trying to make is this Lets say for example the cops are monitoring traffic connecting to a said illegal site. they see some one connecting and that they have downloaded a 50 gig file, they see that they are coming from a XeroBank exit node but they are unable to trace the persons data stream back any further because of multiplexing. But they can however trace where all the Multiplexing
    traffic is coming from. So they trace all the multiplexing traffic to the beginning of the first proxy chain and from their they would be able to see every bodies individual IP addresses connecting in. Now the cops have the exact time and the amount of data downloaded from a site all they need to do from here is get every bodies logs from there ISP's and see who downloaded 50 gigs of data at a certain time, Also note too the cops can probably also match the speed the file was downloaded as how fast your internet connection is. Unencrypted or Encrypted you cannot hide from your ISP the amount of data you download and times that you were online.
     
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    That isn't really applicable. People who are attempting to get anonymity aren't trying to get anonymity for downloading a 50GB file. That is particularly unusual traffic, and more likely fits a torrent user, who has a much different threat model.

    Actually you can hide that data information from your ISP, regarding fingerprint attribution, but it also means that other nodes have to route traffic similarly, but again, that isn't going to be applicable to a fat pipe with a 50GB streamlength.
     
  12. dlimanov

    dlimanov Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    204
    Forgive me if this is trivial, but can't ISP just block VPN/IPSec traffic to XeroBank and other hosts, assuming they can identify it? I mean, in order to be protected with XeroBank and such, you need to connect to appropriate relay first; assuming country in question wants to keep a tab on everything that's coming in and going out, can't they just block XeroBank traffic and blacklist its relays?
     
  13. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    well I think its applicable because you can't really download large files without be anonymous , Its just a matter of matching the unencrypted traffic coming out of the exit node with all the IP's connecting to the first proxy in the chain. The question is what is the maximum size of files/data you can download before it starts to put your privacy anomity at risk? other than file sizes what other ways/methods are there that they can do entry/exit traffic correlation?

    I was thinking today, it is like traveling down a road from point A to B. The only safe / secure part of the road is the part in the middle where you are traveling thru XeroBank's servers.

    EDIT, can you elaborate how to hide amounts of data downloaded with ISP with fingerprint attribution? because the only way I see is if you download small parts of the file at different times rather than downloading the file all in one go. this would be a major inconvenience.

    Yes ISP's can block access to XeroBank's servers, they can also attempt to
    play man in middle and of course non technical users would become victim of it.
     
    Last edited: Dec 8, 2009
  14. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yes. XeroBank's VPN solution is about strong anonymity. You're talking about anti-censorship, which is not part of the threat model. If a country/ISP wants to stop you from communicating, they can do just that.
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Hmmm, that is a good question... what is non-conspicuous consumption of data traffic. Let me go find an answer for that, but I am imagining that those who watch YouTube and Hulu anonymously are the same people you are hiding with.

    Think of it like this:
    When you are traveling from home to XeroBank you have privacy (encryption). Once you get to XeroBank you have privacy and anonymity. Once you leave XeroBank you still have anonymity.

    This goes back to your threat model. Anonymous from whom? Can a global adversary with superpowers see it is you downloading the 50GB? Probably, because that is unusual. Can an ISP/state surveillance system figure out what you are up to? No, they just see 50GB going down and encrypted pipe to you. To actually hide the 50GB, you would need to match certain traffic profiles, and likely to download in smaller bandwidth streams, like using 1Mbps vs 20Mbps. Otherwise yes, it looks like a python swallowing a basketball. :)

    ISPs and othes can try to MITM, but it won't work. We distribute a CA certificate, and the ISP/Attacker doesn't have the counter-key to authenticate back to the user. So MITM attacks don't work when connecting to XeroBank.
     
  16. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Bump. Hi Steve did you find an answer as to how big a file you can download without compromising your security?

    Rapidshare files are a common thing people download on the net so I would imagine there would be few on XeroBank downloading rapidshare files, the reason why I mention this is because I have a friend of a friend who works at an ISP who is a Network engineer, QoS and CoS traffic management and packet analysis etc. They say it is easy to do entry/exit traffic correlation
    and find out who downloaded the said rapidshare files.

    The only way I can see to get better anomoty is to run your own Proxy service and have 1 of the proxy box's somewhere in the middle of the chain at your actual house and connect to it in the middle of the chain that way it wouldn't be possible for anyone to do entry/exit traffic correlation. But of course you would have to have a fast internet connection at home your home to do this.
     
  17. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    If you need to be anonymously moving around hundreds of gigabytes at decent speed, it might be wise to look like a torrent freak. If you give the torrent client most of your bandwidth at low priority, large file transfers via other apps will not change your total throughput very dramatically. However, if you give too much to the torrent client, nothing else will work very well.
     
  18. mesa0k01

    mesa0k01 Registered Member

    Joined:
    Jan 27, 2010
    Posts:
    10
    I think you misunderstood the question. He is not talking about netflow analysis he is talking about packet size leaking data. Packet size can leak information about data even though encryption. This data could potentially be used to reveal the source of the data. The only real defense against this attack is padding packets. Tor is weak to it, and unless Xerobank is padding packets they probably are as well. Multiplexing will not help against this attack, nor will all the hops in the world. Even mixing will not protect against this unless the packets are padded to all be the same size.

    Crowding + multiplexing will not help: the returning data still passes through your ISP as a packet stream unique for you, Xerobank does not multiplex all the way back to you because they can't.



    Anyone with access to the clients ISP can defeat your defenses unless Xerobank pads packets (do you?)

    This is an end to end correlation attack it is different from packet size analysis.

    The end result is your ISP, entry node and entry nodes ISP have a chance of identifying the origins of traffic coming to you unless the packet stream is padded or morphed.
     
Loading...
Thread Status:
Not open for further replies.