The two biggest whistleblowers in recent memory, Bradley Manning and Edward Snowden, were unmasked in vastly different fashion. Manning, who used Tor relays in delivering his info dump to WikiLeaks, found his identity revealed by "homeless hacker" Adrian Lamo; while Snowden, no doubt seeing how the US government muzzled Manning and attempted to control the narrative, revealed his identity to try and keep people focused on the leaks.Regardless, both leakers have become central to each respective story. What if they'd remained anonymous? Had Manning not been so careless with Lamo, he might not have been caught. We can only guess what might have happened to Snowden if he had opted for WikiLeaks's Tor-enabled anonymizing service.Had Snowden used WikiLeaks, the NSA—for whom Snowden did contract work through Booz Allen Hamilton—still might have been able to analyze traffic to discover the leak's point of origin. Tor offers incredible anonymization through its onion routers, but it cannot cloak traffic going in and out of its system of relays. This is a problem.Enter: AdLeaks. The brainchild of professor Sven Dietrich of Stevens Institute of Technology and Volker Roth of Freie Universität Berlin, AdLeaks will offer whistleblowers a way to cloak their leaks in a maelstrom of traffic. In other words, traffic analysis won't work if a whistleblower uses AdLeaks to deliver information to newspapers or websites.I recently spoke to Dietrich and Roth via email about the genesis of AdLeaks and how it works.I assume the both of you have long been interested in encrypted communication and whistleblowing, but what specifically motivated you to create AdLeaks? Was it the need for something to fill the void of WikiLeaks? Sven: The creation of AdLeaks was motivated by the circumstances of WikiLeaks. That is, any contact with the WikiLeaks site triggered the suspicion of being a whistleblower.Volker: Few technical details were known about how systems such as OpenLeaks and WikiLeaks worked. In both cases, it seemed that whistleblowers were meant to connect to a particular website to upload disclosures, e.g., by pressing an upload button on a pertinent website. This seemed like a risky proposition to us, as these network events can be tracked easily by a powerful adversary. The question we asked ourselves was, can the intention to connect to such a pertinent website be effectively hidden?
You note how that even with Tor and SSL, government agencies can see most network traffic. Does that make Tor kind of obsolete in a way?Sven: It depends on your threat model—whom you're protecting yourself from, for example. Tor has its uses and benefits, but it has been long known to be susceptible to traffic analysis by a global adversary or observer. If you're trying to hide your activity from your or the remote edge network, then Tor is adequate. For SSL, there have been many attempts at man-in-the-middle attacks to intercept the payload of such encrypted traffic.
Volker: Tor is by no means obsolete. It is a good technology for what it was designed to do. It prevents participating Tor nodes and the end points of connections from learning who connects to where by just looking at connection meta-data. Tor also makes it harder for a global adversary or observer to learn that information. Nevertheless, traffic analysis is a powerful tool that can be used against Tor.Our system fills a gap that Tor leaves open in terms of security, by defending against traffic analysis in particular. The price is that our system is more focused in its application. It does not allow arbitrary parties to communicate with each other. There can be many senders of information but there is only one receiver—the operator of AdLeaks, e.g., a press organization.
How else does AdLeaks differ form WikiLeaks?Sven: AdLeaks de-correlates the activity from an end-to-end analysis.
Volker: We designed our system to generate large amounts of innocuous traffic that, if the adversary sees it, does not tell him anything about whether or not the sender even intends to communicate with the operator of AdLeaks.
How is that made possible?Sven: A global adversary can easily perform link analysis, such as who contacts whom. By avoiding a direct link (i.e. time-correlated) to the AdLeaks collection server, it is close to impossible to trace the network connection back to the whistleblower.
Volker: In the AdLeaks system, neither users nor whistleblowers need to perform explicit actions that can be linked to a desire to communicate with the operator of AdLeaks. They need not navigate to a particular website other than those they browse anyway, and most certainly they do not have to click on any specific button on a website that would give away their intentions. For all practical purposes, they remain indistinguishable from others by an adversary who eavesdrops on all network traffic.
According to the site, AdLeaks works by embedding AdLeaks ads or bugs into webpages. Can you elaborate on how this works?Sven: The websites would willingly add the code into their webpages. In the idle state, they transmit encrypted zeroes (just chaff) towards the servers. In the active state, the whistleblower replaces the chaff with real data and sends it towards the guards and aggregators, which eventually feed them up to the decryptors and the AdLeaks server.That is fantastic. You also write on your website: "When popular websites begin to support AdLeaks this produces increasing amounts of cover traffic. Nodes in the AdLeaks network reduce the resulting traffic by means of an aggregation process so that a small number of trusted nodes can recover whistleblowers' submissions efficiently." Can you explain this in layman's terms?Sven: The traffic gets aggregated via a hierarchical tree-like infrastructure consisting of guards and aggregators. This helps obfuscate the data origin, yet the nature of the aggregation permits a recovery of the leaked data with a certain probability.
Volker: You may depict each transmitted cryptogram as a ball. Encryptions of zeroes are hollow balls and encryptions of data are full balls. Our servers receive a large number of balls and sort them randomly into bins. The servers regularly squish all the balls in a bin together into a single ball of the same size. Then they send the compressed balls to the decryptor. As long as a bin contains at most one full ball, the decryptor can retrieve the data from it.In this way, we significantly reduce the necessary bandwidth of the decryptor and the CPU power the decryptor needs. Occasionally, we lose balls, because more than one full ball can end up in the same bin. But, we use redundant encoding at the whistleblower's end and therefore losing a few doesn't matter.You note it's only a research project and you're looking for collaborators. Who might you collaborate with?Sven: The news agencies and newspapers wanting to receive information from whistleblowers or just to support the effort. And we would like to hear from other researchers interested in the subject.
Volker: We would also like to hear from operators of popular websites as well, who are interested in helping us disseminate our code (ads, bugs) in their web pages. We are interested in continuously making our system better and more secure, and we would like to talk to researchers and practitioners who can help us with that.Since it's not suited for "large disclosures," what sort of information might make its way onto AdLeaks?Sven: We looked at the documents present in WikiLeaks and found that the majority of the documents, e.g. PDFs, were up to 2 megabytes in size. That's what we aim for.
Volker: That said, as we gain experience through experimentation, we may adjust this parameter of our system upwards.What are your thoughts on the NSA's PRISM program?Sven: It has been long known that the NSA is observing worldwide traffic in the context of the Echelon program. There were press reports in the 1990s, as well as a report to the European Parliament in 2000 or 2001. So it is not surprising to learn of the PRISM program in 2013, especially since the revelation by Mark Klein in 2006 regarding the NSA link analysis activity on US territory. That was based on mere network traffic analysis.The NSA PRISM program appears to tap deeply into provider networks and server infrastructures, which is truly disturbing. However, at this stage too little is known about the full extent of this PRISM program to make a cogent assessment of the situation. The existence of such a program should make users think twice about using the Internet carelessly—that is, without proper security measures to protect their privacy, the privacy of their stored data, location, correspondence, and contacts when using Internet (cloud) resources.
Volker: It is probably fair to say that most people in the security business were not too surprised by the recent revelations. There were enough indicators in the past, from the Church Committee Reports in 1975/76 to the European Parliament report on the Echelon Program in 2000 to the revelations of Mark Klein in 2006 who reported that the NSA was tapping into US fiber optic cables domestically. It is still disturbing to have one's worst concerns, and more, confirmed and to see the extent to which the NSA has infiltrated global communications.People have to become more proactive with respect to protecting their privacy and security.
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement