 Any questions about internet security? We want to be able to secure our data sent across a public network across the internet. We've got different ways to do it. We've gone through several times the different layers application, transport layer security, network level. With regard to network level security, and we're using the example of using IPsec. So that's one protocol that allows us to take our IP packets and encrypt them before we send them across the internet. Everything sent across the internet in our perspective we're using the internet protocol, IP version 4. But IPsec adds this extra feature to allow us to encrypt those packets. As a result, someone who intercepts those packets cannot see the original content. So that's our aim, to keep the data confidential. But we saw there are different variations of IPsec. In this case, in this example, if someone in the internet, so between router X and router Y, so even though it's shown as just a single link here, it's in fact, there may be multiple different networks, if someone malicious there intercepts the packets, so on one of the devices or one of the links in between these two they intercept, what do they see? Do they see the data sent between A and B? Then what do they see if they don't see the data? Header and ciphertext. So because it's encrypted, the data which HostA generated, it was encrypted by IPsec here. So we can think that data is the plain text when we return to encryption and therefore the ciphertext, the encrypted data, is included in the packet. And we still have an IP header included in this packet. We cannot encrypt the IP header because to send data across the internet, the internet protocol relies on reading especially the destination IP address in the IP header. So when HostA sends an IP packet and eventually arrives at router X, why did it arrive at router X? Because the destination IP address in that header says B and using the routing tables it knows to send to X. And then X has this IP packet. You can think it has the header which has source IP, A destination IP, B and other fields and it has the data. And the data is encrypted here, the ciphertext. And X uses the destination to be B and realizes, OK, I need to send it to another router and it goes across the internet until it arrives eventually at B. So be aware that if you think of the IP packet, the data is encrypted but the header is not because we need the header to be in the clear so the routers can forward the packet across the network. If we encrypted the header, then the routers would not be able to send it on because they wouldn't know who to send it to. The routers use the header to know who to send to. So if someone intercepts in the internet, they see the ciphertext, they don't see the data, but they do see the header. We had another case using IPsec, another variation where we used it from the host to a router and then this last portion of the path, this last segment, we don't use any encryption. The benefit being that host B doesn't need to know about the encryption, host B doesn't need to support IPsec, the router does it on its behalf making the setting up of this host simpler. This router can use IPsec for many hosts inside the internal LAN. And then a last one, we use IPsec between two routers. So different options, router to router, router to host, host to host. And we can have combinations of different levels. We've used IPsec as an example, I think one slide here. There are other protocols that do similar functionality and the two that you'll often come across are called PPTP and L2TP. Point to point tunneling protocol and layer two tunneling protocol. But they are used in a similar manner to IPsec, so there's not just one. And these are used to create a VPN, a virtual private network. Anyone have a mobile phone? Open it up and see if you can find the VPN features. If you have a mobile phone, see if you can find something about network settings and see if you can find anything referring to VPN. And tell me what it says. I don't know where it is, it's usually under network settings, maybe advanced settings. It should be something about VPN. VPN, okay, and when you select VPN what does it say? Some warning, okay, keep going. See if you can set up a VPN. So on the iPhone, just go back. On VPN settings in the iPhone, you can add a VPN configuration and you see three different types of VPNs. L2TP, PPTP, and IPsec. So on the iPhone it will be different than Android. And on Android then again you can select different types of VPNs. So it depends upon the operating system. So on Android you see PPTP, L2TP, and IPsec, different variations of IPsec. So what you can do with your mobile phone is set it up like this scenario. Where your mobile phone is host A, I think that's the VPN client. And let's say there's some router on the internet, say the SIT router which runs a VPN server. And if it's configured correctly what you do on your mobile phone is you set it up so that you enter into the, I think you'd enter in the address and some maybe username and password for the VPN server. SIT has a VPN server. And what would happen then is when you use your mobile phone to access the internet, those applications that use the VPN would send their data using IPsec or one of those other protocols encrypted to the VPN server. And then on from there to wherever the destination is. So you can set it up on hosts, a mobile phone as an example. And that's a difference between, one of the differences between network level security and let's say transport level security. To use the network level security, the VPN, you need to set it up on the host. And in fact there needs to be a server running to allow you to use it. So you need to do something. When you use, let's just go back, when you use HTTPS which is specifically HTTP over TLS or SSL, do you need to set anything up? No, you just open your browser and you type in HTTPS and then some domain. And then it does the encryption for you. So with HTTPS or transport layer security in general, the user in practice doesn't have to do anything which is much more convenient from the user's perspective. So with transport level security, the security is built into the operating system and it's performed automatically if you use HTTPS in this case. So the user doesn't need to configure anything. Whereas with network level security, the user usually needs to configure something on their host and in fact usually there's a server set up to support the other endpoint. So that's why in fact network level security is not as common as transport level security. That's one of the reasons. So if you use network level security, you need to set up usually the endpoints. The user needs to do it, which takes some effort and not everyone can do that. Someone's in the internet and intercepts. Are you referring to this one? Yeah, yeah. Can that see the packet routine analysis? Okay, we'll get to that in a moment but let's see, what can someone in between host A and host B see? What can they see? Well, they can see, as we said, we can see the ciphertext, it's encrypted, and we can see the IP header. And that's it with the data transfer. We'll see what that gives us but that's all they can see. The packet is encrypted. So with the data transfer, all they see is, they see the packet, they don't see the contents of the data, they do see the header. How about the packet? If they see the packet, I think you're getting a, can they do some analysis? Yes, they can see the time when the packet got here, because they know when it arrived if they capture. So they can do some analysis about when the packet was sent and received, how big the packet is. But many encryption schemes use fixed size packets anyway. So maybe you cannot determine anything about what's happening. So the main point here is that they cannot see the data, but they can still see that there are packets being sent. Let's continue on that point. Let's look at, with the tunneling mode of IPsec, what happens is that there's the original IP packet and it's put inside another IP packet. So the original one going from A to B and the data, so this is the IP header, this is the data, is actually put inside another IP packet which is being sent from A to Y in this example. And the internal packet is encrypted. If you intercept on the Internet in this case, what do you see? If you intercept, someone's on the Internet and they can intercept the packet being sent in this example, what do they see? This gives the hint. This is what they see. This is the packet. This red part is encrypted. So from the attacker's perspective, they don't see anything here but random bits. They cannot determine anything about the contents. But they still see this header. What do they learn when they capture this and intercept? What does an attacker learn if they can intercept here on the Internet? Anything? We know they can't see the contents of the message. What do they learn? The time. There were thousands of packets so they can see things about when the packet was sent because if they can capture, I receive it at 11.55pm then we know something about when the packet was sent. The size of the packet, although often there's some compression done there. What else do they learn? Where it's from, who it's to. Again, the IP header is not encrypted. An IP header includes many fields but two important ones are the source IP address and the destination IP address. So in this example, when you intercept on the Internet, what do you learn specifically? The time, size, number of packets and source and destination which are in this case A and Y. Some of the intercepts on the Internet see that this packet was sent from computer A going to computer Y. So now we're starting to move into the area of not so much about can the attacker see the contents of the message but could they do some further analysis and learn something useful to the attacker? Some traffic analysis to work out who is communicating? How often they're communicating? What types of patterns of communications with respect to time? At what time of the day are they communicating? So even if we encrypt the data, the attacker can still see the outer header and at least can learn who sent and who received but look at the differences. In this case, if we intercept on the Internet, we'd see that the source is A, the destination is B. We'd learn that A and B are communicating. In this case, the attacker if they intercept in the Internet would learn that A and Y are communicating. So they don't really know that A is originally sending the data to B. They just know they're sending to this router Y. So whether it's host B, C, D, E or other hosts that it was destined to, the attacker only knows it was going to router Y. So we've hidden some detail from the attacker in that case. We hide the fact of the specific destination. And in this case, if the attacker intercepts in the Internet, who do they know or who do they think are communicating? X and Y, if we intercept this packet, we see the source address is X, the destination is Y, so the attacker, all they learn is that this data is for communications between X and Y. So they cannot learn the specific hosts which are communicating. Let's say this represents SIT, our campus. This is the Runxit campus. Then the attacker knows that someone on either of the campuses or both of the campuses are communicating, but they don't know specifically who. When I say who, they can't identify the specific source IP address and destination IP address. They can only identify the routers which are communicating. So we're moving into the issue of privacy. What can someone determine based upon intercepting packets in the network, even when we use encryption? And in IPsec and similar, in this case, someone can determine the routers which are communicating. So let's look at that a little bit more and look at how people can track what others are doing in terms of communications and how some of those things can be hidden. Let's come back to... Yeah, question? Host to router, this one. Of course, we have another router. Okay, another router here, yeah? So we could use another form of encryption if we had here. In this case, we're looking at, let's say this is the public internet, where someone intercepts. So it depends on where they intercept as to what they can do. So if there was another IPsec from this router Y to some router Z, well, if the attacker was on this portion of the network, they would intercept between X and Y, but if they were on this portion, they'd intercept between Y and Z. So they'd learn the source and destination based upon where they intercept at. The same can be applied across multiple segments. Can them... yeah, how? Okay, so what can the malicious user do? In this case, we're assuming, let's for now assume the malicious user is in the public internet. For example, this portion of the network may be internal to an organization. So the malicious user can't get physical access to intercept here. That may be common. And therefore, let's say they can only intercept on the internet portion in our diagrams. So in that case, they cannot see any data sent across here. That's encrypted. All they can see is the source and destination address of those packets. And in this specific case, A and Y. How do they outsmart or how do they defeat that? Any ideas? What else could they do? Let's look. And let's now address the issue, well, what could a malicious user learn about people communicating? Even if they cannot see the contents of the data, can they determine who is communicating? So this is the issue of privacy. Not necessarily privacy of the data, but privacy of what you're doing, trying to prevent others from determining who's communicating. So in the internet, every point, we use the IPsec to connect each other. So if the malicious user attacks our internet, they only know that only some loaded, only a shorted part, only a host to host. Yes, if we extended this and used encryption across between one router and another router, and then different encryption across another, then yes, we can start to hide some of the original source and destination a little bit better. And we'll see a way that that's done, but note that there's a big problem with setting that up, in that every router needs to be set up at each endpoint to use IPsec. The benefit of, or the problem of setting up security is that we need to do something on these computers before this works. If we need to do it on every computer in the internet, it's just not practical. But if we can set IPsec up on one router, inside SIT, and maybe require the users to secure connections to set it up on their phones, maybe that's practical. So we'll see, hopefully get to a case where we can start to hide the communications. Let's look at what the interceptor can learn. So let's focus on privacy. When, let's say host A is a web browser, host B is some web server, if there was no encryption here, does the web server know who contacted it? Does the web server, what does the web server know about who requested the web page? And how does they know anything? So I'll just go back to one of our first pitches, just ignore encryption. This scenario, host A is you on your browser. Host B is some website you're visiting. And let's look at privacy and think, okay, what does the web server know about you? What do they know? IP address, okay? Because we're sending an IP datagram, it's sent across here, remember the IP datagram, the header contains the source IP and the destination IP. So that's received by the web server. So for sure, the web server knows who sent the datagram. It knows your IP address. What else? Does it know your name? Well, not necessarily, maybe. It knows your IP address for sure. We cannot avoid that. Port numbers, okay, not very useful because the source port just identifies some application. If it knows your IP address, what can it learn about you? What can the server learn about you? Do they know, can they find your name? Country? Yeah, if we look at IP addresses, the way that IP addresses are given out, that is, how did your host get an IP address? They're actually distributed by internet service providers. Let's say this is your home computer. The IP address that your home computer or more precisely, your home router gets is an IP address in the range managed by your ISP and that range the ISP has is publicly known because there's a register that maps ISPs to the address ranges that they have. And in most ISPs, we can then work out which city they're in and which country they're in. So IP addresses, it's usually not too hard to map an IP address back to a rough location, a city, a region, a country at least. So, host B, the server knows the IP address of the source. They know where they come from roughly anything else. So they can learn that about you. So if you want to keep that private using just the normal internet communications is not possible. That is, a server can learn about your IP and from your IP learn your location, your ISP even, which company you're going via. Can this web server learn your name? How? How does it learn your name? Like your real identity, not your IP address as the identity. Well, two basic ways. If you log in, if this is Facebook, of course if you log in, they now know who you are. Okay? That is, if you log in as some user then that web server could associate this login with this IP address. And maybe the future time someone contacts that server from that IP they could assume it's the same person. Okay? So if there's some past behavior that has given out the name then maybe the web server can determine that. But how else is that done? What's the technology we use for logins? You eat them? Cookies? Okay? Maybe when we log in, for example, there's a cookie stored on your browser and that may be stored permanently on your browser. The next time you visit that website your browser sends the cookie to that website. Even if you don't log in it may send the cookie. So the cookies are used for the website to get more precise tracking of who you are and what activities you're doing. If you've logged in once and you return to the same website even without logging in the cookie is still sent to that website and the web server can identify who you are or map it back to the previous communication. So the cookies are used by the servers to track more precisely who is contacting this server not just based on IP address based upon user names in some cases and other things. Now the server can learn how often you contact it because every time you send the cookie it knows that it can keep a log of how you've contacted it and even if you change your IP address here at the host but your browser sends the same cookie and now keep track that it's you again. So even if you have a different IP address the cookie allows the server to keep track of who's contacting. So IP addresses can be used to track who is communicating with the server and IP addresses can tell us roughly the location of the client in terms of web browsing cookies can be used to track who is accessing a web server and they usually give more precise information because sometimes IP addresses change whereas cookies remain the same. How do you not get tracked? Well, yeah, but if you use some private mode in your web browser what does that do? Okay, don't use cookies there'll be one way that your web browser not to use cookies but I think you find many websites rely on cookies to provide that feature of personalizing the website. So if you don't use cookies you never send them you can still access the website and it'll be harder for them to track you but you may not get the features of the website that it normally offers. So there's a trade-off there of the convenience and the privacy. Do you use cookies? Is there anything else? Does encryption help? Not really. So you're just encrypting with HTTPS again with HTTPS the IP address is still included the cookies are still included so you gain nothing in terms of privacy in that case. That is privacy from the perspective of the server identifying who you are. If you use encryption to track your communications but the server still can. What other issues? I think you've all seen similar websites which tell you your IP address. If I open my browser and access some website there are websites that will tell you the IP address of the client. That is I'm accessing from my browser to some server, the server tells me what is my IP address to some website that will look that up and it tells me my IP address is 203.131.209.66 the ISP is Tamasat and it tells me my location on a nice map so approximately it tells me accurately to the city level. So this is what the server knows about my client about me. Similar, if someone intercepted the packets on the internet being sent between my browser and the server they could determine this because it's just based upon IP address. So if someone here intercepted the packet I was sending that server they would see my IP address and they would know my location and similar for the server they'd see their IP address and be able to identify their location. If they could get cookies and other information they could maybe even get does this IP address identify my laptop? Anyone else have a phone or a laptop you want to visit this website? What do you get? What is myipadress.com Let's see what people get. What do you get? Same or different? It's the same. Your IP is the same as mine. What do you get? The same. Well that's not right, you know that computers have different IP addresses but in practice things are a bit more complicated. Inside most organizations we use what's called NAT Network Address Translation and what happens, you think this is the IP address for SIT My computer has one IP address 10.10.6.something Your computer has a different internal IP address but when we all access the internet we all send packets to the SIT gateway which performs this feature of changing our internal IP address to this public IP address 203 address and then the SIT gateway sends the packet to the real website So when the real website what is myipadress.com receives the packet the source is this 203 address from everyone here and when they send back a response the SIT gateway this network address translation does this thing of converting back to the original IP address so my computer receives it so you may have studied NAT in another course but it's common in organizations to have say one or several public IP addresses like this one everyone internally from the outside world connected by this one public IP address that's why you see everyone with the same address if you're inside SIT so maybe we've improved privacy a little bit here the web server or someone who intercepts this packet will find this IP address they'll recognize this is someone at SIT but they can't identify somebody or someone else inside SIT they cannot find that out so we've hidden to some extent the internal user and on the public internet people can identify just the network or the organization is communicating to the server questions? correct the information that's known by the server is just the IP address but there are mappings that I said that internet service providers have a range of IP addresses so therefore they work backwards given this IP address what range is it in it's in Thomas Hart's range so now they know the ISP and then you can have databases that say where is Thomas Hart University located roughly well here's the city region and country so it doesn't give a precise GPS related location it gives a location of where that ISP is registered normally maybe there's an ISP maybe you're on the Thomas Hart University network but you're in maybe if you're in another campus or some other location accessing by this network you may not be in Bangkok but it will show you as in Bangkok the location is really just some address of the ISP some mailing address of the ISP they will show the public IP they will show the public IP too no they do not okay so in this case in the the normal setup my computer address from SIT what is it my wireless LAN 10, 10, 11, 10 that's my computer IP address that is only used internally inside SIT that's my actual computer IP address your phone will have a different one 10, 10 something but when we send a packet outside of SIT the SIT router changes it to this one public address therefore anyone outside of SIT will never see that internal address unless something is set up wrong or some other special feature is enabled but in the normal case no they'll only see this as the source address and therefore only identify that so can now someone at the server or someone who intercepts so again the server sees this public IP address 203 someone on the internet could intercept and see that 203 address can they still map it back to me ignoring cookies how could they find out that it was me Steve accessing that website and not someone else what's needed in that case let's say a law enforcement organization is trying to trace who accessed a website who sent a particular message or posted a message on a forum they know where it comes from this public IP address that's easy to obtain either intercept the packets or the logs from the web server how do they work back to find who's the particular person that sent that message what's needed for that to be possible they would need to know so let's say they know this address they would need to go to Thomas Hart specifically to SIT and say at this point in time someone used this public IP address and that would map to a local internal address some 10.10 address which computer had that local 10.10 address at that point in time so they would need to go to the organization that has this public address and if they have logs let's say of the past one month which internal IP addresses map to this address then they could work back and find the internal IP address so it depends upon the organization that has this public address say SIT if they have some logs some record of who used this at what times IP addresses then another organization could trace it back to the original person okay does SIT have logs in some countries it's a legal requirement to have such logs and yes SIT would have logs of specific IP addresses your MAC address of your device maybe even your login for your SIT login who actually sent via this public IP address so in most cases they do have logs that's how people can trace back to the original sender even if they're inside an internal network but that requires some non-automatic means some legal means or some personal contact to get that information across the with a protocol how do you hide from that if there are such logs even if we know the public IP address we can eventually get the internal one is there a way that users can still remain private that is visit a website without someone in the internet intercepting you visited that website what are some technical ways you could do that a proxy a proxy let's try so here's my IP address I visited the website it identifies me it's refresh let's hope it works I'm now in Japan my IP address identify from this website that I accessed the 106 address and it locates me at this different ISP in Japan why well what I did is I set up a proxy so that my browser instead of sending direct to the website my browser sent to some intermediate server a proxy server and that proxy server then sent on to the website the website identifies the proxy server which is some server in Japan so that's one way to hide the communications in how do you do that or what I do in Firefox there are two steps in the advanced settings in your browser usually you can go up to the network settings and you can set up proxies and I'm not going to go through the details of how that works but I set up a proxy to use some 49998 and then the second part well I need an account on a proxy server you cannot just connect to any proxy so I have an account on a proxy server and I set up the connection from my computer to some proxy server and the result is when I visit a website my browser sends that request via or it sends it to the proxy server the proxy server sends forwards the request on to the real web server when the response comes back the real web server sends it to the proxy which then sends it back to my browser we can draw that so just quickly what happened we had my browser we had a proxy server and the web server the one I wanted to contact what happened is that my browser was configured to first send the request to the proxy not to the real web server so it sends the request to here that get some web page the proxy then creates that request then takes that and sends it to the real web server but the source I appear address here is my browser my browser computer and the destination is the proxy and then the proxy sends the same request get some web page but the source address will be that of the proxy and of course the response will come back and I'll draw that in a moment so three computers involved now my browser trying to access a website but it was set up to request from my browser to a proxy and that IP IP packet that was sent across the internet the source address would be that of my browser the destination that of the proxy server if someone intercepted this between my browser and the proxy server they would see the source address and destination matching these computers so that be able to identify that my browser is talking to a proxy my proxy is set up to then send that onto the real web server because in fact this packet includes the address of the real web server I will not show the details but it includes more information here the proxy sends the request to the real web server the real web server thinks that the request came from the proxy that's the source address and keep to log saying the computer with this address just contacted me and sends back a reply to the proxy maybe 200 ok the real web server doesn't know I used a proxy it just sees the IP address of the proxy without knowing any more details then the proxy forwards that final reply back to my browser as a result the web server doesn't know it was me that contacted it knows it was this proxy it knows the IP address of the proxy server and someone who intercepts between the proxy and the real web server again they don't know it was me that contacted it because when they intercept all they see is the source and destination address and that identifies the proxy and the web server not me so this is one way to hide the source hide it from the server and also hide it from people who intercept here any questions about the proxy in this case ok so as you saw the web server identified in my example my the proxy in Japan some websites provide content based upon where the source comes from where the client comes from some location based serving of content so in fact if I visit a google via that proxy I think google or the search engine would show the search page in Japanese because it thinks I'm in Japan if I visit from a proxy in Germany then maybe it shows the website in German ok so in that case yes the server doesn't know anything about where the original source is it thinks the source is where the proxy is and therefore would serve content based on where the proxy is especially if it's a location based content so if it's content like streaming videos which you're only accessible if you're in a particular country then the same thing works what's the problem slow ok we have a performance issue here instead of going direct across the best path in the internet we're sending to one server which then sends to some other one so in this case if I was accessing a website in in Thailand what happened my browser sends to a proxy in Japan the proxy sends to a server in Thailand and then it sends back to Japan and then back to Thailand where my browser is so that's very suboptimal in terms of performance what's another problem can someone trace can the server find out who you are specifically your IP address or how can they what do they need to do they know who contacted them that is they know the address of the proxy can they find out the original source the same way that someone could find out based upon the public SIT address who the original source was if the proxy keeps a log of who sent this request so if the proxy has a log of what happened in the past and if the server could then request that log or get access to that log then they could find out who accessed it so you're placing your trust in the proxy operator they now know the proxy operator now knows the websites you visit and if the proxy operator has a log then it's still potential there's a potential that the server operator who the original source was but maybe it's better than not using proxy in that case but now we shift the trust or the point of failure to the proxy and of course you need a proxy which has some cost and some performance degradation so we're just going through different issues with respect to privacy in internet communications how to hide who is communicating not just the content but the people or the entities communicating why hide why do we need to hide why why hide any good reasons protect to hide from attackers okay so if you want to hide from malicious users who are trying to find out who is communicating with a particular server yeah maybe okay maybe we will not discuss it but you can think of different ways why would you want to not let a server know you're contacting that server okay and there are many valid and as well as maybe invalid reasons for people to do that okay why do you want to keep your communications private I think you can think about different ways different reasons for that maybe you're in some organization or in some country which is not allowing you to access some servers but you think there's a valid reason for doing so therefore hiding the fact that you're doing it maybe a way to get around it so many websites provide a few policies and you said the policies have a cost okay benefit to note let's say my intention at the browser is so that the server cannot identify me as visiting their website that's my intention so by going via proxy the server cannot identify me but the proxy can identify me okay the proxy knows I visited that website because I sent a request for that website to the proxy so you must place some trust in the proxy not to release that information so running a proxy has some cost involved okay it's an actual computer or multiple computers so if there's a free proxy then what do they get out of it maybe some people are doing it for free for the good of mankind but in other cases maybe they're providing some advertising maybe they're collecting your data so they're collecting information about what you're visiting to maybe sell that as advertising and other purposes so if the free proxy or any proxy is compromised if an attacker gets access to this proxy then the attacker now knows which websites you're visiting and can release that so yes you place your trust in the proxy now so if someone wanted to intercept and providing here I have a free proxy connect via me and now that proxy knows if everyone uses it knows where everyone else is visiting so maybe that's an attack in its own right can we improve yes how use multiple proxies maybe send y1 which gets it to send via another which sends via another making it harder for the server to trace it back to the original source okay but performance is much worse now because we're sending via all these proxies use encryption now although we haven't mentioned here that this communications can be encrypted proxy can offer encrypted communication so that the request from browser to proxy at least is encrypted and that's what happened when I did my demo and in fact the the the next step up is in fact to consider like using multiple proxies multiple intermediate nodes to send via so instead of a single proxy plus using encryption and plus using encryption in a way such that one proxy can only determine about the next proxy but not the subsequent one in this case the proxy knows the server so the proxy learns the server you're contacting a better approach and we'll not go through it but the idea a better approach would be have a picture somewhere to finish off for today a better approach would be say your A the destination is F to go essentially go through multiple intermediate nodes so you want to send let's say F is a web server you want to send a request to it you don't want F to know who you are and similarly you don't want the intermediate servers to know that you're communicating with F if you have a single proxy it will know who you're communicating with and we won't have time to go through the details but just the concept then the concept is to see if we can draw it what A does to send a F it negotiates secret keys for encryption with each of these intermediate nodes and I'll denote them as what K let's call this one KB KC KD and KE and A has those keys as well we'll ignore the details of that step but let's assume that they have some secrets shared between them let's get this correct so let's say they have secrets so that A and B know KB so if we encrypt something with KB or A only B can decrypt it C cannot, D cannot because they don't have KB so we have these secrets shared between these nodes A wants to communicate with F what A does it creates a special packet how do we draw it it creates a packet with some data need some space draw it here the data that it wants to send to F and I'll draw the entire packet and then explain this is we created the source A this is the data and inside these header parts these special headers contain the destination destination F this will be destination E D C and B and it encrypts portions of that so this part is encrypted with KE this part is encrypted with KD and we keep going put it in KE and the last part we created at A wants to send this data only to F but we want it to be private and private in two manners so that F doesn't know that it was A that contacted and that the intermediate nodes don't know that A is communicating with F that's our aim and this is the concept that A initially exchanges secrets with each of these intermediate nodes then A creates this packet containing the data and we can think of this as an IP header where the source address doesn't matter the destination is F in this second one the destination is E, D, C and B this part is encrypted with KE that plus the header saying destination is E is encrypted with KD and this part KC and all of this with KB this packet is created at source A sends to B the first step now we send this packet to B let's see if someone intercepts at this point who do they know is communicating so if someone intercepts the packet here the source is A it's coming from A, it's going to B if they intercept they know A is sending a packet to B they know the destination address the source address would be A in this case so they know A and B are communicating but the contents of that packet so here's the header the contents, this part on is encrypted so someone who intercepts cannot learn the contents B receives this what does B do B decrypts B knows KB so B removes the header decrypts the internal part because they know KB therefore they can decrypt it and they get all of this now look at all of this, what is it it's this part, C and the rest is encrypted using KC does B know KC no KC is shared between A and C not B so from B's perspective this packet needs to go to C but it doesn't know the contents B knows so far I've received a message from A I need to send it on to computer C so it sends on to C if someone intercepts there they would see just a message going from B to C they don't know it came from A so B sends on to C C received this part it's the destination it was encrypted with KC C decrypts it removes the header and now we have destination D and the internal part encrypted with KD what does C know who sent it from C's perspective B sent the packet from C's perspective the destination is D does C know anything about A what do they know about A do they know A sent this packet you're right the key is known to be shared with A in fact so you've gone a step ahead of me the keys can be also exchanged in a secure manner that we're using for the data exchange a private manner forgetting about the keys what else does C know about A in terms of the IP source and destination address C received a packet from B source is B destination is D so C knows that B and D are communicating forgetting about the keys for a moment C sends it on to D you can see what happens the same it removes the header decrypts realizes it needs to send on to E E removes the header decrypts with KE realizes to send on to F sends to F F receives the data and has the original data ignoring the keys for a moment if you just look at who sent it, who received it each node with its source and the next destination C is only aware that the packet came from B and went to D C doesn't know that it's actually going on to E than F because all of that from C's perspective E and F the values are encrypted with keys it doesn't have when E receives the packet it doesn't know that that packet came via A, B and C because all that sees when E receives the packet this part it sees E is the destination it knows it came from D because D just sent it and it knows it needs to send to F when it decrypts but it doesn't know that before D there was C and similar you can see that each node only knows about the one that sent it to it from the previous link and the one it's sending to on the next link as a result when E receives from E it doesn't know if it came via D, C, B or A so the end result we'll come back to the keys in a moment is that the destination doesn't know the original source and the intermediate nodes do not know the original source or the final destination all they know is on either side of them the way that we do this encryption they cannot learn about who else was in the past and that provides the true privacy of communicating to a server without the server knowing who you are and without people intercepting and finding out who you're communicating with if someone intercepts here all they know is that C and D are communicating they don't know A and F are communicating it's encrypted but come back to the keys we said at the start A needed to exchange keys with D for example but in fact the key exchange uses the same approach we do it one step at a time such that D when it receives a key it doesn't know it's from A it has a key but it just knows that it's for this type of packet it doesn't know who is the original source so the packet is created this packet is created a source it has multiple layers what's it called the packet any names what has multiple layers and as you send that packet to B B takes off this and sends the inside to C C takes off this layer sends the inside to D and eventually F receives the data we start with a packet with multiple layers and as we forward it along we peel off the layers what do you peel layers off of what food do you peel layers off an onion this is referred to as an onion okay so he likes onions so this is the concept of people talk this is an onion and as you forward it through you peel off layers until the contents the original data gets the destination and the name of this concept is called onion routing that's where the name comes from onion routing we're routing packets and the concept is that we have this layered packet which is referred to as an onion and the abbreviation is called tour tour onion routing or the onion router so this is an anonymous routing or anonymous communications protocol that's used on top of the internet to provide that true privacy of servers not identifying the source and intermediate nodes not identifying the source and destination of communicating tour is one example in the concept that we've discussed yes but of course in any security scheme there's always practical issues to consider so there are always limitations either due to implementations this assumed all of these nodes A through to F we're using this protocol this tour protocol and in this case the server cannot identify the source but in practice if you want to access a normal website that doesn't use the tour protocol then you have some extensions to handle access to normal websites so tour provides anonymous routing or anonymous communications among special sets of computers in the internet these onion routers these devices we're not going to go into any details of that that's just an initial starter no questions in the exam on tour there's no questions on that any questions on some of the issues we've raised about privacy privacy from the perspective of not letting others find out who is communicating not just the data but the entities communicating we've seen several issues what you should know for the exam about privacy is maybe just the initial things that we started off for example if someone intercepts if there's an exam question what do they know about the entities communicating what privacy or what level of privacy is provided by this IP set configuration or another configuration and in terms of privacy think about who can we identify as being as communicating we can always see an IP address a source and destination but which computers are they identifying in this case in this example if we intercept on the internet we'd see it's A sending to Y so we'd be able to identify A and Y communicating what else have we gone through tour will not be in the exam just that general concept of privacy the proxy so we had this example of a proxy proxy related to privacy is not in the exam but if you go back to firewalls you'll see there are some slides about proxies in the firewall topic they used as a firewall as well so that may be in the exam but proxies related to firewalls not related to privacy okay finish for today questions yeah how we can take from the government agency in theory this provides some protection okay in theory if you have enough not just with six but if you have many of these special onion routers then you can start to communicate in a public internet anonymously of course things like let's say some attacker runs these anonymous routers runs many of them then it becomes hard to protect against but assuming they're not owned by the attacker then you can start to protect okay Thursday what will we do Thursday we'll just mention the exam so this afternoon I'll put some hints on the website about the exam I will not start any new topics on Thursday anything that we need to go through on Thursday so read the hints on the website today maybe look what's the time if not by 1pm then look maybe after 4pm today you'll find the hints on the website I have a lecture I need to put them on there and then Thursday I'll just be here to answer any questions or provide any comments about whether they're covered in preparation for the exam the exam is when Monday less than a week