BlackHatEU : Misusing Wireless ISPs for Anonymous Communication
By Andre Adelsbach
Image from christianmeichtry's Flickr photostream. Creative Commons license
The talk starts with explaining the properties of Satellite ISPs. Due to the nature of satellite communication, high latency, high downstream bandwidth, the ISPs often use performance enhancing proxies. Often the satellite ISPs use asymmetric links, using a local uplink in combination with the satellite downlink, but symmetric communication, where the uplink also is sent via the satellite is possible too.
The performance enhancing proxy on the local machine has to breaks some of the basic TCP/IP properties to enhance performance, in this also breaking some of the basic security measures.
The downstream from the ISP is relayed to all users without encryption. This means that everybody in the footprint of the satellite can sniff all downstream traffic generated by all users. This opens the possibilities of all kind of abuse scenarios and as satellite ISP subscribers control what is sent over the channel it provides satellite broadcast for the masses.
So how can we use these providers for anonymous communication? Broadcasting provides anonymity because all messages are delivered to all recipients without the recipient having to know the sender. This is impractical in wired unicast networks, but highly practical on broadcast based networks. These are not only satellite, but also Wifi, DOCCIS, WiMAX, 3G.
Because of the nature and cost of the equipment involved in generation broadcasts in other media, satellite ISPs are most suitable for this type of communication.
One of the ways to send an anonymous message is to email it to a satellite ISP subscriber. Anybody sniffing the message can receive the message, but it is also possible to send a packet to a satellite ISP customer and sniff the packet as it is sent.
Encryption of the return traffic can help, but as always cryptography is hard to implement right. E.g. is Diffie Hellman key exchange is used, the ISP subscriber can force the shared key to always be one. Alternatively since an ISP subscriber has access to the decryption software and thus knows the algorithm and the key used, he could request data that, when encrypted, returns to plaintext. Since most encryption algorithms are symmetrically this is not hard to do, but initialization vectors and the addition of encrypted IP headers may make this hard, but not impractical.