Thursday, December 5, 2019
Anonymous Web Browsing And Cyber Crime
Question: Prepare a Report On Anonymous Web Browsing And Cyber Crime? Answer: Introduction Anonymous web browsing (AWB) is the process of browsing the World Wide Web without a retraceable IP address by keeping it hidden with other personally identifiable information about the person by the website it is visiting. The research work on the mode of anonymous communications had long started in 1981by a seminal paper written by Chaum on e-mail that cannot be traced, digital Pseudonyms and return address. This paper had lead a pathway for the further research work that has been continuing even till this day which concentrates on the analysis, construction and defending from anonymous communications system. There are numerous ways to conduct anonymous web browsing. Some of them are usable proxies, rerouting programs such as TOR also known as the onion router, which is responsible for sending information through a network of routers in order to mask the destination of the information. Though AWB is not anonymous at all as traffic analysis and other programs are used to counteract the TOR and proxies. The anonymous web browsers are used for the prevention of the complex solutions that have already been previewed before as privacy issues. These services can provide anonymity which can be really helpful and unwanted contents in the browser which appears as ads can be sorted out. There are mainly 2 types of anonymous browsers, one is web based and the other one is regular proxy filtering functions lie on the client side. The web based anonymous browsers can be reached through websites while the proxy servers lack in transparency and therefore require certain intermediary agents to be installed in them (Yu et al., 2012). Types Of Anonymous Browsing Proxy servers Anonymous browsing utilizes firewalls of OS and proxies in order to avert the viewers in the World Wide Web from viewing the surfing activity. These viewers includes criminal individuals, internet service provider4s and also the government. These are used by the countries which have limited the access of internet for their people, companies, or sometimes even by colleges. They have a number of limitations such as slow loading of the web pages due to the need for rerouting information. It also may not load some contents in a web page due to the remission of suspicious software on a web page. It is sometimes more of a security hazard for the user while browsing web due to its inability of protecting data without encryption as it uses an server externally that can be hacked in by anybody and record essential data such as credit card credentials, passwords etc. browser add-ons like JAVA VM and flash player are unable to mask the IP address even while surfing with anonymous proxy web serv er (Yang, Xiang and Shi, 2009). Web browser The process of web browsing for many surfers is the clearing of the history and cache automatically while browsing for the other users who also use the same device. Such options are provided by most of the web browsers which deletes the passwords and any privacy data or cookies left behind while browsing (XIE, 2007). Anonymizer (web proxy) This is a company setup by Lance Cottrell which uses technological means to preserve the privacy of a user when browsing the web. It acts as a mediator which preserves the identity of the user when one uses the website of the anonymizer as a third party website to visit the actual website they want to visit. The Anonymizer acts as a web proxy tool which bypasses all the requests and the replies are supplied. Therefore accessed web servers are unable to excavate any information about the IP address of the requested user. It alters out the active content from the users machine like JAVA script or JAVA applets and then signals back the information. The services provided by them is very fast as well as anonymously through an interactive communication. The anonymizer acts as a web proxy filters out any headers or source addresses to keep the user anonymous. Therefore this process enables the web server to learn about the identity of the anonymizer server rather than of the user. It is a f orm of commercial VPN service, which makes internet activity masked from the other internet users. The design of the server is based on single point system which forces the web pages to go through a single website and the encrypted channel is sent back to the user. The single point system is less resistant to the sophisticated traffic analysis rather than of network design (Xiao et al., 2009). There are three basic components in single point system. The anonymizer client, which is a commercial software which is run by the client to anonymize the data. The anonymizer server which usually consists of Network Address Translation server, several SSH servers and web proxies. SSH and web proxy servers are used for load balancing. The destination server helps to run the TCP applications (Tillwick and Olivier, 2008). TOR (THE Onion Routing) It is the latest evolution of OR and represents the current highest performer in low-latency anonymous systems. The design of the TOR underwent several modifications and repairs over the original OR design in terms of deploy ability, security, and efficiency. The TOR has been the largest deployed anonymity network ever, which consists of more than 1000 servers and even greater than an estimated 250,000 users in the coming years. The TOR helps to provide a running mode which tunnels all information over the TCP port which is often not filtered and usually is reserved for HTTP traffic. TOR is a network of virtual tunnels. It allows the people and groups to make advancement their privacy and security on the World Wide Web. It also allows the software developers to create new communication innovation which have built-in privacy features. TOR proves to be the foundation for a series of applications that allow organizations and peoples to share information over public networks without affe cting their privacy (Sharafeddine and Arid, 2011). The onion router is referred as such because of the nature of the encryption service which has layers like that of an onion. The original data is encrypted and re-encrypted hundreds times, then sent for successive TOR relays, where each of them decrypts layers of encryption before handing over the data over to the next relay and finally to its source. This absence of understanding of the data has to be understood and unscrambled in the period of transition. Onion router network are accesses via proxies which generally are routers maintaining public and private key pair. The public component is made known to the client. Proxies are used by unmodified internet applications to connect anonymously. Onion routing network was created to keep the connection and anonymity between the sender and receiver so that even though the receiver may be able to reply the message, they wont be able to identify the sender which is called an anonymous connection. It hides the connection status of any bein g and for respective purpose, from hackers who eavesdrop or compromise the OR on the network (S. Murali, Pandian Durai and M. Ariya, 2011). A starting application initiates a socket connection to an application specific proxy on an onion router. The proxy then judges the route by the construction of a layered data structure while sending it through the network. The next hop in the route is determined by each layer of the onion. It not only carries the next hop route information but each layer of the onion contains seed material to generate keys for crypting the data sent along the anonymous connection in the forward direction and opposite. An OR on receiving onion peels off its layers, it is able to identify the next hop, and therefore launches the embedded onion to that OR. After sending the data, the initiating applications proxy sends data through the anonymous connection on last onion router forwards data to another type of proxy on the machine called the responder proxy which c ompletes the connection from the onion routing network to responders. An extra layer of encryption is added for each onion in the route before sending it over a set of random connections. As the onion moves through the connection, each onion router removes a layer of encryption, which sends it to the receiver as plaintext. When sending the onion back to the initiator, the layering occurs in reverse order. (Peng, n.d.). The work process is same in case of the TOR, it is used to reduce the simple and sophisticated risks in the traffic by the distribution of the transactions overall on the internet, such that neither single point can connect the user to the data. It is same as retracing ones footsteps while being followed and also occasionally deleting the footsteps. The TOR takes a random pathway from the source to the destination to carry the data packets from the source to the destination. The functionality of the TOR client, is to pass the internet traffic route through the TORs network. The traffic travels through the relay sin network provided by the volunteers before it exits from the TOR network and arrives at the users destination. This will disband the internet service providers and the users from the ability to monitor the local network from viewing the websites being accessed by the user. It helps in the prevention of the websites from knowing the physical location or IP address as theyll see the IP address and location of the exit node which has been randomized. Even the relays have no idea who requested the traffic theyre passing along. All traffic within the TOR network is encrypted (Padmanabhan and Yang, n.d.). TOR can also be used for the purpose of random defamation, illegal leaks of sensitive information, and copyright infringement, the distribution of illegal porn content, the selling of banned products, money laundering, credit card fraud and identity theft are the purposes the black markets exploits the TOR infrastructure partly and in conjunction with Bitcoin, and TOR itself has been used by criminal enterprises, hacktivism groups, and law enforcement agencies at cross purposes, sometimes simultaneously (Olston and Chi, 2003). Legitimate Use of Anonymous Web Browsing The need for the anonymity in the internet users occurred due to the following factors. As 90% of the 80,142 health-related web pages wait for the initiation of the HTTP requests to third-parties, oftentimes outside the view of the user. Some 70% of third-party requests transmit information on specific symptoms, treatments, and diseases in the URI string. Page visitors are at risk of their health interests being publicly identified as well as being blindly discriminated against by marketers. The increase of third party members made it possible for corporations to assemble dossiers on the health conditions of unwitting user (NOWACK, 2006). It is also used by the officers of law in order to browse the extremists websites without the worry to leave digital footprints and reveal that they are under investigation. It can also be used as anonymous tipping service for crime reporting by anonymous users. It helps to protect investigations, communications and intelligence gathering. Military agents on overseas mission also use anonymous browsing tool (TOR) to mask the sites they are visiting, thereby protecting themselves and the military operations and interests. The activists and the whistle blowers use anonymity in order to avoid organizational or government censorship. It also allows the activists to raise their voices and avoid persecutions and also report abuses from danger zones. It has also been used by the journalists to report corruption, protect research and sources online, allows people who actively challenge an institution or policy avoid the control of oppressive regime who try to limit what people say or do on the internet. Its helps internet users to research topics like AIDS, abortion, rape. It helps online forums and oppressed individuals to communicate, discuss private issues, get counselling and treatment such as addictions or drug abuse without fear of discrimination (Montgomery and Faloutsos, 2001). The anonymous use of the web browser can be used illegitimately in the following ways Cybercriminals currently use Online Financial Transaction (OFT) provides services in order to facilitate illicit and explicit online activities such as money laundering, narcotic exchanges, identity theft, and protection of ones identity, cybercriminals utilize the techniques anonymity for communication in combination with many online financial tools. This provides them to mask their impunity by the help of the protection of identity they enjoy from these tools (Levi, 2003). Transfer of illicit finance and information online among sources that cannot be identified is a problem fast developing in the global community as such actions influences extremists, criminals, , and terrorist groups who threaten our physical world (Leiva and Viv, 2013). Anynomosity can help criminals like credit-card scam causing criminals, forging of documents and money, weapons dealers, betting websites sites, market for every kind of vice one can imagine of, havens for hackers, illegal and disgusting porn should get chased off the Surface of Web (Leavitt, 2006). Challenges For Law Enforcement Bodies The Law enforcement officers and digital forensics investigators face challenges due to the untraceable nature of anonymous web browsing. OFTs pose a risk to law enforcement and intelligence agencies which is scaling every day because such anonymous deals are proving to be difficult to keep watch on and provide better opportunities to the criminals who threaten the physical world (Khanchana and Punithavalli, 2011). Many challenges are faced even by the investigative department of the law enforcement body as the digital evidences in case of a crime is un retrievable as the IP address of the user is unanimous. Which makes it untraceable or untrack able. In case of credit card theft it is impossible for the law enforcement to identify the buyer and the seller. The payment is difficult to trace as it has made use of online currency like bitcoins. The anonymity in anonymous tip lines would not allow law enforcement get the identity of the sender and it would hinder the verification of source and process of calling the anonymous tipper in as a witness in many court houses of the world. The illegal buyers and sellers dont exchange cash, or do have any form of banking records which will be available for investigators to subpoena. Warrants cannot be issued as they cannot be taken to court of law because of the human rights law and first amendment in respect to anonymity on the internet (Hirschfeld, 1997 ). The online commenters are exactly not known for their kind words as more people are reliant on social media and the internet service providers to communicate and collect information, it is necessary that certain laws should be amended in order to safeguard or prevent people from misusing the Internet's cloak of invisibility has been bullying the professionals and normal innocent people by making the false claims against remote businesses and elected officials (Henderson, 2012). Measures Against Its Misuse Measures that have be taken against the misuse of anonymous web browsing include the monitoring of exit nodes on TOR network to identify a user, blacklisting the TOR relay IPs, and disrupting the TOR network. By disrupting the TOR network timing and intersection attack to reveal the location of services (Hartman, Ackermann and Ackermann, 2005). Twitter now requests for phone number to verify identify if they want to create an account on twitter through the TOR network. A number of websites treat users from anonymity servers differently, e.g. Slashdot doesnt allow you post comment over TOR (Goldberg and Atallah, 2009). Janus is a Personalized Web Anonymizer which was the first system which made the professionals aware to provide users with an easy means of anonymous personalization for web browsing. Services of Janus as an intermediary object between a user and a web site, it achieves the goals of user identification and user privacy by automatically generating aliases for users, such aliases allow the user to login to their accounts using a pseudonym that hides the user s true identity. Janus does not indulges the user in the burden of inventing and remembering unique usernames and passwords for every website Moreover it will provide the appropriate usernames and passwords automatically. It has also proven to be a great authentication software which is safe from cyber-attacks (Garfinkel and Spafford, 2011). Foxy Proxy is a Firefox extension similar to Torbutton but its functionality is more advanced. It allows users faster enabling and disabling of any proxy server, and it allows the formation of convention admission control lists to stipulate that certain fields should always be accessed through TOR, with a dissimilar proxy, or straight. This has also been cooperative to the users in defence against misuse of the unidentified web browsing (Drk, Williamson and Carpendale, 2012). Measures Adopted Against Its Misuse The governing bodies of the countries are fast developing active measures to deal against the illegal practices of the anonymous web browsing like child pornography, encryption and the traceability of e-mails. The first measure would be to regulate the telephone industry in order to maintain subscriber and call information for fixed periods of time. It would be very beneficial for the lawmakers if the internet service providers also adopt a similar kind of approach for the retainment of the subscriber information and records for the screen names and the associated internetworking protocol numbers (Chen, 2005). Though the suggestions to limit anonymous infrastructures on the internet would disrupt free speech rights which have been recognised by the supreme courts long ago. Some countries are fixated at its efforts on evolving measures aimed at battling the sexual exploitation of children via the Internet. Contemplation is being given to the enrolment of a Code of Conduct for Internet providers and for the formation of a contact point for the detection of info of a paedophilic nature. Like in Finland, which has the highest per capita level of Internet access in the world, the approach of the authorities has been to seek to make regulation on the broadcast of illegal material contraption neutral. A Committee on Freedom of Speech Statute reported that among their approvals is the duration of an ISP Manager as a responsible editor and therefore hypothetically liable to prosecution for the communication of illegal material (Adair, Hartstein and Richard, 2010). Conclusion Every technological advancement in the recent times had its own share of advantages and disadvantages. Like that anonymous web browsing too provides benefits to the people who use it for the good of the common and bad for the people who use it in illegal means. The most important thing for the proper use of technology is the generation of awareness against among the people in order to educate them and instil good values. Though there are many measures being taken by the government to mitigate the ill effects of this technology in the society, but the society themselves have to change and stop the support of such actions. References Adair, S., Hartstein, B. and Richard, M. (2010).Malware Analyst's Cookbook and DVD. John Wiley Sons. Chen, W. (2005). Effect of Web-Browsing Interfaces in Web-Based Instruction: A Quantitative Study.IEEE Trans. Educ., 48(4), pp.652-657. Drk, M., Williamson, C. and Carpendale, S. (2012). Navigating tomorrow's web.TWEB, 6(3), pp.1-28. Garfinkel, S. and Spafford, G. (2011).Web Security, Privacy Commerce. Sebastopol: O'Reilly Media, Inc. Goldberg, I. and Atallah, M. (2009).Privacy Enhancing Technologies. Dordrecht: Springer. Hartman, K., Ackermann, E. and Ackermann, E. (2005).Searching researching on the Internet the World Wide Web. Wilsonville, Or.: Franklin, Beedle. Henderson, L. (2012).Darknet. [S.l.: CreateSpace]. Hirschfeld, R. (1997).Financial cryptography. Berlin: Springer. Khanchana, R. and Punithavalli, M. (2011). Web Usage Mining for Predicting Users Browsing Behaviors by using FPCM Clustering.International Journal of Engineering and Technology, 3(5), pp.491-496. Leavitt, N. (2006). Browsing the 3D Web.Computer, 39(9), pp.18-21. Leiva, L. and Viv, R. (2013). Web browsing behavior analysis and interactive hypervideo.TWEB, 7(4), pp.1-28. Levi, A. (2003). How secure is secure Web browsing?.Commun. ACM, 46(7), p.152. Montgomery, A. and Faloutsos, C. (2001). Identifying Web browsing trends and patterns.Computer, 34(7), pp.94-95. NOWACK, B. (2006). CONFOTO: Browsing and annotating conference photos on the Semantic web.Web Semantics: Science, Services and Agents on the World Wide Web, 4(4), pp.263-266. Olston, C. and Chi, E. (2003). ScentTrails.interactions, 10(5), p.9. Padmanabhan, B. and Yang, Y. (n.d.). Clickprints on the Web: Are There Signatures in Web Browsing Data?.SSRN Journal. Peng, K. (n.d.).Anonymous communication networks. Murali, S., Pandian Durai, A. and M. Ariya, M. (2011). NYMBLE A Safe System for Onion Router Networks.IJAR, 3(8), pp.261-263. Sharafeddine, S. and Arid, A. (2011). An empirical energy model for secure Web browsing over mobile devices.Security Comm. Networks, 5(9), pp.1037-1048. Tillwick, H. and Olivier, M. (2008). Bridging the gap between anonymous eà ¢Ã¢â ¬Ã mail and anonymous web browsing.Online Information Review, 32(1), pp.22-34. Xiao, X., Luo, Q., Hong, D., Fu, H., Xie, X. and Ma, W. (2009). Browsing on small displays by transforming Web pages into hierarchically structured subpages.TWEB, 3(1), pp.1-36. XIE, Y. (2007). Anomaly Detection Based on Web Users Browsing Behaviors.Journal of Software, 18(4), p.967. Yang, X., Xiang, P. and Shi, Y. (2009). Finding Users Interest Blocks using Significant Implicit Evidence for Web Browsing on Small Screen Devices.World Wide Web, 12(2), pp.213-234. Yu, S., Zhao, G., Dou, W. and James, S. (2012). Predicted Packet Padding for Anonymous Web Browsing Against Traffic Analysis Attacks.IEEE Trans.Inform.Forensic Secur., 7(4), pp.1381-1393.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.