View
2
Download
0
Category
Preview:
Citation preview
||
CoverUp: Upload and Download via Passive Participation
David Sommer, Aritra Dhar, Luka Malisa
Esfandiar Mohammadi, Srdjan Čapkun, Daniel Ronzani
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar 1
||
Were you Ever Afraid to …
… download something that is easily accessible?
Maybe someone is watching?
2NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
mass surveillance↯
whistleblowers
free speech
accessing primary sources (e.g., WikiLeaks)
(essential for an informed democracy)
||
Participation alone raises suspicion Little deniability
Bootstrapping Problem
Motivation: Deniability and Participation
ACN - Strong anonymity Hide which users are connected to whom
Limits surveillance and censorship
3NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
small anonymity set
Low number of connected users
unattractive degree of anonymity
Unattractive latency and/or bandwidth
||
Our contribution: Passive Participation
4
passive
❶
❷❸cover traffic
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
participant
active
passivecover traffic
❶
❷❸
participantreal traffic
Web site visitors passively produce cover traffic
User visits reddit
Reddit respondsand includes a pieceof JavaScript code
This JS code producescover traffic
❶
❷
❸
||
Our contribution: Passive Participation
5
passive
❶
❷❸cover traffic
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
participant
active
passivecover traffic
❶
❷❸
participantreal traffic
Web site visitors passively produce cover traffic
Indistinguishability Larger anonymity set
Anonymity set size = active + passive
Mitigates bootstrapping
Provides deniability
≈
||
CoverUp: Contributions
Uses Passive Participation Uni-directional channel: Feed
Bi-directional channel: Transfer
Working Prototype
Analyzed Network Timing leakage
6NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
||
JS code in sandboxed iframe due to Same-Origin-Policy
Attacker controls: Network (monitor/drop/fake)
Entry Server (reddit)
CoverUp server (delivers js code)
Feed Server (delivers feed)
Active user’s machine not compromised
.
.
.
passive participants
Feed Server
CoverUp server
activeparticipants
(3) connects clients via JS to
(2) triggers clients to connect to
(4) sendsmessages to
CoverUp Tool
(5) extract feed
browser
(1) connects to
feed feed
feed
CoverUp Tool
(5) extract feed
browser
feed
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar 7
CoverUp: Feed
||
.
.
.
passive participants
Feed Server
CoverUp server
activeparticipants
(3) connects clients via JS to
(2) triggers clients to connect to
(4) sendsmessages to
CoverUp Tool
(5) extract feed
browser
(1) connects to
feed feed
feed
CoverUp Tool
(5) extract feed
browser
feed
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar 8
CoverUp: Feed
Indistinguishability Active and passive participants: same protocol
Difference: CoverUp Tool
Provides Deniability
||
Protecting Passive Participants
9
Feed Server
CoverUp Tool
localstorage
passive participant
+ +
=
active participant
Fountain Codes + All-or-Nothing Scheme
Only one packet stored
→ protects passive participants
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
Browser
JavaScript
||
CoverUp: Transfer
CoverUp Toolbrowser
JavaScript
Extension
response8
localstorage
request1
7
3
6
2
5
4
www
Bi-directional channel Adds upstream channel
Involves extension
Using TLS
Indistinguishability Trust Transfer Server
Trust CoverUp Server
Augments Feed
10NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
Active participant
Transfer Server
||
Evaluating the Indistinguishability Assertion
Protocol transcripts are indistinguishable Everything else identical?
But active users have CoverUp tool and browser extension (in Transfer)
What can network attacker do? Measure execution time by network timestamps
Timing leakage Evaluation
Mitigation
11NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
||
Periodic Periodic
Setup: LAN, entry, transfer, and feed server
Feed and Transfer scenarios:
Strong attacker model: No other processes running on the system
High-precision time resolution
3 Million measurements
Loading
CoverUp JavaScript
Transfer Server
time
Browser
CoverUp: Experimental Setup
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar 12
||
Request dispatch time: add truncated Gaussian noise
Continual observation for half a year
< 5 hours of visiting the entry server
(Periodic-observations) per day
< 50 connecting to the entry server
(Loading-observations) per day
t
p
0
13NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
*t0 w
p
t0 w
p
CoverUp: Privacy Budget
||
CoverUp: Implementation
CoverUp Tool Implemented in Java
Features: feed, chat and interactive browsing
Uses crypto APIs from whisper systems and JCA
Browser extension Chrome extension based on WebExtension API
Feed/Transfer and CoverUp server Implemented using Java EE Servlet API
Hosted on Apache Tomcat webserver
Available for download and testing: http://coverup.ethz.ch
14NSDI'19 - 28.02.2019David Sommer, Aritra Dhar
||
CoverUp: Performance
Performance Packet size: 75KB every 60s avg.
Goodput: 10KBit/s
Per user overhead Around 660 MB/month or 22MB/day
Privacy guarantee Attacker’s advantage < 2∙ 10−3
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar 15
cnn.com: 4.0MBamazon.com: 5.0MBalibaba.com: 5.4MB
google.com: 0.3MB
||
CoverUp: Summary
Passive Participation Increases anonymity set (Bootstrapping)
Hides Intention (Deniability)
Adding Noise reduces Timing Leakage Maintains feasible usability
Measurements available
NSDI'19 - 28.02.2019David Sommer, Aritra Dhar 16
Available for testing: https://coverup.ethz.chAvailable for download: https://github.com/sommerda/CoverUp-source-code
Feed Server
CoverUp server
(3) connects clients via JS to
(2) triggers clients to connect to
(4) sendsmessages to
CoverUp Tool
(5) extract feed
browser
feed
Recommended