Upload
warren-stevens
View
216
Download
1
Embed Size (px)
Citation preview
WHERE WE ARE
Last time:
• Mitigating timing attacks (Astoria)
Today:
• Finish up mitigating timing attacks (LASTor)
• Other approaches to anonymity systems;
• Dissent• Aqua
Administravia:
• Mark update on Piazza.
THE DISSENT PROJECT
Goal: rethink the foundations of anonymity
Offer quantifiable and measurable anonymity
Build on primitives offering provable security
Don't just patch specific vulnerabilities, butrearchitect to address whole attack classes
http://dedis.cs.yale.edu/dissent/
Not a drop-in replacement for onion routing, but offers some systematic defense against all 5 classes of vulnerabilities
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
DINING CRYPTOGRAPHERS (DC-NETS)
• 3 cryptographers eating dinner and the waiter informs them that the meal has been paid by someone
• Cryptographers want to know if it was one of them or the NSA
• They respect each others right to make an anonymous payment …
• … but want to know if the NSA paid
• Solution: 2 stage protocol
1. Each pair of cryptographers exchanges a secret (e.g., flip a coin behind a menu)
2. Announce a bit; XOR of bits shared with neighbors (if they did not pay) or the opposite of this (if they did pay)
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
• ACKs: http://dedis.cs.yale.edu/dissent/pres/131024-austin.pdf
TOWARDS EFFICIENT TRAFFIC-ANALYSIS RESISTANT ANONYMITY NETWORKS
Stevens Le Blond David Choffnes Wenxuan ZhouPeter Druschel Hitesh Ballani Paul Francis
THE PROBLEM OF IP ANONYMITY
Client Server
30
VPN proxy
Proxies are single point of attack(rogue admin, break in, legal, etc)
31
Proxy
Traffic analysisOnion routing (Tor)
Onion routing doesn’t resisttraffic analysis (well known)
ANONYMOUS QUANTA (AQUA)
k-anonymity: Indistinguishable among k clients
BitTorrent
• Appropriate latency and bandwidth• Many concurrent and correlated flows
33
34
Threat model
Global passive (traffic analysis) attack
Active attack
Edge mixes aren’t compromised
Padding
35
Constant rate (strawman)
Defeats traffic analysis, but overhead proportionalto peak link payload rate on fully connected network
OUTLINE
1) Overview
2) Design
• Padding at the core• Padding at the edges• Bitwise unlinkability• Receiver’s anonymity (active attacks)
3) Evaluation
4) Ongoing work
36
OUTLINE
1) Overview
2) Design
• Padding at the core• Padding at the edges• Bitwise unlinkability• Receiver’s anonymity (active attacks)
3) Evaluation
4) Ongoing work
39
K-ANONYMITY SETS (KSETS)
40
Send ksetRecv kset
Provide k-anonymity by ensuring correlatedrate changes on at least k client links
Padding
FORMING EFFICIENT KSETS
41
Epochs1 2 3
Peer
s’ ra
tes
1
2
3
Are there temporal and spatialcorrelations among BitTorrent flows?
OUTLINE
1) Overview
2) Design
• Padding at the core• Padding at the edges• Bitwise unlinkability• Receiver’s anonymity (active attacks)
3) Evaluation
4) Ongoing work
42
METHODOLOGY: TRACE DRIVEN SIMULATIONS
Month-long BitTorrent trace with 100,000 users
• 20 million flow samples per day• 200 million traceroute measurements
Models of anonymity systems
• Constant-rate: Onion routing v2• Broadcast: P5, DC-Nets• P2P: Tarzan• Aqua
43
ONGOING WORK
47
Prototype implementation
Aqua for VoIP traffic
• “tiny-latency” (RTT <330ms)
Intersection attacks
Workload independence
TAKE HOME MESSAGESEfficient traffic-analysis resistance by exploiting existing correlations in BitTorrent traffic
At core:
• Multipath reduces peak payload rate
• Variable uniform rate adapts to changes in aggregate payload traffic
At edges, ksets:
• Provide k-anonymity by sync rate on k client links• Leverage temporal and spatial correlations of BitTorrent flows
48
HANDS ON ACTIVITY
(Try at home )
Dissent source code is publicly available:
https://github.com/DeDiS/Dissent
Try downloading/installing/running the system
49