Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore.

Slides:

Advertisements

Similar presentations

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

Advertisements

LASTor: A Low-Latency AS-Aware Tor Client

Building Cloud-ready Video Transcoding System for Content Delivery Networks(CDNs) Zhenyun Zhuang and Chun Guo Speaker: 饒展榕.

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

What should you Cache? A Global Analysis on YouTube Related Video Caching Dilip Kumar Krishnappa, Michael Zink and Carsten Griwodz NOSSDAV 2013.

An Analysis of Internet Content Delivery Systems Stefan Saroiu, Krishna P. Gommadi, Richard J. Dunn, Steven D. Gribble, and Henry M. Levy Proceedings of.

1 A Framework for Lazy Replication in P2P VoD Bin Cheng 1, Lex Stein 2, Hai Jin 1, Zheng Zhang 2 1 Huazhong University of Science & Technology (HUST) 2.

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Simultaneous Distribution Control and Privacy Protection for Proxy based Media Distribution George Mason University Songqing Chen (George Mason University)

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.

1 Drafting Behind Akamai (Travelocity-Based Detouring) AoJan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante Department of Electrical.

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

A distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications From U. of Dortmund, Germany.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

By Huang et al., SOSP 2013 An Analysis of Facebook Photo Caching Presented by Phuong Nguyen Some animations and figures are borrowed from the original.

P2P File Sharing Systems

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

CSCI 5234 Web Security1 Privacy & Anonymity in the WWW Ch. 12, Oppliger.

Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.

Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.

Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

HUAWEI TECHNOLOGIES CO., LTD. Page 1 Survey of P2P Streaming HUAWEI TECHNOLOGIES CO., LTD. Ning Zong, Johnson Jiang.

Othman Othman M.M., Koji Okamura Kyushu University 1.

Sharing Social Content from Home: A Measurement-driven Feasibility Study Massimiliano Marcon Bimal Viswanath Meeyoung Cha Krishna Gummadi NOSSDAV 2011.

A Survey on Network Storage Ning Zong Haibin Song Richard Alimi Richard Yang.

Ahmed Osama Research Assistant. Presentation Outline Winc- Nile University- Privacy Preserving Over Network Coding 2  Introduction  Network coding 

METADATA: TRACKING AND ENCRYPTION. METADATA EXAMPLES Microsoft Word document properties Telephone/ metadata Camera/image metadata Web browser identification.

P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

Overlay Networks : An Akamai Perspective

INTERNET AND PROTOCOLS For more notes and topics visit: eITnotes.com.

Content Delivery Networks: Status and Trends Speaker: Shao-Fen Chou Advisor: Dr. Ho-Ting Wu 5/8/

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum.

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.

Successfully Implementing The Information System Systems Analysis and Design Kendall and Kendall Fifth Edition.

Network Security Confidentiality Using Symmetric Encryption Chapter 7.

Systems Architecture Anonymous Key Agreement Dominik Oepen

Aaron Johnson Rob Jansen Aaron D. Jaggard Joan Feigenbaum

BUILD SECURE PRODUCTS AND SERVICES

Coral: A Peer-to-peer Content Distribution Network

Caching Temporary storage of frequently accessed data (duplicating original data stored somewhere else) Reduces access time/latency for clients Reduces.

Feeling-based location privacy protection for LBS

OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

OblivP2P: An Oblivious Peer-to-Peer Content Sharing System

1. Public Network - Each Rackspace Cloud Server has two networks

Chapter 6: Transport Layer (Part I)

SocialMix: Supporting Privacy-aware Trusted Social Networking Services

An Analysis of Facebook photo Caching

Utilization of Azure CDN for the large file distribution

Towards Measuring Anonymity

Exercise ?: TOR.

Distributed Systems CS

0x1A Great Papers in Computer Security

Anupam Das , Nikita Borisov

Privacy-Preserving Dynamic Learning of Tor Network Traffic

Anonymity (Privacy) Suppose you are surfing the Web.

Unit 8 Network Security.

Anonymous Communication

Presentation transcript:

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore 0

 Popular websites receive millions of hits per day – A fast way to deliver web content  Options to deliver content: – Own servers Amazon EC2, Azure – Content delivery networks (CDN) Akamai, CloudFlare Web Content Delivery 1

Peer-assisted CDNs  Insight: Involve web clients to serve content – Akamai NetSession, Swarmify, Maygh – NetSession offloads 70-80% traffic [NSDI12, IMC 13] – Swarmify reduces over 60% network latency Server Client Server Client 2 Privacy issue: Infer neighbors’ contents

Contributions  Inference attacks on real-world services – i.e., Swarmify, BemTV and P2PSP  Anonymous Peer-assisted CDN (APAC) – Involves browsers as peers – Preserve high level of anonymity – Desired performance – Compatible with browsers 3

Inference Attacks in Peer-assisted CDNs 4

Inference Attacks  Goal – Infer what content a victim user has requested or delivered (browsing history)  Implication – Revealing a user’s browsing history significantly leaks the user’s privacy A user’s digital identity can be revealed [S&P 10] A user’s geolocation/political orientation [W2SP 14] 5

Inference Attacks in Peer-assisted CDNs  Passive attacks: adversary pre-stores all content potentially interesting to the victim  Active attacks: adversary traverses all content potentially served by the victim Server Adversary Victim Server Adversary Victim PassiveActive 6 Request Deliver Fetch Request

Real-world Case Studies  Swarmify, BemTV & P2PSP – A deployed site with 10 images and 2 videos – A victim peer requests and stores resources – An adversary in the same LAN frequently requests and serves resources  No defense against inference attacks – Adversary can observe all resources from/to the victim – Even open for content pollution attacks 7 How to mitigate inference attacks?

Anonymous Peer-assisted CDN 8

Threat Model  Initiator: peer initiates the request  Responder: peer responds the request  Honest-but-curious adversary – Follow protocols  Out of scope – Sybil attacks – Denial-of-service attacks (DoS) 9

Anonymous Peer-assisted CDN (APAC)  Goal – Anonymity: conceal a user’s identity to unlink her id with her online trace – Performance: acceptable network latency – Compatibility: no (or minor) changes on websites and clients  Intuition – Onion-routing (OR) techniques 10

Onion Routing, but with Careful Parameter Selection  OR: Messages are encapsulated in layers of encryption (onions)  Limitations: – Only initiator anonymity – Non-negligible circuit setup latency – Nodes randomly chosen 11 Encryption Decryption Circuit

Overview of APAC  Peer server constructs the circuit for each request instead of peers (anonymity)  Region-based circuit construction (performance) – Choose intermediate nodes in three regions: near-initiator, near-responder and globally random  Communications via WebRTC (compatibility) 12

Initiation in APAC  Peers fetch resources from the content server Content Server Peer v A Peer v B Fetch Store 13

Content Delivery via Peers  Peers fetch resources from other peers Peer Server Peer v A (Initiator) Peer v B (Intermediate) Request Peer v B (Responder) Request via OR circuit Reply Report 14

Region-based Circuit Construction Peer Server Peer v A (Initiator) Peer v B (Intermediate) Peer v B (Responder) 15

Anonymity Analysis for APAC 16

Degree of Anonymity Def 1: The degree of initiator anonymity provided by a system is defined by: Result: The degree of initiator anonymity can be represented as: 17

Parameter Selection  Level of anonymity – The maximum number of intermediate nodes L max – Distribution factors: the fraction of intermediate nodes near the initiator/responder α init / α res – The total number of peers N and the number of peers having requested resources N R 18 When Lmax ≥ 2, APAC can preserve the standard degree of anonymity (i.e., 0.8) achieved by previous work

Performance Evaluation 19

Measurement Setup  Scenario: CDN operators place edges servers in major cities, but users are not located in those cities  Deployed site provides images 1KB–2 MB  Content server / peer server in City A (New York)  100 Peers in City B (Singapore) 20

Network Latency Reduction (NLR) For a 4-node circuit where APAC provides a latency reduction (49.7%) lower than the performance obtained for Swarmify (69.4%) and non-anonymous setting (76.1%). 21 %

Effect of Distribution Factors Locating intermediate nodes near initiator/responder reduces network latency 22 #Nodes in each region

Sweet Spot With up-to 2 intermediate nodes, APAC preserves adequate degree of anonymity (i.e., 0.8) and desired performance (e.g., 97.3% bandwidth savings) 23 Degree of Anonymity Sweet Spot

Conclusion  Inference attacks on peer-assisted CDNs  Anonymous Peer-assisted CDN (APAC) – High degree of anonymity – Desired network latency reduction and bandwidth savings – Compatible with current browsers 24

Thanks You Q & A 25