What's the buzz about HORNET?

Slides:



Advertisements
Similar presentations
Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
Advertisements

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.
1 Internet Networking Spring 2005 Tutorial 2 IP Checksum, Fragmentation.
Analysis of Onion Routing Presented in by Jayanthkumar Kannan On 10/8/03.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.
K. Salah1 Security Protocols in the Internet IPSec.
1. Layered Architecture of Communication Networks: Circuit Switching & Packet Switching.
SHIP: Performance Reference: “SHIP mobility management hybrid SIP-HIP scheme” So, J.Y.H.; Jidong Wang; Jones, D.; Sixth International Conference on
WAN Technologies. 2 Large Spans and Wide Area Networks MAN networks: Have not been commercially successful.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
PROJECT DOMAIN : NETWORK SECURITY Project Members : M.Ananda Vadivelan & E.Kalaivanan Department of Computer Science.
SWITCHING. Switching is process to forward packets coming in from one port to a port leading towards the destination. When data comes on a port it is.
第六章 IP 安全. Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
UNIT 7- IP Security 1.IP SEC 2.IP Security Architecture
Anonymous Internet Protocols
Onions and Garlic: the protocols of I2P
Network Security Mechanisms
IP - The Internet Protocol
CS408/533 Computer Networks Text: William Stallings Data and Computer Communications, 6th edition Chapter 1 - Introduction.
CSE 4905 IPsec.
Encryption and Network Security
Chapter 18 IP Security  IP Security (IPSec)
Next Generation: Internet Protocol, Version 6 (IPv6) RFC 2460
IT443 – Network Security Administration Instructor: Bo Sheng
Anonymous Communication
Layered Architectures
Location Cloaking for Location Safety Protection of Ad Hoc Networks
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
IP - The Internet Protocol
Weak Duplicate Address Detection in Mobile Ad Hoc Networks
IP - The Internet Protocol
Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge
0x1A Great Papers in Computer Security
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Anupam Das , Nikita Borisov
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
Anonymous Communication
Switching Techniques.
Authors: Chun-Ta Li and Min-Shiang Hwang Reporter: Chun-Ta Li (李俊達)
Net 323 D: Networks Protocols
Outline Using cryptography in networks IPSec SSL and TLS.
IP - The Internet Protocol
Security of Wireless Sensor Networks
Mobile IP Outline Homework #4 Solutions Intro to mobile IP Operation
Overview of Networking
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Anonymous Communication
IP - The Internet Protocol
NET 323D: Networks Protocols
An Engineering Approach to Computer Networking
Anonymous Communication
Multi-rate Medium Access Control
BPSec: AD Review Comments and Responses
SPINE: Surveillance protection in the network Elements
Lecture 36.
Lecture 36.
Switching.
Presentation transcript:

What's the buzz about HORNET?

You've probably all seen the news… "Internet-scale anonymity" "Without sacrificing security, the network supports data transfer speeds of up to 93GBps" "can be scaled at little cost" "a better, faster Tor"

You've probably not read the abstract... "We present HORNET, a system that enables high-speed end-to-end anonymous channels by leveraging next generation network architectures. HORNET is designed as a low-latency onion routing system that operates at the network layer thus enabling a wide rangeof applications. Our system uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes. This design enables HORNET nodes to process anonymous traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal processing overhead per additional anonymous channel. We discuss design and implementation details, as well as a performance and security evaluation."

HORNET: High-speed Onion Routing at the Network Layer Low-latency onion routing network Leverages the existing Sphinx onion routing protocol Geared towards speed and scalability Use next-gen network gear instead of building an overlay

Desired properties Path information integrity and security e.g. no tagging attacks No cross-link identification Session unlinkability Payload secrecy and end-to-end integrity Adversary can only learn packet length and timing

Claims Better speed than existing onion routing networks Tor, I2P Better security than existing (proposed) network layer anonymity networks LAP, Dovetail

Speed

Security

Why is it fast?

Stateless data transmission

Stateless data transmission

Data packet header lengths Scheme Header Length Sample Length (Bytes) LAP 12 + 2s.r 236 Dovetail 12 + s.r 124 Sphinx 32 + (2r + 2)s 296 Tor 3 + 11.r 80 I2P 20 HORNET 8 + 3r.s 344 s = length of symmetric element r = maximum AS path length For sample length, s = 16 Bytes and r = 7

Gains No route lookup time No route storage Tor stores at least 376 bytes per circuit Requires almost 20GB of memory for a load level of 5 million new sessions per minute

Mostly symmetric crypto Each HORNET node performs one DH key exchange during setup phase Only symmetric operations used during data phase 5% slower than LAP and Dovetail for small packets (64 bytes) 71% slower for large packets (1200 bytes)

How? Decrypts setup packet Sym key from medium/long- term DH priv key and sender's DH pub key Generate transient DH key Calculate a symmetric key from transient DH priv key and sender's DH pub key Encrypt routing info with local medium-term symmetric key Forward encrypted routing info + transient DH pub key Delete transient DH key

No replay protection Packet replay is ignored within the lifetime of a session Leads to easy DoS They suggest that adversaries would be deterred by the risk of being detected by volunteers / organizations / ASs but the detection process is going to add additional processing time and therefore compromise throughput

So is this the end of Tor and I2P?

Why not? Designed for new routing hardware that doesn't exist Only covers session setup and data transmission Assumes routing state only shows next hop Assumes the presence of path discovery Assumes the presence of node discovery Can be used with upper-layer anonymity protocols for stronger security guarantees

It's actually very similar to I2P tunnels! Both use "non-interactive" telescopic tunnel building Both only use symmetric crypto for data transmission Don't confuse I2P tunnels with I2P sessions (But I2P sessions also use mostly-symmetric crypto via "session tags"…) ((Yes, yes, this gets confusing...))

Key difference between HORNET and I2P I2P tunnel packet headers are smaller than HORNET But I2P pads all to 1024 bytes I2P stores routing data I2P uses a bloom filter to detect packet replay I2P has a higher-level end-to-end crypto layer

Key points It doesn't actually exist You can't throw away Tor and I2P just yet ;) It's only one piece of the puzzle Speed has trade-offs It's still a good idea!

Fun aside (if we get time): Implementing HORNET in I2P

Discussion time :)