Anonymity in Structured Peer-to-Peer Networks

Slides:

Advertisements

Similar presentations

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Advertisements

PDPTA03, Las Vegas, June S-Chord: Using Symmetry to Improve Lookup Efficiency in Chord Valentin Mesaros 1, Bruno Carton 2, and Peter Van Roy 1 1.

Lecture 5 - Routing On the Flat Labels M.Sc Ilya Nikolaevskiy Helsinki Institute for Information Technology (HIIT)

1 PASTRY Partially borrowed from Gabi Kliot ’ s presentation.

Identity and search in social networks Presented by Pooja Deodhar Duncan J. Watts, Peter Sheridan Dodds and M. E. J. Newman.

Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.

The Impact of DHT Routing Geometry on Resilience and Proximity New DHTs constantly proposed –CAN, Chord, Pastry, Tapestry, Plaxton, Viceroy, Kademlia,

Spring 2003CS 4611 Peer-to-Peer Networks Outline Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter Druschel.

Geographic Gossip: Efficient Aggregations for Sensor Networks Author: Alex Dimakis, Anand Sarwate, Martin Wainwright University: UC Berkeley Venue: IPSN.

University of Oregon Slides from Gotz and Wehrle + Chord paper

Aggregating Information in Peer-to-Peer Systems for Improved Join and Leave Distributed Computing Group Keno Albrecht Ruedi Arnold Michael Gähwiler Roger.

The Structure of Information Pathways in a Social Communication Network The Structure of Information Pathways in a Social Communication Network Presented.

1 CS 194: Distributed Systems Distributed Hash Tables Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer.

Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications 吳俊興國立高雄大學資訊工程學系 Spring 2006 EEF582 – Internet Applications and Services 網路應用與服務.

P2P Course, Structured systems 1 Skip Net (9/11/05)

1 Peer-to-Peer Networks Outline Survey Self-organizing overlay network File system on top of P2P network Contributions from Peter Druschel.

“Umbrella”: A novel fixed-size DHT protocol A.D. Sotiriou.

MuON: Epidemic Based Mutual Anonymity Neelesh Bansod, Ashish Malgi, Byung Choi and Jean Mayo.

1 Koorde: A Simple Degree Optimal DHT Frans Kaashoek, David Karger MIT Brought to you by the IRIS project.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

1 PASTRY. 2 Pastry paper “ Pastry: Scalable, decentralized object location and routing for large- scale peer-to-peer systems ” by Antony Rowstron (Microsoft.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

The Impact of DHT Routing Geometry on Resilience and Proximity K. Gummadi, R. Gummadi..,S.Gribble, S. Ratnasamy, S. Shenker, I. Stoica.

Content Addressable Network CAN. The CAN is essentially a distributed Internet-scale hash table that maps file names to their location in the network.

A Scalable Content-Addressable Network (CAN) Seminar “Peer-to-peer Information Systems” Speaker Vladimir Eske Advisor Dr. Ralf Schenkel November 2003.

Gennaro Cordasco - How Much Independent Should Individual Contacts be to Form a Small-World? - 19/12/2006 How Much Independent Should Individual Contacts.

An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.

Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.

Chord Advanced issues. Analysis Theorem. Search takes O (log N) time (Note that in general, 2 m may be much larger than N) Proof. After log N forwarding.

Chord Advanced issues. Analysis Search takes O(log(N)) time –Proof 1 (intuition): At each step, distance between query and peer hosting the object reduces.

An Energy-Efficient Geographic Routing with Location Errors in Wireless Sensor Networks Julien Champ and Clement Saad I-SPAN 2008, Sydney (The international.

LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.

Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.

Two Peer-to-Peer Networking Approaches Ken Calvert Net Seminar, 23 October 2001 Note: Many slides “borrowed” from S. Ratnasamy’s Qualifying Exam talk.

A Sybil-Proof Distributed Hash Table Chris Lesniewski-LaasM. Frans Kaashoek MIT 28 April 2010 NSDI

CS 347Notes081 CS 347: Parallel and Distributed Data Management Notes 08: P2P Systems.

Basic Concepts of Information Theory A measure of uncertainty. Entropy. 1.

An Example of {AND, OR, Given that} Using a Normal Distribution By Henry Mesa.

Incrementally Improving Lookup Latency in Distributed Hash Table Systems Hui Zhang 1, Ashish Goel 2, Ramesh Govindan 1 1 University of Southern California.

ENTROPY Entropy measures the uncertainty in a random experiment. Let X be a discrete random variable with range S X = { 1,2,3,... k} and pmf p k = P X.

Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications * CS587x Lecture Department of Computer Science Iowa State University *I. Stoica,

Peer-to-Peer Networks 07 Degree Optimal Networks

Virtual Direction Routing

Decisions Under Risk and Uncertainty

Pastry Scalable, decentralized object locations and routing for large p2p systems.

Impact of Neighbor Selection on Performance and Resilience of Structured P2P Networks Sushma Maramreddy.

Anonymity Metrics R. Newman.

COS 461: Computer Networks

Improving and Generalizing Chord

S-Chord: Using Symmetry to Improve Lookup Efficiency in Chord

SocialMix: Supporting Privacy-aware Trusted Social Networking Services

Know thy Neighbor’s Neighbor Better Routing for Skip Graphs and Small Worlds Moni Naor Udi Wieder.

Towards Measuring Anonymity

Plethora: Infrastructure and System Design

DHT Routing Geometries and Chord

A Sybil-proof DHT using a social network

Chord Advanced issues.

Koorde: A simple degree optimal DHT

Chord Advanced issues.

Introduction Wireless Ad-Hoc Network

Chord Advanced issues.

Chapter 15 Decisions under Risk and Uncertainty

Replica Placement Heuristics of Application-level Multicast

COS 461: Computer Networks

Modeling Entropy in Onion Routing Networks

Route Metric Proposal Date: Authors: July 2007 Month Year

MIT LCS Proceedings of the 2001 ACM SIGCOMM Conference

P2P: Distributed Hash Tables

An Example of {AND, OR, Given that} Using a Normal Distribution

Presentation transcript:

Anonymity in Structured Peer-to-Peer Networks Nikita Borisov and Jason Waddle

Introduction Existing P2P systems offer anonymity or structured routing, but not both We aim to investigate the interaction of network structure and anonymity Analyze Chord and some modifications Techniques generalize to other systems Focus on source-anonymous DHT lookup

Quantifying Anonymity Attacker gets some information about an event wants to learn identity of initiator of that event Crowd a set W of potential initiators Initiator a member of W wants to blend in – not differentiate herself in the eyes of the attacker from the rest of W

Quantifying Anonymity We want to measure the uncertainty of the attacker with respect to the identity of the initiator.

Quantifying Anonymity         A        

Quantifying Anonymity  ?         A 01101...        

Anonymity Sets Anonymity Set S is a random variable the set of initiators that cannot be ruled out as the true initiator based on the information available to the attacker Anonymity can be measured as the expected size of this set E[|S|] Normalized: Anonymity = E[|S|]/|W|

Anonymity Sets A Anonymity = 9/16  Right Half      01101...  

Anonymity Sets Anonymity sets do not generalize to a probability distribution P on initiators implied by information available to attacker e.g., there is an x 2 W, P(x) = .99999 P(W - {x}) uniform (and nonzero) S = W Anonymity = 1

Entropy Entropy H(P) measures the “uncertainty” in a probability distribution H(P) ´ -åx P(x) log2 P(x) Normalized: H(P)/(log2 |W|) Example: P is uniform on S µ W H(P) = - |S| £ (1/|S| log2 1/|S|) = log2 |S| Example: P(x) = 1 H(P) = - log2 1 = 0

Entropy Anonymity can be measured as expected entropy: Anonymity ´ E[H(P)] Normalized: E[H(P)]/(log2 |W|) Anonymity as bits: How many more bits would the attacker need to identify the initiator with certainty?

Chord Network Destination

Routing

Routing to Attackers

Backtrace Attacker

Distribution Average Entropy=0.60

Bad Distribution Average Entropy=0.30

Randomized Routing Chord routing: follow best (longest) finger that makes progress towards the destination Randomized routing: follow random finger that makes progress Guaranteed to eventually arrive at destination Performance bound grows to: O(log2 N) Many more possible paths going through a node

Random Routing

Random Distribution Average Entropy=0.70 Worst-Node Entropy=0.36

Random Distribution (Bad) Average Entropy=0.67 Worst-Node Entropy=0.39

Performance Trade-Off Many possible optimizations to reduce path length E.g. favor larger fingers when picking randomly Such optimizations lower path length But also lower the expected entropy Not all paths are as likely Worst-case entropy suffers even more

Weighted Random Distribution Average Entropy=0.55 Worst-Node Entropy=0.13

Realistic Distribution Average Entropy=0.80 Worst-Node Entropy=0.25

High Indegree

Low Indegree

Summary Some users better off than others High variance in expected entropy In-degree has a powerful effect on both attackers and honest participants In-degree influenced by relatively uncontrollable factors: size of gap to predecessor distance from destination

Intermediaries: Routing by proxy Route first to a random node I, then to the desired destination Really good for nodes in bad situations e.g., low in-degree, attackers for neighbors How to get the routing request to the intermediary?

Intermediaries: Wrong Approach (Mr. I, please route to D) S D

Intermediaries: Wrong Approach SD (I,D) S D

Split Routing Use simple secret sharing to split up the message [D] (“please route to D”) generate R at random split [D] ! M0 = [R] M1 = [R © D] [D] = M0 © M1 neither M0 nor M1 reveal D on their own

Split Routing (D = M0 © M1) Route M0 and M1 along disjoint paths to the intermediary I attackers must intercept both messages except at I, paths have no chance of converging probability of learning S ! D is roughly squared

Bidirectional Routing How to route along disjoint paths? Standard routing is clockwise (CW) fingers increase clockwise ID + ½, ID + ¼, … Extend Chord to allow counterclockwise (CCW) routing as well CCW fingers increase counterclockwise ID – ½, ID - ¼, …

Bidirectional Routing ID(S) + ½ ID(S) + ¼ ID(S) - ¼ CW fingers CCW fingers S

Bidirectional Routing Can use randomized/etc. routing for each share Routing latency increased by ~2x Entropy harder to analyze Must combine information from two attackers Results will be in paper Can use more than 2 paths or more than 1 intermediary Further trade-off performance and anonymity

Conclusion Analyzed anonymity properties of Chord and extensions Identified properties that have the most effect on anonymity Proposed and analyzed anonymity-enhancing modifications Our work can be generalized to other structured P2P systems Indegree variations will be universally relevant Intermediary/split routing can be used with other geometries