Vanish: Increasing Data Privacy with Self-Destructing Data

Slides:

Advertisements

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Advertisements

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Kademlia: A Peer-to-peer Information System Based on the XOR Metric Petar Mayamounkov David Mazières A few slides are taken from the authors’ original.

Click to edit Master title style Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs Scott Wolchok 1 Owen S. Hofmann 2 Nadia Heninger 3 Edward.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Comet: An Active Distributed Key-Value Store Roxana Geambasu Amit Levy Yoshi Kohno Arvind Krishnamurthy Hank Levy University of Washington.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Yoshi Kohno Amit Levy Hank Levy University of Washington.

S EMINAR A SELF DESTRUCTING DATA SYSTEM BASED ON ACTIVE STORAGE FRAMEWORK ONON P RESENTED BY S HANKAR G ADHVE G UIDED BY P ROF.P RAFUL P ARDHI.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.

A. Frank 1 Internet Resources Discovery (IRD) Peer-to-Peer (P2P) Technology (1) Thanks to Carmit Valit and Olga Gamayunov.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Squirrel: A decentralized peer- to-peer web cache Paul Burstein 10/27/2003.

Wide-area cooperative storage with CFS

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

Defeating Vanish with Low-Cost Sybil Attacks Against Large DHTs The University of Michigan Scott Wolchok J. Alex Halderman The University of Texas at Austin.

A Framework for Hybrid Structure P2P Botnet Speakers:MA2G0207 bo rong,sue Source:IEEE.

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

Chord & CFS Presenter: Gang ZhouNov. 11th, University of Virginia.

Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.

Grid Appliance – On the Design of Self-Organizing, Decentralized Grids David Wolinsky, Arjun Prakash, and Renato Figueiredo ACIS Lab at the University.

Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.

1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)

Network Computing Laboratory Scalable File Sharing System Using Distributed Hash Table Idea Proposal April 14, 2005 Presentation by Jaesun Han.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu, Tadayoshi Kohno, Amit Levy, et al. University of Washington USENIX Security.

Cryptographic Security Secret Sharing, Vanishing Data 1Dennis Kafura – CS5204 – Operating Systems.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu Tadayoshi Kohno Amit A. Levy Henry M. Levy University of Washington.

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu | Tadayoshi Kohno | Amit A. Levy | Henry M. Levy Presented by: Libert Tapia.

MapReduce and GFS. Introduction r To understand Google’s file system let us look at the sort of processing that needs to be done r We will look at MapReduce.

Serverless Network File Systems Overview by Joseph Thompson.

Peer to Peer A Survey and comparison of peer-to-peer overlay network schemes And so on… Chulhyun Park

Paper by: Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy, Henry M. Levy University of Washington Vanish: Increasing Data Privacy with Self-Destructing.

GFS. Google r Servers are a mix of commodity machines and machines specifically designed for Google m Not necessarily the fastest m Purchases are based.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Computer Networking P2P. Why P2P? Scaling: system scales with number of clients, by definition Eliminate centralization: Eliminate single point.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Peer to Peer Network Design Discovery and Routing algorithms

Measurements and Mitigation of Peer-to-peer Botnets: A Case Study on Storm Worm Thorsten Holz, Moritz Steiner, Frederic Dahl, Ernst Biersack, Felix Freiling.

INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.

Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications * CS587x Lecture Department of Computer Science Iowa State University *I. Stoica,

CS Spring 2010 CS 414 – Multimedia Systems Design Lecture 24 – Introduction to Peer-to-Peer (P2P) Systems Klara Nahrstedt (presented by Long Vu)

Presented by Edith Ngai MPhil Term 3 Presentation

Threat Modeling for Cloud Computing

Ion Stoica, Robert Morris, David Liben-Nowell, David R. Karger, M

An example of peer-to-peer application

PEER-TO-PEER NETWORK FAMILIES

CS4470 Computer Networking Protocols

Peer-to-peer networking

CHAPTER 3 Architectures for Distributed Systems

SECURITY IN DISTRIBUTED FILE SYSTEMS

OneSwarm: Privacy Preserving P2P

Providing Secure Storage on the Internet

An Introduction to Computer Networking

Network Security – Kerberos

Faculty of Science IT Department By Raz Dara MA.

Ch 17 - Binding Protocol Addresses

Designing IIS Security (IIS – Internet Information Service)

Content Distribution Network

A Scalable Peer-to-peer Lookup Service for Internet Applications

Kademlia: A Peer-to-peer Information System Based on the XOR Metric

Secure Diffie-Hellman Algorithm

Security in Wide Area Networks

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Presentation transcript:

Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu, Yoshi Kohno, Amit A. Levy and Hank A. Levy University of Washington Slides by Gal Motika

Outline Motivating Problem Goals Distributed Hash Tables (DHTs) How Vanish Works Availability & Performance Analyze Security Analyze

Motivation: Data Lives Forever How can Ann delete her sensitive email? She doesn’t know where all the copies are. Services may retain data for long after user tries to delete. Sensitive email Ann Carla ISP This is sensitive stuff. This is sensitive stuff. Senstive Sensitive Senstive Sensitive Senstive Sensitive Senstive Sensitive 3

Motivation: Data Lives Forever Ann Carla ISP Senstive Sensitive Senstive Sensitive This is sensitive stuff. Senstive Sensitive Senstive Sensitive Attacker Some time later… Retroactive attack on archived data This is sensitive stuff. 4

Self-Destructing Data Model Sensitive email Ann Carla ISP This is sensitive stuff. self-destructing data (timeout) VDO: Vanish Data Object – email, Facebook message, text message. Until timeout, VDO is readable. After timeout, all copies become permanently unreadable. Even for attackers who obtain an archived copy & user keys. 5 5

Assumptions The VDO will be used to encapsulate data that is only of value to the user for a limited time. Every message has known timeout. Users are connected to the Internet when interacting with VDOs. Early destruction is preferred than information exposure.

Goals A VDO must expire automatically and without any explicit action. The VDO should be accessible until timeout. Leverage existing infrastructures. The system must not require the use of dedicated secure hardware. The system should not introduce new privacy risks to the users.

Distributed Hash Tables (DHTs) A distributed, peer-to-peer (P2P) storage network consisting of multiple participating nodes. (index, value) pair data. Lookup, get, and store operations.

Key DHT-related Insights Huge scale: millions of nodes. Geographic distribution: Nodes are distributed over 190 countries. Decentralization: individually-owned, no single point of trust. Constant evolution: DHTs evolve naturally and dynamically over time as new nodes constantly join and old nodes leave.

Data Encapsulation L K Vanish World-Wide DHT k1 k1 k2 k2 k3 k3 . . . Ann Carla VDO = {C, L} Encapsulate (data, timeout) Vanish Data Object VDO = {C, L} Vanish L World-Wide DHT kN k3 Random indexes k1 k1 Secret Sharing (M of N) k2 k2 K k2 k3 k3 . . . k1 C = EK(data) kN kN 10

Data Decapsulation L L X K Vanish Vanish World-Wide DHT . . . Ann Carla VDO = {C, L} Encapsulate (data, timeout) Vanish Data Object VDO = {C, L} Decapsulate (VDO = {C, L}) data Vanish L Vanish L World-Wide DHT kN kN k3 k3 Random indexes Random indexes Secret Sharing (M of N) Secret Sharing (M of N) X K k2 k2 . . . k1 k1 C = EK(data) data = DK(C) 11 11

Data Timeout L K The DHT loses key pieces over time Natural churn: nodes crash or leave the DHT Built-in timeout: DHT nodes purge data periodically Key loss makes all data copies permanently unreadable Vanish L World-Wide DHT kN k3 Random indexes k1 Secret Sharing (M of N) X K X k3 . . . k1 X kN data = DK(C) 12 12 12

The Vuze DHT 160-bit ID based on the IP and port. The ID determines the index ranges that it will store. To store an (index,value), a client looks up 20 nodes with IDs closest to the specified index. Entries in the node’s cache are republished every 30 minutes to the other 19 closest nodes. Nodes remove from their caches all values whose store timestamp is more than 8 hours old.

Availability Evaluation Pushed 1,000 VDOs shares to pseudorandom indices in the Vuze DHT and then polled them back. Repeated this experiment 100 times over a 3-day period. 8-hour Vuze standard timeout.

Availability Evaluation – Cont. N=50 and threshold of 90% is recommended for high availability.

Performance Evaluation Encryption/Decryption time is negligible. The DHT component accounts for over 99% of the execution time. The Encapsulation/Decapsulation times were measured.

Security Analyses The attacker can have access to the sender computer, the email provider or to the DHT. The key shares are unlikely to remain in the DHT much after the timeout. After timeout, many of the hosting nodes would have long disappeared or changed their ID. Even for legal authorities it will be difficult to reconstruct the lost data. The relevant attacks can be done before the timeout.

Strategy (1) - Decapsulate VDO Prior to Expiration An attacker might try to obtain a copy of the VDO and revoke its privacy prior to its expiration. Example: an email provider that proactively decapsulates all VDO emails in real-time. Defense: encapsulate VDOs in traditional encryption schemes, like PGP or GPG.

Strategy (2): Sniff User’s Internet Connection An attacker sniffs the data users push into or retrieve from the DHT. Example: an ISP or employer. Defense: Encrypt DHT communications between nodes. Compose with Tor to tunnel one’s interactions with a DHT through remote machines. The man-in-the-middle attack is not solved.

Strategy (3): Integrate into DHT The attacker integrate itself into the DHT in order to create copies of all data that it is asked to store. The attacker intercept internal DHT lookup procedures and then issue get requests of his own for learned indices. Standard DHT attacks (Sybil ,Eclipse) are handled by Vuze DHT (the ID is based on the IP), or changing the Vuze client.

Experimental Methodology The experiment can not be done on real DHT because the attacker should acquire as much as possible nodes. 1,000, 2,000, 4,500, and 8,000 node DHTs were tested Churn (node death and birth) is modeled by a Poisson distribution with median lifetime of 2 hours.

Store Sniffing Attack The adversary saves all of the index-to-value mappings it receives from peers. Via store messages. Via replication (every 30 minutes to the 20 closest nodes. The attacker compromised 5% of 1000-node DHT.

Store Sniffing Attack - Attacker Sizes None of the 1,000 tested VDOs was compromised. For N=150, 2 hours churn:

Lookup Sniffing Attack Lookup requests pass through multiple nodes. The attacker can fetch the value of the searched index. Defense: lookup for a different index but with the same node ID. For 1M nodes, 160 index bits, the first 20 bits are the ID of the node. On lookup, randomize the last 80 bits, so it will be impossible for the attacker to get the key.

Conclusions Vanish causes sensitive information, such as emails, files, or text messages, to irreversibly self-destruct. Without any action on the user’s part. Without any centralized or trusted system. Vanish is robust against adversarial attacks. Limitations: In Vuze, the fixed data timeout present challenge for a self-destructing data system.

Questions?