How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

Slides:



Advertisements
Similar presentations
Dynamic Source Routing (DSR) algorithm is simple and best suited for high mobility nodes in wireless ad hoc networks. Due to high mobility in ad-hoc network,
Advertisements

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Tor: The Second-Generation Onion Router
LASTor: A Low-Latency AS-Aware Tor Client
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Winter 2008CS244a Handout #61 CS244a: An Introduction to Computer Networks Handout 6: The Transport Layer, Transmission Control Protocol (TCP), and User.
A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Visualizing Privacy II.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
Class 13 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.
Evaluating the Running Time of a Communication Round over the Internet Omar Bakr Idit Keidar MIT MIT/Technion PODC 2002.
CH2 System models.
Anonymity on the Internet Presented by Randy Unger.
Anonymous Communication -- a brief survey
Zhen Ling Southeast University Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery In collaboration with Junzhou Luo, Southeast.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Lecture 14: Anonymity on the Web (cont) Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.
The Transport Layer application transport network data link physical application transport network data link physical application transport network data.
Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
TCP Trunking: Design, Implementation and Performance H.T. Kung and S. Y. Wang.
Lecture 6 Page 1 Advanced Network Security Review of Networking Basics Advanced Network Security Peter Reiher August, 2014.
COP 5611 Operating Systems Spring 2010 Dan C. Marinescu Office: HEC 439 B Office hours: M-Wd 2:00-3:00 PM.
Deadline-based Resource Management for Information- Centric Networks Somaya Arianfar, Pasi Sarolahti, Jörg Ott Aalto University, Department of Communications.
KAIS T On the problem of placing Mobility Anchor Points in Wireless Mesh Networks Lei Wu & Bjorn Lanfeldt, Wireless Mesh Community Networks Workshop, 2006.
Routing Around Decoys Max Schuchard, John Geddes, Christopher Thompson, Nicholas Hopper Proposed in FOCI'11, USINIX Security'11 and CCS'11 Presented by:
Anonymity - Background R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide.
Network Computing Laboratory 1 Vivaldi: A Decentralized Network Coordinate System Authors: Frank Dabek, Russ Cox, Frans Kaashoek, Robert Morris MIT Published.
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
Section #7: Getting Data from Point A to Point B.
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.
NETWORK SECURITY HERD: A SCALABLE, TRAFFIC ANALYSIS RESISTANT ANONYMITY NETWORK FOR VOIP SYSTEMS JINGTAO YAO JIAJUN LI ACM HORNORED CLASS.
Stepping Stone Detection at The Server Side
Presented by Edith Ngai MPhil Term 3 Presentation
Anonymous Communication
What's the buzz about HORNET?
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Towards Measuring Anonymity
Exercise ?: TOR.
0x1A Great Papers in Computer Security
Anonymous Communication
Anonymous Communication
Presentation transcript:

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011

Goal of every anonymous communication scheme is to allow users to communicate while concealing information about who communicates with whom.

The Idea Chaum proposed sending messages through a “Mix server” that mixes together messages from several senders before forwarding these messages to their destinations, concealing relationship between sender and receiver. There are many schemes, yet all rely on “mixing” relays.

High-latency Like Mixmaster and Mixminion Deliver messages at a significant delay Schemes implement countermeasures that increase delay – Pool Mixing – Consume Bandwidth Cover Traffic

Low-Latency Like Tor, I2P, AN.ON, Crowds, Anonymizer.com Commercial proxy aggregators Allows anonymous use of application services – Remote login and web browsing Reduced anonymity guaranteed Security against “local” adversary

Malicious servers acting as local adversaries can observe the network latency of a connection made over a Tor circuit 3 experiments that measure the extent to which this information leakage compromises the anonymity of clients using a low-latency anonymity scheme – Analysis of noise-free anonymity leakage – A passive linkability attack – An active client-identification attack

Quick overview of Tor Low-latency, bandwidth-efficient, anonymizing layer for TCP streams With use of at least 3 nodes, no node knows the identities of both communicating parties

Latency without Noise Anonymity circuit imposed no delay at all Difference between connecting to a server normally and over the anonymity service is in the latter, the client’s IP address is missing Best possible case for an attack based solely on Round-Trip Time (RTT) information. Analyzed on MIT King Data Set and PlanetLab systems

Circuit Linking via Latency 2 colluding servers both accept connections from the same exit node The 2 servers try to determine whether they are communicating with different clients or the same client.

Are they the same? The servers have to calculate the RTT between each node in the connection The servers then have to calculate the “queueing” time for each node Add everything to gether If everything is equivalent, then it indicates probabilistically they are the same If not, they come from different distributions

Attack by the server Sends HTML with 1000 separate tags printing empty images. Causes browser to make 1000 separate connections to server. The amount of calls varies, but with a possible 24 concurrent connections, this requires about 42 “rounds” of connections.

2 different tests Comparison of means – Confidence interval for the mean of each sample population with traversal at fixed time Kolmogorov-Smirnov – Computes the largest difference in cumulative probability density between two sample sets Receiver Operating Characteristic Curves – Each point corresponds to the true positive and false positive rates for one setting of the rejection thresholds

Client Location Via Latency Adversary is three logical entities: Aserver, Aclient and Ator Goal is to identify V’s network latency

The Attack Basic Idea – Calculate the RTT between V and E 3 steps – Measuring first hop latency – Estimating candidate RTTs – Eliminating Candidates

Measuring first hop latency Aserver and Ator can determine circuit order after several iterations Aclient connects using the circuit and calculates RTT With information we can estimate the RTT from V to E

Estimating candidate RTTs Need a method to obtain the RTT between two hosts without explicit cooperation of either Vivaldi embedding algorithm – Ease of implementation – Disadvantage: in order to be accurate without cooperation, several nodes must be used for the service

Eliminating Candidates Check all candidates to see if their RTTs are consistent with the estimated RTT between V and E Accepting means the RTT is within 85% of the estimate RTT between V and E

Limitations Limited data on conditional information gain Client location attack assumes that a user repeatedly accesses a server from the same network location

Mitigation Onion routing minimizes the success probability of Murdoch-Danezis’ clogging attack Adding sufficient delays to make the RTT and timing characteristics of Tor servers independent of the underlying network topology

Thank you! Questions?