Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University.

Slides:



Advertisements
Similar presentations
1 Scaling Advanced Real-Time Communications Bob Alice User Campus / Enterprise UserWANs/MANs/LANs Campus / Enterprise Host Network-Layer Connectivity high-performance,
Advertisements

Tor: The Second-Generation Onion Router
LASTor: A Low-Latency AS-Aware Tor Client
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
Spring 2000CS 4611 Introduction Outline Statistical Multiplexing Inter-Process Communication Network Architecture Performance Metrics.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Infrastructure as a Service (IaaS) Amazon EC2
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Public cloud definition Public cloud is a cloud in which Cloud infrastructure is available to the general public. Public cloud define cloud computing.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
© 2009 IBM Corporation RESEARCH Peeking into Cloud for better Application Manageability Sambit Sahu IBM Research.
Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?
CSE 190: Internet E-Commerce Lecture 16: Performance.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.
Cloud Computing (101).
Overlay Architecture and API Fang Yu Noah Treuhaft Takashi Suzuki Matthew Caesar.
Building a Strong Foundation for a Future Internet Jennifer Rexford ’91 Computer Science Department (and Electrical Engineering and the Center for IT Policy)
Jennifer Rexford Princeton University MW 11:00am-12:20pm Data-Center Traffic Management COS 597E: Software Defined Networking.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
The Anonymous File Transfer Network
Aaron Johnson U.S. Naval Research Laboratory CSci 6545 George Washington University 11/18/2013.
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.
Polycom Conference Firewall Solutions. 2 The use of Video Conferencing Is Rapidly Growing More and More people are adopting IP conferencing Audio and.
Sofya Rozenblat 11/26/2012 CS 105 TOR ANONYMITY NETWORK.
A User Experience-based Cloud Service Redeployment Mechanism KANG Yu.
Barracuda Load Balancer Server Availability and Scalability.
Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.
Allerton 2011 September 28 Mathias Humbert, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux EPFL - Laboratory for Communications and Applications (LCA1)
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
CustomerSegment and workloads Your Datacenter Active Directory SharePoint SQL Server.
Module 4: Designing Routing and Switching Requirements.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks C. Loomis (CNRS/LAL) M.-E. Bégin (SixSq.
Zhen Ling Southeast University Extensive Analysis and Large-Scale Empirical Evaluation of Tor Bridge Discovery In collaboration with Junzhou Luo, Southeast.
Example: Sorting on Distributed Computing Environment Apr 20,
1 November 2006 in Dagstuhl, Germany
SECURITY AS A SERVICE: CHALLENGES AND UNDERSTANDING TELECOM PARIS TECH- FRANCE FOUAD GUENANE 26/02/2015.
1 NETE4631 Course Wrap-up and Benefits, Challenges, Risks Lecture Notes #15.
How AWS Pricing Works Jinesh Varia Technology Evangelist.
McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 20 PHILLIPA GILL - STONY BROOK U.
Cloud Computing is a Nebulous Subject Or how I learned to love VDF on Amazon.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
1 Draft RTC Architecture From “Next Steps for Internet2 Real Time Communications”
Tor Bruce Maggs relying on materials from
Trusted Virtual Machine Images the HEPiX Point of View Tony Cass October 21 st 2011.
Tor Bruce Maggs relying on materials from
Agenda Current Network Limitations New Network Requirements About Enterasys Security Branch Office Routers Overall Enterprise Requirements Proposed Solution.
The Community Cloud Don Welch Merit Network. Definitions l My Definition: Shared Services above the campus l Elastic demand can be very deliberate l Can.
Introduction to VMware Virtualization
CS590B/690B Detecting Network Interference (FALL 2016)
Anonymous Communication
What's the buzz about HORNET?
Your Business Opportunity
NYMBLE: BLOCKING MISBEHAVING USERS IN ANONYMIZING NETWORKS
An Introduction to Privacy and Anonymous Communication
0x1A Great Papers in Computer Security
Anonymous Communication
AWS Cloud Computing Masaki.
An Update on Multihoming in IPv6 Report on IETF Activity
دیواره ی آتش.
Anonymous Communications
Bruce Maggs relying on materials from
Bruce Maggs relying on materials from
Presentation transcript:

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University

We

and

but...

and

CORCOR outing loud-based nion

Benefits, Risks, and Challenges  Potential benefits of cloud infrastructure  High performance  Adaptability to censorship  Economic challenges  New security problems

Benefits of Cloud Infrastructure Performance (latency, throughput) Censorship Resistance

Performance  Individual nodes are higher bandwidth  Ability to add and remove nodes to meet demand 5:00 P.M.7:00 P.M.8:00 P.M.11:00 P.M.12:00 A.M.2:00 A.M.

COR has higher throughput than Tor US Only US & International 7.6x speedup

Multi-homed Datacenters are Harder to Monitor Datacenter Home 1-10 Mbps Sprint Level 3 AT&T Gbps

Blocking Clouds Causes Collateral Damage X X X X

Benefits of Clouds  Higher performance  Elasticity to scale to demand  Multi-homing and scale makes eavesdropping difficult  Elasticity forces censors to make hard choices: collateral damage or unblocked access

Economics Cloud pricing is affordable for end users

Cost of running COR in the cloud  Cloud providers charge for CPU and bandwidth Amazon EC2 Pricing  CPU is cheap  100+ users on a 34 ¢/hr node  Bandwidth is dominant cost  100MB as low as 1 ¢

Tor’s Total Bandwidth Cost in the Cloud Approximately 900 MB/s 376 TB/month COR Cost: $61,200/month

Security Challenges and Solutions Involved Parties and Trust Model Building Tunnels Paying for Tunnels Learning About Relays

Distributing Trust  Tor  Tunnels between volunteer relays  COR  Tunnels between clouds from different providers

Is that sufficient?  Should users pay cloud providers directly?  Not anonymous: Credit cards and Paypal leak info  Another layer of indirection: Anonymity Service Providers  Operate relays and pay cloud providers  Mask users’ identities  Accept anonymous payment for access

System Roles  Cloud Hosting Providers (CHPs)  Provide infrastructure for COR relays  Anonymity Service Providers (ASPs)  Run relays and directory servers  Sell tokens  Redeemable for XX MB of connectivity or XX amount of time

System Architecture Example Organizations used above are examples only Cloud Hosting Providers IP IP Anonymity Service Providers

Circuit Construction Must be Policy Aware  Two relays within each datacenter  Different entry and exit ASPs  Different entry and exit CHPs  ASP and CHP relays are contiguous within a circuit

Paying for Access  Users purchase tokens  Redeem tokens for access (bandwidth or time)  Chaum’s e-cash:  Cryptographically untraceable

How do users gain access?  Users need two things:  Tokens  COR Directory  Solution: Bootstrapping Network  Low speed  High Latency  Free

Adversaries enumerate and block ingress  Current technologies  Tor Bridges  Two separate problems:  COR Relays  High speed, low latency, not free  Bootstrapping  Low speed, high latency, free

Summary Tor COR Secure High Speed Dynamic Scaling Free Adaptive to censorship

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.