The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

Tor: The Second-Generation Onion Router

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

IUT– Network Security Course 1 Network Security Firewalls.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

1 Freeriders in P2P: Pricing Incentives Don Towsley UMass-Amherst collaborators: D. Figueiredo, J. Shapiro.

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

Xinwen Fu Anonymous Communication & Computer Forensics Computer & Network Forensics.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Analysis of Onion Routing Presented in by Jayanthkumar Kannan On 10/8/03.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.

Routing Security in Ad Hoc Networks

Anonymization and Privacy Services Infranet: Circumventing Web Censorship and Surveillance, Feamster et al, Usenix Security Symposium 2002.

Internet In A Slice Andy Bavier CS461 Lecture.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Circuit & Application Level Gateways CS-431 Dick Steflik.

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

A distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications From U. of Dortmund, Germany.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

0x1A Great Papers in Computer Security Vitaly Shmatikov CS 380S

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.

KaZaA: Behind the Scenes Shreeram Sahasrabudhe Lehigh University

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Introduction Widespread unstructured P2P network

Trusted Computing, Peer-To-Peer Distribution, and the Economics of Pirated Entertainment Peter Scott Based on paper by S. E. Schechter, R. A. Greenstadt,

Chapter 13 – Network Security

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.

An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.

Anonymous Communication -- a brief survey

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Lecture 14: Anonymity on the Web (cont) Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.

Virtual Private Ad Hoc Networking Jeroen Hoebeke, Gerry Holderbeke, Ingrid Moerman, Bard Dhoedt and Piet Demeester 2006 July 15, 2009.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

SybilGuard: Defending Against Sybil Attacks via Social Networks.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 22 PHILLIPA GILL - STONY BROOK U.

Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.

Onion Routing R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

End-to-End Principle Brad Karp UCL Computer Science CS 6007/GC15/GA07 25 th February, 2009.

Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.

1 Anonymous Communications CSE 5473: Network Security Lecture due to Prof. Dong Xuan Some material from Prof. Joan Feigenbaum.

Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.

SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.

CIS 700-5: The Design and Implementation of Cloud Networks

Onions and Garlic: the protocols of I2P

Computer Science Graduate Student Jinhae Kim

Instructor Materials Chapter 9: NAT for IPv4

Anonymous Communication

Routing and Switching Essentials v6.0

0x1A Great Papers in Computer Security

Instructor Materials Chapter 9: NAT for IPv4

Anonymous Communication

Anonymous Communication

Presentation transcript:

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March 7,

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 2 Participant can communicate anonymously with non-participant User can talk to CNN.com User ? ? Nobody knows who user is The Grail of Anonymization

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 3 Our Vision for Anonymization Millions of nodes participate Bounce traffic off one another Mechanism to organize nodes: peer-to-peer All applications can use: IP layer

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 4 Alternative 1: Proxy Approach Intermediate node to proxy traffic Completely trust the proxy Anonymizer.com User Proxy

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 5 Realistic Threat Model Corrupt proxy –Adversary runs proxy –Adversary targets proxy and compromises Limited, localized network sniffing Global passive observer? Adaptive active adversary? Use cover network: a different paper

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 6 Failures of Proxy Approach User Proxy Traffic analysis is easy Proxy reveals identity

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 7 Failures of Proxy Approach User Proxy X X CNN blocks connections from proxy Traffic analysis is easy Adversary blocks access to proxy (DoS) Proxy reveals identity

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 8 Alternative 2: Centralized Mixnet User Relay MIX encoding creates encrypted tunnel of relays –Individual malicious relays cannot reveal identity Packet forwarding through tunnel Onion Routing, Freedom Small-scale, static network, not general-purpose

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 9 Failures of Centralized Mixnet Relay CNN blocks core routers X

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 10 Relay Failures of Centralized Mixnet CNN blocks core routers Adversary targets core routers Relay

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 11 Relay Failures of Centralized Mixnet Relay CNN blocks core routers Adversary targets core routers Allows network-edge analysis Relay

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 12 Tarzan: Me Relay, You Relay Millions of nodes participate Build tunnel over random set of nodes Crowds: small-scale, not self-organizing, not a mixnet

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 13 Benefits of Peer-to-Peer Design No network edge to analyze: First hop does not know he’s first ? ? ? ? ? CNN cannot block everybody Adversary cannot target everybody

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 14 Managing Peers Requires a mechanism that 1.Discovers peers 2.Scalable 3.Robust against adversaries

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 15 Adversary can join more than once Due to lack of central authentication Adversaries Can Join System Try to prevent adversary from impersonating large address space

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 16 Stopping Evil Peers Contact peers directly to –Validate IP address –Learn public key Adversary can only answer small address space

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 17 Tarzan: Joining the System 1. Contacts known peer in big (Chord) network 2. Learns of a few peers for routing queries User

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage Contacts random peers to learn {IP addr, PK} Performs Chord lookup(random) Tarzan: Discovering Peers User

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 19 Tarzan: Building Tunnel User 4. Iteratively selects peers and builds tunnel Public-key encrypts tunnel info during setup Maps flowid  session key, next hop IP addr Tunnel Private Address Public Alias Address Real IP Address PNAT

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 20 IP Tarzan: Tunneling Data Traffic 5. Reroutes packets over this tunnel User APP Diverts packets to tunnel source router IP X

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 21 IP Tarzan: Tunneling Data Traffic 5. Reroutes packets over this tunnel User APP IP NATs to private address space x.x Layer encrypts packet

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 22 Encapsulates in UDP and forwards packet Strips off encryption, forwards to next hop Tarzan: Tunneling Data Traffic 5. Reroutes packets over this tunnel User IP APP

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 23 IP NATs again to public alias address Tarzan: Tunneling Data Traffic 5. Reroutes packets over this tunnel User APP

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 24 Tarzan: Tunneling Data Traffic 5. Reroutes packets over this tunnel User APP Reads IP headers and sends accordingly IP

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 25 Response repeats process in reverse IP Tarzan: Tunneling Data Traffic 5. Reroutes packets over this tunnel User IP APP IP

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 26 Tarzan: Tunneling Data Traffic Transparently supports anonymous servers Can build double-blinded channels Server IP APP IP Oblivious User

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 27 Tarzan is Fast (Enough) Prototype implementation in C++ Setup time per hop: ~20 ms + transmission time Packet forwarding per hop: < 1 ms + transmission time Network latency dominates performance

March 7, 2002 The Case for Network-Layer, Peer-to-Peer AnonymizationPage 28 Summary Gain anonymity: –Millions of relays –No centralization Transparent IP-layer anonymization –Towards a critical mass of users Peer-to-Peer design