Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Slides:

Advertisements

Similar presentations

SkipNet: A Scalable Overlay Network with Practical Locality Properties Nick Harvey, Mike Jones, Stefan Saroiu, Marvin Theimer, Alec Wolman Microsoft Research.

Advertisements

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

P2P Systems and Distributed Hash Tables Section COS 461: Computer Networks Spring 2011 Mike Freedman

CHORD: A Peer-to-Peer Lookup Service CHORD: A Peer-to-Peer Lookup Service Ion StoicaRobert Morris David R. Karger M. Frans Kaashoek Hari Balakrishnan Presented.

Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.

Chord A Scalable Peer-to-peer Lookup Service for Internet Applications

Sylvia Ratnasamy, Paul Francis, Mark Handley, Richard Karp, Scott Schenker Presented by Greg Nims.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

1 PASTRY Partially borrowed from Gabi Kliot ’ s presentation.

Secure routing for structured peer-to-peer overlay networks M. Castro, P. Druschel, A. Ganesch, A. Rowstron, D.S. Wallach 5th Unix Symposium on Operating.

Open Problems in Data- Sharing Peer-to-Peer Systems Neil Daswani, Hector Garcia-Molina, Beverly Yang.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Peer to Peer File Sharing Huseyin Ozgur TAN. What is Peer-to-Peer?  Every node is designed to(but may not by user choice) provide some service that helps.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Secure routing for structured peer-to-peer overlay networks Miguel Castro, Ayalvadi Ganesh, Antony Rowstron Microsoft Research Ltd. Peter Druschel, Dan.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

SkipNet: A Scalable Overlay Network with Practical Locality Properties Nick Harvey, Mike Jones, Stefan Saroiu, Marvin Theimer, Alec Wolman Microsoft Research.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

Object Naming & Content based Object Search 2/3/2003.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Topics in Reliable Distributed Systems Fall Dr. Idit Keidar.

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

EPFL-I&C-LSIR [P-Grid.org] Workshop on Distributed Data and Structures ’04 NCCR-MICS [IP5] presented by Anwitaman Datta Joint work with Karl Aberer and.

Peer-to-Peer Networks Slides largely adopted from Ion Stoica’s lecture at UCB.

Peer-to-peer file-sharing over mobile ad hoc networks Gang Ding and Bharat Bhargava Department of Computer Sciences Purdue University Pervasive Computing.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

1CS 6401 Peer-to-Peer Networks Outline Overview Gnutella Structured Overlays BitTorrent.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Freenet: A Distributed Anonymous Information Storage and Retrieval System Presentation by Theodore Mao CS294-4: Peer-to-peer Systems August 27, 2003.

Mobile Ad-hoc Pastry (MADPastry) Niloy Ganguly. Problem of normal DHT in MANET No co-relation between overlay logical hop and physical hop – Low bandwidth,

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Tapestry GTK Devaroy (07CS1012) Kintali Bala Kishan (07CS1024) G Rahul (07CS3009)

Network Layer (3). Node lookup in p2p networks Section in the textbook. In a p2p network, each node may provide some kind of service for other.

1 PASTRY. 2 Pastry paper “ Pastry: Scalable, decentralized object location and routing for large- scale peer-to-peer systems ” by Antony Rowstron (Microsoft.

PIC: Practical Internet Coordinates for Distance Estimation Manuel Costa joint work with Miguel Castro, Ant Rowstron, Peter Key Microsoft Research Cambridge.

1 Reading Report 5 Yin Chen 2 Mar 2004 Reference: Chord: A Scalable Peer-To-Peer Lookup Service for Internet Applications, Ion Stoica, Robert Morris, david.

Chord: A Scalable Peer-to-peer Lookup Protocol for Internet Applications Xiaozhou Li COS 461: Computer Networks (precept 04/06/12) Princeton University.

SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.

Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications.

Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan Presented.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.

The new protocol of freenet Taken from Ian Clarke and Oskar Sandberg (The Freenet Project)

Pastry: Scalable, decentralized object location and routing for large-scale peer-to-peer systems Antony Rowstron and Peter Druschel, Middleware 2001.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

1. Efficient Peer-to-Peer Lookup Based on a Distributed Trie 2. Complex Queries in DHT-based Peer-to-Peer Networks Lintao Liu 5/21/2002.

P2PSIP Security Analysis and evaluation draft-song-p2psip-security-eval-00 Song Yongchao Ben Y. Zhao

Peer to Peer Network Design Discovery and Routing algorithms

Algorithms and Techniques in Structured Scalable Peer-to-Peer Networks

LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.

PeerNet: Pushing Peer-to-Peer Down the Stack Jakob Eriksson, Michalis Faloutsos, Srikanth Krishnamurthy University of California, Riverside.

CS694 - DHT1 Distributed Hash Table Systems Hui Zhang University of Southern California.

Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications * CS587x Lecture Department of Computer Science Iowa State University *I. Stoica,

Instructor Materials Chapter 9: NAT for IPv4

A Replica Location Service

Routing and Switching Essentials v6.0

Routing and Switching Essentials v6.0

Instructor Materials Chapter 9: NAT for IPv4

Presentation by Theodore Mao CS294-4: Peer-to-peer Systems

P2P Systems and Distributed Hash Tables

A Semantic Peer-to-Peer Overlay for Web Services Discovery

Presentation transcript:

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011

Anonymous Networks Serve as an important tool – Online privacy – Censorship resistance – Surveillance evasion – Safeguarding freedom of expression online

Anonymity Guidelines Hiding among more users provides stronger anonymity Usability, latency, and scalability therefore contribute to security

Clarification All schemes considered here fall under certain specific criteria – Based on the circuit model – Provide low-latency connections – Anonymity based on limited knowledge of the circuit

Tor Rely on a global list of all active nodes in the network – Limited scalability due to quadratic communication costs

Distributed Hash Table Node is assigned an identifier (nodeID) Specific data are also assigned keys Overlay designates ownership of a set of keys to a single live node (root) Each node maintains a routing table Every routing table maintains a number of distinct entries

DHT Queries Two main types of queries – Recursive – Iterative Both processes take O(log n) steps

Recursive Queries Source gives control of the query to the closest node to the target Process repeats until the root is found (or not) Passes data back

Iterative Queries Requests data from node in routing table with greatest prefix match Queried node responds with location of node with greater prefix match Source node continues chain of queries until no greater match can be found The result must now be the intended target (if it exists)

Recursive Query Example A C D B

Iterative Query Example A C D B

Note on Routing Types Node failure does not necessarily identify the source of the failure for recursive routing – Selective uncooperation is possible without running the risk of being blacklisted Iterative routing does not share this problem – Passive attacks on anonymity can occur

DHT Attacks Two main security issues – Passing a query through a malicious node is statistically likely – Query result accuracy is difficult to verify

Query Capture Query is captured if any hops used are controlled by an attacker With a small fraction ( < 20%) of compromised nodes, this can be very likely

Adversary’s Options Once an attacker has a captured query, he has three options – Forward the query to a malicious (or possibly nonexistent) node – Drop the query – Log the query

Mitigating Attacks Several options for minimizing the ability of adversaries to operate effectively – Make nodeID’s verifiable – Redundant queries – “density check”

Verifiable nodeID’s Can be implemented by hashing IP addresses for use as nodeID’s Attackers cannot place a malicious node without controlling an IP address that maps to the desired space Unable to easily support NAT boxes without a security tradeoff

Redundant Queries Multiple routes are followed Precautions must be taken to prevent path convergence Increases bandwidth overhead Increased likelihood of identity compromise On average, the majority of paths will be compromised – Cannot easily distinguish valid responses

“Density Check” Tests if the distance between a result node and the key is consistent with the distribution of nodeID’s near the source If this distance is too large (e.g. 1.5x greater), the result of the query is rejected Must have a sufficiently large number of nodes to be accurate

Insecure Relay Selection Lack of proper security measures applied to DHT lookups In general, traditional security methods are insufficient to prevent a bias towards selecting malicious nodes No clear method to verify if a particular peer is the current root of a key – A malicious node could claim to be the correct result of a query

Insecure Relay Selection, Cont. A malicious node may return offline nodes A threshold-type scheme may also prove unreliable – On average, the majority of redundant routes will pass through a malicious node

Vulnerable Schemes Out of ten different DHT-based anonymous overlay networks: – Two specify mechanisms to prevent DHT lookup failures – Five use overlay circuit extension with no provisions for redundant routing – The remaining three make no provisions for robustness

Questions?