Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.

Slides:



Advertisements
Similar presentations
Multicasting in Mobile Ad hoc Networks By XIE Jiawei.
Advertisements

XORs in The Air: Practical Wireless Network Coding
Opportunistic Routing Is Missing Its Opportunities! Sachin Katti & Dina Katabi.
Symbol Level Network Coding By Sachin Katti, Dina Katabi, Hari Balakrishnan, Muriel Medard Sigcomm 2008.
TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Highly-Resilient, Energy-Efficient Multipath Routing in Wireless Sensor Networks Computer Science Department, UCLA International Computer Science Institute,
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Search and Replication in Unstructured Peer-to-Peer Networks Pei Cao, Christine Lv., Edith Cohen, Kai Li and Scott Shenker ICS 2002.
LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Monday, June 01, 2015 ARRIVE: Algorithm for Robust Routing in Volatile Environments 1 NEST Retreat, Lake Tahoe, June
Slicing the Onion: Anonymous Routing without PKI Saurabh Shrivastava CS 259
Multicasting in Mobile Ad-Hoc Networks (MANET)
Compressive Oversampling for Robust Data Transmission in Sensor Networks Infocom 2010.
Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.
Using Redundancy to Cope with Failures in a Delay Tolerant Network Sushant Jain, Michael Demmer, Rabin Patra, Kevin Fall Source:
Exploring Tradeoffs in Failure Detection in P2P Networks Shelley Zhuang, Ion Stoica, Randy Katz HIIT Short Course August 18-20, 2003.
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
PROXY FOR CONNECTIVITY We consider the k shortest edge disjoint paths between a pair of nodes and define a hyperlink, whose ‘connectivity’ is defined as:
Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.
Sociological Influences on Mobile Wireless Networks Chunming Qiao, Ph.D., Professor University at Buffalo (SUNY) Director, Laboratory for Advanced Network.
Practical Network Support for IP Traceback Internet Systems and Technologies - Monitoring.
Delivery, Forwarding, and Routing
P2P Course, Structured systems 1 Skip Net (9/11/05)
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
MuON: Epidemic Based Mutual Anonymity Neelesh Bansod, Ashish Malgi, Byung Choi and Jean Mayo.
 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.
Study and Implementation of Efficient Security for Wireless Networks 8/25/20151 M. Razvi Doomun Faculty of Engineering University of Mauritius
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
A Tale of Research: From Crowds to Deeper Understandings Matthew Wright Jan. 25, : Adv. Network Security.
IPDPS 2007 Making Peer-to-Peer Anonymous Routing Resilient to Failures Yingwu Zhu Seattle University
Repairable Fountain Codes Megasthenis Asteris, Alexandros G. Dimakis IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 32, NO. 5, MAY /5/221.
1 Meeyoung Cha, Sue Moon, Chong-Dae Park Aman Shaikh Placing Relay Nodes for Intra-Domain Path Diversity To appear in IEEE INFOCOM 2006.
CS An Overlay Routing Scheme For Moving Large Files Su Zhang Kai Xu.
Efficient Network-Coding-Based Opportunistic Routing Through Cumulative Coded Acknowledgments Dimitrios Koutsonikolas, Chih-Chun Wang and Y. Charlie Hu.
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Network Coding Testbed Jeremy Bergan, Ben Green, Alex Lee.
Impact of Neighbor Selection on Performance and Resilience of Structured P2P Networks IPTPS Feb. 25, 2005 Byung-Gon Chun, Ben Y. Zhao, and John Kubiatowicz.
Resilient P2P Anonymous Routing by Using Redundancy Yingwu Zhu.
Freenet File sharing for a political world. Freenet: A Distributed Anonymous Information Storage and Retrieval System I. Clarke, O. Sandberg, B. Wiley,
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Revisiting the Contract Between Layers Sachin Katti Dina Katabi, Hari Balakrishnan, Muriel Medard.
Optimal Content Delivery with Network Coding Derek Leong, Tracey Ho California Institute of Technology Rebecca Cathey BAE Systems CISS 2009 March 19, 2009.
Dual-Region Location Management for Mobile Ad Hoc Networks Yinan Li, Ing-ray Chen, Ding-chau Wang Presented by Youyou Cao.
Eclipse Attacks on Overlay Networks: Threats and Defenses By Atul Singh, et. al Presented by Samuel Petreski March 31, 2009.
LightFlood: An Efficient Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Trading Coordination For Randomness Szymon Chachulski Mike Jennings, Sachin Katti, and Dina Katabi.
Tufts Wireless Laboratory School Of Engineering Tufts University Paper Review “An Energy Efficient Multipath Routing Protocol for Wireless Sensor Networks”,
Effects of adding Arbitrary Physical Nodes to a Mobile Ad-Hoc Network Utilizing an Anonymity System By Ian Cavitt.
a/b/g Networks Routing Herbert Rubens Slides taken from UIUC Wireless Networking Group.
Nour KADI, Khaldoun Al AGHA 21 st Annual IEEE International Symposium on Personal, Indoor and Mobile Radio Communications 1.
LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.
Dynamic Control of Coding for Progressive Packet Arrivals in DTNs.
Spring 2000CS 4611 Routing Outline Algorithms Scalability.
A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.
Peter Pham and Sylvie Perreau, IEEE 2002 Mobile and Wireless Communications Network Multi-Path Routing Protocol with Load Balancing Policy in Mobile Ad.
Placing Relay Nodes for Intra-Domain Path Diversity Meeyoung Cha Sue Moon Chong-Dae Park Aman Shaikh Proc. of IEEE INFOCOM 2006 Speaker 游鎮鴻.
Cooperative Caching in Wireless P2P Networks: Design, Implementation And Evaluation.
Author:Zarei.M.;Faez.K. ;Nya.J.M.
Multi Node Label Routing – A layer 2.5 routing protocol
GPSR Greedy Perimeter Stateless Routing
Xors in the air Sachin Katti, Hariharan Rahul, Wenjun Hu, Dina Katabi, Muriel Medard, Jon Crowcroft.
Intra-Domain Routing Jacob Strauss September 14, 2006.
任課教授:陳朝鈞 教授 學生:王志嘉、馬敏修
ECE 544 Protocol Design Project 2016
CRBcast: A Collaborative Rateless Scheme for Reliable and Energy-Efficient Broadcasting in Wireless Sensor/Actuator Networks Nazanin Rahnavard, Badri N.
COMPUTER NETWORKS CS610 Lecture-16 Hammad Khalid Khan.
Achieving Resilient Routing in the Internet
Presentation transcript:

Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi

Problem Statement Leverage existing popular P2P overlays to send confidential, anonymous messages without keys

Overlays rock! Thousands of nodes Plenty of traffic to hide anonymous communication Diverse membership  Nodes unlikely to collude Dynamic  Hard to track Ideal for anonymous communication

Overlays suck! Nodes don’t have public keys Nodes are not trustworthy Nodes are unreliable

This talk: Information Slicing Message confidentiality, and source and destination anonymity No public keys Churn resilient

1. Message Confidentiality Without Keys

Confidentiality via Information Slicing Split message to random pieces and send pieces along node-disjoint paths “aaspdgfqw” “asdlfrwe” Random pieces “Borat: Cultural” “Leanings of America” Split into two “Borat: Cultural Leanings of America ” Original Message Randomize them! “Borat: Cultural” “Leanings of America”

MeD Confidentiality via Information Slicing “aaspdgfqw” “asdlfrwe”

Message Recovery by destination Received random pieces “aaspdgfqw” “ asdlfrwe ” “aaspdgfqw” “asdlfrwe” Matrix inversion Pieces of original message “Borat: Cultural” “Leanings of America” Original Message “Borat: Cultural Leanings of America ”

Destination gets all pieces  can decode Even an attacker that gets all but one piece cannot decode !

2. Anonymity without Keys

System Setup Anonymous communication has two phases Route Setup A node learns how to forward a received message Data transmission Just follow the routes

Setup Anonymous Routes Each node knows its next hop No one else knows the next hop of a node Why not tell each node the ID of its next hop in a confidential message? Idea : Build anonymity by confidentially sending to each node it’s routing info!

Exponential Blowup! Naïve way to send to a node its next hop

V W R Z Z’s next hop information: R’s next hop information: Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information

Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information V W R Z V and W will know Z and R’s next hops

V W R Z Reuse V to send pieces that belong to different nodes Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information

V W R Z Reuse nodes to send multiple pieces as long as the pieces belong to different messages Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information

Slicing Protocol S S’ Source has multiple IP addresses

R V W Z Slicing Protocol S S’ D X Source organizes nodes into stages

R V W Z Slicing Protocol S S’ D X Destination D is placed randomly (here in last stage)

R V W Z Slicing Protocol S S’ D X Source confidentially tells each node its next hop info

R V W Z Slicing Protocol S S’ D X V receives the ids of its next hops along disjoint paths

R V W Z Slicing Protocol S S’ D X V also receives one piece meant for Z and one for R, but cannot decipher their next hops

R V W Z Slicing Protocol S S’ D X W also receives its info and pieces for Z and R W cannot decipher Z’s and R’s next hops

R V W Z Slicing Protocol S S’ D X V and W have pieces meant for Z and R

R V W Z Slicing Protocol S S’ D X V and W forward the pieces meant for Z and R

R V W Z Slicing Protocol S S’ D X Node disjoint paths to deliver to Z its V and W do not have enough pieces to know Z’s info

R V W Z Slicing Protocol S S’ D X The same for R

R V W Z Slicing Protocol S S’ D X V and W are reused without revealing anything about Z and R’s routing information

R V W Z Slicing Protocol S S’ D X Similarly source constructs entire graph

R V W Z Slicing Protocol S S’ D X Anonymity without keys!

3. Dealing With Churn

Slicing Protocol - Churn What if node V departs? R V W Z S S’ D X

Slicing Protocol - Churn What if node V departs? Destination cannot decode R V W Z S S’ D X X

How Do We Combat Churn? Churn causes data loss Typical solution  Add Redundancy Use coding to efficiently add redundancy

Source Coding the Data Source Coding (Erasure Codes) Split into 3 pieces instead of 2 Any 2 pieces suffice to retrieve data Added redundancy of (1/2) = 50%

Source Coding For Robustness S S1 V W R Z D X S2 U P Y X Destination D gets two pieces  Can decode Source coding can tolerate one node failure in the network

S S1 V W R Z D X S2 U P Y X What if a second node (here Z) fails? Source Coding For Robustness

S S1 V Z S2 X X W R D X U P Y What if a second node (here Z) fails? Destination D cannot decode Source Coding For Robustness

Coding partially solves problem Z X R S S1 V S2 X W U P D X Y Focus on node R

Coding partially solves problem R Due to upstream node failure, R receives 2 pieces instead of 3

Coding partially solves problem R R can only send out two pieces now, Initial redundancy is destroyed

Regenerating Redundancy R Pieces are linear combinations of message fragments

Network Coding R R can create a linear combination of the pieces he received to generate a new piece Take Linear combination of the pieces New piece

Network Coding R R can now send out 3 pieces instead of 2 Redundancy is regenerated inside the network

Network Coding R Can tolerate downstream node failures Network coding can tolerate one node failure in every stage

General Network Coding Nodes send linear combinations of incoming pieces Technique generalizes to any number of extra pieces For k extra pieces, network coding tolerates k failures in every stage

4. Evaluation

Evaluation Environment Implementation in Python Evaluated both in simulation and on PlanetLab Evaluate anonymity, performance and churn resilience Each metric is evaluated against the optimal existing baseline

Anonymity Simulate an overlay of nodes Attackers are placed randomly in the network Attackers can control nodes, snoop on their edges, and collude Comparison with Chaum mixes (optimal baseline) Entropy is standard anonymity metric Anonymity

How anonymous is information slicing? Fraction of Attacking Nodes Anonymity High anonymity despite no keys Source Anonymity Info. Slicing Chaum mix

Churn Resilience Compared against practical anonymity system  Onion Routing For fairness, onion routing is modified to have redundancy using source coding Metric: Prob. of successfully sending a message, given a particular redundancy

Churn Resilience Info. Slicing Onion Routing with source coding Probability of Success Added Redundancy Large increase in probability of success because of network coding Results for a Probability of Node Failure = 0.3

Implementation on PlanetLab

Churn Resilience - Planetlab Added Redundancy Probability of Success Network Coding nearly doubles the churn resilience with the same overhead!

Performance No. of Stages Throughput (Mb/s) No. of Stages Info. Slicing Onion Routing Two nodes in each stage and five stages Local Network PlanetLab Parallel paths  Increased throughput Info. Slicing

Conclusion Confidentiality  Node disjoint paths Low Cost Anonymity  Node Reuse Churn Resilience  Network Coding Enabled anonymous communication in P2P overlays with no keys. Information Slicing provides