Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi
Problem Statement Leverage existing popular P2P overlays to send confidential, anonymous messages without keys
Overlays rock! Thousands of nodes Plenty of traffic to hide anonymous communication Diverse membership Nodes unlikely to collude Dynamic Hard to track Ideal for anonymous communication
Overlays suck! Nodes don’t have public keys Nodes are not trustworthy Nodes are unreliable
This talk: Information Slicing Message confidentiality, and source and destination anonymity No public keys Churn resilient
1. Message Confidentiality Without Keys
Confidentiality via Information Slicing Split message to random pieces and send pieces along node-disjoint paths “aaspdgfqw” “asdlfrwe” Random pieces “Borat: Cultural” “Leanings of America” Split into two “Borat: Cultural Leanings of America ” Original Message Randomize them! “Borat: Cultural” “Leanings of America”
MeD Confidentiality via Information Slicing “aaspdgfqw” “asdlfrwe”
Message Recovery by destination Received random pieces “aaspdgfqw” “ asdlfrwe ” “aaspdgfqw” “asdlfrwe” Matrix inversion Pieces of original message “Borat: Cultural” “Leanings of America” Original Message “Borat: Cultural Leanings of America ”
Destination gets all pieces can decode Even an attacker that gets all but one piece cannot decode !
2. Anonymity without Keys
System Setup Anonymous communication has two phases Route Setup A node learns how to forward a received message Data transmission Just follow the routes
Setup Anonymous Routes Each node knows its next hop No one else knows the next hop of a node Why not tell each node the ID of its next hop in a confidential message? Idea : Build anonymity by confidentially sending to each node it’s routing info!
Exponential Blowup! Naïve way to send to a node its next hop
V W R Z Z’s next hop information: R’s next hop information: Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information
Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information V W R Z V and W will know Z and R’s next hops
V W R Z Reuse V to send pieces that belong to different nodes Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information
V W R Z Reuse nodes to send multiple pieces as long as the pieces belong to different messages Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information
Slicing Protocol S S’ Source has multiple IP addresses
R V W Z Slicing Protocol S S’ D X Source organizes nodes into stages
R V W Z Slicing Protocol S S’ D X Destination D is placed randomly (here in last stage)
R V W Z Slicing Protocol S S’ D X Source confidentially tells each node its next hop info
R V W Z Slicing Protocol S S’ D X V receives the ids of its next hops along disjoint paths
R V W Z Slicing Protocol S S’ D X V also receives one piece meant for Z and one for R, but cannot decipher their next hops
R V W Z Slicing Protocol S S’ D X W also receives its info and pieces for Z and R W cannot decipher Z’s and R’s next hops
R V W Z Slicing Protocol S S’ D X V and W have pieces meant for Z and R
R V W Z Slicing Protocol S S’ D X V and W forward the pieces meant for Z and R
R V W Z Slicing Protocol S S’ D X Node disjoint paths to deliver to Z its V and W do not have enough pieces to know Z’s info
R V W Z Slicing Protocol S S’ D X The same for R
R V W Z Slicing Protocol S S’ D X V and W are reused without revealing anything about Z and R’s routing information
R V W Z Slicing Protocol S S’ D X Similarly source constructs entire graph
R V W Z Slicing Protocol S S’ D X Anonymity without keys!
3. Dealing With Churn
Slicing Protocol - Churn What if node V departs? R V W Z S S’ D X
Slicing Protocol - Churn What if node V departs? Destination cannot decode R V W Z S S’ D X X
How Do We Combat Churn? Churn causes data loss Typical solution Add Redundancy Use coding to efficiently add redundancy
Source Coding the Data Source Coding (Erasure Codes) Split into 3 pieces instead of 2 Any 2 pieces suffice to retrieve data Added redundancy of (1/2) = 50%
Source Coding For Robustness S S1 V W R Z D X S2 U P Y X Destination D gets two pieces Can decode Source coding can tolerate one node failure in the network
S S1 V W R Z D X S2 U P Y X What if a second node (here Z) fails? Source Coding For Robustness
S S1 V Z S2 X X W R D X U P Y What if a second node (here Z) fails? Destination D cannot decode Source Coding For Robustness
Coding partially solves problem Z X R S S1 V S2 X W U P D X Y Focus on node R
Coding partially solves problem R Due to upstream node failure, R receives 2 pieces instead of 3
Coding partially solves problem R R can only send out two pieces now, Initial redundancy is destroyed
Regenerating Redundancy R Pieces are linear combinations of message fragments
Network Coding R R can create a linear combination of the pieces he received to generate a new piece Take Linear combination of the pieces New piece
Network Coding R R can now send out 3 pieces instead of 2 Redundancy is regenerated inside the network
Network Coding R Can tolerate downstream node failures Network coding can tolerate one node failure in every stage
General Network Coding Nodes send linear combinations of incoming pieces Technique generalizes to any number of extra pieces For k extra pieces, network coding tolerates k failures in every stage
4. Evaluation
Evaluation Environment Implementation in Python Evaluated both in simulation and on PlanetLab Evaluate anonymity, performance and churn resilience Each metric is evaluated against the optimal existing baseline
Anonymity Simulate an overlay of nodes Attackers are placed randomly in the network Attackers can control nodes, snoop on their edges, and collude Comparison with Chaum mixes (optimal baseline) Entropy is standard anonymity metric Anonymity
How anonymous is information slicing? Fraction of Attacking Nodes Anonymity High anonymity despite no keys Source Anonymity Info. Slicing Chaum mix
Churn Resilience Compared against practical anonymity system Onion Routing For fairness, onion routing is modified to have redundancy using source coding Metric: Prob. of successfully sending a message, given a particular redundancy
Churn Resilience Info. Slicing Onion Routing with source coding Probability of Success Added Redundancy Large increase in probability of success because of network coding Results for a Probability of Node Failure = 0.3
Implementation on PlanetLab
Churn Resilience - Planetlab Added Redundancy Probability of Success Network Coding nearly doubles the churn resilience with the same overhead!
Performance No. of Stages Throughput (Mb/s) No. of Stages Info. Slicing Onion Routing Two nodes in each stage and five stages Local Network PlanetLab Parallel paths Increased throughput Info. Slicing
Conclusion Confidentiality Node disjoint paths Low Cost Anonymity Node Reuse Churn Resilience Network Coding Enabled anonymous communication in P2P overlays with no keys. Information Slicing provides