Privacy in ICN Nikos Fotiou and George Xylomenos Mobile Multimedia Laboratory Department of Informatics AUEB, Greece PURSUIT: Publish Subscribe Internet.

Slides:

Advertisements

Similar presentations

I2ComM 2008 Colombia, Cartagena February 22 Next Generation Internet Architectures: Current Status and Challenges Fábio Luciano Verdi University of Campinas.

Advertisements

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Information-centric networking: Concepts for a future Internet David D. Clark, Karen Sollins MIT CFP November, 2012.

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Security: Packet Level Authentication and Pub/Sub Security Solution Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT)

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.

Resilience Issues in Information Centric Networks Ning Wang University of Surrey.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

Denial of Service in Sensor Networks Anthony D. Wood and John A. Stankovic.

IPv6 Multihoming Support in the Mobile Internet Presented by Paul Swenson CMSC 681, Fall 2007 Article by M. Bagnulo et. al. and published in the October.

Mobility in a Publish Subscribe Internetwork Dr. Dmitrij Lagutin Helsinki Institute for Information Technology (HIIT) (based on slides by Prof. George.

Location vs. Identities in Internet Content: Applying Information-Centric Principles in Today’s Networks Instructor: Assoc. Prof. Chung-Horng Lung Group.

Access Control Enforcement Delegation for Information-Centric Networking Architectures N. Fotiou, G.F. Marias, G.C Polyzos.

1/32 Internet Architecture Lukas Banach Tutors: Holger Karl Christian Dannewitz Monday C. Today I³SI³HIPHI³.

Content-based Routing for Information Centric Networks D. Reininger ECE 544 Spring 2014.

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Reliable Internetworking using the Pub/Sub Paradigm Nikos Fotiou Advisor: Prof. George C. Polyzos Mobile Multimedia Laboratory, Department of Informatics.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

Illustrating a Publish-Subscribe Internet Architecture Nikolaos Fotiou 1 George C. Polyzos 1 Dirk Trossen 2 Presenter: Konstantinos Katsaros 1 1 Athens.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.

PURSUIT Summer School, August Mobility in a Publish Subscribe Internetwork George Xylomenos Mobile Multimedia Laboratory Dept. of Informatics Athens.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

1 Chapter06 Mobile IP. 2 Outline What is the problem at the routing layer when Internet hosts move?! Can the problem be solved? What is the standard solution?

Voice over Internet Services and Privacy. Agenda Problem Description Scope Recommendations.

SNAMP: Secure Namespace Mapping to Scale NDN Forwarding Alex Afanasyev (University of California, Los Angeles) Cheng Yi (Google) Lan Wang (University of.

9/15/2015CS622 - MIRO Presentation1 Wen Xu and Jennifer Rexford Department of Computer Science Princeton University Chuck Short CS622 Dr. C. Edward Chow.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

Torsten Braun, Universität Bern cds.unibe.ch

2012.**.** Supporting reliability using reverse path in Publish/Subscribe Internet Takashima Daiki ParkLab, Waseda University, Japan 1/11.

HAIR: Hierarchical Architecture for Internet Routing Anja Feldmann TU-Berlin / Deutsche Telekom Laboratories Randy Bush, Luca Cittadini, Olaf Maennel,

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Let’s ChronoSync: Decentralized Dataset State Synchronization in Named Data Networking Zhenkai Zhu Alexander Afanasyev (presenter) Tuesday, October 8,

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.

Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective) Authors: Junho Suh, Hoon-gyu Choi, Wonjun.

Multimedia & Mobile Communications Lab.

Networking Named Content Van Jacobson, Diana K. Smetters, James D. Thornton, Michael F. Plass, Nicholas H. Briggs, Rebecca L. Braynard.

RFC 3964 Security Considerations for 6to4 Speaker: Chungyi Wang Adviser: Quincy Wu Date:

Approaches to Multi6 An Architectural View of Multi6 proposals Geoff Huston March 2004.

Application Architecture Internet Architecture David D. Clark MIT CSAIL September 2005.

Applicability and Tradeoffs of ICN for Efficient IoT draft-lindgren-icnrg-efficientiot-01 presented by Adeel Malik IRTF ICNRG Interim ICNRG meeting, Paris.

Information-Centric Networks Section # 6.3: Evolved Naming & Resolution Instructor: George Xylomenos Department: Informatics.

Information-Centric Networks Section # 9.3: Clean Slate Instructor: George Xylomenos Department: Informatics.

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

Information-Centric Networks Section # 10.2: Publish/Subscribe Instructor: George Xylomenos Department: Informatics.

Information-Centric Networks Section # 10.3: Publish/Subscribe Instructor: George Xylomenos Department: Informatics.

Ασύρματες και Κινητές Επικοινωνίες

Lecture 17 Page 1 CS 236 Online Onion Routing Meant to handle issue of people knowing who you’re talking to Basic idea is to conceal sources and destinations.

SOS: An Architecture For Mitigating DDoS Attacks Authors: Angelos D. Keromytis, Vishal Misra, Dan Rubenstein. Published: ACM SIGCOMM 2002 Presenter: Jerome.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

: MobileIP. : r Goal: Allow machines to roam around and maintain IP connectivity r Problem: IP addresses => location m This is important for efficient.

Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.

Future Internet with Information Centric Networks

Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.

Mobility With IP, implicit assumption that there is no mobility. Addresses -- network part, host part -- so routers determine how to get to correct network.

MOBILE IP & IP MICRO-MOBILITY SUPPORT Presented by Maheshwarnath Behary Assisted by Vishwanee Raghoonundun Koti Choudary MSc Computer Networks Middlesex.

Internet of Things Amr El Mougy Alaa Gohar.

Denial of Service attack in IPv6 networks and Counter measurements

Mobility in a Publish Subscribe Internetwork

Mobile Networking (I) CS 395T - Mobile Computing and Wireless Networks

Content Centric Networking

How And The Internet Work

Global Locator, Local Locator, and Identifier Split (GLI-Split)

Privacy in Content-Oriented Networking: Threats and Countermeasures

Computer Networks ARP and RARP

Presentation transcript:

Privacy in ICN Nikos Fotiou and George Xylomenos Mobile Multimedia Laboratory Department of Informatics AUEB, Greece PURSUIT: Publish Subscribe Internet Technology -

A myth to bust (?) ICN inherently preserves user’s privacy –Endpoints are decoupled –Interest/Subscription and Advertisement/Publication messages do not contain sensitive information –Crumb-based and zFilter-based forwarding do not reveal packet destination 15/2/20132ICNRG Interim Meeting

But ICN reveals more information… 15/2/20133ICNRG Interim Meeting

…even if packet header is scrambled… 15/2/20134ICNRG Interim Meeting

…everybody can be a publisher… Let’s spy on some users! 15/2/20135ICNRG Interim Meeting

…and some old privacy attacks are upgraded…. I received the content fast. It should be cached. Someone close to me has already received it! 15/2/20136ICNRG Interim Meeting

The devil is in the (implementation) details “We represent this by having P(ublisher) digitally sign the mapping from his chosen name”* “PLA divides this problem into two distinct parts: binding a user's traffic to that user's cryptographic identity, and binding the user's cryptographic identity to their real identity”** * D. Smetters, V. Jacobson, "Securing Network Content", PARC Tech Report, October ** D. Lagutin and S. Tarkoma. Cryptographic signatures on the network layer - an alternative to the ISP data retention, ISCC Possibly Censorship Possibly Surveillance 15/2/20137ICNRG Interim Meeting

Privacy deserves our attention A proposed methodology: –Capture common ICN roles –Capture common ICN functions –Create a common threat model –Investigate how design choices affect user privacy 15/2/20138ICNRG Interim Meeting

An example Roles –Relaying party: Makes data available –Consumer: Interested in data –Mediator: Facilitates data dissemination Functions: Advertisement, Lookup Threat model: malicious local mediators, malicious global mediators, both targeting consumer surveillance and censorship 15/2/20139ICNRG Interim Meeting

Design choice 1: Advertisement and lookup are coupled to routing Advertisements are flooded 15/2/201310ICNRG Interim Meeting

Design choice 1: Advertisement and lookup are coupled to routing Lookups follow the routing plane 15/2/201311ICNRG Interim Meeting

Design choice 1: Advertisement and lookup are coupled to routing Default GW: I see all lookups of subscriber Intermediate Router: I have many chances to see both Lookup and Advertisement It is possible to use alternative routes 15/2/201312ICNRG Interim Meeting

Design choice 2: Advertisement and lookup are decoupled from routing Advertisements are sent to an overlay rendezvous node 15/2/201313ICNRG Interim Meeting

Design choice 2: Advertisement and lookup are decoupled to routing A single overlay node is the “Rendezvous point” for an information item 15/2/201314ICNRG Interim Meeting

Design choice 2: Advertisement and lookup are decoupled to routing Lookups follow the overlay network 15/2/201315ICNRG Interim Meeting

Design choice 2: Advertisement and lookup are decoupled to routing Default rendezvous node: It can be easily changed (as easily we can change default DNS) Intermediate Rendezvous node: Less chances to see both Lookup and Advertisement Rendezvous point: I see all advertisements for a piece of content 15/2/201316ICNRG Interim Meeting

Analysis Design choice 1: –Consumer can not easily change default GW –Default GW can easily watch/censor a consumer –Intermediate routers have also good chances to watch a consumer –Use alternative lookup paths to avoid censorship 15/2/201317ICNRG Interim Meeting

Analysis Design choice 2: –Default rendezvous node can be easily changed –Intermediate rendezvous nodes do not have many chances to watch or censor a consumer –The rendezvous point of an information item can watch all consumer interests and perform censorship 15/2/201318ICNRG Interim Meeting

On going work This was a very simple ICN model…. …a simpler threat model …and an even simpler set of design choices Much more to do! 15/2/201319ICNRG Interim Meeting