Guard Sets for Onion Routing JOSHUA FREE. Tor Most popular low-latency distributed anonymity network Controversial decisions of guard selection strategies.

Slides:

Advertisements

Similar presentations

LASTor: A Low-Latency AS-Aware Tor Client

Advertisements

Resource Management §A resource can be a logical, such as a shared file, or physical, such as a CPU (a node of the distributed system). One of the functions.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

Types of Algorithms.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

1 Efficient and Robust Streaming Provisioning in VPNs Z. Morley Mao David Johnson Oliver Spatscheck Kobus van der Merwe Jia Wang.

Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 11 04/25/2011 Security and Privacy in Cloud Computing.

7. Physical Memory 7.1 Preparing a Program for Execution

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Common approach 1. Define space: assign random ID (160-bit) to each node and key 2. Define a metric topology in this space,  that is, the space of keys.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

Small-world Overlay P2P Network

Distributed Algorithms for Secure Multipath Routing

Dynamic Internet Congestion with Bursts Stefan Schmid Roger Wattenhofer Distributed Computing Group, ETH Zurich 13th International Conference On High Performance.

High Performance Router Architectures for Network- based Computing By Dr. Timothy Mark Pinkston University of South California Computer Engineering Division.

Volcano Routing Scheme Routing in a Highly Dynamic Environment Yashar Ganjali Stanford University Joint work with: Nick McKeown SECON 2005, Santa Clara,

Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

A New Broadcasting Technique for An Adaptive Hybrid Data Delivery in Wireless Mobile Network Environment JungHwan Oh, Kien A. Hua, and Kiran Prabhakara.

DAST 2005 Week 4 – Some Helpful Material Randomized Quick Sort & Lower bound & General remarks…

Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.

 Structured peer to peer overlay networks are resilient – but not secure.  Even a small fraction of malicious nodes may result in failure of correct.

Economics of Malware: Epidemic Risk Model, Network Externalities and Incentives. Marc Lelarge (INRIA-ENS) WEIS, University College London, June 2009.

Multicast Communication Multicast is the delivery of a message to a group of receivers simultaneously in a single transmission from the source – The source.

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Allerton 2011 September 28 Mathias Humbert, Mohammad Hossein Manshaei, and Jean-Pierre Hubaux EPFL - Laboratory for Communications and Applications (LCA1)

A Taxonomy of Network and Computer Attacks Simon Hansman & Ray Hunt Computers & Security (2005) Present by Mike Hsiao, S. Hansman and R. Hunt,

Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.

Topology aggregation and Multi-constraint QoS routing Presented by Almas Ansari.

Higashino Lab. Maximizing User Gain in Multi-flow Multicast Streaming on Overlay Networks Y.Nakamura, H.Yamaguchi and T.Higashino Graduate School of Information.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada Video Streaming over Cooperative Wireless Networks Mohamed Hefeeda (Joint.

AP Statistics Section 9.3A Sample Means. In section 9.2, we found that the sampling distribution of is approximately Normal with _____ and ___________.

Controller and Estimator for Dynamic Networks Amos Korman Shay Kutten Technion.

Content Addressable Network CAN. The CAN is essentially a distributed Internet-scale hash table that maps file names to their location in the network.

ENERGY-EFFICIENT FORWARDING STRATEGIES FOR GEOGRAPHIC ROUTING in LOSSY WIRELESS SENSOR NETWORKS Presented by Prasad D. Karnik.

Lossless Compression CIS 465 Multimedia. Compression Compression: the process of coding that will effectively reduce the total number of bits needed to.

Load-Balancing Routing in Multichannel Hybrid Wireless Networks With Single Network Interface So, J.; Vaidya, N. H.; Vehicular Technology, IEEE Transactions.

Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.

SOS: An Architecture For Mitigating DDoS Attacks Angelos D. Keromytis, Vishal Misra, Dan Rubenstein ACM SIGCOMM 2002 Presented By : Tracy Wagner CDA 6938.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

1 - CS7701 – Fall 2004 Review of: Detecting Network Intrusions via Sampling: A Game Theoretic Approach Paper by: – Murali Kodialam (Bell Labs) – T.V. Lakshman.

Decision Trees Binary output – easily extendible to multiple output classes. Takes a set of attributes for a given situation or object and outputs a yes/no.

SybilGuard: Defending Against Sybil Attacks via Social Networks.

On Reducing Mesh Delay for Peer- to-Peer Live Streaming Dongni Ren, Y.-T. Hillman Li, S.-H. Gary Chan Department of Computer Science and Engineering The.

Types of Algorithms. 2 Algorithm classification Algorithms that use a similar problem-solving approach can be grouped together We’ll talk about a classification.

Client Assignment in Content Dissemination Networks for Dynamic Data Shetal Shah Krithi Ramamritham Indian Institute of Technology Bombay Chinya Ravishankar.

A Framework for Reliable Routing in Mobile Ad Hoc Networks Zhenqiang Ye Srikanth V. Krishnamurthy Satish K. Tripathi.

Measuring and Mitigating AS-level Adversaries Against Tor

Strengthening Tor against Eavesdropping Correlation Attacks Robert Thomas CSCE APR 2015 Audio:

Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.

1 An Interleaved Hop-by-Hop Authentication Scheme for Filtering of Injected False Data in Sensor Networks Sencun Zhu, Sanjeev Setia, Sushil Jajodia, Peng.

Load Balanced Link Reversal Routing in Mobile Wireless Ad Hoc Networks Nabhendra Bisnik, Alhussein Abouzeid ECSE Department RPI Costas Busch CSCI Department.

On the Placement of Web Server Replicas Yu Cai. Paper On the Placement of Web Server Replicas Lili Qiu, Venkata N. Padmanabhan, Geoffrey M. Voelker Infocom.

A Study of Group-Tree Matching in Large Scale Group Communications

Towards Measuring Anonymity

Types of Algorithms.

Anupam Das , Nikita Borisov

Types of Algorithms.

CS590B/690B Detecting network interference (Spring 2018)

Types of Algorithms.

Presentation transcript:

Guard Sets for Onion Routing JOSHUA FREE

Tor Most popular low-latency distributed anonymity network Controversial decisions of guard selection strategies

Tor - Circuit Pick a guard node Pick a relay node Pick an exit node Image Source - Harrison Neal: HANtwister talk

Tor - Circuit Creates a circuit of nodes Every node only knows about previous and next node Image Source - Harrison Neal: HANtwister talk

Guard Selection Three guard Users chooses 3 guards to use for days Single guard Users choose a single guard to use for 9 months Controversial which system should be used Image Source - Scribblenauts

Vulnerabilities Direct Observation ◦A corrupt guard node with a few corrupt exit relays will be able identify at least one circuit from a particular user Guard Fingerprinting ◦Aims to identify the set of guards used by a user ◦Because users pick their own guards, the set is likely to be unique Statistic Disclosure Attack ◦In case a guard, or set of guards, are only used by a small number of users, it is possible to link their patterns of actions to long term identifiers

Paper’s Contribution Present a design for “guard sets” ◦Sets of relays providing a certain amount of bandwidth that are used as a group by multiple users ◦Provides near optimal spread ◦Protecting against attacks current guard schemes are susceptible to Design an algorithm ◦Automates the assignment of guards to guard sets and to users ◦Based on a binary tree structure ◦Considers the dynamic conditions of Tor with routers joining and leaving continuously

How to make Guard Sets - Setup 1.Split guards into available bandwidth quanta (a guard can be slit into multiple quanta) 2.Sort quanta in descending order according to their guard bandwidth 3.Cycle through each quantum appending them to a set 4.Once the sum of quantum bandwidths exceed the threshold, it is now a guard set 5.Continue with remaining quanta If there is left over quanta after creating guard sets this quanta is discarded and the bandwidth is wasted.

How to make Guard Sets - Upkeep 1.Detect guard sets with bandwidth below a threshold (typically ½ creation threshold) 2.Order any spare quanta in descending order and append to the guard set until it meets threshold 3.If it meets the threshold the guard set is ok 4.If threshold cannot be met, remove the guard set and make quanta available for other guard sets

How this combats known attacks Direct Observation ◦Having no rotation means few clients come in contact with malicious guard nodes ◦Having a larger sets means rotation is not needed if a router is non-responsive Guard Fingerprinting ◦Large sets of users using the same sets of guards stops fingerprinting Statistic Disclosure Attack ◦Large and roughly equal sets of users prevents statistical attacks on the basis of discovering a user’s guards.

Affect on the Tor network Rotation vs spread of load ◦Previous methods had to deal with this compromise: 1.Increase rotation and spread the load amongst old and new guards but increase rate of compromise 2.Decrease rotation and decrease rate of compromise but increase the difference in load between old and new guards ◦Not an issue for guard sets

Evaluation - Anonymity A user is considered compromised if it ever uses a corrupt guard 1 year of data starting 1 st of January 2013 Probabilities of guards serving in a number of guard sets before going offline ◦1 set is 95% ◦2 sets is 3% ◦3 sets is 2% This provides greater anonymity than other schemes

Evaluation - Fingerprinting Single Guard ◦Clients using new guards have a guard that is almost unique to them Three Guards ◦Worse than Single Guard, virtually all users have unique sets of guards. The most likely set have an expected 4.7 users – most users have unique guards Guard Sets ◦On average there will be 108 guard sets with 25,463 users for each set ◦Worst case scenario a set will have 795 users Guard sets prove vastly more effective against finger printing

Evaluation – Network performance Guard set creation and deletion ◦By analysing tor data the authors found that guard set deletion due to bandwidth changes over short periods of time will happen infrequently. Client’s expected bandwidth ◦80% of clients have same experience as with single guard ◦90% of clients have sub 75MB/s vs 85% in one guard ◦Both single guard and guard sets are worse than three guard ◦Upon initialising (all guard sets have equal load) guard sets perform slightly worse than single guards

Criticisms ◦They went into detail about the effects on guard fingerprinting, but were relatively vague when it came to statistical analysis and direct observation ◦Their initial assumption that any client that uses a corrupt guard node is immediately compromised makes for upper bound estimates ◦There was a large increase in available guard bandwidth in late They commented on this to justify their adaptive design, but did not take it into consideration as to how it may have skewed their data.

Thank you