CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 19 PHILLIPA GILL - STONY BROOK U.
WHERE WE ARE Last time: Mitigating timing attacks (Astoria) Today: Finish up mitigating timing attacks (LASTor) Other approaches to anonymity systems; Dissent Aqua Administravia: Mark update on Piazza.
THE DISSENT PROJECT Goal: rethink the foundations of anonymity Offer quantifiable and measurable anonymity Build on primitives offering provable security Don't just patch specific vulnerabilities, butrearchitect to address whole attack classes Not a drop-in replacement for onion routing, but offers some systematic defense against all 5 classes of vulnerabilities ACKs:
ACKs:
ACKs:
ACKs:
DINING CRYPTOGRAPHERS (DC-NETS) 3 cryptographers eating dinner and the waiter informs them that the meal has been paid by someone Cryptographers want to know if it was one of them or the NSA They respect each others right to make an anonymous payment … … but want to know if the NSA paid Solution: 2 stage protocol 1.Each pair of cryptographers exchanges a secret (e.g., flip a coin behind a menu) 2.Announce a bit; XOR of bits shared with neighbors (if they did not pay) or the opposite of this (if they did pay)
EXAMPLE OF DINING CRYPTOGRAPHERS
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
ACKs:
TOWARDS EFFICIENT TRAFFIC- ANALYSIS RESISTANT ANONYMITY NETWORKS Stevens Le Blond David Choffnes Wenxuan Zhou Peter Druschel Hitesh Ballani Paul Francis
29 Snowden wants to communicate with Greenwald without Alexander to find out Ed’s IP Glenn’s IP
THE PROBLEM OF IP ANONYMITY Client Server 30 VPN proxy Proxies are single point of attack (rogue admin, break in, legal, etc)
31 Proxy Traffic analysis Onion routing (Tor) Onion routing doesn’t resist traffic analysis (well known)
OUTLINE 32
ANONYMOUS QUANTA (AQUA) k-anonymity: Indistinguishable among k clients BitTorrent Appropriate latency and bandwidth Many concurrent and correlated flows 33
34 Threat model Global passive (traffic analysis) attack Active attack Edge mixes aren’t compromised
Padding 35 Constant rate (strawman) Defeats traffic analysis, but overhead proportional to peak link payload rate on fully connected network
OUTLINE 36
37 Multipath Multipath reduces the peak link payload rate Padding
VARIABLE UNIFORM RATE 38 Reduces overhead by adapting to changes in aggregate payload traffic
OUTLINE 39
K-ANONYMITY SETS (KSETS) 40 Send ksetRecv kset Provide k-anonymity by ensuring correlated rate changes on at least k client links Padding
FORMING EFFICIENT KSETS 41 Epochs Peers’ rates Are there temporal and spatial correlations among BitTorrent flows?
OUTLINE 42
METHODOLOGY: TRACE DRIVEN SIMULATIONS Month-long BitTorrent trace with 100,000 users 20 million flow samples per day 200 million traceroute measurements Models of anonymity systems Constant-rate: Onion routing v2 Broadcast: P5, DC-Nets P2P: Tarzan Aqua 43
EDGES 44 Models Overhead Much better bandwidth efficiency
EDGES 45 Models Throttling Efficiently leverages correlations in BitTorrent flows
OUTLINE 46
ONGOING WORK 47 Prototype implementation Aqua for VoIP traffic “tiny-latency” (RTT <330ms) Intersection attacks Workload independence
TAKE HOME MESSAGES Efficient traffic-analysis resistance by exploiting existing correlations in BitTorrent traffic At core: Multipath reduces peak payload rate Variable uniform rate adapts to changes in aggregate payload traffic At edges, ksets: Provide k-anonymity by sync rate on k client links Leverage temporal and spatial correlations of BitTorrent flows 48
HANDS ON ACTIVITY (Try at home ) Dissent source code is publicly available: Try downloading/installing/running the system 49