Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Privacy-Implications of Performance-Based.

Published byDiane Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Privacy-Implications of Performance-Based."— Presentation transcript:

1 Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Privacy-Implications of Performance-Based Peer Selection by Onion-Routers: A Real-World Case Study using I2P Michael Herrmann Christian Grothoff Waterloo July 29 th, 2011

2 2 Agenda ● Motivation ● Background I2P ● Attack ● Attack Data ● Deanonymization Data ● Summery/Recommendations

3 3 Why Attack I2P? ● I2P is an anonymizing P2P network ● Unique features include: ● Uni-directional tunnels ● Performance-based peer selection ● Attacks based on these features give insights into their security implications

4 4 Contribution of this Work ● We developed an attack on I2P version 0.83 ● Use a Denial-of-Service attack to facilitate traffic analysis ● Deanonymization targets are I2P Eepsites

5 5 What is I2P? ● The Invisible Internet Project ● Multi-application framework for anonymous P2P networking ● Common usage is accessing internal services

6 6 Eepsites ● Anybody can anonymously host a website in the I2P network

7 7 Eepsites ● Anybody can anonymously host a website in the I2P network

8 8 I2P Tunnels ● Uni-directional ● Tier-based peer selection ● Variable length: [0, 5]

9 9 Tier-Based Peer Selection ● I2P uses best performing peers for tunnels ● I2P places best performing peers into tiers: ● High-Capacity (10-75 peers) ● Fast (8-30 peers)

10 10 Important Tiers ● A peer is put in a tier, if its corresponding performance exceeds the average ● High-capacity – Consider: ● Number of tunnel requests accepted ● Number of tunnel requests rejected ● Number of tunnel failures – In: ● Last 10 minutes ● Last hour ● Last 24 hours ● Fast – High-capacity tier plus throughput above average

11 11 Confirmation via traffic analysis ● How do we find out if we deanonymized the victim?

12 12 Attack Overview

13 13 Experiments ● Experiments done in the real I2P network ● PlanetLab ● Attacked victim was under our control ● Only Eepsite name was exposed to the server

14 14 Learning the Victims Fast Tier ● An Eepsite leaks information about its fast tier (leases)

15 15 Effectiveness of the Attack ● Impact of our DDoS attack on a single peer

16 16 Effectiveness of the Attack 2 ● Impact of our DDoS attack on the victims tiers

17 17 Determining the Signal ● Eepsite requests result in spikes when counting data in modulo 15 seconds intervals ● Tunnel participation data in a perfect case with two spikes Tunnel participation data in a perfect case with one spikes

18 18 Deanonymization ROC curve – 1 Hop

19 19 Deanonymization ROC curve – 2 Hop

20 20 Deanonymization ROC curve – 3 Hop

21 21 Attack Summary ● Exploited information leakage of the victim ● Attacked the performance of other I2P nodes ● Long term statistical analysis to deanonymize the victim

22 22 Recommendations ● Choose inbound gateway not from fast tier ● Force reduction of the churn rate for tiers ● Replicate Eepsites to different hosts

23 23 Thank you for your attention! Questions?

24 24 Determining the Signal ● This spikes are nearly destroyed when counting data in modulo 15+1 intervals

25 25 Signal not present

26 26 Related Work ● I2P: ● zzz, Schimmer, L.: Peer proling and selection in the i2p anonymous network. In: PET-CON 2009.1. TU Dresden, Germany (03/2009 2009) ● Attacks on Tor: ● Steven J. Murdoch and George Danezis. Low-cost trac analysis of tor. In Proceedings of the 2005 IEEE Symposium on Security and Privacy. IEEE CS, IEEE CS, May 2005 ● Øverlier, L., Tong, L.: Valet services: Improving hidden servers with a personal touch. In: Danezis, G., Golle, P. (eds.) Proceedings of the Sixth Workshop on Privacy Enhancing Technologies (PET 2006). p. 223{244. Springer, Springer, Cambridge, UK (June 2006) ● Øverlier, L., Syverson, P.: Locating hidden servers. In: SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy. pp. 100{114. IEEE Computer ● Evans, N.S., Dingledine, R., Grotho, C.: A practical congestion attack on tor using long paths. In: 18th USENIX Security Symposium. pp. 33{50. USENIX (2009) ● Traffic analysis: ● Levine, B., Reiter, M., Wang, C., Wright, M.: Timing attacks in low-latency mix systems. In: Juels, A. (ed.) Financial Cryptography, Lecture Notes in Computer Science, vol. 3110, pp. 251{265. Springer Berlin / Heidelberg (2004) ● Houmansadr, A., Borisov, N.: Swirl: A scalable watermark to detect correlated network ows. In: NDSS 2011 (2011)

27 27 Evaluation Adjustment ● We can determine our signal more explicitly with an adjustment ● For tunnel data do: ● Calculate stdDev ● Calculate x = max/stdDev ● Leave two biggest spikes away and do calculation again (stdDev' and x') ● Calculate diff = x – x' ● Plot ROC curves to see true positive and false positive rate depending on diff.

28 28 Response of the I2P community ● No clear statement from zzz yet

Download ppt "Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universität München, Germany Privacy-Implications of Performance-Based."

Similar presentations

LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao.

Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.

Location-Aware Onion Routing Aaron Johnson U.S. Naval Research Laboratory IEEE Symposium on Security and Privacy May 19, 2015.
Can ISPs and P2P Users Cooperate for Improved Performance? Vinay Aggarwal, Anja Feldmann (German Telecom Laboratories) Christian Scheideler (TU, Munchen)

Can ISPs and P2P Users Cooperate for Improved Performance? Vinay Aggarwal, Anja Feldmann (German Telecom Laboratories) Christian Scheideler (TU, Munchen)
Technische Universität München The influence of software quality requirements on the suitability of software cost estimation methods 24th International.

Technische Universität München The influence of software quality requirements on the suitability of software cost estimation methods 24th International.
A distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications From U. of Dortmund, Germany.

A distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications From U. of Dortmund, Germany.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
Network Simulation Internet Technologies and Applications.

Network Simulation Internet Technologies and Applications.
KinWrite: Handwriting-Based Authentication Using Kinect Proceedings of the 20th Annual Network & Distributed System Security Symposium, NDSS 2013 Jing.

KinWrite: Handwriting-Based Authentication Using Kinect Proceedings of the 20th Annual Network & Distributed System Security Symposium, NDSS 2013 Jing.
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.
Matching TCP/IP Packet to Detect Stepping-stone Intrusion Jianhua Yang TSYS School of Computer Science Edward Bosworth Center for Information Assurance.

Matching TCP/IP Packet to Detect Stepping-stone Intrusion Jianhua Yang TSYS School of Computer Science Edward Bosworth Center for Information Assurance.
Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.

Anonymous Communications Adam C. Champion and Dong Xuan CSE 4471: Information Security Autumn 2012.
ARO–MURI Thoughts on Visualization for Cyber Situation Awareness MURI Meeting July 8–9, 2015 Christopher G. Healey Lihua Hao Steve E. Hutchinson CS Department,

ARO–MURI Thoughts on Visualization for Cyber Situation Awareness MURI Meeting July 8–9, 2015 Christopher G. Healey Lihua Hao Steve E. Hutchinson CS Department,
Adrian Crenshaw. Darknets  There are many definitions, but mine is “anonymizing private networks ”  Use of encryption.

Adrian Crenshaw. Darknets  There are many definitions, but mine is “anonymizing private networks ”  Use of encryption.
Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.

Never Been KIST: Tor’s Congestion Management Blossoms with Kernel- Informed Socket Transport 23 rd USENIX Security Symposium August 20 th 2014 Rob JansenUS.

Similar presentations

Ads by Google