Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore.

Similar presentations


Presentation on theme: "Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore."— Presentation transcript:

1 Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore 0

2  Popular websites receive millions of hits per day – A fast way to deliver web content  Options to deliver content: – Own servers Amazon EC2, Azure – Content delivery networks (CDN) Akamai, CloudFlare Web Content Delivery 1

3 Peer-assisted CDNs  Insight: Involve web clients to serve content – Akamai NetSession, Swarmify, Maygh – NetSession offloads 70-80% traffic [NSDI12, IMC 13] – Swarmify reduces over 60% network latency Server Client Server Client 2 Privacy issue: Infer neighbors’ contents

4 Contributions  Inference attacks on real-world services – i.e., Swarmify, BemTV and P2PSP  Anonymous Peer-assisted CDN (APAC) – Involves browsers as peers – Preserve high level of anonymity – Desired performance – Compatible with browsers 3

5 Inference Attacks in Peer-assisted CDNs 4

6 Inference Attacks  Goal – Infer what content a victim user has requested or delivered (browsing history)  Implication – Revealing a user’s browsing history significantly leaks the user’s privacy A user’s digital identity can be revealed [S&P 10] A user’s geolocation/political orientation [W2SP 14] 5

7 Inference Attacks in Peer-assisted CDNs  Passive attacks: adversary pre-stores all content potentially interesting to the victim  Active attacks: adversary traverses all content potentially served by the victim Server Adversary Victim Server Adversary Victim PassiveActive 6 Request Deliver Fetch Request

8 Real-world Case Studies  Swarmify, BemTV & P2PSP – A deployed site with 10 images and 2 videos – A victim peer requests and stores resources – An adversary in the same LAN frequently requests and serves resources  No defense against inference attacks – Adversary can observe all resources from/to the victim – Even open for content pollution attacks 7 How to mitigate inference attacks?

9 Anonymous Peer-assisted CDN 8

10 Threat Model  Initiator: peer initiates the request  Responder: peer responds the request  Honest-but-curious adversary – Follow protocols  Out of scope – Sybil attacks – Denial-of-service attacks (DoS) 9

11 Anonymous Peer-assisted CDN (APAC)  Goal – Anonymity: conceal a user’s identity to unlink her id with her online trace – Performance: acceptable network latency – Compatibility: no (or minor) changes on websites and clients  Intuition – Onion-routing (OR) techniques 10

12 Onion Routing, but with Careful Parameter Selection  OR: Messages are encapsulated in layers of encryption (onions)  Limitations: – Only initiator anonymity – Non-negligible circuit setup latency – Nodes randomly chosen 11 Encryption Decryption Circuit

13 Overview of APAC  Peer server constructs the circuit for each request instead of peers (anonymity)  Region-based circuit construction (performance) – Choose intermediate nodes in three regions: near-initiator, near-responder and globally random  Communications via WebRTC (compatibility) 12

14 Initiation in APAC  Peers fetch resources from the content server Content Server Peer v A Peer v B Fetch Store 13

15 Content Delivery via Peers  Peers fetch resources from other peers Peer Server Peer v A (Initiator) Peer v B (Intermediate) Request Peer v B (Responder) Request via OR circuit Reply Report 14

16 Region-based Circuit Construction Peer Server Peer v A (Initiator) Peer v B (Intermediate) Peer v B (Responder) 15

17 Anonymity Analysis for APAC 16

18 Degree of Anonymity Def 1: The degree of initiator anonymity provided by a system is defined by: Result: The degree of initiator anonymity can be represented as: 17

19 Parameter Selection  Level of anonymity – The maximum number of intermediate nodes L max – Distribution factors: the fraction of intermediate nodes near the initiator/responder α init / α res – The total number of peers N and the number of peers having requested resources N R 18 When Lmax ≥ 2, APAC can preserve the standard degree of anonymity (i.e., 0.8) achieved by previous work

20 Performance Evaluation 19

21 Measurement Setup  Scenario: CDN operators place edges servers in major cities, but users are not located in those cities  Deployed site provides images 1KB–2 MB  Content server / peer server in City A (New York)  100 Peers in City B (Singapore) 20

22 Network Latency Reduction (NLR) For a 4-node circuit where APAC provides a latency reduction (49.7%) lower than the performance obtained for Swarmify (69.4%) and non-anonymous setting (76.1%). 21 %

23 Effect of Distribution Factors Locating intermediate nodes near initiator/responder reduces network latency 22 #Nodes in each region

24 Sweet Spot With up-to 2 intermediate nodes, APAC preserves adequate degree of anonymity (i.e., 0.8) and desired performance (e.g., 97.3% bandwidth savings) 23 Degree of Anonymity Sweet Spot

25 Conclusion  Inference attacks on peer-assisted CDNs  Anonymous Peer-assisted CDN (APAC) – High degree of anonymity – Desired network latency reduction and bandwidth savings – Compatible with current browsers 24

26 Thanks You Q & A E-mail: jiayaoqi@comp.nus.edu.sg 25


Download ppt "Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore."

Similar presentations


Ads by Google