Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore.

Published byJeffery Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore."— Presentation transcript:

1 Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore 0

2  Popular websites receive millions of hits per day – A fast way to deliver web content  Options to deliver content: – Own servers Amazon EC2, Azure – Content delivery networks (CDN) Akamai, CloudFlare Web Content Delivery 1

3 Peer-assisted CDNs  Insight: Involve web clients to serve content – Akamai NetSession, Swarmify, Maygh – NetSession offloads 70-80% traffic [NSDI12, IMC 13] – Swarmify reduces over 60% network latency Server Client Server Client 2 Privacy issue: Infer neighbors’ contents

4 Contributions  Inference attacks on real-world services – i.e., Swarmify, BemTV and P2PSP  Anonymous Peer-assisted CDN (APAC) – Involves browsers as peers – Preserve high level of anonymity – Desired performance – Compatible with browsers 3

5 Inference Attacks in Peer-assisted CDNs 4

6 Inference Attacks  Goal – Infer what content a victim user has requested or delivered (browsing history)  Implication – Revealing a user’s browsing history significantly leaks the user’s privacy A user’s digital identity can be revealed [S&P 10] A user’s geolocation/political orientation [W2SP 14] 5

7 Inference Attacks in Peer-assisted CDNs  Passive attacks: adversary pre-stores all content potentially interesting to the victim  Active attacks: adversary traverses all content potentially served by the victim Server Adversary Victim Server Adversary Victim PassiveActive 6 Request Deliver Fetch Request

8 Real-world Case Studies  Swarmify, BemTV & P2PSP – A deployed site with 10 images and 2 videos – A victim peer requests and stores resources – An adversary in the same LAN frequently requests and serves resources  No defense against inference attacks – Adversary can observe all resources from/to the victim – Even open for content pollution attacks 7 How to mitigate inference attacks?

9 Anonymous Peer-assisted CDN 8

10 Threat Model  Initiator: peer initiates the request  Responder: peer responds the request  Honest-but-curious adversary – Follow protocols  Out of scope – Sybil attacks – Denial-of-service attacks (DoS) 9

11 Anonymous Peer-assisted CDN (APAC)  Goal – Anonymity: conceal a user’s identity to unlink her id with her online trace – Performance: acceptable network latency – Compatibility: no (or minor) changes on websites and clients  Intuition – Onion-routing (OR) techniques 10

12 Onion Routing, but with Careful Parameter Selection  OR: Messages are encapsulated in layers of encryption (onions)  Limitations: – Only initiator anonymity – Non-negligible circuit setup latency – Nodes randomly chosen 11 Encryption Decryption Circuit

13 Overview of APAC  Peer server constructs the circuit for each request instead of peers (anonymity)  Region-based circuit construction (performance) – Choose intermediate nodes in three regions: near-initiator, near-responder and globally random  Communications via WebRTC (compatibility) 12

14 Initiation in APAC  Peers fetch resources from the content server Content Server Peer v A Peer v B Fetch Store 13

15 Content Delivery via Peers  Peers fetch resources from other peers Peer Server Peer v A (Initiator) Peer v B (Intermediate) Request Peer v B (Responder) Request via OR circuit Reply Report 14

16 Region-based Circuit Construction Peer Server Peer v A (Initiator) Peer v B (Intermediate) Peer v B (Responder) 15

17 Anonymity Analysis for APAC 16

18 Degree of Anonymity Def 1: The degree of initiator anonymity provided by a system is defined by: Result: The degree of initiator anonymity can be represented as: 17

19 Parameter Selection  Level of anonymity – The maximum number of intermediate nodes L max – Distribution factors: the fraction of intermediate nodes near the initiator/responder α init / α res – The total number of peers N and the number of peers having requested resources N R 18 When Lmax ≥ 2, APAC can preserve the standard degree of anonymity (i.e., 0.8) achieved by previous work

20 Performance Evaluation 19

21 Measurement Setup  Scenario: CDN operators place edges servers in major cities, but users are not located in those cities  Deployed site provides images 1KB–2 MB  Content server / peer server in City A (New York)  100 Peers in City B (Singapore) 20

22 Network Latency Reduction (NLR) For a 4-node circuit where APAC provides a latency reduction (49.7%) lower than the performance obtained for Swarmify (69.4%) and non-anonymous setting (76.1%). 21 %

23 Effect of Distribution Factors Locating intermediate nodes near initiator/responder reduces network latency 22 #Nodes in each region

24 Sweet Spot With up-to 2 intermediate nodes, APAC preserves adequate degree of anonymity (i.e., 0.8) and desired performance (e.g., 97.3% bandwidth savings) 23 Degree of Anonymity Sweet Spot

25 Conclusion  Inference attacks on peer-assisted CDNs  Anonymous Peer-assisted CDN (APAC) – High degree of anonymity – Desired network latency reduction and bandwidth savings – Compatible with current browsers 24

26 Thanks You Q & A E-mail: jiayaoqi@comp.nus.edu.sg 25

Download ppt "Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation Yaoqi Jia, Guangdong Bai, Prateek Saxena, and Zhenkai Liang National University of Singapore."

Similar presentations

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
Building Cloud-ready Video Transcoding System for Content Delivery Networks(CDNs) Zhenyun Zhuang and Chun Guo Speaker: 饒展榕.

Building Cloud-ready Video Transcoding System for Content Delivery Networks(CDNs) Zhenyun Zhuang and Chun Guo Speaker: 饒展榕.
TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
What should you Cache? A Global Analysis on YouTube Related Video Caching Dilip Kumar Krishnappa, Michael Zink and Carsten Griwodz NOSSDAV 2013.

What should you Cache? A Global Analysis on YouTube Related Video Caching Dilip Kumar Krishnappa, Michael Zink and Carsten Griwodz NOSSDAV 2013.
An Analysis of Internet Content Delivery Systems Stefan Saroiu, Krishna P. Gommadi, Richard J. Dunn, Steven D. Gribble, and Henry M. Levy Proceedings of.

An Analysis of Internet Content Delivery Systems Stefan Saroiu, Krishna P. Gommadi, Richard J. Dunn, Steven D. Gribble, and Henry M. Levy Proceedings of.
1 A Framework for Lazy Replication in P2P VoD Bin Cheng 1, Lex Stein 2, Hai Jin 1, Zheng Zhang 2 1 Huazhong University of Science & Technology (HUST) 2.

1 A Framework for Lazy Replication in P2P VoD Bin Cheng 1, Lex Stein 2, Hai Jin 1, Zheng Zhang 2 1 Huazhong University of Science & Technology (HUST) 2.
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
1 Simultaneous Distribution Control and Privacy Protection for Proxy based Media Distribution George Mason University Songqing Chen (George Mason University)

1 Simultaneous Distribution Control and Privacy Protection for Proxy based Media Distribution George Mason University Songqing Chen (George Mason University)
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.

Kyushu University Graduate School of Information Science and Electrical Engineering Department of Advanced Information Technology Supervisor: Professor.
1 Drafting Behind Akamai (Travelocity-Based Detouring) AoJan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante Department of Electrical.

1 Drafting Behind Akamai (Travelocity-Based Detouring) AoJan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante Department of Electrical.
APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

APPLAUS: A Privacy-Preserving Location Proof Updating System for Location-based Services Zhichao Zhu and Guohong Cao Department of Computer Science and.

Similar presentations

Ads by Google