Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS590B/690B Detecting Network Interference (Fall 2016)

Published byMerry Evans Modified over 6 years ago

Similar presentations

Presentation on theme: "CS590B/690B Detecting Network Interference (Fall 2016)"— Presentation transcript:

1 CS590B/690B Detecting Network Interference (Fall 2016)
Lecture 14 Phillipa Gill – Umass Amherst (Web site fingerprinting Slides courtesy of R. Nithyanand)

2 Anonymity on the Internet
Challenge: By observing Internet traffic one can infer who is talking to whom Meta data is the message! Track communications over time… …behaviors, interests, activities Tor aims to solve this: Tor One of the challenges of the Intenret is that it was not designed with anonymity in mind. So somebody observing network traffic can observe the source and destination of each connection and learn about what sites people are visiting even if the connection is encrypted. As we’ve seen with the NSA revelations in recent years even this sort of meta data about who talks to who can be incredibly valuable for tracking peoples behaviors intersts and activities. Tor is a system that tries to resolve this issue by providing users an anonymous way to access content online. It does this using encryption and by bouncing the users traffic off of three relays or Tor routers refered to as the entry, middle and exit relay. The basic idea is that someone observing at the entry relay only learns the identify of the source but not the destination and the exit knows the destination but not the source. On the Internet, by default there is no anonymity, someone observing packets can easily observe the source and destination of the connection and infer who is talking to whom, even if they use encryption . And as we’ve seen with the NSA relevations this meta data is actually quite critical, you can track communications, behaviors, interests and so on. So what systems like to try to do is provide users with the ability to use the internet in an anonymous way. Does not know destination Does not know source

3 Threat model Tor Middle Exit Entry Network-based attacks
Constructs the path out of three Tor routers/relays. - HOW ARE RELAYS chosen?  based on capacity/load Client iteratively exchanges keys with relays on the path and tunnels to the next relay - When the relay decrypts the message it learns the identity of the next hop on the path. In this way each relay only learns the hop before it and after it in the circuit. - exit see the actual traffic so if the data contains information about the client the exit can learn who it is.  Tor browser is important. Network-based attacks Timing attacks can deanonymize users Actually being tried by gov’t agencies! (Upcoming lectures) Relay-based attacks Finger print Web sites based on packet timing Exit relay can observe users’ traffic (Today)

4 Which user is visiting the site?
Threat model Which user is visiting the site? Middle Tor Exit Entry Constructs the path out of three Tor routers/relays. - HOW ARE RELAYS chosen?  based on capacity/load Client iteratively exchanges keys with relays on the path and tunnels to the next relay - When the relay decrypts the message it learns the identity of the next hop on the path. In this way each relay only learns the hop before it and after it in the circuit. - exit see the actual traffic so if the data contains information about the client the exit can learn who it is.  Tor browser is important. Network-based attacks Timing attacks can deanonymize users Actually being tried by gov’t agencies! Relay-based attacks Finger print Web sites based on packet timing Exit relay can observe users’ traffic

5 Attacks on Security, Privacy, and Anonymity on the Internet

6 Website Fingerprinting Attacks
Victim Blocked Webpage Webpage Trace WWW Proxy Server Is Rishab trying to get to that blocked page again? Trace: {(d1, s1, t1), (d2, s2, t2), …, (dn, sn, tn)} “What webpage generated this trace?”

7 A Brief History of Website Fingerprinting Research
Type Work Attack Levine and Liberatore [CCS 2006] Hermann et al. [CCSW 2009] Defense Wright et al. [NDSS 2009] Lu et al. [ESORICS 2010] Luo et al. [NDSS 2011] Panchenko et al. [CCS 2011] Attack/Defense Dyer et al. [S&P 2012] Cai et al. [CCS 2012] Wang and Goldberg [WPES 2013] Wang et al. [Security 2014]

8 Contributions Foundations: Understand what…
It means for a defense to be secure. The security-overhead trade-off curve looks like. Constructions: Build defenses that… Can provide security guarantees. Are efficient. Evaluation: Allow researchers to… Translate closed-world results into open-world approximations. Compare defenses with different trade-offs.

9 Understanding Website Fingerprinting Defenses
Victim WWW Blocked Webpage Webpage Trace Is Rishab trying to get to that blocked page? Proxy Server Trace: {(d1, s1, t1), (d2, s2, t2), …, (dn, sn, tn)} “What webpage generated this trace?” The goal is to prevent attackers from drawing definite conclusions about the site being visited. Transform traces from page loads by: adding, padding, merging, or delaying packets.

10 Security Definitions Assumption: We are working with the optimal adversary (ADV). ADV can always distinguish between any pair of traces, unless they are exactly identical. E.g., load and Even if the difference is only an extra byte in the 131st packet, our ADV knows which trace belongs to which site.

11 Security Definitions Non Uniformly ε Secure: On average, ADV success rate is bounded by ε. There are no guarantees about the minimum level of protection for any site. The above defense is (3/11)-Non Uniformly Secure. Uniformly ε Secure: The maximum ADV success rate is always bounded by ε for any site. All sites are guaranteed to be protected to some degree. The above defense is (1/3)-Uniformly Secure.

12 Building the Optimal Defense
The optimal non-uniform ε-defense (ε-OPT) over a set of n websites: Creates nε partitions of the n websites. Modifies each site trace so that it is identical to all other traces in its partition. (by buffering/merging/adding/padding packets). Minimizes the total number of bytes. n = 12 ε = 1/3 Strongly NP-Complete via Binary Shortest Common Supersequence!

13 Dealing with NP-Completeness
Building the optimal defense (OPT) against an optimal adversary (ADV) is NP-complete. Instead, we will build the optimal defense (OPT’) against a weaker adversary (ADV’). Why? Derive a limit for the best that OPT can achieve against ADV. Give ideas to bootstrap a good heuristic defense against ADV. How? Reduce information available to ADV. ADV can see a complete trace for each site (Trace={<dir1, size1, time1>, …, <dirn, sizen, timen>}) ADV’ can only see the total number of bytes loaded (T’={Σsizei}). ADV: Per-packet size, time, direction ADV’: Total trace size

14 Solvable in O(n2ε) time with simple dynamic programming!
Building OPT’ The optimal non-uniform ε-defense (OPT’) against ADV’ over a set of n websites: Creates nε partitions of the n websites. Modifies each site trace so that it is identical to all other traces in its partition (by simply increasing total trace size). Minimizes the total number of bytes added to each trace. Properties of OPT’: The range of OPT’ is a subset of the domain of OPT’ – i.e., it is an endofunction. The mapping of OPT’ is monotonically increasing. OPT’ is a deterministic algorithm. w1 w2 w3 w4 Monotonically Increasing w5 w6 Website sizes Endofunction Solvable in O(n2ε) time with simple dynamic programming!

15 The Security-Bandwidth Trade-off
ε = 1/3 OPT’ w1 w2 w3 w4 w5 w6 Website sizes OH = (4W4 + 2W6 )/(ΣWi) Accuracy of Panchenko Classifier

16 Conclusions Foundations: Understand what…
It means for a defense to be secure. The security-overhead trade-off curve looks like. Constructions: Build defenses that… Can provide security guarantees. Are efficient. Evaluation: Allow researchers to… Translate closed-world results into open-world approximations. Compare defenses with different trade-offs.

Download ppt "CS590B/690B Detecting Network Interference (Fall 2016)"

Similar presentations

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
1 Web Content Delivery Reading: Section 9.2.2 and 9.4.3 COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
An Effective Defense Against Email Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.

An Effective Defense Against Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.

Signatures As Threats to Privacy Brian Neil Levine Assistant Professor Dept. of Computer Science UMass Amherst.
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.
University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based.

University of Central Florida CAP 6135: Malware and Software Vulnerability Spring 2012 Paper Presentation Dude, where’s that IP? Circumventing measurement-based.
A novel approach of gateway selection and placement in cellular Wi-Fi system Presented By Rajesh Prasad.

A novel approach of gateway selection and placement in cellular Wi-Fi system Presented By Rajesh Prasad.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.
Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–

Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–
Measuring and Mitigating AS-level Adversaries Against Tor

Measuring and Mitigating AS-level Adversaries Against Tor
Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.
Project Webpage: Funded by: 23 5 4 mod _ kaPoW: Mitigating Denial-of-Service with Transparent Proof-of-Work Ed Kaiser & Wu-chang.

Project Webpage: Funded by: mod _ kaPoW: Mitigating Denial-of-Service with Transparent Proof-of-Work Ed Kaiser & Wu-chang.
Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.

Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.
An Effective Defense Against Email Spam Laundering Author: Mengjun Xie, Heng Yin, Haining Wang Presented At: CCS’ 06 Prepared By: Amit Shrivastava.

An Effective Defense Against Spam Laundering Author: Mengjun Xie, Heng Yin, Haining Wang Presented At: CCS’ 06 Prepared By: Amit Shrivastava.

Similar presentations

Ads by Google