Presentation is loading. Please wait.

Presentation is loading. Please wait.

What's the buzz about HORNET?

Published byAlannah Chambers Modified over 6 years ago

Similar presentations

Presentation on theme: "What's the buzz about HORNET?"— Presentation transcript:

1

2 What's the buzz about HORNET?

3 You've probably all seen the news…
"Internet-scale anonymity" "Without sacrificing security, the network supports data transfer speeds of up to 93GBps" "can be scaled at little cost" "a better, faster Tor"

4 You've probably not read the abstract...
"We present HORNET, a system that enables high-speed end-to-end anonymous channels by leveraging next generation network architectures. HORNET is designed as a low-latency onion routing system that operates at the network layer thus enabling a wide rangeof applications. Our system uses only symmetric cryptography for data forwarding yet requires no per-flow state on intermediate nodes. This design enables HORNET nodes to process anonymous traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal processing overhead per additional anonymous channel. We discuss design and implementation details, as well as a performance and security evaluation."

5 HORNET: High-speed Onion Routing at the Network Layer
Low-latency onion routing network Leverages the existing Sphinx onion routing protocol Geared towards speed and scalability Use next-gen network gear instead of building an overlay

6 Desired properties Path information integrity and security
e.g. no tagging attacks No cross-link identification Session unlinkability Payload secrecy and end-to-end integrity Adversary can only learn packet length and timing

7 Claims Better speed than existing onion routing networks Tor, I2P
Better security than existing (proposed) network layer anonymity networks LAP, Dovetail

8 Speed

9 Security

10 Why is it fast?

11 Stateless data transmission

12 Stateless data transmission

13 Data packet header lengths
Scheme Header Length Sample Length (Bytes) LAP 12 + 2s.r 236 Dovetail 12 + s.r 124 Sphinx 32 + (2r + 2)s 296 Tor r 80 I2P 20 HORNET 8 + 3r.s 344 s = length of symmetric element r = maximum AS path length For sample length, s = 16 Bytes and r = 7

14 Gains No route lookup time No route storage
Tor stores at least 376 bytes per circuit Requires almost 20GB of memory for a load level of 5 million new sessions per minute

15 Mostly symmetric crypto
Each HORNET node performs one DH key exchange during setup phase Only symmetric operations used during data phase 5% slower than LAP and Dovetail for small packets (64 bytes) 71% slower for large packets (1200 bytes)

16 How? Decrypts setup packet
Sym key from medium/long- term DH priv key and sender's DH pub key Generate transient DH key Calculate a symmetric key from transient DH priv key and sender's DH pub key Encrypt routing info with local medium-term symmetric key Forward encrypted routing info + transient DH pub key Delete transient DH key

17 No replay protection Packet replay is ignored within the lifetime of a session Leads to easy DoS They suggest that adversaries would be deterred by the risk of being detected by volunteers / organizations / ASs but the detection process is going to add additional processing time and therefore compromise throughput

18 So is this the end of Tor and I2P?

19 Why not? Designed for new routing hardware that doesn't exist
Only covers session setup and data transmission Assumes routing state only shows next hop Assumes the presence of path discovery Assumes the presence of node discovery Can be used with upper-layer anonymity protocols for stronger security guarantees

20 It's actually very similar to I2P tunnels!
Both use "non-interactive" telescopic tunnel building Both only use symmetric crypto for data transmission Don't confuse I2P tunnels with I2P sessions (But I2P sessions also use mostly-symmetric crypto via "session tags"…) ((Yes, yes, this gets confusing...))

21 Key difference between HORNET and I2P
I2P tunnel packet headers are smaller than HORNET But I2P pads all to 1024 bytes I2P stores routing data I2P uses a bloom filter to detect packet replay I2P has a higher-level end-to-end crypto layer

22 Key points It doesn't actually exist
You can't throw away Tor and I2P just yet ;) It's only one piece of the puzzle Speed has trade-offs It's still a good idea!

23 Fun aside (if we get time): Implementing HORNET in I2P

24 Discussion time :)

Download ppt "What's the buzz about HORNET?"

Similar presentations

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.

IP Router Architectures. Outline Basic IP Router Functionalities IP Router Architectures.
Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.

Switching Techniques In large networks there might be multiple paths linking sender and receiver. Information may be switched as it travels through various.
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.

Cashmere: Resilient Anonymous Routing CS290F March 7, 2005.
1 Internet Networking Spring 2005 Tutorial 2 IP Checksum, Fragmentation.

1 Internet Networking Spring 2005 Tutorial 2 IP Checksum, Fragmentation.
Analysis of Onion Routing Presented in 294-4 by Jayanthkumar Kannan On 10/8/03.

Analysis of Onion Routing Presented in by Jayanthkumar Kannan On 10/8/03.
Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.

Towards an Analysis of Onion Routing Security Syverson, Tsudik, Reed, and Landwehr PET 2000 Presented by: Adam Lee 1/26/2006 Syverson, Tsudik, Reed, and.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.

1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.

Ways to reduce the risks of Crowds and further study of web anonymity By: Manasi N Pradhan.
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
1. Layered Architecture of Communication Networks: Circuit Switching & Packet Switching.

1. Layered Architecture of Communication Networks: Circuit Switching & Packet Switching.
SHIP: Performance Reference: “SHIP mobility management hybrid SIP-HIP scheme” So, J.Y.H.; Jidong Wang; Jones, D.; Sixth International Conference on 23-25.

SHIP: Performance Reference: “SHIP mobility management hybrid SIP-HIP scheme” So, J.Y.H.; Jidong Wang; Jones, D.; Sixth International Conference on

Similar presentations

Ads by Google