Presentation is loading. Please wait.

Presentation is loading. Please wait.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

Published bySavion Chipps Modified over 9 years ago

Similar presentations

Presentation on theme: "PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi."— Presentation transcript:

1 PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi Olumofin (U Waterloo) Carmela Troncoso (KU Leuven) Nikita Borisov (U Illinois) Ian Goldberg (U Waterloo) 1

2 Anonymous Communication What is anonymous communication? –Allows communication while keeping user identity (IP) secret from a third party or a recipient Growing interest in anonymous communication –Tor is a deployed system –Spies & law enforcement, dissidents, whistleblowers, censorship resistance Routers ? ? 2

3 Tor Background List of servers? 3 Trusted Directory Authority Guards Exit Middle 1. Load balancing 2. Exit policy Directory Servers Signed Server list (relay descriptors)

4 Performance Problem in Tor’s Architecture: Global View Global view –Not scalable Need solutions without global system view 4 List of servers? Directory Servers Torsk – CCS09

5 Current Solution: Peer-to-peer Paradigm Morphmix [WPES 04] – Broken [PETS 06] Salsa [CCS 06] – Broken [CCS 08, WPES 09] NISAN [CCS 09] – Broken [CCS 10] Torsk [CCS 09] – Broken [CCS 10] ShadowWalker [CCS 09] – Broken and fixed(??) [WPES 10] Very hard to argue security of a distributed, dynamic and complex P2P system. 5

6 Design Goals A scalable client-server architecture with easy to analyze security properties. – Avoid increasing the attack surface Equivalent security to Tor – Preserve Tor’s constraints Guard/middle/exit relays, Load balancing – Minimal changes Only relay selection algorithm 6

7 Key Observation Need only 18 random middle/exit relays in 3 hours – So don’t download all 2000! Naïve approach: download a few random relays from directory servers – Problem: malicious servers – Route fingerprinting attacks Download selected relay descriptors without letting directory servers know the information we asked for. Private Information Retrieval (PIR) 1025 7 Inference: User likely to be Bob Directory Server Relay # 10, 25 10: IP address, key 25: IP address, key Bob

8 Private Information Retrieval (PIR) Information theoretic PIR – Multi-server protocol – Threshold number of servers don’t collude Computational PIR – Single server protocol – Computational assumption on server Only ITPIR-Tor in this talk – See paper for CPIR-Tor 8 R C A B A Database C R B R A RARA

9 MiddleExit Guards Exit relay compromised: ITPIR-Tor: Database Locations Tor places significant trust in guard relays – 3 compromised guard relays suffice to undermine user anonymity in Tor. Choose client’s guard relays to be directory servers 9 MiddleExit Guards Exit relay honest End-to-end Timing Analysis Deny Service MiddleExit Guards At least one guard relay is honest ITPIR guarantees user privacy MiddleExit Guards All guard relays compromised ITPIR does not provide privacy But in this case, Tor anonymity broken Equivalent security to the current Tor network

10 ITPIR-Tor Database Organization and Formatting Middles, exits – Separate databases Exit policies – Standardized exit policies – Relays grouped by exit policies Load balancing – Relays sorted by bandwidth Relay Descriptors Exit Policy 1 Exit Policy 2 Non- standard Exit policies MiddlesExits e4 e3 e5 e6 e2 e1 e7 e8 m4 m3 m5 m6 m2 m1 m7 m8 Sort by Bandwidth 10

11 ITPIR-Tor Architecture 11 Trusted Directory Authority Guard relays/ PIR Directory servers 5.18 PIR Queries(1 middle/exit) 2. Initial connect 3. Signed meta-information 6. PIR Response 1. Download PIR database 4. Load balanced index selection 5. 18 middle,18 PIR Query(exit) MiddlesExits e4 e3 e5 e6 e2 e1 e7 e8 m4 m3 m5 m6 m2 m1 m7 m8

12 Performance Evaluation Percy [Goldberg, Oakland 2007] – Multi-server ITPIR scheme 2.5 GHz, Ubuntu Descriptor size 2100 bytes – Max size in the current database Exit database size – Half of middle database Methodology: Vary number of relays – Total communication – Server computation 12

13 Performance Evaluation: Communication Overhead 13 Current Tor network: 5x--100x improvement Advantage of PIR-Tor becomes larger due to its sublinear scaling: 100x--1000x improvement 1.1 MB 216 KB 12 KB

14 Performance Evaluation: Server Computational Overhead 14 Current Tor network: less than 0.5 sec 100,000 relays: about 10 seconds (does not impact user latency)

15 Performance Evaluation: Scaling Scenarios 15 Scenario Tor Communication (per client) ITPIR Communication (per client) ITPIR Core Utilization ExplanationRelayClients Current Tor 2,000250,0001.1 MB0.2 MB0.425 % 10x relay/client 20,0002.5M11 MB0.5 MB4.25 % Clients turn relays 250,000 137 MB1.7 MB0.425 %

16 Conclusion PIR can be used to replace descriptor download in Tor. – Improves scalability 10x current network size: very feasible 100x current network size : plausible – Easy to understand security properties Side conclusion: Yes, PIR can have practical uses! Questions? 16

Download ppt "PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi."

Similar presentations

Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK by Aravind Renganathan.

A P RESENTATION O N R ESOURCE D ISCOVERY I N T HE P EER- T O- P EER N ETWORK by Aravind Renganathan.
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
1 Scoped and Approximate Queries in a Relational Grid Information Service Dong Lu, Peter A. Dinda, Jason A. Skicewicz Prescience Lab, Dept. of Computer.

1 Scoped and Approximate Queries in a Relational Grid Information Service Dong Lu, Peter A. Dinda, Jason A. Skicewicz Prescience Lab, Dept. of Computer.
Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,

Efficient Information Retrieval for Ranked Queries in Cost-Effective Cloud Environments Presenter: Qin Liu a,b Joint work with Chiu C. Tan b, Jie Wu b,
TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.

TAP: A Novel Tunneling Approach for Anonymity in Structured P2P Systems Yingwu Zhu and Yiming Hu University of Cincinnati.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Dissent: Accountable, Anonymous Communication Joan Feigenbaum Joint work with Bryan Ford, Henry Corrigan-Gibbs, Yixuan.

1 Dissent: Accountable, Anonymous Communication Joan Feigenbaum Joint work with Bryan Ford, Henry Corrigan-Gibbs, Yixuan.
Rarest First and Choke Algorithms are Enough Arnaud LEGOUT INRIA, Sophia Antipolis France G. Urvoy-Keller and P. Michiardi Institut Eurecom France.

Rarest First and Choke Algorithms are Enough Arnaud LEGOUT INRIA, Sophia Antipolis France G. Urvoy-Keller and P. Michiardi Institut Eurecom France.
Managing NymBoxes for Identity and Tracking Protection David Wolinsky, Daniel Jackowitz, and Bryan Ford Yale University.

Managing NymBoxes for Identity and Tracking Protection David Wolinsky, Daniel Jackowitz, and Bryan Ford Yale University.
CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.

CS555Topic 241 Cryptography CS 555 Topic 24: Secure Function Evaluation.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.

ExperimenTor: A Testbed for Safe and Realistic Tor Experimentation Kevin Bauer 1 Micah Sherr 2 Damon McCoy 3 Dirk Grunwald 4 1 University of Waterloo 2.
236349 Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases Brian Thompson 1, Stuart Haber 2, William G. Horne 2, Tomas.

Privacy-Preserving Computation and Verification of Aggregate Queries on Outsourced Databases Brian Thompson 1, Stuart Haber 2, William G. Horne 2, Tomas.

Similar presentations

Ads by Google