Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri.

Published byCody Ethelbert Moore Modified over 10 years ago

Similar presentations

Presentation on theme: "Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri."— Presentation transcript:

1 Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri

2  Voice-over-IP  Attacks  Proposed solution  Experimental Evaluation  Conclusion

3  Data transmission through Public switched telephone network  Uses Circuit switched networks  Expensive

4  We see people talking through Skype, Vonage, instant messengers  Technology behind is called VoIP  Transmission of voice traffic over IP-based networks  Sounds are recorded and compressed  Benefit of VoIP: Very economical

5  Caller anonymity and QoS  Existing approaches use Mix networks  Mix networks route traffic through nodes with random delays and random routes  For example, Onion routing

6  Other examples are Tor, Freedom and Tarzan  Mix networks cannot accommodate the QoS requirement  Low latency apps are vulnerable to timing attacks

7  Uses RTP for data transmission  Route Set Up protocol for call set up and termination

8  Operates in four steps 1.initSearch: initiates a route set up request 2.processSearch: processes a route set up request 3.processResult: processes the results of a route set up request 4.finSearch: concludes the route set up procedure

9  src initiates a request by broadcasting

10  If p receives a request from q, it checks if the sipurl is the url of the client connected to p.

11  If p receives result (searchId, q), it searches for, adds and forwards result to prev

12  If src receives result, it adds to its routing table

13  Encryption with shared symmetric key  Exposes dst (through dst.sipurl )  dst adds a random delay  src or dst can be inferred if all of their neighboring nodes are malicious

14  Triangulation based timing attacks  3 steps in triangulation based timing attacks Candidate caller detection: malicious nodes deduce a list of potential callers Candidate caller ranking: malicious nodes associate a score with every potential caller Triangulation: Colluding malicious nodes combine their sets to obtain more accurate list of callers.

15  Deterministic triangulation attack  Statistical triangulation attack  Differential triangulation attack

16  2 assumptions Link latencies are deterministic All nodes are synchronized  2 properties of route setup protocol Protocol establishes shortest route between the src and dst Node p that receives route set up request originated from src can estimate dist(src, p)

17  Candidate caller detection Compute S(p) for all s ∈ S(p),

18  Candidate caller ranking Compute the score  Triangulation Compute the final score

19

20  Link latencies are independently distributed  Length of a path P is given by  In candidate caller detection, p computes a set of Pareto-optimal distances to all nodes v  A set of path lengths d 1, d 2.. d m is Pareto- optimal if for all other path lengths d,

21  A node v is marked as a candidate caller if  If link latencies follow Gaussian, the path latencies follow Gaussian too  Score of v can be computed as  For other any other distribution, use Chebyshev’s inequality to compute

22  In Triangulation step, the aggregate score for a candidate caller v is computed

23  Eliminates time stamp ts from the route set up request  Malicious nodes can estimate the difference  In candidate caller detection, malicious node p computes statistical shortest distances to every other node v as

24  Statistical distance dist pq [v] is given by dist p [v] – dist q [v]  v is a candidate caller if  If the link latency distribution is Gaussian, the score of v is given by  Finally, the average score for v is computed

25  Network topology should be known for Timing attacks  Achieved by ping and pong messages xy ping(x,all) pong(y, x) y´y´ pong(y ´,x)

26  Experimental set up A synthetic network with 1024 nodes Topology was constructed using NS-2 topology generator Node-to-node round trip times varies from 24ms- 150ms with a mean of 74ms

27  Deterministic Triangulation Number of suspects varies with number of malicious nodes Epsilon should not be too small or large

28  Statistical Triangulation More effective than deterministic when there are uncertainties in link latencies

29  Differential Triangulation Statistical attack performs better if the clocks are synchronized Differential triangulation can achieve a top-10 probability of 0.78 with only 10 malicious nodes

30  Topology Discovery With m =20 and ttl =2, about 75% of the topology is discovered

31  Latency perturbation each node adds random delay  Random Walk Search Algorithm Resilient to timing attacks but generates suboptimal routes  Hybrid route set up Trade off anonymity with QoS

32  Sends a search request to a randomly chosen neighbor  Two key properties Markovian property Random walker does not traverse the shortest path between any two nodes

33  Controlled Random Walk Combination of two protocols γ limits the length of random walk Starts with random walk search Switches to broadcast search with probability 1- γ

34  Multi-Agent Random Walk Similar to random walk Src sends ω random walkers (ω >1) Route is established when the first random walker reaches dst Higher ω results in optimal route latency Vulnerable to triangulation based timing attack if src sends out random walkers at time t=0

35  Performed on 1024-node synthetic VoIP network topology using NS-2  Algorithms implemented using Phex: an open source Java based implementation of peer- to-peer broadcast based route set up protocol

36  Performance Characterized by cost of messaging  QoS guarantees Routes with latency<250ms satisfy QoS requirements Larger route set up latency does not affect the quality of voice conversation

37  Optimal parameter settings  Attack resilience 99% optimal parameter settings

38  Topology discovery Only fraction of topology has been discovered Top-10 probability for marw was 42% less, crw was 33% less and broadcast was only 9% less Random walk protocols are more sensitive to topology

39  VoIP in becoming popular due to its advantages in cost and convenience  It is a major concern to provide anonymity to the clients  Threat models targeting callers’ anonymity are efficient  Even if a small fraction of network is malicious, the caller can be inferred accurately  It is difficult to trade QoS with anonymity

40

Download ppt "Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri."

Similar presentations

1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.

1 Routing Protocols I. 2 Routing Recall: There are two parts to routing IP packets: 1. How to pass a packet from an input interface to the output interface.
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
A Centralized Scheduling Algorithm based on Multi-path Routing in WiMax Mesh Network Yang Cao, Zhimin Liu and Yi Yang International Conference on Wireless.

A Centralized Scheduling Algorithm based on Multi-path Routing in WiMax Mesh Network Yang Cao, Zhimin Liu and Yi Yang International Conference on Wireless.
Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.

Packet Switching COM1337/3501 Textbook: Computer Networks: A Systems Approach, L. Peterson, B. Davie, Morgan Kaufmann Chapter 3.
Bidding Protocols for Deploying Mobile Sensors Reporter: Po-Chung Shih Computer Science and Information Engineering Department Fu-Jen Catholic University.

Bidding Protocols for Deploying Mobile Sensors Reporter: Po-Chung Shih Computer Science and Information Engineering Department Fu-Jen Catholic University.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao.

Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao.
Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.

Rumor Routing in Sensor Networks David Braginsky and Deborah Estrin Presented By Tu Tran 1.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
SLAW: A Mobility Model for Human Walks Lee et al..

SLAW: A Mobility Model for Human Walks Lee et al..
LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.

LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Ashish Gupta Under Guidance of Prof. B.N. Jain Department of Computer Science and Engineering Advanced Networking Laboratory.

Ashish Gupta Under Guidance of Prof. B.N. Jain Department of Computer Science and Engineering Advanced Networking Laboratory.
Effects of Applying Mobility Localization on Source Routing Algorithms for Mobile Ad Hoc Network Hridesh Rajan presented by Metin Tekkalmaz.

Effects of Applying Mobility Localization on Source Routing Algorithms for Mobile Ad Hoc Network Hridesh Rajan presented by Metin Tekkalmaz.
Inter-Domain Path Computation in MPLS Authors: Faisal Aslam, Zartash Afzal Uzmi, Adrian Farrel, and Michal Pioro Zartash Afzal Uzmi Department of Computer.

Inter-Domain Path Computation in MPLS Authors: Faisal Aslam, Zartash Afzal Uzmi, Adrian Farrel, and Michal Pioro Zartash Afzal Uzmi Department of Computer.
Privacy-Preserving Cross-Domain Network Reachability Quantification

Privacy-Preserving Cross-Domain Network Reachability Quantification
A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.

A General approach to MPLS Path Protection using Segments Ashish Gupta Ashish Gupta.
07.04.2003presented by Hasan SÖZER1 Scalable P2P Search Daniel A. Menascé George Mason University.

presented by Hasan SÖZER1 Scalable P2P Search Daniel A. Menascé George Mason University.
Vassilios V. Dimakopoulos and Evaggelia Pitoura Distributed Data Management Lab Dept. of Computer Science, Univ. of Ioannina, Greece

Vassilios V. Dimakopoulos and Evaggelia Pitoura Distributed Data Management Lab Dept. of Computer Science, Univ. of Ioannina, Greece

Similar presentations

Ads by Google