Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri.

Similar presentations


Presentation on theme: "Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri."— Presentation transcript:

1 Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri

2  Voice-over-IP  Attacks  Proposed solution  Experimental Evaluation  Conclusion

3  Data transmission through Public switched telephone network  Uses Circuit switched networks  Expensive

4  We see people talking through Skype, Vonage, instant messengers  Technology behind is called VoIP  Transmission of voice traffic over IP-based networks  Sounds are recorded and compressed  Benefit of VoIP: Very economical

5  Caller anonymity and QoS  Existing approaches use Mix networks  Mix networks route traffic through nodes with random delays and random routes  For example, Onion routing

6  Other examples are Tor, Freedom and Tarzan  Mix networks cannot accommodate the QoS requirement  Low latency apps are vulnerable to timing attacks

7  Uses RTP for data transmission  Route Set Up protocol for call set up and termination

8  Operates in four steps 1.initSearch: initiates a route set up request 2.processSearch: processes a route set up request 3.processResult: processes the results of a route set up request 4.finSearch: concludes the route set up procedure

9  src initiates a request by broadcasting

10  If p receives a request from q, it checks if the sipurl is the url of the client connected to p.

11  If p receives result (searchId, q), it searches for, adds and forwards result to prev

12  If src receives result, it adds to its routing table

13  Encryption with shared symmetric key  Exposes dst (through dst.sipurl )  dst adds a random delay  src or dst can be inferred if all of their neighboring nodes are malicious

14  Triangulation based timing attacks  3 steps in triangulation based timing attacks Candidate caller detection: malicious nodes deduce a list of potential callers Candidate caller ranking: malicious nodes associate a score with every potential caller Triangulation: Colluding malicious nodes combine their sets to obtain more accurate list of callers.

15  Deterministic triangulation attack  Statistical triangulation attack  Differential triangulation attack

16  2 assumptions Link latencies are deterministic All nodes are synchronized  2 properties of route setup protocol Protocol establishes shortest route between the src and dst Node p that receives route set up request originated from src can estimate dist(src, p)

17  Candidate caller detection Compute S(p) for all s ∈ S(p),

18  Candidate caller ranking Compute the score  Triangulation Compute the final score

19

20  Link latencies are independently distributed  Length of a path P is given by  In candidate caller detection, p computes a set of Pareto-optimal distances to all nodes v  A set of path lengths d 1, d 2.. d m is Pareto- optimal if for all other path lengths d,

21  A node v is marked as a candidate caller if  If link latencies follow Gaussian, the path latencies follow Gaussian too  Score of v can be computed as  For other any other distribution, use Chebyshev’s inequality to compute

22  In Triangulation step, the aggregate score for a candidate caller v is computed

23  Eliminates time stamp ts from the route set up request  Malicious nodes can estimate the difference  In candidate caller detection, malicious node p computes statistical shortest distances to every other node v as

24  Statistical distance dist pq [v] is given by dist p [v] – dist q [v]  v is a candidate caller if  If the link latency distribution is Gaussian, the score of v is given by  Finally, the average score for v is computed

25  Network topology should be known for Timing attacks  Achieved by ping and pong messages xy ping(x,all) pong(y, x) y´y´ pong(y ´,x)

26  Experimental set up A synthetic network with 1024 nodes Topology was constructed using NS-2 topology generator Node-to-node round trip times varies from 24ms- 150ms with a mean of 74ms

27  Deterministic Triangulation Number of suspects varies with number of malicious nodes Epsilon should not be too small or large

28  Statistical Triangulation More effective than deterministic when there are uncertainties in link latencies

29  Differential Triangulation Statistical attack performs better if the clocks are synchronized Differential triangulation can achieve a top-10 probability of 0.78 with only 10 malicious nodes

30  Topology Discovery With m =20 and ttl =2, about 75% of the topology is discovered

31  Latency perturbation each node adds random delay  Random Walk Search Algorithm Resilient to timing attacks but generates suboptimal routes  Hybrid route set up Trade off anonymity with QoS

32  Sends a search request to a randomly chosen neighbor  Two key properties Markovian property Random walker does not traverse the shortest path between any two nodes

33  Controlled Random Walk Combination of two protocols γ limits the length of random walk Starts with random walk search Switches to broadcast search with probability 1- γ

34  Multi-Agent Random Walk Similar to random walk Src sends ω random walkers (ω >1) Route is established when the first random walker reaches dst Higher ω results in optimal route latency Vulnerable to triangulation based timing attack if src sends out random walkers at time t=0

35  Performed on 1024-node synthetic VoIP network topology using NS-2  Algorithms implemented using Phex: an open source Java based implementation of peer- to-peer broadcast based route set up protocol

36  Performance Characterized by cost of messaging  QoS guarantees Routes with latency<250ms satisfy QoS requirements Larger route set up latency does not affect the quality of voice conversation

37  Optimal parameter settings  Attack resilience 99% optimal parameter settings

38  Topology discovery Only fraction of topology has been discovered Top-10 probability for marw was 42% less, crw was 33% less and broadcast was only 9% less Random walk protocols are more sensitive to topology

39  VoIP in becoming popular due to its advantages in cost and convenience  It is a major concern to provide anonymity to the clients  Threat models targeting callers’ anonymity are efficient  Even if a small fraction of network is malicious, the caller can be inferred accurately  It is difficult to trade QoS with anonymity

40


Download ppt "Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presented by Mounica Atluri."

Similar presentations


Ads by Google