Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University.

Published byBelinda Hamilton Modified over 9 years ago

Similar presentations

Presentation on theme: "Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University."— Presentation transcript:

1 Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University

2 https://www.torproject.org/about/overview.html

3 We

4 and

5

6 but...

7

8 and

9

10 CORCOR outing loud-based nion

11 Benefits, Risks, and Challenges  Potential benefits of cloud infrastructure  High performance  Adaptability to censorship  Economic challenges  New security problems

12 Benefits of Cloud Infrastructure Performance (latency, throughput) Censorship Resistance

13 Performance  Individual nodes are higher bandwidth  Ability to add and remove nodes to meet demand 5:00 P.M.7:00 P.M.8:00 P.M.11:00 P.M.12:00 A.M.2:00 A.M.

14 COR has higher throughput than Tor US Only US & International 7.6x speedup

15 Multi-homed Datacenters are Harder to Monitor Datacenter Home 1-10 Mbps Sprint Level 3 AT&T 10-100 Gbps

16 Blocking Clouds Causes Collateral Damage X X X X

17 Benefits of Clouds  Higher performance  Elasticity to scale to demand  Multi-homing and scale makes eavesdropping difficult  Elasticity forces censors to make hard choices: collateral damage or unblocked access

18 Economics Cloud pricing is affordable for end users

19 Cost of running COR in the cloud  Cloud providers charge for CPU and bandwidth Amazon EC2 Pricing  CPU is cheap  100+ users on a 34 ¢/hr node  Bandwidth is dominant cost  100MB as low as 1 ¢

20 Tor’s Total Bandwidth Cost in the Cloud Approximately 900 MB/s 376 TB/month COR Cost: $61,200/month

21 Security Challenges and Solutions Involved Parties and Trust Model Building Tunnels Paying for Tunnels Learning About Relays

22 Distributing Trust  Tor  Tunnels between volunteer relays  COR  Tunnels between clouds from different providers

23 Is that sufficient?  Should users pay cloud providers directly?  Not anonymous: Credit cards and Paypal leak info  Another layer of indirection: Anonymity Service Providers  Operate relays and pay cloud providers  Mask users’ identities  Accept anonymous payment for access

24 System Roles  Cloud Hosting Providers (CHPs)  Provide infrastructure for COR relays  Anonymity Service Providers (ASPs)  Run relays and directory servers  Sell tokens  Redeemable for XX MB of connectivity or XX amount of time

25 System Architecture Example Organizations used above are examples only Cloud Hosting Providers IP 1.1.1.1 IP 2.2.2.2 Anonymity Service Providers

26 Circuit Construction Must be Policy Aware  Two relays within each datacenter  Different entry and exit ASPs  Different entry and exit CHPs  ASP and CHP relays are contiguous within a circuit

27 Paying for Access  Users purchase tokens  Redeem tokens for access (bandwidth or time)  Chaum’s e-cash:  Cryptographically untraceable

28 How do users gain access?  Users need two things:  Tokens  COR Directory  Solution: Bootstrapping Network  Low speed  High Latency  Free

29 Adversaries enumerate and block ingress  Current technologies  Tor Bridges  Two separate problems:  COR Relays  High speed, low latency, not free  Bootstrapping  Low speed, high latency, free

30 Summary Tor COR Secure High Speed Dynamic Scaling Free Adaptive to censorship

Download ppt "Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University."

Similar presentations

1 Scaling Advanced Real-Time Communications Bob Alice User Campus / Enterprise UserWANs/MANs/LANs Campus / Enterprise Host Network-Layer Connectivity high-performance,

1 Scaling Advanced Real-Time Communications Bob Alice User Campus / Enterprise UserWANs/MANs/LANs Campus / Enterprise Host Network-Layer Connectivity high-performance,
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
Spring 2000CS 4611 Introduction Outline Statistical Multiplexing Inter-Process Communication Network Architecture Performance Metrics.

Spring 2000CS 4611 Introduction Outline Statistical Multiplexing Inter-Process Communication Network Architecture Performance Metrics.
Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.

Take your CMS to the cloud to lighten the load Brett Pollak Campus Web Office UC San Diego.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Infrastructure as a Service (IaaS) Amazon EC2

Infrastructure as a Service (IaaS) Amazon EC2
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 6 2/13/2015.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
Public cloud definition Public cloud is a cloud in which Cloud infrastructure is available to the general public. Public cloud define cloud computing.

Public cloud definition Public cloud is a cloud in which Cloud infrastructure is available to the general public. Public cloud define cloud computing.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
© 2009 IBM Corporation RESEARCH Peeking into Cloud for better Application Manageability Sambit Sahu IBM Research.

© 2009 IBM Corporation RESEARCH Peeking into Cloud for better Application Manageability Sambit Sahu IBM Research.
Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?

Anonymity on the Internet Jess Wilson. Anonymizing Proxy What is a proxy? – An intermediary between you and the internet How does it make you anonymous?
CSE 190: Internet E-Commerce Lecture 16: Performance.

CSE 190: Internet E-Commerce Lecture 16: Performance.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.

1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.

Similar presentations

Ads by Google