Presentation is loading. Please wait.

Presentation is loading. Please wait.

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Similar presentations


Presentation on theme: "Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,"— Presentation transcript:

1 Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13, 2002 http://pdos.lcs.mit.edu/tarzan/

2 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 2 Participant can communicate anonymously with non-participant User can talk to CNN.com User ? ? Nobody knows who user is The Grail of Anonymization

3 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 3 ?=? Should we offer anonymity? Actions of user seeking anonymity Method of observing user’s identity LegalIllegal Legal Illegal Definitely! Yes ??? No (?)

4 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 4 Our Vision for Anonymization Thousands of nodes participate Bounce traffic off one another Mechanism to organize nodes: peer-to-peer All applications can use: IP layer

5 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 5 Alternative 1: Proxy Approach Intermediate node to proxy traffic Completely trust the proxy Anonymizer.com User Proxy

6 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 6 Realistic Threat Model Corrupt proxy(s) –Adversary runs proxy(s) –Adversary targets proxy(s) and compromises, possibly adaptively Network links observed –Limited, localized network sniffing –Wide-spread (even global) eavesdropping e.g., Carnivore, Chinese firewall, ISP search warrants

7 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 7 Failures of Proxy Approach User Proxy Traffic analysis is easy Proxy reveals identity

8 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 8 Failures of Proxy Approach User Proxy X X CNN blocks connections from proxy Traffic analysis is easy Adversary blocks access to proxy (DoS) Proxy reveals identity

9 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 9 Alternative 2: Centralized Mixnet User Relay MIX encoding creates encrypted tunnel of relays –Individual malicious relays cannot reveal identity Packet forwarding through tunnel Onion Routing, Freedom Small-scale, static network

10 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 10 Alternative 2: Centralized Mixnet User Relay MIX encoding creates encrypted tunnel of relays –Individual malicious relays cannot reveal identity Packet forwarding through tunnel Cover traffic among relays hides data traffic

11 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 11 Failures of Centralized Mixnet Relay CNN blocks core routers X

12 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 12 Relay Failures of Centralized Mixnet CNN blocks core routers Adversary targets core routers Relay

13 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 13 Relay Failures of Centralized Mixnet Relay CNN blocks core routers Adversary targets core routers Allows network-edge analysis Relay

14 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 14 Relay Failures of Centralized Mixnet Relay CNN blocks core routers Adversary targets core routers Allows network-edge analysis Relay Cover traffic doesn’t protect edges (n 2 ) X

15 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 15 Tarzan: Me Relay, You Relay Thousands of nodes participate Build tunnel over pseudorandom set of nodes Cover traffic covers edges Crowds: small-scale, not self-organizing, not a mixnet, no cover

16 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 16 Benefits of Peer-to-Peer Design No network edge to analyze: First hop does not know he’s first ? ? ? ? ? CNN cannot block everybody Adversary cannot target everybody Global eavesdropping gains little info

17 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 17 Managing Peers Requires a mechanism that 1.Discovers peers 2.Scalable 3.Robust against adversaries

18 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 18 Adversary can join more than once Stop it from spoofing addresses outside of control? Adversaries Can Join System Contact peers directly to – Validate IP address – Learn public key

19 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 19 Adversaries Can Join System Adversary can join more than once Can control many addresses on each subnet! Randomly select nodes by subnet “domain”, not IP address

20 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 20 Tarzan: Joining the System 1. Contacts known peers to learn neighbor lists 2. Validates each peer by directly pinging User

21 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 21 Tarzan: Discovering Peers User 3. Nodes pair-wise choose (verifiable) mimics 4. Mimics begin passing cover traffic

22 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 22 Tarzan: Discovering Peers User 5. Building tunnel: Iteratively selects peers and builds tunnel from among last-hop’s mimics

23 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 23 Tarzan: Building Tunnel User 5. Building tunnel: Public-key encrypts tunnel info during setup Maps flowid  session key, next hop IP addr Tunnel Private Address Public Alias Address Real IP Address PNAT

24 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 24 IP Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User APP Diverts packets to tunnel source router IP X

25 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 25 IP Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User APP IP NATs to private address space 192.168.x.x Layer encrypts packet

26 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 26 Encapsulates in UDP and forwards packet Strips off encryption, forwards to next hop Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User IP APP

27 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 27 IP NATs again to public alias address Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User APP

28 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 28 Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User APP Reads IP headers and sends accordingly IP

29 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 29 Response repeats process in reverse IP Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User IP APP IP

30 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 30 Tarzan: Tunneling Data Traffic Transparently supports anonymous servers Can build double-blinded channels Server IP APP IP Oblivious User

31 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 31 Summary Gain anonymity: –Peer-to-peer: scalable, decentralized, secure –Cover traffic over mimics Transparent IP-layer anonymization –Towards a critical mass of users

32 September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 32 More information… http://pdos.lcs.mit.edu/tarzan/


Download ppt "Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,"

Similar presentations


Ads by Google