Download presentation
Presentation is loading. Please wait.
1
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13, 2002 http://pdos.lcs.mit.edu/tarzan/
2
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 2 Participant can communicate anonymously with non-participant User can talk to CNN.com User ? ? Nobody knows who user is The Grail of Anonymization
3
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 3 ?=? Should we offer anonymity? Actions of user seeking anonymity Method of observing user’s identity LegalIllegal Legal Illegal Definitely! Yes ??? No (?)
4
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 4 Our Vision for Anonymization Thousands of nodes participate Bounce traffic off one another Mechanism to organize nodes: peer-to-peer All applications can use: IP layer
5
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 5 Alternative 1: Proxy Approach Intermediate node to proxy traffic Completely trust the proxy Anonymizer.com User Proxy
6
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 6 Realistic Threat Model Corrupt proxy(s) –Adversary runs proxy(s) –Adversary targets proxy(s) and compromises, possibly adaptively Network links observed –Limited, localized network sniffing –Wide-spread (even global) eavesdropping e.g., Carnivore, Chinese firewall, ISP search warrants
7
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 7 Failures of Proxy Approach User Proxy Traffic analysis is easy Proxy reveals identity
8
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 8 Failures of Proxy Approach User Proxy X X CNN blocks connections from proxy Traffic analysis is easy Adversary blocks access to proxy (DoS) Proxy reveals identity
9
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 9 Alternative 2: Centralized Mixnet User Relay MIX encoding creates encrypted tunnel of relays –Individual malicious relays cannot reveal identity Packet forwarding through tunnel Onion Routing, Freedom Small-scale, static network
10
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 10 Alternative 2: Centralized Mixnet User Relay MIX encoding creates encrypted tunnel of relays –Individual malicious relays cannot reveal identity Packet forwarding through tunnel Cover traffic among relays hides data traffic
11
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 11 Failures of Centralized Mixnet Relay CNN blocks core routers X
12
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 12 Relay Failures of Centralized Mixnet CNN blocks core routers Adversary targets core routers Relay
13
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 13 Relay Failures of Centralized Mixnet Relay CNN blocks core routers Adversary targets core routers Allows network-edge analysis Relay
14
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 14 Relay Failures of Centralized Mixnet Relay CNN blocks core routers Adversary targets core routers Allows network-edge analysis Relay Cover traffic doesn’t protect edges (n 2 ) X
15
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 15 Tarzan: Me Relay, You Relay Thousands of nodes participate Build tunnel over pseudorandom set of nodes Cover traffic covers edges Crowds: small-scale, not self-organizing, not a mixnet, no cover
16
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 16 Benefits of Peer-to-Peer Design No network edge to analyze: First hop does not know he’s first ? ? ? ? ? CNN cannot block everybody Adversary cannot target everybody Global eavesdropping gains little info
17
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 17 Managing Peers Requires a mechanism that 1.Discovers peers 2.Scalable 3.Robust against adversaries
18
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 18 Adversary can join more than once Stop it from spoofing addresses outside of control? Adversaries Can Join System Contact peers directly to – Validate IP address – Learn public key
19
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 19 Adversaries Can Join System Adversary can join more than once Can control many addresses on each subnet! Randomly select nodes by subnet “domain”, not IP address
20
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 20 Tarzan: Joining the System 1. Contacts known peers to learn neighbor lists 2. Validates each peer by directly pinging User
21
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 21 Tarzan: Discovering Peers User 3. Nodes pair-wise choose (verifiable) mimics 4. Mimics begin passing cover traffic
22
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 22 Tarzan: Discovering Peers User 5. Building tunnel: Iteratively selects peers and builds tunnel from among last-hop’s mimics
23
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 23 Tarzan: Building Tunnel User 5. Building tunnel: Public-key encrypts tunnel info during setup Maps flowid session key, next hop IP addr Tunnel Private Address Public Alias Address Real IP Address PNAT
24
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 24 IP Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User APP Diverts packets to tunnel source router IP X
25
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 25 IP Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User APP IP NATs to private address space 192.168.x.x Layer encrypts packet
26
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 26 Encapsulates in UDP and forwards packet Strips off encryption, forwards to next hop Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User IP APP
27
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 27 IP NATs again to public alias address Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User APP
28
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 28 Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User APP Reads IP headers and sends accordingly IP
29
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 29 Response repeats process in reverse IP Tarzan: Tunneling Data Traffic 6. Reroutes packets over this tunnel User IP APP IP
30
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 30 Tarzan: Tunneling Data Traffic Transparently supports anonymous servers Can build double-blinded channels Server IP APP IP Oblivious User
31
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 31 Summary Gain anonymity: –Peer-to-peer: scalable, decentralized, secure –Cover traffic over mimics Transparent IP-layer anonymization –Towards a critical mass of users
32
September 13, 2002 Building a Peer-to-Peer Anonymizing Network LayerPage 32 More information… http://pdos.lcs.mit.edu/tarzan/
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.