Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi.

Similar presentations


Presentation on theme: "Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi."— Presentation transcript:

1 Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi

2 Problem Statement Leverage existing popular P2P overlays to send confidential, anonymous messages without keys

3 Overlays rock! Thousands of nodes Plenty of traffic to hide anonymous communication Diverse membership  Nodes unlikely to collude Dynamic  Hard to track Ideal for anonymous communication

4 Overlays suck! Nodes don’t have public keys Nodes are not trustworthy Nodes are unreliable

5 This talk: Information Slicing Message confidentiality, and source and destination anonymity No public keys Churn resilient

6 1. Message Confidentiality Without Keys

7 Confidentiality via Information Slicing Split message to random pieces and send pieces along node-disjoint paths “aaspdgfqw” “asdlfrwe” Random pieces “Borat: Cultural” “Leanings of America” Split into two “Borat: Cultural Leanings of America ” Original Message Randomize them! “Borat: Cultural” “Leanings of America”

8 MeD Confidentiality via Information Slicing “aaspdgfqw” “asdlfrwe”

9 Message Recovery by destination Received random pieces “aaspdgfqw” “ asdlfrwe ” “aaspdgfqw” “asdlfrwe” Matrix inversion Pieces of original message “Borat: Cultural” “Leanings of America” Original Message “Borat: Cultural Leanings of America ”

10 Destination gets all pieces  can decode Even an attacker that gets all but one piece cannot decode !

11 2. Anonymity without Keys

12 System Setup Anonymous communication has two phases Route Setup A node learns how to forward a received message Data transmission Just follow the routes

13 Setup Anonymous Routes Each node knows its next hop No one else knows the next hop of a node Why not tell each node the ID of its next hop in a confidential message? Idea : Build anonymity by confidentially sending to each node it’s routing info!

14 Exponential Blowup! Naïve way to send to a node its next hop

15 V W R Z Z’s next hop information: R’s next hop information: Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information

16 Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information V W R Z V and W will know Z and R’s next hops

17 V W R Z Reuse V to send pieces that belong to different nodes Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information

18 V W R Z Reuse nodes to send multiple pieces as long as the pieces belong to different messages Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information

19 Slicing Protocol S S’ Source has multiple IP addresses

20 R V W Z Slicing Protocol S S’ D X Source organizes nodes into stages

21 R V W Z Slicing Protocol S S’ D X Destination D is placed randomly (here in last stage)

22 R V W Z Slicing Protocol S S’ D X Source confidentially tells each node its next hop info

23 R V W Z Slicing Protocol S S’ D X V receives the ids of its next hops along disjoint paths

24 R V W Z Slicing Protocol S S’ D X V also receives one piece meant for Z and one for R, but cannot decipher their next hops

25 R V W Z Slicing Protocol S S’ D X W also receives its info and pieces for Z and R W cannot decipher Z’s and R’s next hops

26 R V W Z Slicing Protocol S S’ D X V and W have pieces meant for Z and R

27 R V W Z Slicing Protocol S S’ D X V and W forward the pieces meant for Z and R

28 R V W Z Slicing Protocol S S’ D X Node disjoint paths to deliver to Z its V and W do not have enough pieces to know Z’s info

29 R V W Z Slicing Protocol S S’ D X The same for R

30 R V W Z Slicing Protocol S S’ D X V and W are reused without revealing anything about Z and R’s routing information

31 R V W Z Slicing Protocol S S’ D X Similarly source constructs entire graph

32 R V W Z Slicing Protocol S S’ D X Anonymity without keys!

33 3. Dealing With Churn

34 Slicing Protocol - Churn What if node V departs? R V W Z S S’ D X

35 Slicing Protocol - Churn What if node V departs? Destination cannot decode R V W Z S S’ D X X

36 How Do We Combat Churn? Churn causes data loss Typical solution  Add Redundancy Use coding to efficiently add redundancy

37 Source Coding the Data Source Coding (Erasure Codes) Split into 3 pieces instead of 2 Any 2 pieces suffice to retrieve data Added redundancy of (1/2) = 50%

38 Source Coding For Robustness S S1 V W R Z D X S2 U P Y X Destination D gets two pieces  Can decode Source coding can tolerate one node failure in the network

39 S S1 V W R Z D X S2 U P Y X What if a second node (here Z) fails? Source Coding For Robustness

40 S S1 V Z S2 X X W R D X U P Y What if a second node (here Z) fails? Destination D cannot decode Source Coding For Robustness

41 Coding partially solves problem Z X R S S1 V S2 X W U P D X Y Focus on node R

42 Coding partially solves problem R Due to upstream node failure, R receives 2 pieces instead of 3

43 Coding partially solves problem R R can only send out two pieces now, Initial redundancy is destroyed

44 Regenerating Redundancy R Pieces are linear combinations of message fragments

45 Network Coding R R can create a linear combination of the pieces he received to generate a new piece Take Linear combination of the pieces New piece

46 Network Coding R R can now send out 3 pieces instead of 2 Redundancy is regenerated inside the network

47 Network Coding R Can tolerate downstream node failures Network coding can tolerate one node failure in every stage

48 General Network Coding Nodes send linear combinations of incoming pieces Technique generalizes to any number of extra pieces For k extra pieces, network coding tolerates k failures in every stage

49 4. Evaluation

50 Evaluation Environment Implementation in Python Evaluated both in simulation and on PlanetLab Evaluate anonymity, performance and churn resilience Each metric is evaluated against the optimal existing baseline

51 Anonymity Simulate an overlay of 10000 nodes Attackers are placed randomly in the network Attackers can control nodes, snoop on their edges, and collude Comparison with Chaum mixes (optimal baseline) Entropy is standard anonymity metric Anonymity

52 How anonymous is information slicing? Fraction of Attacking Nodes Anonymity High anonymity despite no keys Source Anonymity Info. Slicing Chaum mix

53 Churn Resilience Compared against practical anonymity system  Onion Routing For fairness, onion routing is modified to have redundancy using source coding Metric: Prob. of successfully sending a message, given a particular redundancy

54 Churn Resilience Info. Slicing Onion Routing with source coding Probability of Success Added Redundancy Large increase in probability of success because of network coding Results for a Probability of Node Failure = 0.3

55 Implementation on PlanetLab

56 Churn Resilience - Planetlab Added Redundancy Probability of Success Network Coding nearly doubles the churn resilience with the same overhead!

57 Performance No. of Stages Throughput (Mb/s) No. of Stages Info. Slicing Onion Routing Two nodes in each stage and five stages Local Network PlanetLab Parallel paths  Increased throughput Info. Slicing

58 Conclusion Confidentiality  Node disjoint paths Low Cost Anonymity  Node Reuse Churn Resilience  Network Coding Enabled anonymous communication in P2P overlays with no keys. Information Slicing provides


Download ppt "Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi."

Similar presentations


Ads by Google