Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing NymBoxes for Identity and Tracking Protection David Wolinsky, Daniel Jackowitz, and Bryan Ford Yale University.

Published byYazmin Wickersham Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing NymBoxes for Identity and Tracking Protection David Wolinsky, Daniel Jackowitz, and Bryan Ford Yale University."— Presentation transcript:

1 Managing NymBoxes for Identity and Tracking Protection David Wolinsky, Daniel Jackowitz, and Bryan Ford Yale University

2 Alice Internet Alice’s Laptop Surfing the Web Doesn’t want her ISP to know her activities Wants to access some services under a pseudonym Others anonymously

3 Alice Internet Alice’s Laptop Surfing the Web Anonymously Tor offers anonymous communication Adversary could target Tor Adversary prefers the user environment

4 The Leaky Boat Adversary focuses on breaking the user environment not the tool….

5 System enforced isolation Amnesiac browsing sessions Anonymous cloud storage Introducing Nymix Alice Internet Alice’s Laptop Cloud Storage Nym

6 Outline Attacks Against Privacy Nymix Architecture Defending Against Privacy Attacks Evaluating Nymix Future Directions

7 Application Level Attacks Eve’s Booby-trap Blog Alice Tor-based Secure Channel Unsecured Channel: “Here’s my IP” Javascript Exploit Freetopia Repressistan Alice’s Laptop Alice in Repressistan

8 Bob Correlation Attacks Internet Bob’s Laptop Bob of Freetopia

9 Confiscation Attacks Carol Carol the Landofopportunian Border patrol

10 Attacks Recap Application-Level Correlation Confiscation

11 Outline

12 System enforced isolation Amnesiac browsing sessions Anonymous cloud storage Data Sanitization Nymix Alice Internet Alice’s Laptop Cloud Storage Nym

13 Ephemeral Nym Alice Internet Alice’s Laptop AnonVM CommVM Nym Each Nym starts from the same base state Separate VMs to enforce sandboxing in AnonVM Securely erased upon exit

14 Long-Lived Nyms Alice Internet Alice’s Laptop AnonVM CommVM Nym Desire persistent state Resetting CommVM state can weaken anonymity 1 Anonymously store/restore from cloud 1 A. Johnson, “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries”, CCS 2013

15 Long-Lived Nyms Alice Internet Alice’s Laptop AnonVM CommVM Nym Retrieve disks from cloud Close Nym Restore long-lived nym

16 Sharing Data – Sanitization No local data directly in a Nym Each Nym has associated Sanitization VM Process: User selects file Prompted for cleaning method Results appear in Nym Alice’s Laptop User Data

17 Outline

18 Attacks Executed in Nymix Application-Level Correlation Confiscation

19 Application Level Attacks Eve’s Booby-trap Blog Alice Tor-based Secure Channel Unsecured Channel: “Here’s my IP” Javascript Exploit Freetopia Repressistan Alice’s Laptop Alice in Repressistan

20 Application Level Attacks Eve’s Booby-trap Blog Alice Tor-based Secure Channel Javascript Exploit Freetopia Repressistan Alice’s Laptop Alice in Repressistan Secured Channel: “Here’s my Tor IP”

21 Attacks Executed in Nymix Application-Level Correlation Confiscation

22 Bob Correlation Attacks Internet Bob’s Laptop Bob of Freetopia

23 Bob Internet Bob’s Laptop Correlation Attacks Bob’s Laptop Bob of Freetopia Nym

24 Attacks Executed in Nymix Application-Level Correlation Confiscation

25 Confiscation Attacks Carol Carol the Landofopportunian Border patrol

26 Confiscation Attacks Carol Carol the Landofopportunian Border patrol X

27 Attacks Executed in Nymix Application-Level Correlation Confiscation

28 Outline

29 Implementation Ubuntu 14.04 Qemu (KVM) for virtualization OverlayFS for union file system Google Chromium (required in order to support a circumvention software)

30 Evaluation I7 – 4 cores at 2.7 GHz 8 GB Ram Connects to a test deployment of Tor 10 Mbit bandwidth 200 ms latency 3 relays Nym memory usage AnonVM – 384 MB RAM, 128 MB Disk (stored in RAM) CommVM – 128 MB RAM, 16 MB Disk (stored in RAM)

31 CPU Evaluations

32 Memory Usage

33 Network Overhead

34 Outline

35 Nymix is… Not a complete solution An exploration of pseudonymity potential with virtualization A research prototype Related work: Tails – hardened, amnesiac Whonix, Qubes – anonymity-enforced browsing

36 Integration To CommVM or not CommVM Each VM is not cheap Must share a common Tor guard Sharing a common base image Existing approaches are well hardened Many configurations undesirable for AnonVM Persistence Models Store all data in the cloud Default encrypted volume header

37 Further Challenges Fingerprintable CPU VMM timing channels Accessing local hardware Storing data retrieved from the Internet

38 Conclusions Lots of attacks against identity on the Internet Nymix offers a practical solution to offering real pseudonymity on the Internet Lots of attacks outside scope, integrate Our website: http://dedis.cs.yale.edu/dissent/ Github https://github.com/DeDiS/WiNoNhttps://github.com/DeDiS/WiNoN

Download ppt "Managing NymBoxes for Identity and Tracking Protection David Wolinsky, Daniel Jackowitz, and Bryan Ford Yale University."

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.

Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Enforcing Anonymity and Improving Pseudonymity in Tails David Wolinsky Yale University.

Enforcing Anonymity and Improving Pseudonymity in Tails David Wolinsky Yale University.
Towards High-Availability for IP Telephony using Virtual Machines Devdutt Patnaik, Ashish Bijlani and Vishal K Singh.

Towards High-Availability for IP Telephony using Virtual Machines Devdutt Patnaik, Ashish Bijlani and Vishal K Singh.
Secure Off Site Backup at CERN Katrine Aam Svendsen.

Secure Off Site Backup at CERN Katrine Aam Svendsen.
By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.
Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.
Container-based OS Virtualization A Scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Pötzl, Marc Fiuczynski, Andy Bavier.

Container-based OS Virtualization A Scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Pötzl, Marc Fiuczynski, Andy Bavier.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage Presenter: Martin Krogel.

Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage Presenter: Martin Krogel.
1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Similar presentations

Ads by Google