Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Similar presentations


Presentation on theme: "Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory."— Presentation transcript:

1 Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory The Tor Project 18th ACM Conference on Computer and Communications Security October 17-21, 2011 Chicago, IL

2 Overview Onion routing provides anonymous communication. 2

3 Overview Onion routing provides anonymous communication. ? 3

4 Overview Onion routing provides anonymous communication. ? ? 4

5 Overview Onion routing provides anonymous communication. ? ? ? 5

6 Overview Onion routing provides anonymous communication. It is insecure against an adversary with resources. ? ? 6

7 Overview Onion routing provides anonymous communication. It is insecure against an adversary with resources. Trust can help avoid such an adversary. – We provide a model of trust. – We design trust-based routing algorithms. ? ? 7

8 Overview Onion routing provides anonymous communication. It is insecure against an adversary with resources. Trust can help avoid such an adversary. – We provide a model of trust. – We design trust-based routing algorithms. Improve anonymity with robustness to trust errors. ? ? 8

9 Onion Routing 9

10 10 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.Onion-encrypted data is sent and unwrapped along the circuit. 3.The process runs in reverse for return data.

11 Onion Routing International onion-routing network Estimated at over 300,000 users daily ≈2500 onion routers Uses include 11 torproject.org - Avoiding censorship - Gathering intelligence - Political activism - Whistleblowing

12 Problem 12 Problem

13 13 Problem Adversary may observe or control routers.

14 14 Problem Adversary may observe or control routers. Traffic patterns can link first and last routers.

15 Problem Adversary may observe or control routers. Traffic patterns can link first and last routers. 15 Path SelectionProbability of attack success # routers observed# connections until successful attack Random0.01250100 + guards & exits0.0180 guards, 90 exits10 w/ prob. 0.1 + bandwidth weighting0.01guard&exit, 124 MiBps7.7 w/ prob. 0.077 2500 total routers, 900 exit, 800 guard First-last Correlation Attack Success

16 Key Idea: Trust Users may know how likely a router is to be under observation. 16 NameHostnameBandwidthUptimeLocationTor versionOS moria1moria.csail.mit. edu 460 KB/s1 daysUSA0.2.3.5- alpha Linux rathergonaked212-82-33- 112.ip.14v.de 302 KB/s6 daysGermany0.2.2.33Linux Unnamedstatic-ip-166- 154-142- 114.rev.dyxnet.c om 58 KB/s58 daysHong Kong 0.2.1.29Windows Server 2003 SP2 Source: http://torstatus.blutmagie.de, 10/12/2011 Tor Routers with Possible Trust Factors

17 Problems 1.What is trust? Model 2.How do we use trust? Path-selection algorithm 17

18 Model 18 User u Naïve users N AuAu Probability of Compromise: c u (r) 01 Adversaries Trust: τ u (r) = 1-c u (r) Observed destination Observed source

19 Trust-based Path Selection Algorithm 1.Destination links observed only Use downhill algorithm. 2.Source links observed only Use one-hop path of most-trusted router. 3.Neither source nor destination links observed Connect directly to destination. 4.Both source and destination links observed Connect directly to destination. 19

20 Downhill Algorithm Key idea: Blend in with the naïve users. 20 RandomMost trusted

21 Downhill Algorithm Key idea: Blend in with the naïve users. 21 RandomMost trusted

22 Downhill Algorithm Key idea: Blend in with the naïve users. 22 Most trustedRandom

23 Downhill Algorithm 23 Most trusted Random Trust 0 0 Fraction of Routers Router Trust CDF 1

24 Downhill Algorithm 24 Most trustedRandom Trust 0 0 Fraction of Routers Router Trust CDF 1

25 Downhill Algorithm 25 Most trusted Random Trust 0 0 Fraction of Routers Router Trust CDF 1

26 Downhill Algorithm 26 Most trustedRandom Trust 0 0 Fraction of Routers Router Trust CDF 1 Downhill

27 Downhill Algorithm 27

28 Downhill Algorithm 28 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric.

29 Downhill Algorithm 29 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i

30 Downhill Algorithm 30 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i

31 Downhill Algorithm 31 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i

32 Downhill Algorithm 32 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i

33 Downhill Algorithm 33 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i

34 Downhill Algorithm 34 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i

35 Downhill Algorithm 35 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i

36 Downhill Algorithm 36 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i 3.For each connection, 1.Create circuit through selected routers. 2.Randomly choose two routers. 3.Extend circuit through them to the destination.

37 Downhill Algorithm 37 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i 3.For each connection, 1.Create circuit through selected routers. 2.Randomly choose two routers. 3.Extend circuit through them to the destination.

38 Downhill Algorithm 38 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i 3.For each connection, 1.Create circuit through selected routers. 2.Randomly choose two routers. 3.Extend circuit through them to the destination.

39 Downhill Algorithm 39 1.Set path length l and trust levels λ 1,…, λ l to optimize expectation of anonymity metric. 2.For 1 ≤ i ≤ l, Randomly select among routers with trust ≥ λ i 3.For each connection, 1.Create circuit through selected routers. 2.Randomly choose two routers. 3.Extend circuit through them to the destination.

40 Anonymity Analysis Metric: Posterior probability of actual source of a given connection. 40 u Example: Let T i = {r : τ u (r) ≥ λ i }. Let A u ⊂ R be the routers compromised by A u. Let X 1 = Pr[ u chose observed path] = ( |T 1 \A u |/|T 1 | ) ( |T 2 \A u |/|T 2 | ) ( 1/|T 3 | ) ( 1/|R| ) 2 Let X 2 = Pr[ n ∈ N chose observed path] = ( |R\A u |/|R| ) 2 ( 1/|R| ) 3 Posterior probability: X 1 /(X 1 +|N|X 2 ) static dynamic

41 Anonymity Analysis 41 Expected anonymity DownhillMost trustedRandomLower bound Many @ medium trust0.02740.25190.10880.01 Many @ low trust0.05500.17510.47630.001

42 Anonymity Analysis 42 Scenario 1: User has some limited information. τ=.99 τ=.9 τ=.1 5 routers 1000 routers 10 routers Expected anonymity DownhillMost trustedRandomLower bound Many @ medium trust0.02740.25190.10880.01 Many @ low trust0.05500.17510.47630.001

43 Anonymity Analysis 43 Scenario 2: User and friends run routers. Adversary is strong. τ=.999 τ=.95 τ=.5 5 routers 50 routers 1000 routers Expected anonymity DownhillMost trustedRandomLower bound Many @ medium trust0.02740.25190.10880.01 Many @ low trust0.05500.17510.47630.001

44 Linking Analysis Metric: Connection entropy at times user communicates. 44 Example: (u,d1)(u,d1) t1t1 t2t2 t3t3 (u,d2)(u,d2)(u,d3)(u,d3)

45 Linking Analysis Metric: Connection entropy at times user communicates. 45 Example: (?,d 1 ) t1t1 t2t2 t3t3 (?,d 2 )(?,d 3 ) The adversary may not know the user.

46 Linking Analysis Metric: Connection entropy at times user communicates. 46 Example: (v,d1)(v,d1) t1t1 t2t2 t3t3 (v,d2)(v,d2)(v,d3)(v,d3) Connections without dynamic hops may be linked by final hop.

47 Linking Analysis Metric: Connection entropy at times user communicates. 47 Example: (v,d1)(v,d1) t1t1 t2t2 t3t3 (w,d2)(w,d2)(x,d3)(x,d3) With dynamic hops, posterior distribution may be more even.

48 Linking Analysis Metric: Connection entropy at times user communicates. 48 Example: (v,d1)(v,d1) t1t1 t2t2 t3t3 (w,d2)(w,d2)(x,d3)(x,d3) With dynamic hops, posterior distribution may be more even. Theorem: Entropy of connection distribution is increased by using dynamic hops.

49 Trust Errors Theorem (informal): Error in trust of router r changes expected anonymity proportional to 1. Size of error 2. Expected number of times r is used 3. Expected relative size of r’s trust set 49

50 Trust Errors 50 Errors in Scenario 1 (many @ medium trust) Fraction x of low are medium, x/2 of med. are low, x/2 of med. are high, x of high are medium.

51 Conclusion Adversaries can attack onion-routing network like Tor today. External trust can provide protection. – We provide a model to express the problem and solution. – We give a path-selection algorithm and show that it improves anonymity. Future Work 51 Dependent compromise Link adversary Multiple adversaries per user “Road warrior” Private trust values Private adversaries

52 Onion Routing 52 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network.

53 Onion Routing 53 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened.

54 Onion Routing 54 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. {{{M} 3 } 2 } 1

55 Onion Routing 55 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. {{M} 3 } 2

56 Onion Routing 56 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. {M} 3

57 Onion Routing 57 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. M

58 Onion Routing 58 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. 4.The process runs in reverse for return data. M’

59 Onion Routing 59 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. 4.The process runs in reverse for return data. {M’} 3

60 Onion Routing 60 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. 4.The process runs in reverse for return data. {{M’} 3 } 2

61 Onion Routing 61 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. 4.The process runs in reverse for return data. {{{M’} 3 } 2 } 1

62 Onion Routing 62 UsersOnion RoutersDestinations 1.A user cryptographically constructs a circuit through the network. 2.A stream to the destination is opened. 3.Onion-encrypted data is sent and unwrapped along the circuit. 4.The process runs in reverse for return data. 5.The user changes the circuit periodically.

63 Problems 1. What is trust? Model adversary – Differs among users Model user knowledge – Include uncertainty 63 2. How to use trust? Blend user connections together Use trust explicitly in guard nodes Protect trust information

64 Model Agents Users: U Routers: R Destinations: D Adversaries: {A u } u ∈ U 64 Trust Probability of compromise: c u (r) Trust: τ u (r) = 1 - c u (r) Known whether source and destination links are observed Naïve users: N ⊂ U A n 1 =A n 2, n 1,n 2 ∈ N c n (r) = c N, n ∈ N

65 Anonymity Analysis 65 Scenario 3: Trust is based on geographic region. τ=0.9τ=0.5 τ=0.1 350 routers Expected anonymity DownhillMost trustedRandomLower bound Many @ medium trust0.02740.25190.10880.01 Many @ low trust0.05500.17510.47630.001 Equal high/med/low0.10210.10270.50000.1


Download ppt "Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory."

Similar presentations


Ads by Google