Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001."— Presentation transcript:

1 Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001

2 Key Ideas Censor-resistant (p2p) publishing is a compelling and feasible application of active networking …through on-demand, rapid, decentralized, diversification of the hop-by-hop protocol We prototyped this in Freenet

3 Active Networking’s Biggest Problem Demand: no killer app Inherent problem, by definition! The space of AN protocols is interesting, not any given protocol But… a good match for censor-resistant networks

4 Censor-Resistant Networks Goals –Make intentional deletion or denial of access infeasible or difficult –Often: Anonymity Usually: overlay network An example: Freenet –Keyed data retrieval system; routing based on a hash of key –Message initiation/relaying look the same –Copies made along return route for requests: preserves popular data

5 Some Problems Facing CRNs CRN traffic may be identifiable –Static set of protocols a weakness Mere membership may be incriminating –Only identification may be necessary, not eavesdropping –Last link vulnerable: mercy of ISP Users on restricted networks cannot participate –But special techniques can get traffic through firewalls, proxies, etc.

6 Agile Protocols Use active networking techniques for replacement of single-hop protocols Completely decentralized –Any node can create a new protocol & pass to its peer –Rapid response time to censorship –Nodes can customize for their environment Unbounded set of protocols –Attacker cannot even know what percentage of set they have discovered

7 Protocol Examples Disguise and tunnel, eg through SMTP, HTTP Port-hopping… randomly Port-smearing (~spread spectrum) Bounce thru 3rd host Steganography …even better in wireless domain: physical & link level

8 “Protocol Objects” Protocol Objects implement replacement single-hop protocols Identified by content hash

9 What About Malicious Protocol Objects?

10 Protecting Local Node’s Integrity, Privacy, and Availability Threat model like Java applet, but worse for privacy –node state: cache contents, neighbor list, IP addr, username, hard drive contents –message itself Integrity and privacy: std type-safety and namespace isolation Resource attacks: resource-managing JVM [OSDI’00,...]

11 Publishing-specific DoS Attacks Same general issues as malicious nodes Failure (total or intermittent) –Either malicious or unintentional –Heuristic approach: rate Protocol Objects Ratings based on success rates for requests Evaluate via loopback test harness –Ratings are node-local More attacks/responses in paper

12 What About Bootstrapping? Shared by base Freenet system: must acquire initial {IP addr, port} out-of- band Now need {IP addr, byte code} Quantitative difference ==> qualitative change? Memory, piece of paper ==> floppy disk, email attachment, applet Conclusion: acceptable

13 Our Implementation Prototype based on Freenet system Peers can exchange Java bytecode for new protocols Protocol usage can be asymmetric, can change on any message boundary Restricted namespace

14 Four sample Protocol Objects ‘Classic’ Freenet protocol HTTPProtocol: Looks (vaguely) like HTTP TrickyProtocol: Negotiates port change after every message SpreadProtocol: Splits message on arbitrary byte boundaries, sends each chunk on a different port

15 Reprise:AN’s Major Technical Challenges Performance: no problem –In Java already! –Overlay network: IP not my problem Security –Key: change local, keep global protocol –Global network: domain-specific, therefore tractable. –Local to node: tractable, based on recent research

16 Conclusions, Future Work AN techniques seem likely to improve the censor-resistance of CR networks Feasible to implement in existing systems Future work –Implement ratings, etc. –Evaluate in lab –Evaluate “in the wild”

17

18 Active Networking’s Major Technical Challenges Performance Security –Local: node –Global: network

19 Attacks (cont’d) Selective failure: targeted censorship –Solution: encrypt before passing to PO Attack on document integrity –Reduce system integrity, or ‘tag’ for tracing –Solution: secure hash

Download ppt "Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001."

Similar presentations

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.

Denial-of-Service Resilience in Peer-to-Peer Systems D. Dumitriu, E. Knightly, A. Kuzmanovic, I. Stoica and W. Zwaenepoel Presenter: Yan Gao.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Freenet A Distributed Anonymous Information Storage and Retrieval System Ian Clarke Oskar Sandberg Brandon Wiley Theodore W.Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System Ian Clarke Oskar Sandberg Brandon Wiley Theodore W.Hong.
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
Cis3.2 -- e-commerce -- lecture #6: Content Distribution Networks and P2P (based on notes from Dr Peter McBurney © 2002-2005)

Cis e-commerce -- lecture #6: Content Distribution Networks and P2P (based on notes from Dr Peter McBurney © )
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Janos Project: FY 2001 Jay Lepreau Flux Research Group University of Utah June 5, 2001.

Janos Project: FY 2001 Jay Lepreau Flux Research Group University of Utah June 5, 2001.
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.

Responder Anonymity and Anonymous Peer-to-Peer File Sharing. by Vincent Scarlata, Brian Levine and Clay Shields Presentation by Saravanan.
Protecting Free Expression Online with Freenet Presented by Ho Tsz Kin I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley 14/08/2003.

Protecting Free Expression Online with Freenet Presented by Ho Tsz Kin I. Clarke, T. W. Hong, S. G. Miller, O. Sandberg, and B. Wiley 14/08/2003.
Anonymization and Privacy Services Infranet: Circumventing Web Censorship and Surveillance, Feamster et al, Usenix Security Symposium 2002.

Anonymization and Privacy Services Infranet: Circumventing Web Censorship and Surveillance, Feamster et al, Usenix Security Symposium 2002.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.

Freenet A Distributed Anonymous Information Storage and Retrieval System I Clarke O Sandberg I Clarke O Sandberg B WileyT W Hong.
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

Similar presentations

Ads by Google