Managing NymBoxes for Identity and Tracking Protection David Wolinsky, Daniel Jackowitz, and Bryan Ford Yale University.

Slides:

Advertisements

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Advertisements

Virtual Switching Without a Hypervisor for a More Secure Cloud Xin Jin Princeton University Joint work with Eric Keller(UPenn) and Jennifer Rexford(Princeton)

Tor: The Second-Generation Onion Router

Expressive Privacy Control with Pseudonyms Seungyeop Han, Vincent Liu, Qifan Pu, Simon Peter, Thomas Anderson, Arvind Krishnamurthy, David Wetherall University.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Enforcing Anonymity and Improving Pseudonymity in Tails David Wolinsky Yale University.

Towards High-Availability for IP Telephony using Virtual Machines Devdutt Patnaik, Ashish Bijlani and Vishal K Singh.

Secure Off Site Backup at CERN Katrine Aam Svendsen.

By: Bryan Carey Randy Cook Richard Jost TOR: ANONYMOUS BROWSING.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Anonymizing Network Technologies Some slides modified from Dingledine, Mathewson, Syverson, Xinwen Fu, and Yinglin Sun Presenter: Chris Zachor 03/23/2011.

Container-based OS Virtualization A Scalable, High-performance Alternative to Hypervisors Stephen Soltesz, Herbert Pötzl, Marc Fiuczynski, Andy Bavier.

5205 – IT Service Delivery and Support

Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage Presenter: Martin Krogel.

1 Integrating a Network IDS into an Open Source Cloud Computing Environment 1st International Workshop on Security and Performance in Emerging Distributed.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Privacy and Anonymity CS432 - Security in Computing Copyright © 2005, 2006 by Scott Orr and the Trustees of Indiana University.

Towards a Safe Playground for HTTPS and Middle-Boxes with QoS2 Zhenyu Zhou CS Dept., Duke University.

Jakub Szefer, Eric Keller, Ruby B. Lee Jennifer Rexford Princeton University CCS October, 2011 報告人：張逸文.

Secure Encounter-based Mobile Social Networks: Requirements, Designs, and Tradeoffs.

Cross-Domain Privacy-Preserving Cooperative Firewall Optimization.

Auditing Cloud Administrators Using Information Flow Tracking Afshar David ACM Scalable Trusted Computing.

INTRODUCTION TO CLOUD COMPUTING CS 595 LECTURE 2.

1 Configurable Security for Scavenged Storage Systems NetSysLab The University of British Columbia Abdullah Gharaibeh with: Samer Al-Kiswany, Matei Ripeanu.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.

Protecting Data on Smartphones and Tablets from Memory Attacks

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

The Open Source Virtual Lab: a Case Study Authors: E. Damiani, F. Frati, D. Rebeccani, M. Anisetti, V. Bellandi and U. Raimondi University of Milan Department.

MDC417 Follow me on Working as Practice Manager for Insight, he is a subject matter expert in cloud, virtualization and management.

1 CloudVS: Enabling Version Control for Virtual Machines in an Open- Source Cloud under Commodity Settings Chung-Pan Tang, Tsz-Yeung Wong, Patrick P. C.

Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)

Virtualization for the LHCb Online system CHEP Taipei Dedicato a Zio Renato Enrico Bonaccorsi, (CERN)

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Reinventing Digital Identity Design Goals Product Overview Technology & Cryptography Overview Question & Answer.

Project Name Program Name Project Scope Title Project Code and Name Insert Project Branding Image Here.

I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser Xiang Pan, Northwestern University.

Windows Azure. Azure Application platform for the public cloud. Windows Azure is an operating system You can: – build a web application that runs.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

The Tor Network BY: CONOR DOHERTY AND KENNETH CABRERA.

Supplemental Information on TOR (The Onion Router) CEH ed 8, Rev 4 CS3695 – Network Vulnerability Assessment & Risk Mitigation–

Multiparty Access Control for Online Social Networks : Model and Mechanisms.

MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

Maximizing Performance – Why is the disk subsystem crucial to console performance and what’s the best disk configuration. Extending Performance – How.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Claudio Grandi INFN Bologna Virtual Pools for Interactive Analysis and Software Development through an Integrated Cloud Environment Claudio Grandi (INFN.

ANONYMIZING / WEB PRIVACY. TOOLS: STAYING ANONYMOUS ON THE INTERNET Proxy Server Tor.

Benjamin Knapic Nicholas Johnson.  “Tor is free software and an open network that helps you defend against a form of network surveillance that threatens.

Network Virtualization Ben Pfaff Nicira Networks, Inc.

CMSC 818J: Privacy enhancing technologies Lecture 2.

Md Baitul Al Sadi, Isaac J. Cushman, Lei Chen, Rami J. Haddad

Cloud Technology and the NGS Steve Thorn Edinburgh University (Matteo Turilli, Oxford University)‏ Presented by David Fergusson.

Working at a Small-to-Medium Business or ISP – Chapter 8

CS590B/690B Detecting Network Interference (Fall 2016)

CS590B/690B Detecting Network Interference (FALL 2016)

Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.

Design and Implement Cloud Data Platform Solutions

SAFE-OS: a Secure and Usable Desktop Operating System

Exercise ?: TOR.

ISAM 5338 Project Business Plan

Privacy Through Anonymous Connection and Browsing

SCONE: Secure Linux Containers Environments with Intel SGX

Shielding applications from an untrusted cloud with Haven

What is an operating system An operating system is the most important software that runs on a computer. It manages the computer's memory and processes,

Presentation transcript:

Managing NymBoxes for Identity and Tracking Protection David Wolinsky, Daniel Jackowitz, and Bryan Ford Yale University

Alice Internet Alice’s Laptop Surfing the Web Doesn’t want her ISP to know her activities Wants to access some services under a pseudonym Others anonymously

Alice Internet Alice’s Laptop Surfing the Web Anonymously Tor offers anonymous communication Adversary could target Tor Adversary prefers the user environment

The Leaky Boat Adversary focuses on breaking the user environment not the tool….

System enforced isolation Amnesiac browsing sessions Anonymous cloud storage Introducing Nymix Alice Internet Alice’s Laptop Cloud Storage Nym

Outline Attacks Against Privacy Nymix Architecture Defending Against Privacy Attacks Evaluating Nymix Future Directions

Application Level Attacks Eve’s Booby-trap Blog Alice Tor-based Secure Channel Unsecured Channel: “Here’s my IP” Javascript Exploit Freetopia Repressistan Alice’s Laptop Alice in Repressistan

Bob Correlation Attacks Internet Bob’s Laptop Bob of Freetopia

Confiscation Attacks Carol Carol the Landofopportunian Border patrol

Attacks Recap Application-Level Correlation Confiscation

Outline

System enforced isolation Amnesiac browsing sessions Anonymous cloud storage Data Sanitization Nymix Alice Internet Alice’s Laptop Cloud Storage Nym

Ephemeral Nym Alice Internet Alice’s Laptop AnonVM CommVM Nym Each Nym starts from the same base state Separate VMs to enforce sandboxing in AnonVM Securely erased upon exit

Long-Lived Nyms Alice Internet Alice’s Laptop AnonVM CommVM Nym Desire persistent state Resetting CommVM state can weaken anonymity 1 Anonymously store/restore from cloud 1 A. Johnson, “Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries”, CCS 2013

Long-Lived Nyms Alice Internet Alice’s Laptop AnonVM CommVM Nym Retrieve disks from cloud Close Nym Restore long-lived nym

Sharing Data – Sanitization No local data directly in a Nym Each Nym has associated Sanitization VM Process: User selects file Prompted for cleaning method Results appear in Nym Alice’s Laptop User Data

Outline

Attacks Executed in Nymix Application-Level Correlation Confiscation

Application Level Attacks Eve’s Booby-trap Blog Alice Tor-based Secure Channel Unsecured Channel: “Here’s my IP” Javascript Exploit Freetopia Repressistan Alice’s Laptop Alice in Repressistan

Application Level Attacks Eve’s Booby-trap Blog Alice Tor-based Secure Channel Javascript Exploit Freetopia Repressistan Alice’s Laptop Alice in Repressistan Secured Channel: “Here’s my Tor IP”

Attacks Executed in Nymix Application-Level Correlation Confiscation

Bob Correlation Attacks Internet Bob’s Laptop Bob of Freetopia

Bob Internet Bob’s Laptop Correlation Attacks Bob’s Laptop Bob of Freetopia Nym

Attacks Executed in Nymix Application-Level Correlation Confiscation

Confiscation Attacks Carol Carol the Landofopportunian Border patrol

Confiscation Attacks Carol Carol the Landofopportunian Border patrol X

Attacks Executed in Nymix Application-Level Correlation Confiscation

Outline

Implementation Ubuntu Qemu (KVM) for virtualization OverlayFS for union file system Google Chromium (required in order to support a circumvention software)

Evaluation I7 – 4 cores at 2.7 GHz 8 GB Ram Connects to a test deployment of Tor 10 Mbit bandwidth 200 ms latency 3 relays Nym memory usage AnonVM – 384 MB RAM, 128 MB Disk (stored in RAM) CommVM – 128 MB RAM, 16 MB Disk (stored in RAM)

CPU Evaluations

Memory Usage

Network Overhead

Outline

Nymix is… Not a complete solution An exploration of pseudonymity potential with virtualization A research prototype Related work: Tails – hardened, amnesiac Whonix, Qubes – anonymity-enforced browsing

Integration To CommVM or not CommVM Each VM is not cheap Must share a common Tor guard Sharing a common base image Existing approaches are well hardened Many configurations undesirable for AnonVM Persistence Models Store all data in the cloud Default encrypted volume header

Further Challenges Fingerprintable CPU VMM timing channels Accessing local hardware Storing data retrieved from the Internet

Conclusions Lots of attacks against identity on the Internet Nymix offers a practical solution to offering real pseudonymity on the Internet Lots of attacks outside scope, integrate Our website: Github