Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao Liu Department of Computer Science Hong Kong University of Science and Technology
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 2 Privacy r the right to be let alone: one of the rights most cherished by people. r Who is talking to whom should be confidential or private in the Internet. m Who is searching a public database? m Which movie are you downloading? m Which companies are collaborating? m Who are you talking to via ?
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 3 However… r Your machine’s IP uniquely identifies you across web sites. r Nothing illegal about cross-referencing. r The goal of Internet anonymity: A host can communicate with a server while nobody can determine its identity
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 4 Anonymous Routing r Anonymity is the state of being indistinguishable from other members of some group. Don’t know Who is Searching or Downloading What from Whom. r Main goal is to provide mechanism for routing that hides initiator’s and responder’s IP address. r Not trying to protect content of message.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 5 Previous Approaches: Mainly Path-based I B C A R
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 IP D C IP C B Path-based Examples: Mix & Onion ABCD IP D IP C IP B IP D M IP C IP D M D C B M D C IP C M D ABCDABCD Public keys IP
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 7 APFS: Mutual Anonymity Server Client
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 8 Why NOT path-based? r Path based m Difficulty in path construction and maintenance m Cryptographic computation overhead is high: RSA-based m Vulnerable to many attacks
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 9 Basic Goals: A New Mutual Anonymity Protocol for P2P r Non-path based Approach m No need to collect public keys for pre-construct a “secured path” m Changing delivery paths often m Eliminating path maintenance overhead r Lightweight: Symmetric key only
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Query and Downloading in Unstructured P2P Systems r Flooding based query r Reversed path based response r Direct downloading Initiator Query Responder Response Downloading
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Our Design: Rumor Riding Initiator I Cipher rumor Key rumor sower s a Flooding Responder C=Encrypt ( q ) K C K IPs a q q, IPs a
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Response Initiator I Responder Response key rumor Reversed Path of key rumor Response cipher rumor sower s b TCP Link sower s a Reversed path of cipher rumor IPs a IPs b Re
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Confirm Initiator I Responder Reversed path of response key rumor Reversed path of response cipher rumor sower s b Confirm cipher rumor Confirm key rumor sower s c TCP Link
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov File Delivery Initiator I Responder Data rumor sower s d TCP Link sower s a Data rumor
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Several Important Issues Setting of rumors m Can rumors meet? m Ideal collision distance? m How many sowers and where are they? r Overhead m Traffic overhead m Cryptographic overhead r Response time of queries
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Trace Driven Simulation r Physical network: BRITE, 30, ,000 nodes r Overlay network: real traces, within 10 5 nodes (Clip2 and Ion P2P ) r Each peer issues 0.3 queries per minute r Peer dynamically coming and leaving m Mean: 10 minutes
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Collision Rate Theoretical vs. Simulation - The collision rates in the P2P topology are usually higher than the theoretical results -The suggested number of rumors k and TTL value of each rumor (also the path length of each rumor) L is k × L ≥ 100
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Collision Distance r If L is larger than 25 (1 ≤ k ≤ 6), the average collision distance is no less than 5 r When the rumors’ TTL value L is larger than 30 for k = [1..6], over 90% sowers have a collision distance larger than 5 r L > 30 and 1 ≤ k ≤ 6 can effectively guarantee the safe collision distance and approximate random distribution of sowers.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Sower Number r At the least a number of sowers for each query, but obviously too many sowers will lead to heavy overhead r Each (k, k)-Rumor Riding scheme has no more than 10 sowers when k × L ≤ 200 r k × L should be in a range [100, 200] in order to meet both the reliability and the scalability requirements
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Traffic Overhead r The (6, 6)-RR is the only one larger than the Shortcut (ICDCS’03) in the average traffic cost
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Response Time r Multiple rumor scheme would reduce the response latency effectively r Also incur more traffic overhead and message replications
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Cryptographic Overhead
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Prototype Implementation Experience TABLE I Throughput of Algorithms AlgorithmsThroughput (Mbytes/s) 128-bit AES key generation0.217± bit AES Encryption8.155±0.256 CRC-32 calculation137.48± bit RSA Encryption0.148± bit RSA Decryption ± r Examined the throughput of algorithms m Key generation, 128 bits AES En/Decryption, CRC-32, 1024bits RSA En/Decryption
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Thank you ! Jinsong Han and Yunhao Liu HKUST
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Background
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Peer-to-Peer Model (P2P) r Peer to Peer(P2P) m Fully utilizing the resource of the whole system m Peers are both clients and servers in an overlay network r Unstructured P2P architecture m Centralized, Decentralized, and Hybrid
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Responder Broadcasting Based r Broadcast or multicast Using the receivers ’ public key to encrypt the message P 5 (S&P ’ 02) Initiator
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Anonymity Guarantees Message coding attackWithstands attacks Local collaborating attackWithstands unless all neighbors are malicious Timing attackWithstands attacks Traceback attackWithstands unless global adversary Predecessor attackWithstands attacks Traffic analysis attackWithstands attacks
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Message Coding Attack r Attackers analyze the message coding format r Especially effective to fresh nodes m The fresh node would lose its anonymity immediately if sending first plaintext query to the observer. r Solving method: encryption m RR uses AES encryption and split the message into two parts. Any single rumor will not expose the information of the query.
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Local Collaborating r Two collaborating adversaries could be neighbors of the initiator. r To confuse the local adversaries, a sower selects a subset of its neighbors to send the plaintext query, and the two collaborating nodes will not receive the (plaintext+cipher/key). kc ba Is ba I and s will not send the plaintext query to a and b
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Time and Traffic Analysis r Check the correlation between two traffics P1P1 PnPn IR kK+1 ∆t K’K’+1 ∆t’ 1 2 k 1 2 k Time difference Packet number account Latency analysis Clogging packets Shaping the traffic …… 1:001:051:201:25
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Invulnerable to Timing & Traffic Analysis Attack r The random walking property of rumors make it hard to build the correlation of traffics r Messages of a query cycle are not belonging to a same traffic r No continuous path in RR
Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov Predecessor Attack r Predecessor attack m An initiator repeatedly communicates to a specific responder in many rounds m Adversaries simply log any node that sends a message to the path m In this case, the initiator is most likely the one which appears more r RR m Rumors correlating to a message walk randomly and interact with random sowers unpredictably m Sowers are not fixed