Towards efficient traffic-analysis resistant anonymity networks Stevens Le Blond David Choffnes Wenxuan Zhou Peter Druschel Hitesh Ballani Paul Francis.

Slides:

Advertisements

Similar presentations

Tor: The Second-Generation Onion Router

Advertisements

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Rumor Riding, IEEE ICNP2006, Jinsong Han & Yunhao Liu, HKUST, Nov 12 1 Rumor Riding Anonymizing Unstructured Peer- to-Peer System Jinsong Han and Yunhao.

Project in Computer Security Integrating TOR’s attacks into the I2P darknet Chen Avnery Amihay Vinter.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Hang with Your Buddies to Resist Intersection Attacks David Wolinsky, Ewa Syta, Bryan Ford Yale University.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

IPlane: An Information Plane for Distributed Services Offence by: Anup Goyal Sagar Vemuri.

1 Modeling and Analysis of Anonymous-Communication Systems Joan Feigenbaum WITS’08; Princeton NJ; June 18, 2008 Acknowledgement:

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Pseudo Trust: Zero-Knowledge Based Authentication in Anonymous Peer-to-Peer Protocols Li Lu, Lei Hu State Key Lab of Information Security, Graduate School.

Measurement in the Internet. Outline Internet topology Bandwidth estimation Tomography Workload characterization Routing dynamics.

Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002

A distributed Search Service for Peer-to-Peer File Sharing in Mobile Applications From U. of Dortmund, Germany.

Anonymity on the Web: A Brief Overview By: Nipun Arora uni-na2271.

Cutting the Electric Bill for Internet-Scale Systems Andreas Andreou Cambridge University, R02

CS 4700 / CS 5700 Network Fundamentals Lecture 20: Malware and Tinfoil Hats (Parasites, Bleeding hearts and Spies) Slides stolen from Vern Paxson (ICSI)

Not All Microseconds are Equal: Fine-Grained Per-Flow Measurements with Reference Latency Interpolation Myungjin Lee †, Nick Duffield‡, Ramana Rao Kompella†

Preventing Active Timing Attacks in Low- Latency Anonymous Communication The 10 th Privacy Enhancing Technologies Symposium July 2010 Joan Feigenbaum Yale.

Toward Prevention of Traffic Analysis Fengfeng Tu 11/26/01.

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Study and Implementation of Efficient Security for Wireless Networks 8/25/20151 M. Razvi Doomun Faculty of Engineering University of Mauritius

Privacy-Preserving P2P Data Sharing with OneSwarm -Piggy.

CS 4700 / CS 5700 Network Fundamentals Lecture 20: Attacks and Tinfoil Hats (Bleeding hearts and Spies) Last updated 12/3/2014.

1 BitHoc: BitTorrent for wireless ad hoc networks Jointly with: Chadi Barakat Jayeoung Choi Anwar Al Hamra Thierry Turletti EPI PLANETE 28/02/2008 MAESTRO/PLANETE.

Anonymous Communication -- a brief survey

Ryan Lackey Dynamic Locations: Secure Mobile Services Discovery and Dynamic Group Membership Ryan Lackey

Preserving Caller Anonymity in Voice-over-IP Networks Mudhakar Srivatsa, Ling Liu and Arun Iyengar Presenter: Bo Wu.

Crowds: Anonymity for Web Transactions Michael K. Reiter Aviel D. Rubin Jan 31, 2006Presented by – Munawar Hafiz.

Lecture 14: Anonymity on the Web (cont) Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.

TOMA: A Viable Solution for Large- Scale Multicast Service Support Li Lao, Jun-Hong Cui, and Mario Gerla UCLA and University of Connecticut Networking.

Survey on Privacy-Related Technologies Presented by Richard Lin Zhou.

Class 8 Introduction to Anonymity CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

Plethora: Infrastructure and System Design. Introduction Peer-to-Peer (P2P) networks: –Self-organizing distributed systems –Nodes receive and provide.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 20 PHILLIPA GILL - STONY BROOK U.

Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 19 PHILLIPA GILL - STONY BROOK U.

정하경 MMLAB Fundamentals of Internet Measurement: a Tutorial Nevil Brownlee, Chris Lossley, “Fundamentals of Internet Measurement: a Tutorial,” CMG journal.

Strengthening Tor against Eavesdropping Correlation Attacks Robert Thomas CSCE APR 2015 Audio:

INTERNET TECHNOLOGIES Week 10 Peer to Peer Paradigm 1.

Traffic Correlation in Tor Source and Destination Prediction PETER BYERLEY RINDAL SULTAN ALANAZI HAFED ALGHAMDI.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Effects of Adding Arbitrary Physical Nodes(APNs) to a Mobile Ad-Hoc Network (MANET)Utilizing a Anonymous Routing Protocol.

1 Three ways to (ab)use Multipath Congestion Control Costin Raiciu University Politehnica of Bucharest.

11 CS716 Advanced Computer Networks By Dr. Amir Qayyum.

1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 

NETWORK SECURITY HERD: A SCALABLE, TRAFFIC ANALYSIS RESISTANT ANONYMITY NETWORK FOR VOIP SYSTEMS JINGTAO YAO JIAJUN LI ACM HORNORED CLASS.

CS590B/690B Detecting Network Interference (FALL 2016)

I know what you are Sharing

Outline Basics of network security Definitions Sample attacks

Anonymous Communication

SCTP v/s TCP – A Comparison of Transport Protocols for Web Traffic

Proposal: A General Infrastructure for Efficient Application-Level Protocols Steven Czerwinski Goal: To investigate ways to make.

Plethora: Infrastructure and System Design

Privacy Through Anonymous Connection and Browsing

An Introduction to Privacy and Anonymous Communication

0x1A Great Papers in Computer Security

Anonymous Communication

Alex Guy packets (stars) tor routers users web servers (squares)

Outline Network characteristics that affect security

The Case for DDoS Resistant Membership Management in P2P Systems

Modeling Entropy in Onion Routing Networks

Outline Basics of network security Definitions Sample attacks

Anonymous Communication

Presentation transcript:

Towards efficient traffic-analysis resistant anonymity networks Stevens Le Blond David Choffnes Wenxuan Zhou Peter Druschel Hitesh Ballani Paul Francis

2 Snowden wants to communicate with Greenwald without Alexander to find out Ed’s IP Glenn’s IP

The problem of IP anonymity Client Server 3 VPN proxy Proxies are single point of attack (rogue admin, break in, legal, etc)

4 Proxy Traffic analysis Onion routing (Tor) Onion routing doesn’t resist traffic analysis (well known)

Outline 5

Anonymous Quanta (Aqua) k-anonymity: Indistinguishable among k clients BitTorrent – Appropriate latency and bandwidth – Many concurrent and correlated flows 6

7 Threat model Global passive (traffic analysis) attack Active attack Edge mixes aren’t compromised

Padding 8 Constant rate (strawman) Defeats traffic analysis, but overhead proportional to peak link payload rate on fully connected network

Outline 9

10 Multipath Multipath reduces the peak link payload rate Padding

Variable uniform rate 11 Reduces overhead by adapting to changes in aggregate payload traffic

Outline 12

k-anonymity sets (ksets) 13 Send ksetRecv kset Provide k-anonymity by ensuring correlated rate changes on at least k client links Padding

Forming efficient ksets 14 Epochs Peers’ rates Are there temporal and spatial correlations among BitTorrent flows?

Outline 15

Methodology: Trace driven simulations Month-long BitTorrent trace with 100,000 users – 20 million flow samples per day – 200 million traceroute measurements Models of anonymity systems – Constant-rate: Onion routing v2 – Broadcast: P5, DC-Nets – P2P: Tarzan – Aqua 16

edges 17 Models Overhead Much better bandwidth efficiency

edges 18 Models Throttling Efficiently leverages correlations in BitTorrent flows

Outline 19

Ongoing work 20 Prototype implementation Aqua for VoIP traffic – “tiny-latency” (RTT <330ms) Intersection attacks Workload independence

Take home messages Efficient traffic-analysis resistance by exploiting existing correlations in BitTorrent traffic At core: – Multipath reduces peak payload rate – Variable uniform rate adapts to changes in aggregate payload traffic At edges, ksets: – Provide k-anonymity by sync rate on k client links – Leverage temporal and spatial correlations of BitTorrent flows 21