Presentation is loading. Please wait.

Presentation is loading. Please wait.

PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale.

Published byAnthony Dean Modified over 6 years ago

Similar presentations

Presentation on theme: "PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale."— Presentation transcript:

1 PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale University 3University of Minnesota July 18th, 2017 Privacy Enhancing Technologies Symposiu

2 Overview Problem: Secure load-balancing in Tor Existing Solutions
TorFlow EigenSpeed New Solution: PeerFlow Prove security against bandwidth-limited adversary Experiments show similar performance to TorFlow Demonstrate attacks

3 Overview Problem: Secure load-balancing in Tor Existing Solutions
TorFlow EigenSpeed New Solution: PeerFlow Prove security against bandwidth-limited adversary Experiments show similar performance to TorFlow Demonstrate attacks

4 Problem Guards Exits Clients Relays Destinations

5 Problem Clients Relays Destinations
Guards Exits Clients Relays Destinations Tor relays have varying unknown capacities

6 Problem Clients Relays Destinations
Guards Exits Clients Relays Destinations Tor relays have varying unknown capacities Clients must balance load

7 Problem Clients Relays Destinations
Guards Exits Clients Relays Destinations Tor relays have varying unknown capacities Clients must balance load Insecure load balancing allows adversary to attack more client traffic

8 Problem Clients Relays Destinations
Guards Exits Clients Relays Destinations Tor relays have varying unknown capacities Clients must balance load Insecure load balancing allows adversary to attack more client traffic

9 Problem Clients Relays Destinations
Guards Exits Clients Relays Destinations Tor relays have varying unknown capacities Clients must balance load Insecure load balancing allows adversary to attack more client traffic

10 Problem Clients Relays Destinations
Guards Exits Clients Relays Destinations Tor relays have varying unknown capacities Clients must balance load Insecure load balancing allows adversary to attack more client traffic

11 The threat is real: relay falsely advertise bandwidth.
Problem The threat is real: relay falsely advertise bandwidth. U.S. Naval Research Laboratory

12 Overview Problem: Secure load-balancing in Tor Existing Solutions
TorFlow EigenSpeed New Solution: PeerFlow Prove security against bandwidth-limited adversary Experiments show similar performance to TorFlow Demonstrate attacks

13 Overview Problem: Secure load-balancing in Tor Existing Solutions
TorFlow EigenSpeed New Solution: PeerFlow Prove security against bandwidth-limited adversary Experiments show similar performance to TorFlow Demonstrate attacks

14 TorFlow Design Relays are divided into 50-relay slices by estimated capacity. Bandwidth Authorities (BWAuths) time fetching test files through pairs of relay in each slice. Relays given capacities by multiplying self-reported bandwidth by test speed divided by average speed.

15 TorFlow Design Relays are divided into 50-relay slices by estimated capacity. Bandwidth Authorities (BWAuths) time fetching test files through pairs of relay in each slice. Relays given capacities by multiplying self-reported bandwidth by test speed divided by average speed. Attacks Self-reported bandwidth can be set arbitrarily high. Relays can recognize test downloads and relay data only in those cases Malicious pairs need not actually download the file (no validation).

16 TorFlow Shadow experiments w/ #1: - Goodput: 22.50.2
Design Relays are divided into 50-relay slices by estimated capacity. Bandwidth Authorities (BWAuths) time fetching test files through pairs of relay in each slice. Relays given capacities by multiplying self-reported bandwidth by test speed divided by average speed. Attacks Self-reported bandwidth can be set arbitrarily high. Relays can recognize test downloads and relay data only in those cases Malicious pairs need not actually download the file (no validation). Shadow experiments w/ #1&#2: - Goodput: 22.50.2 - Weight: 711

17 EigenSpeed (Snader and Borisov, IPTPS 2009) Design Relays periodically send max speed of other relays to a BWAuth. Aggregator calculates capacities as eigenvector of largest connected component with trusted relays. Exclude as “liars” relays w/ reports Changing too quickly during computation, or Too different from eigenvector s12 s13 s14 s21 s23 s24 s31 s32 s34 s41 s42 s43 T= Normalize T: T’ Output v*: v*T’=λT’, λ≥1

18 EigenSpeed (Snader and Borisov, IPTPS 2009) Design Relays periodically send max speed of other relays to a BWAuth. Aggregator calculates capacities as eigenvector of largest connected component with trusted relays. Exclude as “liars” relays w/ reports Changing too quickly during computation, or Too different from eigenvector Fat-pipe attack: Large false speeds among malicious relays, small elsewhere. EigenSpeed’s liar detection is designed to prevent this.

19 EigenSpeed (Snader and Borisov, IPTPS 2009) Design Relays periodically send max speed of other relays to a BWAuth. Aggregator calculates capacities as eigenvector of largest connected component with trusted relays. Exclude as “liars” relays w/ reports Changing too quickly during computation, or Too different from eigenvector Attack “Frame” some honest non-trusted relays under liar metric #1 with avg speeds with all but framed relays. Framing attack: With 1118 trusted relays and 2.83% malicious BW, and 558 malicious relays, 559 of 5000 honest relays are framed.

20 Overview Problem: Secure load-balancing in Tor Existing Solutions
TorFlow EigenSpeed New Solution: PeerFlow Prove security against bandwidth-limited adversary Experiments show similar performance to TorFlow Demonstrate attacks

21 PeerFlow: Design

22 PeerFlow: Design Measuring relays (largest by capacity) record total bytes transferred with all other relays. ρ2 ρ1 ρ3 U.S. Naval Research Laboratory

23 PeerFlow: Design Measuring relays (largest by capacity) record total bytes transferred with all other relays Measurements added to random noise and divided by position probabilities. Result (ρi) submitted to BW Authorities (BWAuths). ρ2 ρ1 ρ3 U.S. Naval Research Laboratory

24 PeerFlow: Design Measuring relays (largest by capacity) record total bytes transferred with all other relays Measurements added to random noise and divided by position probabilities. Result (ρi) submitted to BW Authorities (BWAuths). BWAuths estimate the total bytes relayed ρ’ as the windowed, trimmed mean, trimming fractions by current capacity and windowing from trusted measurements. ρ2 ρ1 ρ3 Measured capacities 1 0.258 0.742 U.S. Naval Research Laboratory Measuring relay weights

25 PeerFlow: Design Measuring relays (largest by capacity) record total bytes transferred with all other relays Measurements added to random noise and divided by position probabilities. Result (ρi) submitted to BW Authorities (BWAuths). BWAuths estimate the total bytes relayed ρ’ as the windowed, trimmed mean, trimming fractions by current capacity and windowing from trusted measurements. ρ2 ρ1 ρ3 Measured capacities ρ’ 1 0.258 0.742 U.S. Naval Research Laboratory Measuring relay weights

26 PeerFlow: Design Measuring relays (largest by capacity) record total bytes transferred with all other relays Measurements added to random noise and divided by position probabilities. Result (ρi) submitted to BW Authorities (BWAuths). BWAuths estimate the total bytes relayed ρ’ as the windowed, trimmed mean, trimming fractions by current capacity and windowing from trusted measurements. If ρ’ is comparable to that of peers, capacity updated using ρ’, else relay enters probation. ρ2 ρ1 ρ3 Measured capacities ρ’ 1 0.258 0.742 U.S. Naval Research Laboratory Measuring relay weights

27 PeerFlow: Design Measuring relays (largest by capacity) record total bytes transferred with all other relays Measurements added to random noise and divided by position probabilities. Result (ρi) submitted to BW Authorities (BWAuths). BWAuths estimate the total bytes relayed ρ’ as the windowed, trimmed mean, trimming fractions by current capacity and windowing from trusted measurements. If ρ’ is comparable to that of peers, capacity updated using ρ’, else relay enters probation. New relays only selected for middle position ρ2 ρ1 ρ3 Measured capacities ρ’ 1 0.258 0.742 U.S. Naval Research Laboratory Measuring relay weights

28 PeerFlow: Security Single-round capacity inflation
Attack Weight multiple Only carry traffic in one direction 2 Only exchange traffic with measuring relays 1.33 Do not exchange traffic with the lower trimmed fraction of relays 1.34 Single-round capacity inflation U.S. Naval Research Laboratory Multiple-round capacity inflation

29 PeerFlow: Performance
Shadow experiments comparing PeerFlow, TorFlow, and Ideal 4 Tor directory authorities 498 Tor relays 7,500 Tor clients 1,000 servers Aggregate relay goodput per second Time to last byte of 320KiB file U.S. Naval Research Laboratory

30 Conclusion Tor needs secure load balancing
Demonstrated attacks on existing solutions TorFlow EigenSpeed Presented PeerFlow Demonstrated secure against bandwidth-limited adversary Experimentally showed performance is similar to current Tor performance

31 Backup slides

32 Problem How can a small malicious relay attack many clients?

33 Problem How can a small malicious relay attack many clients?

34 Problem How can a small malicious relay attack many clients?

35 Problem How can a small malicious relay attack many clients?
Each client need be attacked only once. Attack traffic speed can be sent at the adversary’s desired speed. TCP congestion windows can slow incoming traffic.

36 The threat is real: attacks have failed due to low weight.
Problem The threat is real: attacks have failed due to low weight. U.S. Naval Research Laboratory

37 EigenSpeed (Snader and Borisov, IPTPS 2009) Design Relays periodically send max speed of other relays to a BWAuth. Aggregator calculates capacities as eigenvector of largest connected component with trusted relays. Exclude as “liars” relays w/ reports Changing too quickly during computation, or Too different from eigenvector Attacks “Frame” some honest non-trusted relays under liar metric #1 with avg speeds with all but framed relays. Inflate capacity with normal speeds with trusted and lies with malicious. Targeted lie attack: With 1118 trusted relays, 3.70% malicious BW, and 1117 malicious relays, adversary achieves 79.5% of capacity.

Download ppt "PeerFlow: Secure Load Balancing in Tor Aaron Johnson1 Rob Jansen1 Aaron Segal2 Nicholas Hopper3 Paul Syverson1 1U.S. Naval Research Laboratory 2Yale."

Similar presentations

Connection-level Analysis and Modeling of Network Traffic understanding the cause of bursts control and improve performance detect changes of network state.

Connection-level Analysis and Modeling of Network Traffic understanding the cause of bursts control and improve performance detect changes of network state.
RED-PD: RED with Preferential Dropping Ratul Mahajan Sally Floyd David Wetherall.

RED-PD: RED with Preferential Dropping Ratul Mahajan Sally Floyd David Wetherall.
Tor: The Second-Generation Onion Router

Tor: The Second-Generation Onion Router
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.

Using Capability to prevent Internet Denial-of-Service attacks  Tom Anderson  Timothy Roscoe  David Wetherall  Offense Team –Khoa To –Amit Saha.
Transport Layer3-1 TCP AIMD multiplicative decrease: cut CongWin in half after loss event additive increase: increase CongWin by 1 MSS every RTT in the.

Transport Layer3-1 TCP AIMD multiplicative decrease: cut CongWin in half after loss event additive increase: increase CongWin by 1 MSS every RTT in the.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.

LIRA: Lightweight Incentivized Routing for Anonymity Rob Jansen Aaron Johnson Paul Syverson U.S. Naval Research Laboratory 20th Annual Network & Distributed.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory

Memory-based DoS and Deanonymization Attacks on Tor DCAPS Seminar October 11 th, 2013 Rob Jansen U.S. Naval Research Laboratory
CS 4700 / CS 5700 Network Fundamentals Lecture 12: Router-Aided Congestion Control (Drop it like it’s hot) Revised 3/18/13.

CS 4700 / CS 5700 Network Fundamentals Lecture 12: Router-Aided Congestion Control (Drop it like it’s hot) Revised 3/18/13.
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.

On Traffic Analysis in Tor Guest Lecture, ELE 574 Communications Security and Privacy Princeton University April 3 rd, 2014 Dr. Rob Jansen U.S. Naval Research.
NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.

NGMAST- WMS workshop17/09/2008, Cardiff, Wales, UK A Simulation Analysis of Routing Misbehaviour in Mobile Ad hoc Networks 2 nd International Conference.
1 Secure Detection and Isolation of TCP-unfriendly Flows Shuo Chen (Summer Intern) Jose C. Brustoloni (Mentor) Network Software Research Department Bell.

1 Secure Detection and Isolation of TCP-unfriendly Flows Shuo Chen (Summer Intern) Jose C. Brustoloni (Mentor) Network Software Research Department Bell.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Similar presentations

Ads by Google