Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS590B/690B Detecting network interference (Spring 2018)

Published byRolf Cobb Modified over 5 years ago

Similar presentations

Presentation on theme: "CS590B/690B Detecting network interference (Spring 2018)"— Presentation transcript:

1 CS590B/690B Detecting network interference (Spring 2018)
Lecture 16 Phillipa Gill – Umass -- Amherst.

2 Where we are Last time: Internet routing review + timing attacks
BGP hijacks/path asymmetry

3 Test your knowledge What is the goal of Tor?
How does Tor accomplish this? How does Tor pick relays? What happens if you compromise.. The entry relay? The middle relay? The exit relay? What happens if the entry and exit relay collude? Why 3 hops? Why not 1? Why not 2? How does Tor avoid colluding relays from being chosen? Why are guards used? How are guards chosen? What meta data is used by Web site fingerprinting attacks? What is the premise behind Web site fingerprinting attacks?

4 Today Continuing with traffic analysis attacks. Readings:
Users get routed Holding all the ASes

5 Review of attack criteria/ evaluation of potential in practice

6 Need to measure/infer network paths!
Attack criteria Any AS that lies on the Forward OR Reverse path, between the Source and Entry … …AND Exit and Destination can execute the attack Challenge: How to measure and mitigate these attacks in practice? We can’t actually measure reverse paths… Also can’t traceroute through Tor  Our approach: Use simulations on empirical AS graphs Consider all paths compliant with a model of routing policies Gives an approximation on potential attacks Middle relay Entry relay Exit relay Destination AS Source AS Need to measure/infer network paths! To make this more formal we say an attacker can perform a timing attack if they lay on the forward or reverse path between the client and entry, and forward OR reverse path between the exit and the destination. We wanted to understand how prevalent this sort of attack would be in practice, but we faced a nasty network measurement challenge which is that we can’t actually measure the reverse paths. We get around this by using simulations of routing policies on empirical AS graphs to understand the set of potential paths that may be chosen for these different routes. This gives us an upper bound on the number of adversaries there may be.

7 Understanding the threat to Tor
Method: Use VPN to connect to 200 sites (100 popular, 100 likely censored) through Tor VPN end points located in 10 countries Examine AS-paths between source and destination and chosen entry/exit relays. Vulnerable sites (%) We use this idea to see how often Tor selects relays that are potentially subject to this timing attack. We used VPN end points in 10 countries and used them to access a set of 200 sites through Tor. We then looked at the paths between the client and entry, and exit and destinations to infer the potential for attack. This graph shows the fraction of web sites that had the circuit for their main page content be vulnerable to this attack and the faction that had any of their circuits vulnerable. More than half of the sites have at least some of their content delivered over a vulnerable circuit. One thing we notice here is that these numbers vary pretty widely between countries for example russia, us and china have more locally hosted content so it’s more likely they will have a path that crosses a national ISP going to the content, Variation between countries (e.g., US, Russia and China have most popular content hosted locally so more of their content is vulnerable). 53% of sites have at least some content delivered over a vulnerable Tor circuit

8 Astoria: Avoiding AS-level attackers
Choose an entry/exit relay to avoid attackers Usually there is such an option Challenge: How to find the safe option? Path computations need to be done on the client Challenge: ASes may collude We resolve sibling ASes (e.g., 701, 702, 703 = Verizon) …and evaluate country-level adversaries Challenge: Minimize performance impact Cannot pre-construct circuits as in vanilla Tor  Byproduct of destination-based relay selection Challenge: Don’t overload popular relays If there are multiple safe options load balance across them What are the paths? Which relay selection is safe? To mitigate these vulnerable circuits we propose Astoria. The basic idea is that if you have an entry-exit relay selection that will avoid a potential attacker you should choose it. Otherwise we use a linear program to choose relays probabilistically such that it minimizes the number of circuits an adversary could observe over time. Additional considerations of designing this system were that the path computations had to be done on the client, so we can’t send the destination out to some look up service. We also look at Ases owned by the same organization or under control of the same government. And we also work to be a good network citizen, so when there are multiple safe relay selection options we choose amongst them probabilistically using the same load balancing function as vanilla Tor.

9 What if there is no safe option?
What if all relay selections contain at least one AS that can perform the timing attack? Astoria minimizes the amount any given attacker can learn Linear program Entry AS 1 1/3 ISP 1 can snoop with prob. 2/3 ISP 1 Source AS Entry AS 2 1/3 ISP 2 Entry AS 3 1/3

10 What if there is no safe option?
What if all relay selections contain at least one AS that can perform the timing attack? Astoria minimizes the amount any given attacker can learn Linear program Entry AS 1 ISP 1 can snoop with prob. 1/2 1/4 ISP 1 Source AS Entry AS 2 1/4 ISP 2 Entry AS 3 1/2

11 Additional slides See this slide deck (Slides 21-26, for overview of Cipollino) See this slide deck for an overview of the Users Get Routed reading:

Download ppt "CS590B/690B Detecting network interference (Spring 2018)"

Similar presentations

Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.

PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval Prateek Mittal University of Illinois Urbana-Champaign Joint work with: Femi.
The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.

The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network Rob Jansen et. al NDSS 2014 Presenter: Yue Li Part of slides adapted from R.
Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.
Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.

Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory.
Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.

Onion Routing Security Analysis Aaron Johnson U.S. Naval Research Laboratory DC-Area Anonymity, Privacy, and Security Seminar.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.

The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.
King of Limitations Present by: Ao-Jan Su. Accuracy? Accuracy depends on the distance of end hosts and their authoritative name servers. Not true for.

King of Limitations Present by: Ao-Jan Su. Accuracy? Accuracy depends on the distance of end hosts and their authoritative name servers. Not true for.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)

1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
1 Drafting Behind Akamai (Travelocity-Based Detouring) AoJan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante Department of Electrical.

1 Drafting Behind Akamai (Travelocity-Based Detouring) AoJan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante Department of Electrical.
On Multi-Path Routing Aditya Akella 03/25/02. What is Multi-Path Routing?  Dynamically route traffic Multiple paths to a destination Path taken dependant.

On Multi-Path Routing Aditya Akella 03/25/02. What is Multi-Path Routing?  Dynamically route traffic Multiple paths to a destination Path taken dependant.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.

The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.
On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)
Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Lecture 29 Page 1 Advanced Network Security Privacy in Networking Advanced Network Security Peter Reiher August, 2014.

Similar presentations

Ads by Google