Share Count Analysis HEADERS

Size: px

Start display at page:

Download "Share Count Analysis HEADERS"

Byron Chase
5 years ago
Views:

1 Measuring Network Privacy with It s 11PM. DO YOU KNOW WHERE YOUR Share Count Analysis HEADERS ARE? David Naylor Peter Steenkiste

2 GOAL measure how private a network architecture or protocol is

3 GOAL measure how private a network architecture or protocol is 1 What is Privacy? 2 Threat Model 3 Indicators Can the adversary learn sender? learn receiver? link flows? WHO WHAT HISTORY

4 GOAL measure how private a network architecture or protocol is 1 What is Privacy? 2 Threat Model 3 Indicators Global, passive adversary. CAN: Observe traffic on any link/device. CANNOT: Modify, drop, or inject packets.

5 GOAL measure how private a network architecture or protocol is 1 What is Privacy? 2 Threat Model 3 Indicators Adversary learns from: Headers Topology Timing

6 Choice of indicators has a big impact on measurement tool Headers Topology Timing WHAT YOU MEASURE Properties of an architecture WHAT YOU MEASURE Properties of a deployed network HOW YOU MEASURE Model headers and devices HOW YOU MEASURE Model topology and traffic

7 Choice of indicators has a big impact on measurement tool Headers Topology Timing WHAT YOU MEASURE Properties of an architecture WHAT YOU MEASURE Properties of a deployed network HOW YOU MEASURE Model headers and devices HOW YOU MEASURE Model topology and traffic SHARE COUNT ANALYSIS PRIOR WORK

8 Share Count Analysis Model header information leakage Model how devices modify headers Measure leakage over test path

9 Share Count Analysis Model header information leakage Model how devices modify headers Measure leakage over test path

10 1 Model header information leakage

11 1 Model header information leakage replace headers with generic, privacy-related meta-fields

12 replace headers with generic, privacy-related meta-fields IP Header Protocol Source IP Address Destination IP Address Source Port Transport Header Destination Port

13 1 Model header information leakage replace headers with generic, privacy-related meta-fields

14 1 Model header information leakage replace headers with generic, privacy-related meta-fields share counts indicate how many entities could share the same value

15 1 Model header information leakage replace headers with generic, privacy-related meta-fields share counts indicate how many entities could share the same value body is opaque value only used to link multiple sightings of a packet

16 1 Model header information leakage replace headers with generic, privacy-related meta-fields share counts indicate how many entities could share the same value body is opaque value only used to link multiple sightings of a packet

17 Share Count Analysis Model header information leakage Model how devices modify headers Measure leakage over test path

18 Share Count Analysis Model header information leakage Model how devices modify headers Measure leakage over test path

19 2 Model how devices modify headers which fields are updated? what are the new share counts? NAT = { update_fields: sender, flow new_share_counts: sender: Hn } H n = # hosts in source network

20 Share Count Analysis Model header information leakage Model how devices modify headers Measure leakage over test path

21 Share Count Analysis Model header information leakage Model how devices modify headers Measure leakage over test path

22 3 Measure leakage over test path STEP ONE: Forward test packet S-1 N-1 D-1 F H 1 P-1 S-2 N-1 D-1 F-2 H n 1 H 1 P-1 S-3 N-2 D-2 F-3 H N 1 1 P-2 Sender NAT Tor Relay Receiver H = # hosts N = # networks H n = # hosts in source network

23 STEP ONE: Forward test packet S-1 N-1 D-1 F H 1 P-1 S-2 N-1 D-1 F-2 H n 1 H 1 P-1 S-3 N-2 D-2 F-3 H N 1 1 P-2 Sender NAT Tor Relay Receiver STEP TWO: Save snapshots at vantage points S-1 N-1 D-1 F H 1 P-1 S-2 N-1 D-1 F-2 H n 1 H 1 P-1 S-3 N-2 D-2 F-3 H N 1 1 P-2

24 STEP ONE: Forward test packet S-1 N-1 D-1 F H 1 P-1 S-2 N-1 D-1 F-2 H n 1 H 1 P-1 S-3 N-2 D-2 F-3 H N 1 1 P-2 Sender NAT Tor Relay STEP TWO: Save snapshots at vantage points Receiver STEP THREE: Group linkable snapshots == P-1 S-1 N-1 D-1 F H 1 P-1 == P-2 S-3 N-2 D-2 F-3 H N 1 1 P-2 S-2 N-1 D-1 F-2 H n 1 H 1 P-1

25 STEP ONE: Forward test packet S-1 N-1 D-1 F H 1 P-1 S-2 N-1 D-1 F-2 H n 1 H 1 P-1 S-3 N-2 D-2 F-3 H N 1 1 P-2 Sender NAT Tor Relay STEP TWO: Save snapshots at vantage points STEP THREE: Group linkable snapshots Receiver == P-1 S-1 N-1 D-1 F H 1 P-1 == P-2 S-3 N-2 D-2 F-3 H N 1 1 P-2 S-2 N-1 D-1 F-2 H n 1 H 1 P-1 STEP FOUR: Find minimum share counts for each group 1 1 H 1 P-1 P-2 H N 1 1

26 Minimum share counts tell us what the adversary learned 1 1 H 1 P-1 P-2 H N 1 1 learn sender? learn receiver? link flows? WHO WHAT HISTORY

27 Minimum share counts tell us what the adversary learned 1 1 H 1 P-1 P-2 H N 1 1 learn sender? learn receiver? link flows? src net share count == 1 dest share count == 1 sender share count == 1 && dest share count == 1

28 Share Count Analysis Model header information leakage Model how devices modify headers Measure leakage over test path

29 Share Count Analysis Model header information leakage Model how devices modify headers Measure leakage over test path

30 Open Questions 1 Automate meta-field and device specs? From traces? From code? From high-level protocol spec? Ease of Use 2 Does our model capture all architectures? Path-based architectures? In-network state (e.g., MPLS, NDN)? Generality 3 Analyze payloads of common protocols e.g., DHCP, DNS, & TLS handshake Completeness 4 Analyze instances of an architecture Use topology and timing to limit share counts? Completeness

31 Measuring Network Privacy with It s 11PM. DO YOU KNOW WHERE YOUR Share Count Analysis HEADERS ARE? David Naylor Peter Steenkiste

A SIMPLE INTRODUCTION TO TOR

A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that