P 5 : A Protocol for Scalable Anonymous Communications

Similar documents
: A Protocol for Scalable Anonymous Communication

ANONYMOUS COMMUNICATIONS ON THE INTERNET

INSTRUCTIONS TO CANDIDATES

First Semester Examinations 2013/14 (Model Solution) INTERNET PRINCIPLES

Herbivore: An Anonymous Information Sharing System

THE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul

Interdomain Routing Design for MobilityFirst

A SIMPLE INTRODUCTION TO TOR

ECE 158A: Lecture 13. Fall 2015

Onion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring

What is the difference between unicast and multicast? (P# 114)

How Alice and Bob meet if they don t like onions

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

Homework 2: IP Due: 11:59 PM, Oct 19, 2017

Scalable Secure Group Communication over IP Multicast. Authors:Suman Banerjee, Bobby Bhattacharjee. Speaker: Kun Sun

CS526: Information security

There are 10 questions in total. Please write your SID on each page.

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Onion services. Philipp Winter Nov 30, 2015

CS164 Final Exam Winter 2013

Table of Contents 1 PIM Configuration 1-1

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

Chaum, Untraceable Electronic Mail, Return Addresses, and Digital Pseudonym, Communications of the ACM, 24:2, Feb. 1981

CONIKS: Bringing Key Transparency to End Users

0x1A Great Papers in Computer Security

Anonymity. Christian Grothoff.

Chapter 3 Part 2 Switching and Bridging. Networking CS 3470, Section 1

CSE 473 Introduction to Computer Networks. Final Exam Review

Wei Wang, Mehul Motani and Vikram srinivasan Department of Electrical & Computer Engineering National University of Singapore, Singapore

Onion Routing. 1) Introduction. 2) Operations. by Harikrishnan S (M.Tech CSE) Ramji Nagariya (M.S CSE), Sai Sambhu J (M.Tech CSE).

Homework 2: IP Due: 11:59 PM, Oct 20, 2016

Multicast EECS 122: Lecture 16

Network Layer (Routing)

Second Midterm Exam Solution CMPSCI 591 and 453: Computer Networks Spring 2005 Prof. Jim Kurose

CS 640 Introduction to Computer Networks. Today s lecture. What is P2P? Lecture30. Peer to peer applications

Tor: An Anonymizing Overlay Network for TCP

The Loopix Anonymity System

Information Leak in the Chord Lookup Protocol

Nemor: A Congestion-Aware Protocol for Anonymous Peer-based Content Distribution

CSCE 463/612 Networks and Distributed Processing Spring 2018

Review problems (for no credit): Transport and Network Layer

A Fault-Tolerant P2P-based Protocol for Logical Networks Interconnection

Anonymity. Assumption: If we know IP address, we know identity

Anonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L

Scalable overlay Networks

Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung

Washington State University CptS 455 Sample Final Exam (corrected 12/11/2011 to say open notes) A B C

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Mobile Communications Mobility Support in Network Layer

First Semester Examinations 2015/16 (Model Solution) INTERNET PRINCIPLES

2 ND GENERATION ONION ROUTER

MULTIPLE ACCESS PROTOCOLS 2. 1

Multicast Communications. Slide Set were original prepared by Dr. Tatsuya Susa

Department of EECS - University of California at Berkeley EECS122 - Introduction to Communication Networks - Spring 2005 Final: 5/20/2005

DISTRIBUTED COMPUTER SYSTEMS ARCHITECTURES

IPv6 PIM-DM configuration example 36 IPv6 PIM-SM non-scoped zone configuration example 39 IPv6 PIM-SM admin-scoped zone configuration example 42 IPv6

Chapter 9: Key Management

Computer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017

CSE 1 23: Computer Networks

Design and Analysis of Efficient Anonymous Communication Protocols

Private Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes

Chapter 4 roadmap. CS555, Spring /14/2005. WMU-CS, Dr. Gupta 1. Multicast Routing: Problem Statement. Approaches for building mcast trees

MANET Architecture and address auto-configuration issue

DATA COMMUNICATOIN NETWORKING

CompSci 356: Computer Network Architectures. Lecture 7: Switching technologies Chapter 3.1. Xiaowei Yang

Strong Password Protocols

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

ENEE 459-C Computer Security. Security protocols

Homework 3: Solution

Analyzing the Dual-Path Peer-to-Peer Anonymous Approach

Duke University CompSci 356 Midterm Spring 2016

Achieving Privacy in Mesh Networks

ENEE 459-C Computer Security. Security protocols (continued)

Anonymous communications: Crowds and Tor

UDP, TCP, IP multicast

On Minimizing Packet Loss Rate and Delay for Mesh-based P2P Streaming Services

Design and Implementation of Privacy-Preserving Surveillance. Aaron Segal

Security Analysis of the Lightning Network

Multicast Communications

Chapter 8 Configuring OSPF

What is Multicasting? Multicasting Fundamentals. Unicast Transmission. Agenda. L70 - Multicasting Fundamentals. L70 - Multicasting Fundamentals

CMSC 414 S09 Exam 2 Page 1 of 6 Name:

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CS 161 Computer Security

Protocols for Anonymous Communication

Midterm II December 4 th, 2006 CS162: Operating Systems and Systems Programming

Part 2. Use Cases (40 points). Consider examples of such signed records R (as in Part 1) from systems we discussed.

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri

2.1 Basic Cryptography Concepts

Iolus: A Framework for Scalable Secure Multicasting

CS244a: An Introduction to Computer Networks

Bayeux: An Architecture for Scalable and Fault Tolerant Wide area Data Dissemination

CS Paul Krzyzanowski

Strongly Anonymous Communications in Mobile Ad Hoc Networks

Closed book. Closed notes. No electronic device.

Ethernet. Lecture 6. Outline. Ethernet - Physical Properties. Ethernet - Physical Properties. Ethernet

L8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

15-440/15-640: Homework 1 Due: September 27, :30am

Challenges in Mobile Ad Hoc Network

Transcription:

P 5 : A Protocol for Scalable Anonymous Communications 1 P 5 : A Protocol for Scalable Anonymous Communications Rob Sherwood, Bobby Bhattacharjee, Aravind Srinivasan University of Maryland, College Park www.cs.umd.edu/projects/p5

P 5 : A Protocol for Scalable Anonymous Communications 2 Outline Anonymity Naive solution Refinements P 5 protocol Attacks and Performance Analysis Open Issues

P 5 : A Protocol for Scalable Anonymous Communications 3 P 5 Goals Sender, Receiver, and Sender Receiver anonymity Scalable Implementable under current infrastructure Passive Global Observer attack model Completely decentralized, minimal trust

P 5 : A Protocol for Scalable Anonymous Communications 4 Different types of Anonymity Sender anonymity anonymous set of principals (includes Bob) passive observer Alice Receiver anonymity Bob passive observer anonymous set of principals (includes Alice)

P 5 : A Protocol for Scalable Anonymous Communications 5 Sender-receiver Anonymity passive observer anonymous set of principals (includes Bob & Alice) anonymous set of principals (includes Bob) passive observer anonymous set of principals (includes Alice) Passive observer cannot determine who Bob & Alice are, or whether they are talking

P 5 : A Protocol for Scalable Anonymous Communications 6 Naive Solution: Broadcast Ring Assume all parties are arranged in a logical ring upstream and downstream neighbors are known... but cannot be mapped to their identities Messages do not contain any information that distinguishes original sender from last-hop forwarder All messages are the same size, and are sent at a constant rate All messages are per-hop encrypted

P 5 : A Protocol for Scalable Anonymous Communications 7 Sending messages on a broadcast ring Suppose Alice wants to send message m to Bob: Alice acquires Bob s public key, p Bob, out of band Alice sends {m, H(m)} pbob to her upstream neighbor Each incoming packet is decrypted and verified Each incoming packet is also forwarded to upstream neighbor System provides sender- and receiver-anonymity

P 5 : A Protocol for Scalable Anonymous Communications 8 Sender-receiver anonymity on broadcast rings What if there are only two users talking? Introduce noise When Alice does not have a message to send: - She creates a noise packet... -... and sends it upstream as if it were a real packet Achieves sender-, receiver-, and sender-receiver anonymity Does not scale: high latency and drop rates

P 5 : A Protocol for Scalable Anonymous Communications 9 Refining the Broadcast Channel... There is a tradeoff between communication efficiency and anonymity Users may want to bound anonymity if it means better communications efficiency Solution: Use multiple fixed sized rings, and map each users to a ring using a well-known function passive observer fixed size broadcast channels

P 5 : A Protocol for Scalable Anonymous Communications 10 Refining the Broadcast Channel... There is a tradeoff between communication efficiency and anonymity Users may want to bound anonymity if it means better communications efficiency Solution: Use multiple fixed sized rings, and map each users to a ring using a well-known function passive observer Alice and Bob are disconnected!

P 5 : A Protocol for Scalable Anonymous Communications 11 Routing between different channels passive observer message forwarded between channels Bob Fred Alice Each user joins a small number of channels without replacement Users advertise the set of channels they can reach and forward between channels to which they are joined If Alice and Bob do not have a channel in common, then their messages are relayed between channels by other users

P 5 : A Protocol for Scalable Anonymous Communications 12 Analysis With high probability, a path of at most length 2 exists between any two users provided: Each user joins 3 channels There are at least 100 people/channel on average...... and at most 100 channels Path length increases by 1 when number of users increase to 15,000 (150 channels)

P 5 : A Protocol for Scalable Anonymous Communications 13 Problems Real system sizes are not fixed or known a-priori Difficult to choose number of channels People have different anonymity requirements Globally quantifying paranoia is difficult Good solution still requires some mechanism for: Dynamically creating channels Extensible addressing

P 5 : A Protocol for Scalable Anonymous Communications 14 P 5 : Extensible Broadcast P 5 provides mechanisms for dynamic creation of new broadcast channels directly addressing named subset of channels Dynamic channel creation don t need to know system size a-priori

P 5 : A Protocol for Scalable Anonymous Communications 15 Subset addressing Users can join any channel but they only talk when they have the anonymity of a large enough subset In P 5, individual users can choose specfic subsets Sender anonymity is at least as large as receiver anonymity S passive Bob observer Alice Bob talks back only when Alice sends messages to set S

P 5 : A Protocol for Scalable Anonymous Communications 16 The P 5 Logical Broadcast Hierarchy */0 groups 0/1 1/1 group ids (01/2) consist of a bitstring e.g. 01, and a mask e.g. 2 00/2 01/2 10/2 11/2 000/3 001/3 010/3 011/3 100/3 101/3 110/3 111/3 This virtual structure is overlaid onto the underlying topology

P 5 : A Protocol for Scalable Anonymous Communications 17 The P 5 Logical Broadcast Hierarchy */0 groups 0/1 1/1 group ids (01/2) consist of a bitstring e.g. 01, and a mask e.g. 2 00/2 01/2 10/2 11/2 000/3 001/3 010/3 011/3 100/3 101/3 110/3 111/3 Assume H(p Alice ) = 0101 ; Alice may join any group with id. of the form ( /0), (0/1), (01/2), (010/3), etc.

P 5 : A Protocol for Scalable Anonymous Communications 18 P 5 Channels path to the root */0 0/1 channel corresponding 1/1 to group (01/2) includes group (01/2) 00/2 01/2 10/2 11/2 000/3 001/3 010/3 011/3 100/3 101/3 110/3 111/3 subtree Messages are sent to channels, which are addressible subsets of groups

P 5 : A Protocol for Scalable Anonymous Communications 19 P 5 Hierarchy operations Forwarding using a min-common-prefix check Algorithm for constructing and maintaining hierarchy in paper In practice, P 5 hierarchy overlaid on single spanning tree Users join a few groups (more than 1) for routing purposes

P 5 : A Protocol for Scalable Anonymous Communications 20 User actions on the P 5 tree Users are mapped to a group using a hash of their public key Local security parameters L min and L max : L min : the smallest acceptable anonymous channel size L max : the largest acceptable anonymous channel size When joining the system, Alice computes b Alice = H(P K Alice ), and picks an m Alice value such that: L min k L max where k is the number of people in channel (b Alice, m Alice )

P 5 : A Protocol for Scalable Anonymous Communications 21 Sending a message Alice Bob: Hi, I m in channel (b Alice, m Alice ) Suppose Bob wants to divulge two bits (01) of his key How does Alice know Bob s mask?

P 5 : A Protocol for Scalable Anonymous Communications 22 Guessing a Mask: Too broad is fine */0 0/1 1/1 00/2 01/2 10/2 11/2 000/3 001/3 010/3 011/3 100/3 101/3 110/3 111/3 Alice Bob: ACK, I m in channel (b Bob, m Bob )

P 5 : A Protocol for Scalable Anonymous Communications 23 Too restricted is not! */0 0/1 1/1 00/2 01/2 root of 10/2 11/2 excluded subtree 000/3 001/3 010/3 011/3 100/3 101/3 110/3 111/3 Bob: ignore message if m > m Bob (or become vulnerable to attack)

P 5 : A Protocol for Scalable Anonymous Communications 24 Performance analysis: Packet Loss Rates 0.5 0.4 Sending rate: 1/S Sending rate: log S/S Drop Rate 0.3 0.2 0.1 0 10 100 1000 10000 Group Size All users, except one randomly chosen pair, send noise Security parameters are (100, 300) Tree diameter: 13 hops; all users connected to two channels For 8192 users, 1.5 Mbps bandwidth, 200 1000 byte pps 16Kbps with <5% loss, 200 Kbps with 40% loss

P 5 : A Protocol for Scalable Anonymous Communications 25 Signal Packet Hops 1.2 Avg. number of channels 1 0.8 0.6 0.4 0.2 0 10 100 1000 10000 Group Size Matches path lengths predicted via analysis For 8192 users, most paths less than 2 hops 4 out of 6000 sampled paths required 2 hops

P 5 : A Protocol for Scalable Anonymous Communications 26 Attacks Passive Attacks - Intersection attack, e.g. joining two channels with same key Different keys for routing - Difference attack, e.g. responding to a larger mask - Correlation attack, e.g. P 5 without noise packets Active attacks - Mob attack, e.g. multiple attackers join group to provide fake anonymity

P 5 : A Protocol for Scalable Anonymous Communications 27 Issues Per-packet public-key decoding at receivers Not feasible for high packet rates (100s pps) using RSA Implementation: topology discovery - How does Alice know the number of users in her group/channel? - Use a set of topology servers ; topology servers maintain and distribute maps of the form IP Addr Group - At least one server must be uncompromised

P 5 : A Protocol for Scalable Anonymous Communications 28 Major Issues When users leave, they lose anonymity Not specific to P 5 When new users join, communication efficiency decreases, but anonymity does NOT increase Move to different channel another difference attack Thus, in P 5, users should not change groups after joining

P 5 : A Protocol for Scalable Anonymous Communications 29 P 5 Generalization/Extension Users belong to a single named subset that never changes New subsets with configurable efficiency can be added as new members join system Routing to subsets is topology-specific Rings, trees: special cases Topologies with higher-connectivity are possible

P 5 : A Protocol for Scalable Anonymous Communications 30 Related Work Sender- Receiver- Send.-Recv. Efficient System Anonymity Anonymity Anonymity Implementation DC-Net Y Y Y Xor-Trees Y Y Y Crowds Y N Y Onion Routing Y N Y Hordes Y N Y Tarzan Y N N Y P 5 Y Y Y Y

P 5 : A Protocol for Scalable Anonymous Communications 31 Future Work Faster receiver processing Better topologies Protocol without a topology server Formal analysis

P 5 : A Protocol for Scalable Anonymous Communications 32 Future Work Faster receiver processing Better topologies Protocol without a topology server Formal analysis www.cs.umd.edu/projects/p5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback