1 / 26

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

This study explores inference attacks in peer-assisted Content Delivery Networks (CDNs) and proposes an Anonymous Peer-assisted CDN (APAC) that provides a high degree of anonymity while preserving desired network latency reduction and bandwidth savings. The APAC is compatible with current browsers and requires no or minimal changes to websites and clients.

ebowen
Télécharger la présentation

Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Anonymity in Peer-assisted CDNs: Inference Attacks and Mitigation YaoqiJia, Guangdong Bai, PrateekSaxena, and Zhenkai Liang NationalUniversityofSingapore

  2. Web Content Delivery • Popular websites receive millions of hits per day • A fast way to deliver web content • Options to deliver content: • Own servers • Amazon EC2, Azure • Content delivery networks (CDN) • Akamai, CloudFlare

  3. Peer-assisted CDNs • Insight: Involve web clients to serve content • Akamai NetSession, Swarmify, Maygh • NetSession offloads 70-80% traffic[NSDI12,IMC13] • Swarmify reduces over 60% network latency Server Server • Privacyissue: Inferneighbors’contents Client Client Client Client

  4. Contributions • Inference attacks on real-world services • i.e., Swarmify, BemTV and P2PSP • Anonymous Peer-assisted CDN (APAC) • Involves browsers as peers • Preserve high level of anonymity • Desired performance • Compatible with browsers

  5. Inference Attacks in Peer-assisted CDNs

  6. Inference Attacks • Goal • Inferwhatcontentavictimuserhasrequestedordelivered (browsing history) • Implication • Revealing a user’s browsing history significantly leaks the user’s privacy • A user’s digital identity can be revealed[S&P 10] • A user’s geolocation/political orientation [W2SP14]

  7. Inference Attacks in Peer-assisted CDNs • Passiveattacks:adversarypre-storesallcontentpotentiallyinterestingtothevictim • Activeattacks:adversarytraversesallcontentpotentiallyservedbythevictim Server Server Passive Active Request Request Fetch Deliver Adversary Adversary Victim Victim

  8. Real-worldCaseStudies • Swarmify,BemTV & P2PSP • Adeployedsitewith10imagesand2videos • Avictimpeerrequestsandstoresresources • AnadversaryinthesameLANfrequentlyrequestsandservesresources • Nodefenseagainstinferenceattacks • Adversarycanobserveallresourcesfrom/tothevictim • Evenopenforcontentpollutionattacks How to mitigate inference attacks?

  9. AnonymousPeer-assistedCDN

  10. Threat Model • Initiator:peer initiates the request • Responder: peer responds the request • Honest-but-curious adversary • Followprotocols • Outofscope • Sybil attacks • Denial-of-service attacks (DoS)

  11. AnonymousPeer-assistedCDN (APAC) • Goal • Anonymity:concealauser’sidentitytounlinkheridwithheronlinetrace • Performance:acceptablenetworklatency • Compatibility:no(orminor)changesonwebsitesandclients • Intuition • Onion-routing (OR)techniques

  12. OnionRouting,butwith Careful Parameter Selection • OR: Messages are encapsulated in layers of encryption(onions) • Limitations: • Onlyinitiatoranonymity • Non-negligible circuit setup latency • Nodesrandomlychosen Encryption Circuit Decryption

  13. OverviewofAPAC • Peer server constructs the circuit foreachrequestinsteadofpeers (anonymity) • Region-based circuit construction(performance) • Choose intermediate nodes in three regions: near-initiator, near-responderand globally random • Communications via WebRTC (compatibility)

  14. Initiation in APAC • Peers fetch resources from the content server Content Server Fetch Store Peer vA Peer vB

  15. Content Delivery via Peers • Peers fetch resources from other peers Peer Server Request Report Request via OR circuit Reply Peer vB (Responder) Peer vA (Initiator) Peer vB (Intermediate)

  16. Region-based Circuit Construction Peer Server Peer vB (Intermediate) Peer vB (Responder) Peer vA (Initiator)

  17. Anonymity Analysis for APAC

  18. Degree of Anonymity • Def 1:The degree of initiator anonymity provided by a system is defined by: • Result: The degree of initiator anonymity can be represented as:

  19. Parameter Selection • Level of anonymity • The maximum number of intermediate nodes Lmax • Distribution factors: the fraction of intermediate nodes near the initiator/responder αinit/αres • The total number of peers N and the number of peers having requested resources NR WhenLmax ≥2, APAC can preserve the standarddegree of anonymity (i.e., 0.8)achievedbypreviouswork

  20. Performance Evaluation

  21. Measurement Setup • Scenario: CDN operators place edges servers in major cities, but users are not located in those cities • Deployed site provides images 1KB–2 MB • Content server / peer server in City A (New York) • 100 Peers in City B (Singapore)

  22. Network Latency Reduction (NLR) % For a 4-node circuit where APAC provides a latency reduction (49.7%) lower than the performance obtained for Swarmify (69.4%) and non-anonymous setting (76.1%).

  23. Effect of Distribution Factors #Nodesin eachregion Locating intermediate nodes near initiator/responder reduces network latency

  24. Sweet Spot Sweet Spot Degree of Anonymity With up-to 2 intermediate nodes, APAC preserves adequate degree of anonymity (i.e., 0.8) and desired performance (e.g., 97.3% bandwidth savings)

  25. Conclusion • Inference attacks on peer-assisted CDNs • Anonymous Peer-assisted CDN (APAC) • Highdegree of anonymity • Desired network latency reduction and bandwidth savings • Compatible with current browsers

  26. Thanks You Q & A E-mail: jiayaoqi@comp.nus.edu.sg

More Related