1 / 34

Tarzan: A Peer-to-peer Anonymizing Network Layer by Michael J.Freedman, Robert Morris

Tarzan: A Peer-to-peer Anonymizing Network Layer by Michael J.Freedman, Robert Morris. Computer Science Graduate Student Jinhae Kim. Contents. Introduction Design Goals Network Model Architecture Details of Design Security Analysis Conclusion. Traffic Analysis Reveals Identities.

yuli-ramos
Télécharger la présentation

Tarzan: A Peer-to-peer Anonymizing Network Layer by Michael J.Freedman, Robert Morris

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tarzan: A Peer-to-peer Anonymizing Network Layerby Michael J.Freedman, Robert Morris Computer Science Graduate Student Jinhae Kim

  2. Contents • Introduction • Design Goals • Network Model • Architecture • Details of Design • Security Analysis • Conclusion

  3. Traffic Analysis Reveals Identities • Who is talking to whom may be confidential or private: • Who is searching a public database? • Which companies are collaborating? • Who are you talking to via e-mail? • Where do you shop on-line?

  4. Introduction • Internet Anonymization • Without revealing own ID, a host can communicate with an arbitrary server. • Anonymizer.Com • A host sends messages to a server through a proxy. • Anonymous remailer system, Onion Routing, and Zero-Knowledge’s Freedom • A host connects to a server through a set of mix relays.

  5. Introduction - Problems • Proxy server • Dos attacks • Single point of failure • A set of mix relay • Network edge traffic analysis

  6. Introduction - Tarzan • Sequence of mix relay • No centralized (equal peer) • Hide the originator • Each node can be a originator and/or relay • Prevent edge analysis • Construct a tunnel with sequence of Tarzan peer using layered encryption • Ensure the anonymity in network layer

  7. Design Goals • Application independence • Anonymity against malicious nodes • Fault-tolerance and availability • Performance • Anonymity against a global eavesdropper

  8. Network Model • In relation to node X, adversarial machines can control address spaces and can spoof virtual nodes within corrupted domains unswitched LAN honest routers local subnet malicious routers corrupted domains honest nodes border gateway malicious nodes spoofed nodes X

  9. relayd relayd Architecture Overview • An IP packet is diverted to the local tunnel initiator. • Translate to a private address space, wrap in several layers of encryption, and send to the first relay in UDP. • Decrypts one layer and send to the next relay. • PNAT extracts the original IP packet, NATs the packet to its own public address, and writes the raw packet to the internet. Internet Dest Client app initiator PNAT relayd relayd (AppPriv) (PrivPNAT) src: PNAT dst: Dest (31  17) (17  59) kernel divert Tag: 17 Tag: 59 Tag: 31 src: App dst: Dest src: Priv dst: Dest src: Priv dst: Dest src: Priv dst: Dest

  10. Packet Relay • A flow tag uniquely identifies each link of each tunnel. • Symmetric encryption hides data. • A MAC protects its integrity. • Separate keys are used in each direction of each relay. • The tunnel initiator • clear each IP packet’s source address field. • perform a nested encoding for each tunnel relay. • encapsulates the result in a UDP packet.

  11. Packet Relay - Encoding • T = (h1, h2,…,hl, hpnat) : A sequence of nodes • ekhi, ikhi : Forward encryption and integrity keys • seq : packet sequence number • An initiator produces block Bi for each relay hi, starting with hpnat • ci = ENC (ekhi, {Bi+1}) • ai= MAC (ikhi, {seq, ci}) • Bi = {seq, ci, ai}

  12. Tunnel Setup • A Tarzan node pseudo-randomly selects a series of nodes. • The initiator iteratively setup the entire tunnel hop by hop. • Generate and Distribute the symmetric keys encrypted under the relays’ public keys.

  13. establish_request(h0,h2) establish_response establish_request(h1,h3) !ok or timeout reset_forward_request(h3) reset_forward_response establish_response(hl) h0(initiator) h1 h2 hpnat Tunnel Setup Protocol h1R {h0.neighbors} h2R {h1.neighbors} h3R {h2.neighbors} …. h3R {h2.neighbors}

  14. IP Packet Forwarding • Create a generic anonymizing IP tunnel • IP forwarder: divert certain packets and ships them over a Tarzan tunnel. • Client forwarder: replace real address with a random address • PNAT (Pseudonymous Network Address Translator) • Remote hosts can communicate with PNAT normally. • Double-blinded channel: achieve both sender and recipient anonymity (using different PNAT)

  15. Tunnel Failure and Reconstruction • The initiator regularly sends ping to the PNAT. • PNAT failure: select a new hpnat for the tunnel. • Otherwise: attempt to rebuild the tunnel to the original PNAT. • Higher-level connections don’t die upon tunnel failure.

  16. Peer Discovery • A Tarzan node requires some means to learn about all other nodes. • Use a simple gossip-based protocol for peer discovery. • The Tarzan discovery protocol supports three related operations. • Initialization: allow fast information propagation. • Redirection: allow nodes to shed load. • Maintenance: provide an incremental update a node’s peer database with only new information.

  17. Peer Discovery Protocol • Ua, Va: the set of a’s unvalidated/validated known peers • A new node a contacts existing node b to discover Ua . • Node a validates b once a receives a response. • Node a successively contacts the new neighbors in Ua . • Retrying neighbors in Va . • If the difference between Va and Vb is big: • b is busy: a.redirect (b), otherwise: a.initialize (b) • Otherwise: • a.maintain (b); b.maintain(a)

  18. Peer Selection • Three-level hierarchy: /16, /24 subnets, and relevant IP addresses • The leading d-bits of a node’s IP address are transformed to an identifier via hash (ipaddr/d, date) • Lookup (key) method: generate id16 via hash (key/16, date) and find the smallest identifier ≥ id16 on the /0 identifier ring; and so on… • Example: Lookup (key) with id16 = 541A, id24 = 82F1, and id32 = 261B. This ultimately maps to the hash value 4F9A, which yields IP address 18.26.4.9 /0 18D3 18.26/16 3CB8 21F8 49A1 3A25 58E2 45F1 18.26.4/24 712F 5212 23A5 9D37 7C38 4F9A B541 94D1 61D1 CA13 B1E3 974F F72A E436 B11A

  19. Cover Traffic and Link Encoding • Use of cover traffic to provide more time-invariant traffic patterns independent of bandwidth demands. • A traffic mimics: traffic invariants between a node and mimics that protect against information leakage.

  20. Selecting Mimics • Upon joining the network, node a asks k other nodes to exchange mimic traffic with it. • Mimic relationship must be symmetric. • Mai: i th mimic of node a, as the peer returned by lookupi (a.ipaddr). • lookupi (a.ipaddr): similar to peer selection except the identifier idid is generated by recursively applying the cryptographic hash function i times to {a.ipaddr/d, date}, i ≤ (k+1). • Node a sends to Mai a mimic request, including the tuple {a.ipaddr/d, date}. • Accept condition • 1< i ≤(k+1) • Mai.lookupi (a.ipaddr) = Mai

  21. Tunneling Through Mimics • Choice of relay: mimics of the previous hop PNAT Mimic topology and traffic flows for k = 3 • Each node has ҡ ≈ 6 mimics. • Tunnel: arrows in bold • a random PNAT: dotted line

  22. Unifying Traffic Patterns • The packet headers, sizes, and rates of a node’s incoming traffic from its mimics must be identical to its outgoing traffic. • All packets along mimics links are symmetrically encrypted. • Encrypted packets along links are padded to be all the same size. • A node generates and distributes symmetric keys when it connects with a new mimic.

  23. Security Analysis • Adversary • Break sender anonymity by back-tracing observed messages to their source. • Watching traffic patterns or message encodings. • Trace a message forward to its egress from a PNAT to compromise the recipient anonymity of non-participating servers. • Tarzan • P2P design: expose less identifying topological information. • Resist powerful traffic-analysis attacks.

  24. Comparing Anonymity Properties • Tarzan’s model: P2P, layered encryption • Onion Routing: network core, layered encryption • Crowds: P2P, link encryption only

  25. Onion Routing • Define Route • Initiator and responder interface onion routing proxies • Construct the anonymous connection • Move data through the connection • Using layered encryption • Destroy the anonymous connection • Reference: • http://www.onion-router.net/Publications.html

  26. Crowds • “blending into a crowd”: • operate by grouping users into a large and geographically diverse group (crowd) • Collaborating crowd members cannot distinguish the originator from a member who is merely forwarding.

  27. Crowds – Path in a Crowds • Reference • http://avirubin.com/crowds.pdf Crowd Web Servers 6 1 3 5 1 5 6 2 2 4 3 4

  28. Static Vs. Adaptive Adversaries • Static adversary • Corrupt some number of independent physical machines • Read packets and analyze the contents, sizes, rates, and volumes of packets addressed to machines under its control • Use timing analysis to determine whether packets seen at different relays belong to the same tunnel • Time-bounded adaptive adversary • Pick-and-choose which machines to compromise after it joins the system • But Time-bounded…

  29. Considering Adaptive Adversaries • Protect against an adaptive adversary • The period to compromise all tunnel relays must be longer than the tunnel’s duration. • Tunnels should not be repeatedly constructed through the same small set of largely-compromised relays. • Tarzan • randomly choosing Node-selection mechanism: host diversity • Honest nodes store tunnel keys and routing tables only in memory: disable core dumps and process tracing. • Scalable architecture: offer a large choice of nodes. • Mimic reassignment: ensure set of relays changes daily.

  30. Defining Probability of Failure • An adversary compromises M gateway routers or LAN machines. • An adversary run m malicious node within each of these M corrupted domains. • The network size is n, N-domain system. • CLAIM 1. A node selects a malicious mimic with prob. M/N. • CLAIM 2. Nobody can bias an initiator’s choice of relays. • To achieve claims, a node must select its mimics uniformly over the entire set of domains.

  31. Malicious Nodes Attempt… • Corrupt gossiping • Gossip addresses that do net exist or only returns malicious nodes. • Leverage open admission • Try to control “important” IP addresses or run multiple nodes. • Ignore neighbor-selection algorithm • Attempt to select malicious nodes as its mimic.

  32. Security Enforcement • Securing Resource Discovery • Protect against fake entries: Tarzan differentiates between unvalidated and validated addresses in the peer-discovery and selection process. • Hardening the Open Admissions Policy • Distribute keys indirectly through a gossiping protocol. • Tunnel initiators choose mimics by selecting uniformly at random from among available domains. • Enforcing Proper Mimic Selection • Tunnel should be constructed through nodes selected in an unbiased and random fashion.

  33. Traffic Analysis Attacks • Information leakage in tunnels • Prevent global eavesdropper: Cover traffic • Information leakage at network exit points • Network-edge attack: packet replay, tagging, reordering, and flooding • Prevention: Seq. no, buffering incoming packets, encrypting messages, cover traffic

  34. Conclusion • Tarzan provides a flexible layer for sender, recipient • Sustain anonymity in hostile environments, against both malicious participants and global eavesdroppers • Transparent to internet application • P2P design: decentralized, highly scalable, and easy to manage. • Lack of network core: increase fault-tolerance to individual relay failure

More Related