Top Banner
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science [email protected] Public Design Workshop September 13, 2002 http://pdos.lcs.mit.edu/tarzan/
32

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science [email protected] Public Design Workshop September 13,

Dec 19, 2015

Download

Documents

user proxy slide

static network slide

network links

identity slide

proxy dos proxy

edutarzan slide

easy proxy

data traffic slide

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer

Michael J. Freedman

NYU Dept of Computer Science [email protected]

Public Design WorkshopSeptember 13, 2002

http://pdos.lcs.mit.edu/tarzan/

Page 2: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 2

• Participant can communicate anonymously with non-participant

• User can talk to CNN.com

User

?

?

• Nobody knows who user is

The Grail of Anonymization

Page 3: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 3

?=?

Should we offer anonymity?

Actions of user seeking anonymity

Method of observing

user’s identity

Legal Illegal

Legal

Illegal Definitely!

Yes

???

No (?)

Page 4: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 4

Our Vision for Anonymization

• Thousands of nodes participate• Bounce traffic off one another

• Mechanism to organize nodes: peer-to-peer• All applications can use: IP layer

Page 5: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 5

Alternative 1: Proxy Approach

• Intermediate node to proxy traffic

• Completely trust the proxy

Anonymizer.com

User Proxy

Page 6: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 6

Realistic Threat Model

• Corrupt proxy(s)

– Adversary runs proxy(s)

– Adversary targets proxy(s) and compromises,

possibly adaptively

• Network links observed

– Limited, localized network sniffing

– Wide-spread (even global) eavesdropping

e.g., Carnivore, Chinese firewall, ISP search warrants

Page 7: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 7

Failures of Proxy Approach

User ProxyProxy

• Traffic analysis is easy

• Proxy reveals identity

Page 8: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 8

Failures of Proxy Approach

User Proxy XX

• CNN blocks connections from proxy

• Traffic analysis is easy

• Adversary blocks access to proxy (DoS)

• Proxy reveals identity

Page 9: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 9

Alternative 2: Centralized Mixnet

User Relay Relay Relay

• MIX encoding creates encrypted tunnel of relays

– Individual malicious relays cannot reveal identity

• Packet forwarding through tunnel

Onion Routing, Freedom

Small-scale, static network

Page 10: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 10

Alternative 2: Centralized Mixnet

User Relay Relay Relay

• MIX encoding creates encrypted tunnel of relays

– Individual malicious relays cannot reveal identity

• Packet forwarding through tunnel

• Cover traffic among relays hides data traffic

Page 11: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 11

Failures of Centralized Mixnet

Relay Relay Relay

• CNN blocks core routers

X

Page 12: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 12

Relay Relay

Failures of Centralized Mixnet

• CNN blocks core routers

• Adversary targets core routers

RelayRelay

Page 13: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 13

Relay

Failures of Centralized Mixnet

Relay Relay

• CNN blocks core routers

• Adversary targets core routers

• Allows network-edge analysis

Relay

Page 14: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 14

Relay

Failures of Centralized Mixnet

Relay Relay

• CNN blocks core routers

• Adversary targets core routers

• Allows network-edge analysis

Relay

• Cover traffic doesn’t protect edges (n2)

X

Page 15: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 15

Tarzan: Me Relay, You Relay

• Thousands of nodes participate

• Build tunnel over pseudorandom set of nodes

• Cover traffic covers edges

Crowds:

small-scale, not self-organizing, not a mixnet, no cover

Page 16: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 16

Benefits of Peer-to-Peer Design

• No network edge to analyze:

First hop does not know he’s first

?

? ?? ?

• CNN cannot block everybody

• Adversary cannot target everybody

• Global eavesdropping gains little info

Page 17: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 17

Managing Peers

• Requires a mechanism that

1. Discovers peers

2. Scalable

3. Robust against adversaries

Page 18: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 18

• Adversary can join more than once

• Stop it from spoofing addresses outside of control?

Adversaries Can Join System

Contact peers directly to

– Validate IP address

– Learn public key

Page 19: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 19

Adversaries Can Join System

• Adversary can join more than once

• Can control many addresses on each subnet!

Randomly select nodes by subnet “domain”,

not IP address

Page 20: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 20

Tarzan: Joining the System

1. Contacts known peers to learn neighbor lists

2. Validates each peer by directly pinging

User

Page 21: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 21

Tarzan: Discovering Peers

User

3. Nodes pair-wise choose (verifiable) mimics

4. Mimics begin passing cover traffic

Page 22: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 22

Tarzan: Discovering Peers

User

5. Building tunnel:

Iteratively selects peers and builds tunnel

from among last-hop’s mimics

Page 23: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 23

Tarzan: Building Tunnel

User

5. Building tunnel:

Public-key encrypts tunnel info during setup

Maps flowid session key, next hop IP addr

Tunnel Private AddressPublic Alias

Address

RealIP

Address

PNAT

Page 24: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 24

IP

Tarzan: Tunneling Data Traffic

6. Reroutes packets over this tunnel

User

APP

Diverts packets to tunnel source router

IP

X

Page 25: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 25

IP

Tarzan: Tunneling Data Traffic

6. Reroutes packets over this tunnel

User

APP

IPIP

NATs to private address space 192.168.x.x

Layer encrypts packet

Page 26: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 26

Encapsulates in UDP and forwards packet

Strips off encryption, forwards to next hop

Tarzan: Tunneling Data Traffic

6. Reroutes packets over this tunnel

User

IPIPIP

APP

Page 27: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 27

IPIP

NATs again to public alias address

Tarzan: Tunneling Data Traffic

6. Reroutes packets over this tunnel

User

APP

Page 28: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 28

Tarzan: Tunneling Data Traffic

6. Reroutes packets over this tunnel

User

APP

Reads IP headers and sends accordingly

IP

Page 29: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 29

Response repeats process in reverse

IPIP

Tarzan: Tunneling Data Traffic

6. Reroutes packets over this tunnel

User

IPIPIPIP

APPIPIP

IP

Page 30: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 30

Tarzan: Tunneling Data Traffic

Transparently supports anonymous servers

Can build double-blinded channels

Server

IPIPIPIP

APP

IPIP

IPIP IPIP

IPIP

IP IP IP IPIP

IP

ObliviousUser

Page 31: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 31

Summary

• Gain anonymity:– Peer-to-peer: scalable, decentralized, secure

– Cover traffic over mimics

• Transparent IP-layer anonymization– Towards a critical mass of users

Page 32: Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science mfreed@cs.nyu.edu Public Design Workshop September 13,

September 13, 2002 Building a Peer-to-Peer Anonymizing Network Layer Page 32

More information…

http://pdos.lcs.mit.edu/tarzan/


Related Documents
Michael J. Freedmanmfreed//docs/freedman-cv.pdf · Michael J. Freedman Princeton University Dept. of Computer Science mfreed@cs.princeton.edu 35 Olden Street @michaelfreedman

Michael J. Freedmanmfreed//docs/freedman-cv.pdf · Michael....

Category: Documents
SEMPER: A Security Framework for the Global Electronic Marketplca Jian Zheng jianzhen@cs.nyu.edu Nov. 30, 1998.

SEMPER: A Security Framework for the Global Electronic...

Category: Documents
Lecture 10 - cs.nyu.edu

Lecture 10 - cs.nyu.edu

Category: Documents
BBVA Madrid, October 29th 2008 · Peer 2 Peer 3 Peer 4 Peer 5 Peer 6 Peer 7 Peer 8 Peer 9 Peer 10 Peer 11 Peer 12 Peer 13 … which is acknowledged in our ratings Tangible equity

BBVA Madrid, October 29th 2008 · Peer 2 Peer 3 Peer 4 Peer...

Category: Documents
Virtual Cellular ISPs › ~ahmad › pubs › p35-ahmad.pdfVirtual Cellular ISPs Talal Ahmad New York University ahmad@cs.nyu.edu Lakshminarayanan Subramanian New York University lakshmi@cs.nyu.edu

Virtual Cellular ISPs › ~ahmad › pubs ›...

Category: Documents
1 Database Tuning Principles, Experiments and Troubleshooting Techniques Dennis Shasha (shasha@cs.nyu.edu) Philippe Bonnet (bonnet@diku.dk)

1 Database Tuning Principles, Experiments and...

Category: Documents
Distributed Computing Peer to Peer Computing Chapter 10: PEER TO PEER SYSTEMS.

Distributed Computing Peer to Peer Computing Chapter 10:...

Category: Documents
June 2020 Investor Presentation › mr5ircnw_encana › 881...($0.5) $0.0 $0.5 $1.0 Peer 28 Peer 27 Peer 26 Peer 25 Peer 24 Peer 23 Peer 22 Peer 21 Peer 20 Peer 19 Peer 18 Peer 17

June 2020 Investor Presentation › mr5ircnw_encana ›...

Category: Documents
Faculty: –Yevgeniy Dodis dodis@cs.nyu.edu –Victor Shoup shoup@cs.nyu.edu NYU Cryptography Group at Courant Institute Students: –Nelly Fazio –Michael Freedman.

Faculty: –Yevgeniy Dodis [email protected] –Victor Shoup....

Category: Documents
Parsing G22.2110 Programming Languages May 24, 2012 New York University Chanseok Oh (chanseok@cs.nyu.edu)

Parsing G22.2110 Programming Languages May 24, 2012 New York...

Category: Documents
1 Database Tuning Principles, Experiments and Troubleshooting Techniques Dennis Shasha (shasha@cs.nyu.edu) Philippe Bonnet (bonnet.p@gmail.com)

1 Database Tuning Principles, Experiments and...

Category: Documents
image processing - cs.nyu.edu

image processing - cs.nyu.edu

Category: Documents