anonymity networks - trial lecturearyan/docs/thesis/trial.pdf · anonymity networks trial lecture...
TRANSCRIPT
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Anonymity NetworksTrial Lecture
Aryan TaheriMonfared
Department of Electrical Engineering and Computer ScienceUniversity of Stavanger
October 26, 2015
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Privacy & Anonymity
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Privacy & Anonymity
Privacy
Cyber PrivacyBe Concerned About Your Cyber Privacy!
Common Answers:I have nothing to hide.Those, who are concerned, look suspicious.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Privacy & Anonymity
Privacy
How about privacy in other aspects of life?
Do you use curtains? Do you close the door?
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Privacy & Anonymity
Anonymity
Anonymity → PrivacyAnonymity is one step toward privacy.You are not anonymous on the Internet.
Definition"The state of being not identifiable within a set of subjects,the anonymity set" Pfitzmann and Hansen 2008.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Privacy & Anonymity
Anonymity Types
UnlinkabilityRecipient anonymity: recipient & sent messageSender anonymity: sender & received messageRelationship anonymity: sender & receiver
Unobservability
Sender & Sent msgCover traffic
Recipient & Received msg
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Privacy & Anonymity
Anonymity
Who needs anonymity?Citizens: privacyBusinesses: network securityGovernments: traffic analysis resistanceActivists: access
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Anonymous Communication
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Anonymous Communication
Anonymous Communication
Use-Cases
File sharingInstant messagingemail communication
CurrencyBrowsingHidden services
Design Criteria
LatencyAnonymity GuaranteesFlexibility
Supported protocolsTrust & Threat modelsCommunication model
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Anonymous Communication
Anonymous Communication
Networks/Tools
Mix-NetBabelMix-masterMixminionFreedomThe Onion Router (Tor)AnonymizerJava Anon Proxy (JAP)
PipeNet
Tarzan
MorphMix
Hordes
Herbivore
P5
...
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Tor: What Others Say?
A Three-letter Agency
"the King of high-secure, low-latency Internet anonymity""no contenders for the throne in waiting""We will never be able to de-anonymize all Tor users all thetime""with manual analysis we can de-anonymize a very smallfraction of Tor users"
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
So, you googled "Tor"?Hah, you’re already a target....
And,That’s why you should be concerned about your privacy.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Original Tor Overview
Onion Routing 1st Generation – 1998Distributed overlay network.Designed to anonymize TCP-based applications.Clients choose a path to build a circuit.Each node only knows its predecessor and successor.Traffic flows in fixed-size cells.Unwrapped by a symmetric key at each node.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Original Tor Overview
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Enhanced Tor Overview
Onion Routing 2nd Generation – 20041 Perfect forward secrecy:
Initiator negotiates keys with each node.
2 TCP streams share a circuit:Multiplex streams to improve efficiency and anonymity.
3 Leaky-pipe circuit topology:In-band signaling + traffic exits from the middle of circuit.
4 Variable exit policies:Defines hosts and ports that an exist node will connect.
5 Directory servers:Avoid state info flooding + signed directories of routers and states.
6 Rendezvous points & hidden services:Clients negotiate rendezvous points to connect with hidden services.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Enhanced Tor Overview – 2012
Attacks
Malicious OR OR IP blocking Protocol Blocking
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Tor Design
Tor Goals1 Improve Deployability, Usability, and Flexibility.2 Simplify design.3 Resistance against traffic analysis.
Tor Non-Goals1 Not peer-to-peer.2 Not secure against end-to-end attacks.3 Not prevent traffic confirmation.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Tor Entities
Onion Router (OR)/RelayUser-level process.Connected to every other ORs using TLS.Exit node: terminating OR of a circuit.Exit node sends/receives data to/from destinations.
Onion Proxy (OP)/ClientFetches directories.Establishes circuits incrementally.Negotiates symmetric keys with each OR.Multiplexes TCP streams across several circuits.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Tor Entities
Directory ServersDSs:I A small group of redundant, well-known ORs.I Track topology and node state (e.g. keys, exit policies).I Avoid link-state routing protocols.I Generate a signed description of the network state.I Work as HTTP servers.
ORs publish signed states to DSs.Clients:I Are pre-loaded with a list of DSs and their keys.I Fetch network state, routers list, etc from DSs.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Tor Keys
Long-term Identity Keys
OR: signs TLS certs, router descriptor (keys, address, bw,exit policy, etc.).DS: signs directories.
Short-term Onion KeysDecrypts users’ requests for circuit establishment.Ephemeral key negotiation.Rotated periodically.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor: The Onion Router
Tor Details
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor Hidden Services
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor Hidden Services
Tor Rendezvous Points & Hidden Services
Hidden ServicesEnsuring service provider anonymity.Concealing service IP address.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor Hidden Services
Tor Hidden Services
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor Attacks
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor Attacks
Tor Attacks
Passive Attacks
Observing patterns/content.
Option distinguishability.
End-to-end timing/size.
Website fingerprinting.
Active Attacks
Compromise keys.
Hostile recipient/OP/OR.
DoS OR/Introduce Timing.
Smear/Protocol attack.
Directory Attacks
Destroy, subvert DSs.DS dissent through operators.
Persuade DS to accepthostile/malfunctioning OR.
Rendezvous Point AttacksDisrupt IP operation by DoS, direct attack, compromise.
Compromise a rendezvous point.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor Open Questions
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor Open Questions
Tor Open Questions and Future Directions
Circuit rotate frequency and length.Scalability:I OR verification.I Global view distribution to clients.I State synchronization between DSs.I Central authority (DSs) reliability .I Node failure tolerance.
Bandwidth classes.Cover traffic.Caching at exit nodes.Multi-system interoperability.Wide-scale deployment.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Tor Open Questions
Tor Statistics
metrics.torproject.org
Users: 2 M (Max: 5 M)Relays: 6.5 K, Bridges: 3.5 kRelay Advertised BW: 140 GbpsRelay Used BW: 60 GbpsGuard Advertised BW: 35 GbpsExit nodes BW: 5 Gbps,Hidden services traffic: 800 Mbps
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
SDN Related Work
1 A Flexible In-Network IP Anonymization Service,Mendonca et al. 2012
2 OpenFlow Random Host Mutation: Transparent MovingTarget Defense using Software Defined Networking,Jafarian et al. 2012
3 SNEAC: Scalable Network Emulator for AnonymousCommunication, Singh et al. 2014
4 Techniques for the Dynamic Randomization of NetworkAttributes, Chavez et al. 2015
5 Hiding Amongst the Clouds: A proposal for Cloud-basedOnion Routing, Jones et al. 2011
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
AnonyFlow
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
AnonyFlow
AnonyFlow
A Flexible In-Network IP Anonymization ServiceCurrent approaches have low performances.Assumption: Trust in infrastructure providers.Reactive SDN programming.Intercepting the first packet of all flows.
Goals
Endpoint privacy.Low overhead.
Network-based design.Easy deployment.
Non-Goals
Data security.Steganography.
Complete anonymity.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
OF-RHM
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
OF-RHM
OF-RHM Overview
OpenFlow Random Host MutationStatic network configurations introduce significant threats.Hosts’ IPs mutation is a novel proactive defense.
ApproachUse OpenFlow to mutate hosts’ IPs frequently andunpredictably.Named hosts are reachable through virtual IPs.vIPs are chosen from unused IPs in the subnet.vIPs are obtained via DNS.Address allocation is formalized as a multi-constraintsatisfaction problem.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Network Attributes Randomization
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Network Attributes Randomization
Network Attributes Randomization Overview
Techniques for the Dynamic Randomization of NetworkAttributes
Critical Infra. Control Systems are vulnerable.CICSs use predictable paths and static configuration.Attractive and easy targets for attacks.
ApproachAutomatic reconfiguration of network settings.CICS → Moving Target Defense.SDN: IP/port/route randomization.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
SNEAC
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
SNEAC
SNEAC Overview
Scalable Network Emulator for Anonymous CommunicationAnonymous communication technologies require reliabletestbeds.Tor testbeds are not scalable.
ApproachNetwork emulation testbed for Tor.Uses Mininet and Open vSwitch to build the core.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Cloud Onion Routing
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Cloud Onion Routing
COR Overview
Hiding Amongst the Clouds: A proposal for Cloud-based OnionRouting
Tor has limitations: low performance, inadequate capacity,prone to wholesale blocking.Cloud characteristics can help.
ApproachLeverage large capacity, robust connectivity, EoS in Cloud.Cloud increases the censorship cost (collateral damage).Establishes several Anonymity Service Providers onmultiple Cloud services.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Our Proposal
Outline1 Introduction
Privacy & Anonymity2 Anonymity Networks
Anonymous CommunicationTor: The Onion RouterTor Hidden ServicesTor AttacksTor Open Questions
3 SDN Applications in Anonymous CommunicationOverviewAnonyFlowOF-RHMNetwork Attributes RandomizationSNEACCloud Onion Routing
4 ProposalOur Proposal
5 Summary
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Our Proposal
Our Proposal
Building Tor Using SDN mechanisms
Faithful reproduction of Tor circuits using SDN.DS Authorities → Global cluster of SDN controllers.Onion Proxy/Client software → User SDN controller.Onion Router/Relay → SDN-capable switches.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Our Proposal
Proposal Tradeoffs
Advantages
Flexibility.Scalability.BW classes.Interoperability.Open/Standard protocols.
HW & SW support.Large community.Separation of concerns:network management/keymanagement.
Disadvantages
Complexity.Maturity.
SDN-related attackvectors.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Summary
Take-Away Lesson1 Be concerned about your cyber-privacy.2 Anonymization plays an important role in privacy.3 SDN mechanisms can tackle many open problems in
anonymous communication.
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
Thank you! Questions? & Answers!
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
References I
Adrian Chavez, William Stout, and Sean Peisert, Techniques for the dynamic randomization of networkattributes, Proceedings of the 49th Annual International Carnahan Conference on Security Technology, 2015.
Roger Dingledine, Nick Mathewson, and Paul Syverson, Tor: The second-generation onion router,Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (Berkeley, CA, USA),SSYM’04, USENIX Association, 2004, pp. 21–21.
Matthew Edman and Bülent Yener, On anonymity in an electronic society: A survey of anonymouscommunication systems, ACM Comput. Surv. 42 (2009), no. 1, 5:1–5:35.
Staale Freyer, Figure 3.
Nicholas Jones, Matvey Arye, Jacopo Cesareo, and Michael J. Freedman, Hiding amongst the clouds: Aproposal for cloud-based onion routing.
Jafar Haadi Jafarian, Ehab Al-Shaer, and Qi Duan, Openflow random host mutation: Transparent movingtarget defense using software defined networking, Proceedings of the First Workshop on Hot Topics inSoftware Defined Networks (New York, NY, USA), HotSDN ’12, ACM, 2012, pp. 127–132.
Eng Keong Lua, J. Crowcroft, M. Pias, R. Sharma, and S. Lim, A survey and comparison of peer-to-peeroverlay network schemes, Communications Surveys Tutorials, IEEE 7 (2005), no. 2, 72–93.
Damon McCoy, Kevin Bauer, Dirk Grunwald, Tadayoshi Kohno, and Douglas Sicker, Shining light in darkplaces: Understanding the tor network, Privacy Enhancing Technologies (Nikita Borisov and Ian Goldberg,eds.), Lecture Notes in Computer Science, vol. 5134, Springer Berlin Heidelberg, 2008, pp. 63–76 (English).
Introduction Anonymity Networks SDN Applications in Anonymous Communication Proposal Summary
References II
Stefano De Sabbata Mark Graham, Geographies of Tor, Creative Commons Attribution-Share Alike 4.0International.
M. Mendonca, S. Seetharaman, and K. Obraczka, A flexible in-network ip anonymization service,Communications (ICC), 2012 IEEE International Conference on, June 2012, pp. 6651–6656.
A. Ruiz-Martinez, A survey on solutions and main free tools for privacy enhancing web communications,Journal of Network and Computer Applications 35 (2012), no. 5, 1473 – 1492, Service Delivery Managementin Broadband Networks.
Jian Ren and Jie Wu, Survey on anonymous communications in computer networks, Comput. Commun. 33(2010), no. 4, 420–431.
Sukhbir Singh, Large-scale emulation of anonymous communication networks.
Clayton Tang, Portable potty on top of a mountain in china, Creative Commons Attribution-Share Alike 3.0Unported.