11

CS 144r: Networks Design ProjectsCS 244r: Advanced Networks Design

ProjectsHBS 4560: The Future of Business

Networks

Anonymizing InfrastructureFebruary 22, 2002

Professor Marco Iansiti, HBS Professor H. T. Kung, FAS

Harvard University

2

Topics for TodayTopics for Today

Overview of an IP-layer anonymizing infrastructure

Project on attacking the anonymizing infrastructure

3

Problem To SolveProblem To Solve

An authentication server, by definition, needs to An authentication server, by definition, needs to process requests from unknown users; thus, it process requests from unknown users; thus, it can be subject to DOS attackscan be subject to DOS attacks

AuthenticationServer

ClientsThe Internet

4

A Solution Approach Based on A Solution Approach Based on an Anonymizing Infrastructurean Anonymizing Infrastructure

Provide an Provide an IP-layer anonymizing IP-layer anonymizing infrastructureinfrastructure that can hide IP addresses that can hide IP addresses of authentication servers from clientsof authentication servers from clients

This anonymizing infrastructure can be This anonymizing infrastructure can be useful for current and future authentication useful for current and future authentication servers and other servers servers and other servers

5

The Traditional Internet: Packet The Traditional Internet: Packet Reveals Server Address in the ClearReveals Server Address in the Clear

Server

140.247.60.30

Client

Packet

The Internet

140.247.60.30

D

6

The Anonymizing Infrastructure: Use The Anonymizing Infrastructure: Use Forwarders to Hide Servers’ AddressesForwarders to Hide Servers’ Addresses

Server

Client

Addresses encrypted in Fs’ keys

D

D

D

D

F1

F2

The infrastructure is an overlay network of The infrastructure is an overlay network of forwarders, Fsforwarders, Fs

Forwarders are stateless and use anycast Forwarders are stateless and use anycast addresses for improved availabilityaddresses for improved availability

7

Use of Gateways To Allow Existing Use of Gateways To Allow Existing Clients and Servers Without ModificationClients and Servers Without Modification

ServerClient D

D

D

D

F1

F2

GWc

GWs

Gateways, GWc and GWs, allow existing Gateways, GWc and GWs, allow existing clients and servers to use the anonymous clients and servers to use the anonymous forwarding infrastructure without modificationforwarding infrastructure without modification

Initialization Server

8

Three Usage Steps for the Three Usage Steps for the Anonymizing Infrastructure Anonymizing Infrastructure

1. Server Registration: Given a server, select a : Given a server, select a sequence of forwarders, compute the sequence of forwarders, compute the encrypted IP address for the server, and encrypted IP address for the server, and register the resultsregister the results The sequence of forwarders can be selected The sequence of forwarders can be selected

mmanually or automatically or automatically

2. Client Initialization: Given a server, obtain the encrypted address for the server, the address of the first decrypting forwarder, and other information required for forwarding

3. Packet Forwarding: forward packets over the : forward packets over the selected sequence of forwardersselected sequence of forwarders

9

Internet Drafts and Mailing ListInternet Drafts and Mailing List

Internet Drafts:Internet Drafts: Bradner, S., and Kung, H. T., "Requirements for an Bradner, S., and Kung, H. T., "Requirements for an

Anonymizing Packet Forwarder," <draft-bradner-Anonymizing Packet Forwarder," <draft-bradner-annfwd-req.txt>, November 2001annfwd-req.txt>, November 2001

Kung, H. T. and Bradner, S., "A Framework for an Kung, H. T. and Bradner, S., "A Framework for an Anonymizing Packet Forwarder," <draft-kung-annfwd-Anonymizing Packet Forwarder," <draft-kung-annfwd-framework.txt>, November 2001.framework.txt>, November 2001.

Mailing list:Mailing list:

http://wireless.eecs.harvard.edu/anon

Comments would be appreciatedComments would be appreciated

10

Experimental System for an Experimental System for an Anonymizing Infrastructure Anonymizing Infrastructure

• We have implemented the three usage steps for an anonymizing infrastructurenonymizing infrastructure

• A FreeBSD-based experimental system is A FreeBSD-based experimental system is working in our lab at Harvard working in our lab at Harvard

• In the following we use our experimental In the following we use our experimental system to illustrate the three steps system to illustrate the three steps

11

Step 1: Server RegistrationStep 1: Server Registration

Server alias:

Server IP address:

1st forwarder:

Server port numbers:

2nd forwarder:

Kerberos Server in CS at Harvard

140.247.60.105

88

12

Step 2: Client InitializationStep 2: Client Initialization

ServerClient D

D

D

D

F1

F2

Initialization Server

Client obtains information, such as server’s Client obtains information, such as server’s address encrypted in Fs’ keys and F1’s address encrypted in Fs’ keys and F1’s address, from an initialization serveraddress, from an initialization server

13

Step 3: Packet ForwardingStep 3: Packet Forwarding

ServerClient D

D

D

D

F1

F2Initialization Server

Client’s packet is forwarded to F1. F1 decrypts Client’s packet is forwarded to F1. F1 decrypts the address and discovers the next hop is F2. the address and discovers the next hop is F2. Then packet is forwarded to F2, etc.Then packet is forwarded to F2, etc.

The return path is from server to F2, F1 and The return path is from server to F2, F1 and clientclient

14

Use of Client and Server Gateways Use of Client and Server Gateways in Our Experimental Systemin Our Experimental System

ServerClient D

D

D

D

F1

F2

GWc

GWs

Gateways, GWc and GWs, allow existing Gateways, GWc and GWs, allow existing clients and servers to use the anonymous clients and servers to use the anonymous forwarding infrastructure without modificationforwarding infrastructure without modification

Initialization Server

15

Experimental System PlatformExperimental System PlatformUse divert socket on FreeBSD-4.4 Use divert socket on FreeBSD-4.4

machines (machines (http://www.freebsd.org/http://www.freebsd.org/) in ) in implementing forwarders, GWc and GWsimplementing forwarders, GWc and GWs

PPTP VPN: mpd (netgraph multi-link PPP PPTP VPN: mpd (netgraph multi-link PPP daemon)daemon)

Crypto softwareCrypto softwarePublic key: RSA from OpenSSL (Public key: RSA from OpenSSL (

http://www.openssl.org/http://www.openssl.org/))Symmetric key: 128-bit AES (Rijndael) (Symmetric key: 128-bit AES (Rijndael) (

http://www.nist.gov/aes/http://www.nist.gov/aes/))

16

Two Threat ModelsTwo Threat Models

1)1) Monitoring a forwarder’s input & Monitoring a forwarder’s input & output, or compromising a forwarderoutput, or compromising a forwarderCapture client and forwarder or server Capture client and forwarder or server

addressaddress

2)2) Using the anonymizing infrastructure Using the anonymizing infrastructure to launch attacksto launch attacksMake tracking of attackers difficultMake tracking of attackers difficult

17

CountermeasuresCountermeasures(See the Next Three Slides)(See the Next Three Slides)

Multi-hop forwardingMulti-hop forwarding to make it hard to to make it hard to discover the exit forwarder before the discover the exit forwarder before the serverserver

Uncorrelated, per-packet encryptionUncorrelated, per-packet encryption for for each of the hops (except the hop between each of the hops (except the hop between the client to the first forwarder where the client to the first forwarder where encryption is not needed) to defend against encryption is not needed) to defend against unauthorized monitoringunauthorized monitoring

Protocol camouflagingProtocol camouflagingSpaghetti forwardingSpaghetti forwarding

18

Multi-hop ForwardingMulti-hop Forwarding

ServerClient D

D

F1

F2

D

F3

D

F4

To locate F4, the exit forwarder, the entire To locate F4, the exit forwarder, the entire path (F1, F2, F3, F4) will need to be path (F1, F2, F3, F4) will need to be discovereddiscovered

19

Uncorrelated, Per-packet Encryption Uncorrelated, Per-packet Encryption in Our Experimental Systemin Our Experimental System

ServerClient D

D

F1

F2

GWc

GWs

N submissions of the same packet

When there is unauthorized monitoring, this When there is unauthorized monitoring, this feature makes it difficult for attackers to use feature makes it difficult for attackers to use traffic analysis to discover the forwarding path traffic analysis to discover the forwarding path

N different encrypted packet payloads

20

Camouflaged TCP over UDPCamouflaged TCP over UDP

IPheader

TCPheader

TCPpayload

IPheader

UDPheader

TCPpayload

TCPheader

IPheader

TCPheader

TCPpayload

UDPheader

TCPheader

Normal TCP

TCP over UDP

Camouflaged TCP over UDP

21

Spaghetti ForwardingSpaghetti Forwarding

D

D

F1

F4

D

F3

D

F2 ServerClient

22

Additional CountermeasuresAdditional Countermeasures

Rate limiting forwardersRate limiting forwardersDynamic re-selection of forwardersDynamic re-selection of forwardersSecure connection between GWc and Secure connection between GWc and

Initialization ServerInitialization Server to ensure the former to ensure the former receives trustworthy information from the receives trustworthy information from the latterlatter

23

Revisit the Project Definition: Attacking Revisit the Project Definition: Attacking An An Experimental Anonymizing Infrastructure Experimental Anonymizing Infrastructure Attacker’s objectiveAttacker’s objective

Find the IP address that the anonymizing Find the IP address that the anonymizing infrastructure tries to hideinfrastructure tries to hide

AssumptionsAssumptions Links in the infrastructure and those connected to it Links in the infrastructure and those connected to it

can be monitoredcan be monitored DemonstrationDemonstration

Given an encrypted IP address of a server, find its Given an encrypted IP address of a server, find its true addresstrue address

Attacker’s scoreAttacker’s score An attacker’s score decreases exponentially in the An attacker’s score decreases exponentially in the

number of false forwarders explorednumber of false forwarders explored

24

The TestbedThe Testbed

Initialization Sever

Client

GWc GWs

F2

F1

Server

SSL

VPN