more anonymous onion routing through trust
DESCRIPTION
More Anonymous Onion Routing Through Trust. Aaron Johnson and Paul Syverson 22nd IEEE Computer Security Foundations Symposium July 2009. How Onion Routing Works. 1. 2. u. d. 3. 5. User u running client. Internet destination d. 4. Routers running servers. How Onion Routing Works. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/1.jpg)
1
More Anonymous Onion Routing Through Trust
Aaron Johnson and Paul Syverson22nd IEEE Computer Security Foundations Symposium
July 2009
![Page 2: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/2.jpg)
2
How Onion Routing Works
User u running client Internet destination d
Routers running servers
u d1 2
3
45
![Page 3: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/3.jpg)
3
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
1 2
3
45
![Page 4: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/4.jpg)
4
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
1 2
3
45
![Page 5: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/5.jpg)
5
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
1 2
3
45
![Page 6: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/6.jpg)
6
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
1 2
3
45
![Page 7: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/7.jpg)
7
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data is exchanged
{{{m}3}4}1 1 2
3
45
![Page 8: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/8.jpg)
8
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data is exchanged
{{m}3}4
1 2
3
45
![Page 9: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/9.jpg)
9
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data is exchanged
{m}3
1 2
3
45
![Page 10: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/10.jpg)
10
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data is exchanged
m
1 2
3
45
![Page 11: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/11.jpg)
11
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data is exchanged
m’
1 2
3
45
![Page 12: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/12.jpg)
12
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data is exchanged
{m’}3
1 2
3
45
![Page 13: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/13.jpg)
13
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data is exchanged
{{m’}3}4
1 2
3
45
![Page 14: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/14.jpg)
14
How Onion Routing Works
u d
1. u creates l-hop circuit through routers
2. u opens a stream in the circuit to d
3. Data is exchanged
{{{m’}3}4}1 1 2
3
45
![Page 15: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/15.jpg)
15
Onion Routing• Practical design with low latency and overhead
•
• Open source implementation (http://www.torproject.org/)
• Over 1500 volunteer routers• Estimated 200,000 users
![Page 16: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/16.jpg)
16
Adversaryu 2
45
d
v e
f
1
3
![Page 17: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/17.jpg)
17
Adversaryu 1 2
3
45
d
v e
f
• Active & Local
![Page 18: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/18.jpg)
18
Adversaryu 1 2
3
45
d
v e
f
• Active & Local
• Correlation attack
![Page 19: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/19.jpg)
19
Adversaryu 1 2
3
45
d
v e
f
• Active & Local
• Correlation attack
![Page 20: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/20.jpg)
20
Using Trust
• Adversarial routers
u1 2
3
45
d
![Page 21: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/21.jpg)
21
Using Trust
u1 2
3
45
d
• Adversarial routers• User doesn’t know where the adversary is.
![Page 22: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/22.jpg)
22
Using Trust
u1 2
3
45
d
• Adversarial routers• User doesn’t know where the adversary is.• User may have some idea of which routers are
likely to be adversarial.
![Page 23: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/23.jpg)
23
Model
• Router ri has trust ti. An attempt to compromise a router succeeds with probability ci = 1-ti.
• User will choose circuits using a known distribution.
• Adversary attempts to compromise at most k routers, KR.
• After attempts, users actually choose circuits.
![Page 24: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/24.jpg)
24
Model
• For anonymity, minimize correlation attack• Probability of compromise:
c(p,K) = r,sK prs cr cs
• Problem:– Input: Trust values t1,…,tn
– Output: Distribution p* on router pairs such that
p* argminp maxKR:|K|=k c(p,K)
![Page 25: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/25.jpg)
25
Algorithm• Turn into a linear program• Variables: prs r,sR
t (slack variable)• Constraints:– Probability distribution:
0 prs 1r,sR prs = 1
– Minimax:t – c(p,K) 0 KR:|K|=k
• Objective function : t
![Page 26: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/26.jpg)
26
Algorithm• Turn into a linear program• Variables: prs r,sR
t (slack variable)• Constraints:– Probability distribution:
0 prs 1r,sR prs = 1
– Minimax:t – c(p,K) 0 KR:|K|=k
• Objective function : tProblem: Exponential-size linear program
![Page 27: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/27.jpg)
27
Independent-Choice Approximation
1. Let c(p) = maxKR:|K|=k rK pr cr.2. Choose routers independently using
p* argminp c(p)
![Page 28: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/28.jpg)
28
Independent-Choice Approximation
1. Let c(p) = maxKR:|K|=k rK pr cr.2. Choose routers independently using
p* argminp c(p)Let = argmini ci.Let p1(r) = 1.Let p2(ri)= /ci, where = (i 1/ci)-1.Theorem:
c(p*) =c(p1) if c kc(p2) otherwise
![Page 29: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/29.jpg)
29
pi*ci
ri1ri2
ri3ri4
ri5
Proof:Independent-Choice Approximation
![Page 30: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/30.jpg)
30
ri1ri2
ri3ri4
ri5
Proof:
1. Adversary chooses k routers with largest pici.
pi*ci
Independent-Choice Approximation
![Page 31: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/31.jpg)
31
ri1ri2
ri3ri4
ri5
Proof:
1. Adversary chooses k routers with largest pici.2. cij
cij+1or swapping would be an improvement.
pi*ci
Independent-Choice Approximation
![Page 32: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/32.jpg)
32
ri1ri2
ri3ri4
ri5
Proof:
1. Adversary chooses k routers with largest pici.2. cij
cij+1or swapping would be an improvement.
3. Can assume that pi ci = pjcj; i,j>= k.
pi*ci
Independent-Choice Approximation
![Page 33: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/33.jpg)
33
ri1ri2
ri3ri4
ri5
Proof:
1. Adversary chooses k routers with largest pici.2. cij
cij+1or swapping would be an improvement.
3. Can assume that pi ci = pjcj; i,j>= k.4. Can assume that pi ci = pjcj; i,j>= 2.
pi*ci
Independent-Choice Approximation
![Page 34: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/34.jpg)
34
ri1ri2
ri3ri4
ri5
Proof:
1. Adversary chooses k routers with largest pici.2. cij
cij+1or swapping would be an improvement.
3. Can assume that pi ci = pjcj; i,j>= k.4. Can assume that pi ci = pjcj; i,j>= 2.5. Adjusting p1 changes c(p) linearly. Therefore one
extreme is a minimum.
pi*ci
Independent-Choice Approximation
![Page 35: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/35.jpg)
35
ri1ri2
ri3ri4
ri5
Proof:
1. Adversary chooses k routers with largest pici.2. cij
cij+1or swapping would be an improvement.
3. Can assume that pi ci = pjcj; i,j>= k.4. Can assume that pi ci = pjcj; i,j>= 2.5. Adjusting p1 changes c(p) linearly. Therefore one
extreme is a minimum.
p1
pi*ci
Independent-Choice Approximation
![Page 36: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/36.jpg)
36
ri1ri2
ri3ri4
ri5
Proof:
1. Adversary chooses k routers with largest pici.2. cij
cij+1or swapping would be an improvement.
3. Can assume that pi ci = pjcj; i,j>= k.4. Can assume that pi ci = pjcj; i,j>= 2.5. Adjusting p1 changes c(p) linearly. Therefore one
extreme is a minimum.
p2
Independent-Choice Approximation
pi*ci
![Page 37: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/37.jpg)
37
Theorem: The approximation ratio of independent selection is (n).
Independent-Choice Approximation
![Page 38: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/38.jpg)
38
Theorem: The approximation ratio of independent selection is (n).
Proof sketch:Let In = (c1, . . . , cn, k) be such that
1. c1 = O(1/n)2. c2 > c, c (0, 1)3. k = o(n)4. k = (1)
1 2
3
45
Independent-Choice Approximation
![Page 39: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/39.jpg)
39
Theorem: The approximation ratio of independent selection is (n).
Proof sketch:Let In = (c1, . . . , cn, k) be such that
1. c1 = O(1/n)2. c2 > c, c (0, 1)3. k = o(n)4. k = (1)
Let p*(r1,ri) 1/(cr1 cri
).Then c(In, p1)/c(In, p*) = (n/k)and c(In, p2)/c(In, p*) = (k).
1 2
3
45
Independent-Choice Approximation
![Page 40: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/40.jpg)
40
Theorem: The approximation ratio of independent selection is (n).
Proof sketch:Let In = (c1, . . . , cn, k) be such that
1. c1 = O(1/n)2. c2 > c, c (0, 1)3. k = o(n)4. k = (1)
Let p*(r1,ri) 1/(cr1 cri
).Then c(In, p1)/c(In, p*) = (n/k)and c(In, p2)/c(In, p*) = (k).
1 2
3
45
p1
Independent-Choice Approximation
![Page 41: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/41.jpg)
41
Theorem: The approximation ratio of independent selection is (n).
Proof sketch:Let In = (c1, . . . , cn, k) be such that
1. c1 = O(1/n)2. c2 > c, c (0, 1)3. k = o(n)4. k = (1)
Let p*(r1,ri) 1/(cr1 cri
).Then c(In, p1)/c(In, p*) = (n/k)and c(In, p2)/c(In, p*) = (k).
1 2
3
45
p2
Independent-Choice Approximation
![Page 42: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/42.jpg)
42
Theorem: The approximation ratio of independent selection is (n).
Proof sketch:Let In = (c1, . . . , cn, k) be such that
1. c1 = O(1/n)2. c2 > c, c (0, 1)3. k = o(n)4. k = (1)
Let p*(r1,ri) 1/(cr1 cri
).Then c(In, p1)/c(In, p*) = (n/k)and c(In, p2)/c(In, p*) = (k).
1 2
3
45
p*
Independent-Choice Approximation
![Page 43: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/43.jpg)
43
U
V
Trust Model• Two trust levels: t1 t2
• U = {ri | ti=t1}, V = {ri | ti=t2}
![Page 44: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/44.jpg)
44
U
V
Trust Model• Two trust levels: t1 t2
• U = {ri | ti=t1}, V = {ri | ti=t2}Theorem: Three distributions can be optimal:
![Page 45: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/45.jpg)
45
Trust Model• Two trust levels: t1 t2
• U = {ri | ti=t1}, V = {ri | ti=t2}Theorem: Three distributions can be optimal:
1. p(r,s) crcs for r,sR
U
V
![Page 46: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/46.jpg)
46
Trust Model• Two trust levels: t1 t2
• U = {ri | ti=t1}, V = {ri | ti=t2}Theorem: Three distributions can be optimal:
1. p(r,s) crcs for r,sR
2. p(r,s) c1
2 if r,sU
0 otherwiseU
V
![Page 47: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/47.jpg)
47
Trust Model• Two trust levels: t1 t2
• U = {ri | ti=t1}, V = {ri | ti=t2}Theorem: Three distributions can be optimal:
1. p(r,s) crcs for r,sR
2. p(r,s)
3. p(r,s)
c12
if r,sU0 otherwisec1
2(n(n-1)-v0(v0-1))if r,sU
c22(m(m-1)-v1(v1-1))
if r,sV0 otherwise
U
V
where v0 = max(k-m,0) and v1 = (max(k-n,0))
![Page 48: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/48.jpg)
48
Generalization and Other Applications
• Pick a subset of size j• Minimize the chance that all are compromised• Examples:
1. Heterogenous sensor networks2. Distributed computation (e.g. SETI@home)3. Data integrity in routing
![Page 49: More Anonymous Onion Routing Through Trust](https://reader034.vdocuments.net/reader034/viewer/2022051518/5681656d550346895dd7fe13/html5/thumbnails/49.jpg)
49
Future Work
• Generalization to other problems• Heterogeneous trust– Users choose paths differently– User profiling– Adversary may not know trust values
• Roving adversary