Network Interference in CS590B/690B Lecture
undefined
CS590B/690B
DETECTING NETWORK
INTERFERENCE
(SPRING 2018)
LECTURE 16
PHILLIPA GILL – UMASS -- AMHERST.
WHERE WE ARE
L
a
s
t
t
i
m
e
:
•
I
n
t
e
r
n
e
t
r
o
u
t
i
n
g
r
e
v
i
e
w
+
t
i
m
i
n
g
a
t
t
a
c
k
s
•
B
G
P
h
i
j
a
c
k
s
/
p
a
t
h
a
s
y
m
m
e
t
r
y
TEST YOUR KNOWLEDGE
1.
W
h
a
t
i
s
t
h
e
g
o
a
l
o
f
T
o
r
?
2.
H
o
w
d
o
e
s
T
o
r
a
c
c
o
m
p
l
i
s
h
t
h
i
s
?
3.
H
o
w
d
o
e
s
T
o
r
p
i
c
k
r
e
l
a
y
s
?
4.
W
h
a
t
h
a
p
p
e
n
s
i
f
y
o
u
c
o
m
p
r
o
m
i
s
e
.
.
•
The entry relay?
•
The middle relay?
•
The exit relay?
5.
W
h
a
t
h
a
p
p
e
n
s
i
f
t
h
e
e
n
t
r
y
a
n
d
e
x
i
t
r
e
l
a
y
c
o
l
l
u
d
e
?
6.
W
h
y
3
h
o
p
s
?
W
h
y
n
o
t
1
?
W
h
y
n
o
t
2
?
7.
H
o
w
d
o
e
s
T
o
r
a
v
o
i
d
c
o
l
l
u
d
i
n
g
r
e
l
a
y
s
f
r
o
m
b
e
i
n
g
c
h
o
s
e
n
?
8.
W
h
y
a
r
e
g
u
a
r
d
s
u
s
e
d
?
9.
H
o
w
a
r
e
g
u
a
r
d
s
c
h
o
s
e
n
?
10.
W
h
a
t
m
e
t
a
d
a
t
a
i
s
u
s
e
d
b
y
W
e
b
s
i
t
e
f
i
n
g
e
r
p
r
i
n
t
i
n
g
a
t
t
a
c
k
s
?
11.
W
h
a
t
i
s
t
h
e
p
r
e
m
i
s
e
b
e
h
i
n
d
W
e
b
s
i
t
e
f
i
n
g
e
r
p
r
i
n
t
i
n
g
a
t
t
a
c
k
s
?
TODAY
C
o
n
t
i
n
u
i
n
g
w
i
t
h
t
r
a
f
f
i
c
a
n
a
l
y
s
i
s
a
t
t
a
c
k
s
.
R
e
a
d
i
n
g
s
:
1.
U
s
e
r
s
g
e
t
r
o
u
t
e
d
2.
H
o
l
d
i
n
g
a
l
l
t
h
e
A
S
e
s
REVIEW OF ATTACK
CRITERIA/
EVALUATION OF
POTENTIAL IN
PRACTICE
Attack criteria
•
Any AS that lies on the Forward OR Reverse path, between the
Source and Entry …
•
…AND Exit and Destination can execute the attack
Challenge:
How to
measure
and
mitigate
these attacks in practice?
•
We can’t actually measure reverse paths…
•
Also can’t traceroute through Tor
Our approach:
Use simulations on empirical AS graphs
•
Consider all paths compliant with a model of routing policies
•
Gives an approximation on potential attacks
6
Source AS
Entry relay
Exit relay
Middle relay
Destination AS
Need to
measure/infer
network paths!
Understanding the threat to Tor
7
Method
:
•
Use VPN to connect to 200 sites (100 popular, 100 likely censored) through Tor
•
VPN end points located in 10 countries
•
Examine AS-paths between source and destination and chosen entry/exit relays
.
Vulnerable sites (%)
Astoria: Avoiding AS-level attackers
•
Choose an entry/exit relay to avoid attackers
–
Usually there is such an option
•
Challenge:
How to find the safe option?
–
Path computations need to be done on the client
•
Challenge:
ASes may collude
–
We resolve sibling ASes (e.g., 701, 702, 703 = Verizon)
–
…and evaluate country-level adversaries
•
Challenge:
Minimize performance impact
–
Cannot pre-construct circuits as in vanilla Tor
–
Byproduct of destination-based relay selection
•
Challenge:
Don’t overload popular relays
–
If there are multiple safe options load balance across them
8
What are the paths?
Which relay
selection is safe?
What if there is no safe option?
•
What if all relay selections contain at least one AS that can
perform the timing attack?
•
Astoria minimizes the amount any given attacker can learn
–
Linear program
9
Source
AS
ISP 1
ISP 2
Entry
AS 1
Entry
AS 2
Entry
AS 3
1/3
1/3
1/3
ISP 1 can snoop with prob. 2/3
What if there is no safe option?
•
What if all relay selections contain at least one AS that can
perform the timing attack?
•
Astoria minimizes the amount any given attacker can learn
–
Linear program
10
Source
AS
ISP 1
ISP 2
Entry
AS 1
Entry
AS 2
Entry
AS 3
1/4
1/4
1/2
ISP 1 can snoop with prob. 1/2
Additional slides
•
See this slide deck (Slides 21-26, for overview of Cipollino)
•
https://www.dropbox.com/s/podehxeulk8xsbp/rishab-defense-
2016.ppsx?dl=0
•
See this slide deck for an overview of the Users Get Routed
reading:
•
https://www.dropbox.com/s/ei8wse2zou537oi/L16-tor-users-
routed-slides.pdf?dl=0
11
Delve into the realm of network interference through the CS590B/690B lecture with Phillipa Gill at UMass Amherst. Explore topics such as Internet routing, timing attacks, BGP hijacks, Tor network functionality, relay selection, collusion scenarios, use of guards, web site fingerprinting attacks, traffic analysis attacks, and more. Gain insights on attack criteria, evaluation methods, and the threat landscape to the Tor network. Understand the challenges and strategies to mitigate AS-level attacks and ensure network security.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
CS590B/690B DETECTING NETWORK INTERFERENCE (SPRING 2018) LECTURE 16 PHILLIPA GILL UMASS -- AMHERST.
WHERE WE ARE Last time: Internet routing review + timing attacks BGP hijacks/path asymmetry
TEST YOUR KNOWLEDGE 1. 2. 3. 4. What is the goal of Tor? How does Tor accomplish this? How does Tor pick relays? What happens if you compromise.. The entry relay? The middle relay? The exit relay? What happens if the entry and exit relay collude? Why 3 hops? Why not 1? Why not 2? How does Tor avoid colluding relays from being chosen? Why are guards used? How are guards chosen? 10. What meta data is used by Web site fingerprinting attacks? 11. What is the premise behind Web site fingerprinting attacks? 5. 6. 7. 8. 9.
TODAY Continuing with traffic analysis attacks. Readings: 1. Users get routed 2. Holding all the ASes
REVIEW OF ATTACK CRITERIA/ EVALUATION OF POTENTIAL IN PRACTICE
Attack criteria Any AS that lies on the Forward OR Reverse path, between the Source and Entry AND Exit and Destination can execute the attack Middle relay Entry relay Exit relay Destination AS Source AS Challenge: How to measure and mitigate these attacks in practice? We can t actually measure reverse paths Also can t traceroute through Tor Our approach: Use simulations on empirical AS graphs Consider all paths compliant with a model of routing policies Gives an approximation on potential attacks Need to measure/infer network paths! 6
Understanding the threat to Tor Method: Use VPN to connect to 200 sites (100 popular, 100 likely censored) through Tor VPN end points located in 10 countries Examine AS-paths between source and destination and chosen entry/exit relays. Vulnerable sites (%) 53% of sites have at least some content delivered over a vulnerable Tor circuit 7
Astoria: Avoiding AS-level attackers Choose an entry/exit relay to avoid attackers Usually there is such an option Challenge: How to find the safe option? Path computations need to be done on the client Challenge: ASes may collude We resolve sibling ASes (e.g., 701, 702, 703 = Verizon) and evaluate country-level adversaries Challenge: Minimize performance impact Cannot pre-construct circuits as in vanilla Tor Byproduct of destination-based relay selection Challenge: Don t overload popular relays If there are multiple safe options load balance across them What are the paths? Which relay selection is safe? 8
What if there is no safe option? What if all relay selections contain at least one AS that can perform the timing attack? Astoria minimizes the amount any given attacker can learn Linear program 1/3 Entry AS 1 ISP 1 can snoop with prob. 2/3 ISP 1 1/3 Source AS Entry AS 2 ISP 2 Entry AS 3 1/3 9
What if there is no safe option? What if all relay selections contain at least one AS that can perform the timing attack? Astoria minimizes the amount any given attacker can learn Linear program ISP 1 can snoop with prob. 1/2 Entry AS 1 1/4 ISP 1 Source AS Entry AS 2 1/4 ISP 2 Entry AS 3 1/2 10
Additional slides See this slide deck (Slides 21-26, for overview of Cipollino) https://www.dropbox.com/s/podehxeulk8xsbp/rishab-defense- 2016.ppsx?dl=0 See this slide deck for an overview of the Users Get Routed reading: https://www.dropbox.com/s/ei8wse2zou537oi/L16-tor-users- routed-slides.pdf?dl=0 11
