Trust-Based Anonymous Communication Models and Routing Algorithms

Slide Note
Embed
Share

This research paper discusses trust-based anonymous communication models and routing algorithms in the context of onion routing, emphasizing the importance of trust in mitigating security risks from adversaries with resources. The paper presents a model of trust and proposes trust-based routing algorithms to enhance anonymity while maintaining robustness against trust errors, ultimately improving the security of communication channels on the network.

real885
real885 Follow

Uploaded on Sep 18, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Trust-based Anonymous Communication: Models and Routing Algorithms Aaron Johnson Paul Syverson Roger Dingledine Nick Mathewson U.S. Naval Research Laboratory U.S. Naval Research Laboratory The Tor Project The Tor Project 18th ACM Conference on Computer and Communications Security October 17-21, 2011 Chicago, IL

  2. Overview Onion routing provides anonymous communication. 2

  3. Overview ? Onion routing provides anonymous communication. 3

  4. Overview ? ? Onion routing provides anonymous communication. 4

  5. Overview ? ? ? Onion routing provides anonymous communication. 5

  6. Overview ? ? Onion routing provides anonymous communication. It is insecure against an adversary with resources. 6

  7. Overview ? ? Onion routing provides anonymous communication. It is insecure against an adversary with resources. Trust can help avoid such an adversary. We provide a model of trust. We design trust-based routing algorithms. 7

  8. Overview ? ? Onion routing provides anonymous communication. It is insecure against an adversary with resources. Trust can help avoid such an adversary. We provide a model of trust. We design trust-based routing algorithms. Improve anonymity with robustness to trust errors. 8

  9. Onion Routing 9

  10. Onion Routing Users Onion Routers Destinations 1. A user cryptographically constructs a circuit through the network. 2. Onion-encrypted data is sent and unwrapped along the circuit. 3. The process runs in reverse for return data. 10

  11. Onion Routing torproject.org International onion-routing network Estimated at over 300,000 users daily 2500 onion routers Uses include - Avoiding censorship - Gathering intelligence - Political activism - Whistleblowing 11

  12. Problem Problem 12

  13. Problem Problem Adversary may observe or control routers. 13

  14. Problem Adversary may observe or control routers. Traffic patterns can link first and last routers. 14

  15. Problem Adversary may observe or control routers. Traffic patterns can link first and last routers. First-last Correlation Attack Success Path Selection Probability of attack success # routers observed # connections until successful attack Random 0.01 250 100 + guards & exits 0.01 80 guards, 90 exits 10 w/ prob. 0.1 + bandwidth weighting 0.01 guard&exit, 124 MiBps 7.7 w/ prob. 0.077 2500 total routers, 900 exit, 800 guard 15

  16. Key Idea: Trust Users may know how likely a router is to be under observation. Tor Routers with Possible Trust Factors Name Hostname Bandwidth Uptime Location Tor version OS moria1 moria.csail.mit. edu 460 KB/s 1 days USA 0.2.3.5- alpha Linux rathergonaked 212-82-33- 302 KB/s 6 days Germany 0.2.2.33 Linux 112.ip.14v.de Unnamed static-ip-166- 154-142- 114.rev.dyxnet.c om Source: http://torstatus.blutmagie.de, 10/12/2011 58 KB/s 58 days Hong 0.2.1.29 Windows Server 2003 SP2 Kong 16

  17. Problems 1. What is trust? Model 2. How do we use trust? Path-selection algorithm 17

  18. Model Observed destination User u Na ve users N 0 1 Observed source Probability of Compromise: cu(r) Trust: u(r) = 1-cu(r) Au Adversaries 18

  19. Trust-based Path Selection Algorithm 1. Destination links observed only Use downhill algorithm. 2. Source links observed only Use one-hop path of most-trusted router. 3. Neither source nor destination links observed Connect directly to destination. 4. Both source and destination links observed Connect directly to destination. 19

  20. Downhill Algorithm Key idea: Blend in with the na ve users. Random Most trusted 20

  21. Downhill Algorithm Key idea: Blend in with the na ve users. Random Most trusted 21

  22. Downhill Algorithm Key idea: Blend in with the na ve users. Random Most trusted 22

  23. Downhill Algorithm Router Trust CDF 0 Fraction of Routers 0 1 Trust Most trusted Random 23

  24. Downhill Algorithm Router Trust CDF 0 Fraction of Routers 0 1 Trust Random Most trusted 24

  25. Downhill Algorithm Router Trust CDF 0 Fraction of Routers 0 1 Trust Random Most trusted 25

  26. Downhill Algorithm Router Trust CDF 0 Fraction of Routers 0 1 Trust Downhill Random Most trusted 26

  27. Downhill Algorithm 27

  28. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 28

  29. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 29

  30. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 30

  31. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 31

  32. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 32

  33. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 33

  34. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 34

  35. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 35

  36. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 3. For each connection, 1. Create circuit through selected routers. 2. Randomly choose two routers. 3. Extend circuit through them to the destination. 36

  37. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 3. For each connection, 1. Create circuit through selected routers. 2. Randomly choose two routers. 3. Extend circuit through them to the destination. 37

  38. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 3. For each connection, 1. Create circuit through selected routers. 2. Randomly choose two routers. 3. Extend circuit through them to the destination. 38

  39. Downhill Algorithm 1. Set path length l and trust levels 1, , l to optimize expectation of anonymity metric. 2. For 1 i l, Randomly select among routers with trust i 3. For each connection, 1. Create circuit through selected routers. 2. Randomly choose two routers. 3. Extend circuit through them to the destination. 39

  40. Anonymity Analysis Metric: Posterior probability of actual source of a given connection. dynamic static Example: u Let Ti = {r : u(r) i}. Let Au R be the routers compromised by Au. Let X1 = Pr[ u chose observed path] = (|T1\Au|/|T1|) (|T2\Au|/|T2|) (1/|T3|) (1/|R|)2 Let X2 = Pr[ n N chose observed path] = (|R\Au|/|R|)2(1/|R|)3 Posterior probability: X1/(X1+|N|X2) 40

  41. Anonymity Analysis Downhill Most trusted Random Lower bound Expected anonymity Many @ medium trust 0.0274 0.2519 0.1088 0.01 Many @ low trust 0.0550 0.1751 0.4763 0.001 41

  42. Anonymity Analysis Downhill Most trusted Random Lower bound Expected anonymity Many @ medium trust 0.0274 0.2519 0.1088 0.01 Many @ low trust 0.0550 0.1751 0.4763 0.001 Scenario 1: User has some limited information. =.1 =.99 =.9 10 routers 5 routers 1000 routers 42

  43. Anonymity Analysis Downhill Most trusted Random Lower bound Expected anonymity Many @ medium trust 0.0274 0.2519 0.1088 0.01 Many @ low trust 0.0550 0.1751 0.4763 0.001 Scenario 2: User and friends run routers. Adversary is strong. =.999 =.95 =.5 5 routers 50 routers 1000 routers 43

  44. Linking Analysis Metric: Connection entropy at times user communicates. Example: (u,d1) (u,d2)(u,d3) t1 t2 t3 44

  45. Linking Analysis Metric: Connection entropy at times user communicates. Example: (?,d1) (?,d2)(?,d3) t1 The adversary may not know the user. t2 t3 45

  46. Linking Analysis Metric: Connection entropy at times user communicates. Example: (v,d1) (v,d2)(v,d3) t1 t2 t3 Connections without dynamic hops may be linked by final hop. 46

  47. Linking Analysis Metric: Connection entropy at times user communicates. Example: (v,d1) (w,d2)(x,d3) t1 t2 t3 With dynamic hops, posterior distribution may be more even. 47

  48. Linking Analysis Metric: Connection entropy at times user communicates. Example: (v,d1) (w,d2)(x,d3) t1 t2 t3 With dynamic hops, posterior distribution may be more even. Theorem: Entropy of connection distribution is increased by using dynamic hops. 48

  49. Trust Errors Theorem (informal): Error in trust of router r changes expected anonymity proportional to 1. Size of error 2. Expected number of times r is used 3. Expected relative size of r s trust set 49

  50. Trust Errors Errors in Scenario 1 (many @ medium trust) Fraction x of low are medium, x/2 of med. are low, x/2 of med. are high, x of high are medium. 50

Related


Understanding Networking Principles and Routing Algorithms in Distributed Systems

Understanding Networking Principles and Routing Algorithms in Distributed Systems

brantso
Geometric Routing Concepts and Byzantine Fault Tolerance

Geometric Routing Concepts and Byzantine Fault Tolerance

korilynnp
Adaptive Resilient Routing via Preorders in SDN

Adaptive Resilient Routing via Preorders in SDN

ryad
Understanding Routing Protocols in Network Layer

Understanding Routing Protocols in Network Layer

yawn_den
Updates and Changes in SPA/SPAC Processes

Updates and Changes in SPA/SPAC Processes

bzir
Understanding IP Routing and Switching in Computer Networks

Understanding IP Routing and Switching in Computer Networks

cabsh
Distributed Algorithms for Leader Election in Anonymous Systems

Distributed Algorithms for Leader Election in Anonymous Systems

gude_za
Understanding EIGRP: A Comprehensive Overview

Understanding EIGRP: A Comprehensive Overview

rebeca
Understanding Static Routing in Network Infrastructure Workshops

Understanding Static Routing in Network Infrastructure Workshops

raid_52
Understanding Greedy Distributed Spanning Tree Routing in Wireless Sensor Networks

Understanding Greedy Distributed Spanning Tree Routing in Wireless Sensor Networks

sprio
Preventing Active Timing Attacks in Low-Latency Anonymous Communication

Preventing Active Timing Attacks in Low-Latency Anonymous Communication

kmike
Challenges in Establishing a Secure Inter-Domain Routing System

Challenges in Establishing a Secure Inter-Domain Routing System

karlish
Understanding Non-Optimal Routing and 32-Bit ASN Compatibility

Understanding Non-Optimal Routing and 32-Bit ASN Compatibility

abdulmo
Network Routing Algorithms and Protocols Overview

Network Routing Algorithms and Protocols Overview

kyerk
Direct Routing with Teams: Opportunity or Threat?

Direct Routing with Teams: Opportunity or Threat?

libertieg
System Models in Software Engineering: A Comprehensive Overview

System Models in Software Engineering: A Comprehensive Overview

michal
Analysis of Onion Routing Security and Adversary-based Metrics

Analysis of Onion Routing Security and Adversary-based Metrics

rus_n
Understanding Dynamic Routing on Fast Data Plane with VPP and BIRD

Understanding Dynamic Routing on Fast Data Plane with VPP and BIRD

tae_ruf
Understanding Routing Methods in Hydrologic Engineering Center (HEC-ResSim)

Understanding Routing Methods in Hydrologic Engineering Center (HEC-ResSim)

anara
Understanding BGP Basics and Routing Security

Understanding BGP Basics and Routing Security

cobe_53
Understanding Hyper-Specific Prefixes in Internet Routing

Understanding Hyper-Specific Prefixes in Internet Routing

egne_ary
Decoy Routing: A Tool Against Internet Censorship

Decoy Routing: A Tool Against Internet Censorship

kahl_596
Understanding Heroin Anonymous: Recovery Program and Practices

Understanding Heroin Anonymous: Recovery Program and Practices

antwu
Non-Interactive Anonymous Router with Quasi-Linear Computation

Non-Interactive Anonymous Router with Quasi-Linear Computation

alista

More Related Content