1 / 19

Active Protocols for Agile Censor-Resistant Networks

Active Protocols for Agile Censor-Resistant Networks. Robert Ricci Jay Lepreau University of Utah May 22, 2001. Key Ideas. Censor-resistant (p2p) publishing is a compelling and feasible application of active networking

agrata
Download Presentation

Active Protocols for Agile Censor-Resistant Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001

  2. Key Ideas • Censor-resistant (p2p) publishing is a compelling and feasible application of active networking • …through on-demand, rapid, decentralized,diversification of the hop-by-hop protocol We prototyped this in Freenet

  3. Active Networking’s Biggest Problem • Demand: no killer app Inherent problem, by definition! The space of AN protocols is interesting, not any given protocol But… a good match for censor-resistant networks

  4. Censor-Resistant Networks • Goals • Make intentional deletion or denial of access infeasible or difficult • Often: Anonymity • Usually: overlay network • An example: Freenet • Keyed data retrieval system; routing based on a hash of key • Message initiation/relaying look the same • Copies made along return route for requests: preserves popular data

  5. Some Problems Facing CRNs • CRN traffic may be identifiable • Static set of protocols a weakness • Mere membership may be incriminating • Only identification may be necessary, not eavesdropping • Last link vulnerable: mercy of ISP • Users on restricted networks cannot participate • But special techniques can get traffic through firewalls, proxies, etc.

  6. Agile Protocols • Use active networking techniques for replacement of single-hop protocols • Completely decentralized • Any node can create a new protocol & pass to its peer • Rapid response time to censorship • Nodes can customize for their environment • Unbounded set of protocols • Attacker cannot even know what percentage of set they have discovered

  7. Protocol Examples • Disguise and tunnel, eg through SMTP, HTTP • Port-hopping… randomly • Port-smearing (~spread spectrum) • Bounce thru 3rd host • Steganography • …even better in wireless domain: physical & link level

  8. “Protocol Objects” • Protocol Objects implement replacement single-hop protocols • Identified by content hash

  9. What About Malicious Protocol Objects?

  10. Protecting Local Node’s Integrity, Privacy, and Availability • Threat model like Java applet, but worse for privacy • node state: cache contents, neighbor list, IP addr, username, hard drive contents • message itself • Integrity and privacy: std type-safety and namespace isolation • Resource attacks: resource-managing JVM [OSDI’00, ...]

  11. Publishing-specific DoS Attacks • Same general issues as malicious nodes • Failure (total or intermittent) • Either malicious or unintentional • Heuristic approach: rate Protocol Objects • Ratings based on success rates for requests • Evaluate via loopback test harness • Ratings are node-local • More attacks/responses in paper

  12. What About Bootstrapping? • Shared by base Freenet system: must acquire initial {IP addr, port} out-of-band • Now need {IP addr, byte code} • Quantitative difference ==> qualitative change? • Memory, piece of paper ==> floppy disk, email attachment, applet • Conclusion: acceptable

  13. Our Implementation • Prototype based on Freenet system • Peers can exchange Java bytecode for new protocols • Protocol usage can be asymmetric, can change on any message boundary • Restricted namespace

  14. Four sample Protocol Objects • ‘Classic’ Freenet protocol • HTTPProtocol: Looks (vaguely) like HTTP • TrickyProtocol: Negotiates port change after every message • SpreadProtocol: Splits message on arbitrary byte boundaries, sends each chunk on a different port

  15. Reprise:AN’s Major Technical Challenges • Performance: no problem • In Java already! • Overlay network: IP not my problem • Security • Key: change local, keep global protocol • Global network: domain-specific, therefore tractable. • Local to node: tractable, based on recent research

  16. Conclusions, Future Work • AN techniques seem likely to improve the censor-resistance of CR networks • Feasible to implement in existing systems • Future work • Implement ratings, etc. • Evaluate in lab • Evaluate “in the wild”

  17. Active Networking’s Major Technical Challenges • Performance • Security • Local: node • Global: network

  18. Attacks (cont’d) • Selective failure: targeted censorship • Solution: encrypt before passing to PO • Attack on document integrity • Reduce system integrity, or ‘tag’ for tracing • Solution: secure hash

More Related