CS 144r: Networks Design Projects
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on
  • Presentation posted in: General

CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks. Anonymizing Infrastructure February 22, 2002 Professor Marco Iansiti, HBS Professor H. T. Kung, FAS Harvard University. Topics for Today.

Download Presentation

CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Cs 144r networks design projects cs 244r advanced networks design projects

CS 144r: Networks Design Projects

CS 244r: Advanced Networks Design Projects

HBS 4560: The Future of Business Networks

Anonymizing Infrastructure

  • February 22, 2002

  • Professor Marco Iansiti, HBS Professor H. T. Kung, FAS

  • Harvard University


Topics for today

Topics for Today

  • Overview of an IP-layer anonymizing infrastructure

  • Project on attacking the anonymizing infrastructure


Problem to solve

Problem To Solve

An authentication server, by definition, needs to process requests from unknown users; thus, it can be subject to DOS attacks

The Internet

Clients

Authentication

Server


A solution approach based on an anonymizing infrastructure

A Solution Approach Based on an Anonymizing Infrastructure

  • Provide an IP-layer anonymizing infrastructure that can hide IP addresses of authentication servers from clients

  • This anonymizing infrastructure can be useful for current and future authentication servers and other servers


The traditional internet packet reveals server address in the clear

B

a

y

N

e

w

t

o

r

k

s

The Traditional Internet: Packet Reveals Server Address in the Clear

140.247.60.30

Packet

D

The Internet

Client

Server

140.247.60.30


The anonymizing infrastructure use forwarders to hide servers addresses

B

B

B

B

a

a

a

a

y

y

y

y

N

N

N

N

e

e

e

e

w

t

w

t

t

w

w

t

o

o

o

o

r

r

r

r

k

k

k

k

s

s

s

s

D

D

D

D

The Anonymizing Infrastructure: Use Forwarders to Hide Servers’ Addresses

Addresses encrypted in Fs’ keys

F2

Server

F1

Client

  • The infrastructure is an overlay network of forwarders, Fs

  • Forwarders are stateless and use anycast addresses for improved availability


Use of gateways to allow existing clients and servers without modification

B

B

B

B

a

a

a

a

y

y

y

y

N

N

N

N

e

e

e

e

t

w

t

w

w

w

t

t

o

o

o

o

r

r

r

r

k

k

k

k

s

s

s

s

D

D

D

D

Use of Gateways To Allow Existing Clients and Servers Without Modification

F1

GWc

Client

GWs

Server

F2

Initialization Server

  • Gateways, GWc and GWs, allow existing clients and servers to use the anonymous forwarding infrastructure without modification


Three usage steps for the anonymizing infrastructure

Three Usage Steps for the Anonymizing Infrastructure

  • Server Registration: Given a server, select a sequence of forwarders, compute the encrypted IP address for the server, and register the results

    • The sequence of forwarders can be selected manually or automatically

  • Client Initialization: Given a server, obtain the encrypted address for the server, the address of the first decrypting forwarder, and other information required for forwarding

  • Packet Forwarding: forward packets over the selected sequence of forwarders


Internet drafts and mailing list

Internet Drafts and Mailing List

  • Internet Drafts:

    • Bradner, S., and Kung, H. T., "Requirements for an Anonymizing Packet Forwarder," <draft-bradner-annfwd-req.txt>, November 2001

    • Kung, H. T. and Bradner, S., "A Framework for an Anonymizing Packet Forwarder," <draft-kung-annfwd-framework.txt>, November 2001.

  • Mailing list:

    http://wireless.eecs.harvard.edu/anon

    Comments would be appreciated


Experimental system for an anonymizing infrastructure

Experimental System for an Anonymizing Infrastructure

  • We have implemented the three usage steps for an anonymizing infrastructure

  • A FreeBSD-based experimental system is working in our lab at Harvard

  • In the following we use our experimental system to illustrate the three steps


Step 1 server registration

Step 1: Server Registration

Server alias:

KerberosServer in CS at Harvard

Server IP address:

140.247.60.105

Server port numbers:

88

1st forwarder:

2nd forwarder:


Step 2 client initialization

B

B

B

B

a

a

a

a

y

y

y

y

N

N

N

N

e

e

e

e

w

t

w

t

t

w

t

w

o

o

o

o

r

r

r

r

k

k

k

k

s

s

s

s

D

D

D

D

Step 2: Client Initialization

F1

Client

Server

F2

Initialization Server

  • Client obtains information, such as server’s address encrypted in Fs’ keys and F1’s address, from an initialization server


Step 3 packet forwarding

B

B

B

B

a

a

a

a

y

y

y

y

N

N

N

N

e

e

e

e

w

t

w

t

t

w

t

w

o

o

o

o

r

r

r

r

k

k

k

k

s

s

s

s

D

D

D

D

Step 3: Packet Forwarding

F1

Client

Server

F2

Initialization Server

  • Client’s packet is forwarded to F1. F1 decrypts the address and discovers the next hop is F2. Then packet is forwarded to F2, etc.

  • The return path is from server to F2, F1 and client


Use of client and server gateways in our experimental system

B

B

B

B

a

a

a

a

y

y

y

y

N

N

N

N

e

e

e

e

t

w

t

w

w

w

t

t

o

o

o

o

r

r

r

r

k

k

k

k

s

s

s

s

D

D

D

D

Use of Client and Server Gateways in Our Experimental System

F1

GWc

Client

GWs

Server

F2

Initialization Server

  • Gateways, GWc and GWs, allow existing clients and servers to use the anonymous forwarding infrastructure without modification


Experimental system platform

Experimental System Platform

  • Use divert socket on FreeBSD-4.4 machines (http://www.freebsd.org/) in implementing forwarders, GWc and GWs

  • PPTP VPN: mpd (netgraph multi-link PPP daemon)

  • Crypto software

    • Public key: RSA from OpenSSL (http://www.openssl.org/)

    • Symmetric key: 128-bit AES (Rijndael) (http://www.nist.gov/aes/)


Two threat models

Two Threat Models

  • Monitoring a forwarder’s input & output, or compromising a forwarder

    • Capture client and forwarder or server address

  • Using the anonymizing infrastructure to launch attacks

    • Make tracking of attackers difficult


Countermeasures see the next three slides

Countermeasures(See the Next Three Slides)

  • Multi-hop forwarding to make it hard to discover the exit forwarder before the server

  • Uncorrelated, per-packet encryption for each of the hops (except the hop between the client to the first forwarder where encryption is not needed) to defend against unauthorized monitoring

  • Protocol camouflaging

  • Spaghetti forwarding


Multi hop forwarding

B

B

B

B

a

a

a

a

y

y

y

y

N

N

N

N

e

e

e

e

w

w

t

t

t

t

w

w

o

o

o

o

r

r

r

r

k

k

k

k

s

s

s

s

D

D

D

D

Multi-hop Forwarding

F3

F1

Client

F2

Server

F4

  • To locate F4, the exit forwarder, the entire path (F1, F2, F3, F4) will need to be discovered


Uncorrelated per packet encryption in our experimental system

B

B

a

a

y

y

N

N

e

e

w

t

t

w

o

o

r

r

k

k

s

s

D

D

Uncorrelated, Per-packet Encryption in Our Experimental System

N different encrypted packet payloads

N submissions of the same packet

F1

GWc

Client

F2

Server

GWs

  • When there is unauthorized monitoring, this feature makes it difficult for attackers to use traffic analysis to discover the forwarding path


Camouflaged tcp over udp

Camouflaged TCP over UDP

Normal TCP

IP

header

TCP

header

TCP

payload

TCP over UDP

IP

header

UDP

header

TCP

header

TCP

payload

Camouflaged TCP over UDP

IP

header

TCP

header

UDP

header

TCP

payload

TCP

header


Spaghetti forwarding

B

B

B

B

a

a

a

a

y

y

y

y

N

N

N

N

e

e

e

e

t

w

t

t

w

w

t

w

o

o

o

o

r

r

r

r

k

k

k

k

s

s

s

s

D

D

D

D

Spaghetti Forwarding

F3

F1

Client

F4

Server

F2


Additional countermeasures

Additional Countermeasures

  • Rate limiting forwarders

  • Dynamic re-selection of forwarders

  • Secure connection between GWc and Initialization Server to ensure the former receives trustworthy information from the latter


Revisit the project definition attacking an experimental anonymizing infrastructure

Revisit the Project Definition: Attacking An Experimental Anonymizing Infrastructure

  • Attacker’s objective

    • Find the IP address that the anonymizing infrastructure tries to hide

  • Assumptions

    • Links in the infrastructure and those connected to it can be monitored

  • Demonstration

    • Given an encrypted IP address of a server, find its true address

  • Attacker’s score

    • An attacker’s score decreases exponentially in the number of false forwarders explored


The testbed

The Testbed

Client

F2

VPN

GWc

GWs

F1

SSL

Server

Initialization Sever


  • Login