1 / 58

Slicing the Onion: Anonymity Using Unreliable Overlays

Slicing the Onion: Anonymity Using Unreliable Overlays. Sachin Katti Jeffrey Cohen & Dina Katabi. Problem Statement. Leverage existing popular P2P overlays to send confidential, anonymous messages without keys. Overlays rock!. Ideal for anonymous communication. Thousands of nodes

hien
Download Presentation

Slicing the Onion: Anonymity Using Unreliable Overlays

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Slicing the Onion: Anonymity Using Unreliable Overlays Sachin Katti Jeffrey Cohen & Dina Katabi

  2. Problem Statement Leverage existing popular P2P overlays to send confidential, anonymous messages without keys

  3. Overlays rock! Ideal for anonymous communication • Thousands of nodes • Plenty of traffic to hide anonymous communication • Diverse membership  Nodes unlikely to collude • Dynamic  Hard to track

  4. Overlays suck! • Nodes don’t have public keys • Nodes are not trustworthy • Nodes are unreliable

  5. This talk: Information Slicing • Message confidentiality, and source and destination anonymity • No public keys • Churn resilient

  6. 1. Message Confidentiality Without Keys

  7. Confidentiality via Information Slicing “Borat: Cultural Leanings of America” Original Message Split message to random pieces and send pieces along node-disjoint paths “Borat: Cultural” “Leanings of America” Split into two “Borat: Cultural” “Leanings of America” Randomize them! “aaspdgfqw” “asdlfrwe” Random pieces

  8. Confidentiality via Information Slicing “aaspdgfqw” Me D “asdlfrwe”

  9. Message Recovery by destination Received random pieces “aaspdgfqw” “aaspdgfqw” “asdlfrwe” Matrix inversion “asdlfrwe” Pieces of original message “Borat: Cultural” “Leanings of America” “Borat: Cultural Leanings of America” Original Message

  10. Even an attacker that gets all but one piece cannot decode! Destination gets all pieces  can decode 

  11. 2. Anonymity without Keys

  12. System Setup • Anonymous communication has two phases • Route Setup • A node learns how to forward a received message • Data transmission • Just follow the routes

  13. Setup Anonymous Routes • Each node knows its next hop • No one else knows the next hop of a node • Why not tell each node the ID of its next hop in a confidential message? Idea : Build anonymity by confidentially sending to each node it’s routing info!

  14. Naïve way to send to a node its next hop Exponential Blowup!

  15. Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information V Z W R Z’s next hop information: R’s next hop information:

  16. Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information V Z W R V and W will know Z and R’s next hops

  17. Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information V Z W R Reuse V to send pieces that belong to different nodes

  18. Challenge: Exponential Blowup Solution: Reuse nodes without giving them too much information V Z W R Reuse nodes to send multiple pieces as long as the pieces belong to different messages

  19. Slicing Protocol Source has multiple IP addresses S S’

  20. Slicing Protocol Source organizes nodes into stages D S V Z W S’ X R

  21. Slicing Protocol Destination D is placed randomly (here in last stage) D S V Z W S’ X R

  22. Slicing Protocol Source confidentially tells each node its next hop info D S V Z W S’ X R

  23. Slicing Protocol V receives the ids of its next hops along disjoint paths D S V Z W S’ X R

  24. Slicing Protocol V also receives one piece meant for Z and one for R, but cannot decipher their next hops D S V Z W S’ X R

  25. Slicing Protocol W also receives its info and pieces for Z and R W cannot decipher Z’s and R’s next hops D S V Z W S’ X R

  26. Slicing Protocol V and W have pieces meant for Z and R D S V Z W S’ X R

  27. Slicing Protocol V and W forward the pieces meant for Z and R D S V Z W S’ X R

  28. Slicing Protocol Node disjoint paths to deliver to Z its V and W do not have enough pieces to know Z’s info D S V Z W S’ X R

  29. Slicing Protocol The same for R D S V Z W S’ X R

  30. Slicing Protocol V and W are reused without revealing anything about Z and R’s routing information D S V Z W S’ X R

  31. Slicing Protocol Similarly source constructs entire graph D S V Z W S’ X R

  32. Slicing Protocol D S V Z W S’ X R Anonymity without keys!

  33. 3. Dealing With Churn

  34. Slicing Protocol - Churn • What if node V departs? D S V Z W S’ X R

  35. Slicing Protocol - Churn • What if node V departs? • Destination cannot decode D S V Z X W S’ X R

  36. How Do We Combat Churn? • Churn causes data loss • Typical solution  Add Redundancy • Use coding to efficiently add redundancy

  37. Source Coding the Data • Source Coding (Erasure Codes) • Split into 3 pieces instead of 2 • Any 2 pieces suffice to retrieve data • Added redundancy of (1/2) = 50%

  38. Source Coding For Robustness S Z V D X S1 R X W S2 P Y U Source coding can tolerate one node failure in the network • Destination D gets two pieces  Can decode

  39. Source Coding For Robustness S Z V D X S1 R X W S2 P Y U • What if a second node (here Z) fails?

  40. Source Coding For Robustness S Z V D X X S1 R X W S2 P Y U • What if a second node (here Z) fails? • Destination D cannot decode

  41. Coding partially solves problem S Z V D X X S1 R X W S2 P Y U • Focus on node R

  42. Coding partially solves problem R Due to upstream node failure, R receives 2 pieces instead of 3

  43. Coding partially solves problem R R can only send out two pieces now, Initial redundancy is destroyed

  44. Regenerating Redundancy R Pieces are linear combinations of message fragments

  45. Network Coding R Take Linear combination of the pieces New piece R can create a linear combination of the pieces he received to generate a new piece

  46. Network Coding R R can now send out 3 pieces instead of 2 Redundancy is regenerated inside the network

  47. Network Coding R Network coding can tolerate one node failure in every stage Can tolerate downstream node failures

  48. General Network Coding • Nodes send linear combinations of incoming pieces • Technique generalizes to any number of extra pieces For kextra pieces, network coding tolerates k failures in every stage

  49. 4. Evaluation

  50. Evaluation Environment • Implementation in Python • Evaluated both in simulation and on PlanetLab • Evaluate anonymity, performance and churn resilience • Each metric is evaluated against the optimal existing baseline

More Related