privacy in content oriented networking threats and countermeasures n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Privacy in Content Oriented Networking: Threats and countermeasures PowerPoint Presentation
Download Presentation
Privacy in Content Oriented Networking: Threats and countermeasures

Loading in 2 Seconds...

play fullscreen
1 / 33

Privacy in Content Oriented Networking: Threats and countermeasures - PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on

Privacy in Content Oriented Networking: Threats and countermeasures . Abdelberi Chaabane, Emiliano De Cristofaro , Mohamed Ali Kaafar , and Ersin Uzun. A brief History of networking. 3 Interconnecting information. Telephony. TCP/IP. 2 Interconnecting hosts.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Privacy in Content Oriented Networking: Threats and countermeasures' - nat


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
privacy in content oriented networking threats and countermeasures

Privacy in Content Oriented Networking: Threats and countermeasures

Abdelberi Chaabane, Emiliano De Cristofaro, Mohamed Ali Kaafar, and ErsinUzun

a brief history of networking
A brief History of networking

3 Interconnecting information

Telephony

TCP/IP

2 Interconnecting hosts

1 Interconnecting wires

change in communication paradigm
Change in Communication Paradigm
  • Today Internet struggles
    • Scalability
    • Mobility
    • Security
  • Move to Content-oriented Network
    • Traffic is already content-oriented
      • CDN, overlays, P2P
    • Users/applications care “what to receive”
      • They don’t care “from whom”
      • Host based communication model is getting ‘’outdated’’
macro building blocks
Macro-building blocks
  • Named Content
    • Objects are named to facilitate data dissemination and search
  • Content Based Routing
    • Routing content rather than host
  • Content Delivery
    • Using multipath routing and leveraging in network caching
  • In Network caching
    • All components provide caching capability
contributions
Contributions
  • Systematic study of privacy challenges in CON
    • Exposing several worrisome issues
    • Proposing some countermeasures
    • Highlighting open problems
  • Comparing CON to Today’s Internet (TI) from a privacy perspective
outline
Outline
  • Privacy challenges in CON

Cache privacy

Content Privacy

Name privacy

Signature privacy

  • The potential of CON privacy

Anonymity

Censorship Resistance

Untraceability

Data authenticity and confidentiality

con privacy
CON Privacy

Name Privacy

Cache Privacy

  • Names are related to the content
  • Infer what a user is consuming
  • Data is cached in every hop
  • Infer who consumed what

Signature Privacy

Content Privacy

  • Content is signed
  • Identify the communicating parties
  • Encryption is not mandatory
  • Publicly available content spied on / censored
timing attack
Timing attack

RTTS

RTTC

Fetch the targeted

contentRTTt

  • If |RTTt -RTTc| < ε: Content has been fetched by a neighboring consumer
  • If RTTt > RTTc and RTTt < RTTs: Content has been recently fetched from the source
  • Otherwise: The target content has not been consumed
potential solution
Potential Solution
  • Wait before reply
    • When a content m is fetched, the corresponding RTTm is stored
    • All subsequent requests to m are delayed with RTTm

Increased the delay

It provably achieves perfect privacy[1]

No assumption about content correlation/ Network topology

Reduced bandwidth

1: Acs, G., Conti, M., Gasti, P., Ghali, C., & Tsudik, G. Cache Privacy in Named-Data Networking. ICDCS’13.

potential solution1
Potential Solution
  • Delay the first K
    • When a content m is fetched, the corresponding RTTm is stored and a random number K is chosen
    • K subsequent requests to m are delayed with RTTm

Assumption about content correlation

Increased delay for non popular content

Popular content is not delayed

Formal model to quantify the tradeoff privacy/latency [1]

Reduced bandwidth

potential solution2
Potential Solution
  • Collaborative caching
    • Multiple caches collaborate to create a distributed cache
potential solution3
Potential Solution
  • Collaborative caching
    • Multiple caches collaborate to create a distributed cache

Administrative collaboration

Potential Delay

Increases the anonymity set

Increases hit rate

content based monitoring and censorship
Content Based Monitoring and Censorship
  • CON routers
    • Long-term storage
    • Computationally powerful
  • ‘Less’ powerful adversary is needed to perform censorship
potential solution4
Potential Solution
  • Broadcast encryption
    • The producer send an encrypted message to a set of users N
    • Only users in N can decrypt the message

Producer generate/store N keys

Producer public key and cipher text are of size of O(√N)

Content is encrypted once

Caching is preserved

Fine grained user control (revocation)

potential solution5
Potential Solution
  • Proxy re-encryption
potential solution6
Potential Solution
  • Proxy re-encryption

Asymmetric encryption

Content is available for any user

Content is encrypted once

Caching is preserved

Fine grained user control (revocation)

monitoring tracking
Monitoring/Tracking
  • Content name are semantically correlated with the content
    • E.g. /US/WebMD/AIDS/Symptoms/html
  • Unlike HTTPS, content name is not encrypted as they are used for routing
potential solution7
Potential Solution
  • Bloom Filter
    • Using Bloom filter to obfuscate the content name:
      • A hierarchical Bloom filter for routing table
      • A counting Bloom filter for each forwarding interface

Introduce false positives

BF require periodic resetting

Obfuscates content name

Small architectural changes

Reduce the size of routing/forwarding tables

censorship monitoring
Censorship/ Monitoring
  • Signature is used to provide guarantee on provenance and integrity
  • This signature can be used to censor/monitor the content.
potential solution8
Potential Solution
  • Group Signature
  • Group Signature
potential solution9
Potential Solution
  • Group Signature
    • Hide the signer in a set of potential signers (signer ambiguity)

Pub Key

Priv Key

Group

Manager

potential solution10
Potential Solution
  • Group Signature
    • Hide the signer in a set of potential signers (signer ambiguity)

Presence of a group manager

Censorship possible

Signature still verifiable

Efficient

potential solution11
Potential Solution
  • Ring Signature
    • Hide the signer in a set of potential signers (signer ambiguity)
    • Signature is generated from the signer private key and a set of public key

Pub Key

Priv Key

potential solution12
Potential Solution
  • Ring Signature
    • Hide the signer in a set of potential signers (signer ambiguity)
    • Signature is generated from the signer private key and a set of public key

Communication overhead linear in the size of the ring

Censorship possible

Signer anonymity protected

Trustful content (as long as all signers are trustworthy)

No signers interaction / No group manager

outline1
Outline
  • Privacy challenges in CON
    • Cache privacy
    • Content Privacy
    • Name privacy
    • Signature privacy
  • The potential of CON privacy
    • Anonymity
    • Censorship Resistance
    • Untraceability
    • Data authenticity and confidentiality
anonymity
Anonymity

Internet

CON

A Trusted Anonymzing proxy

Natively provided by the architecture (no SRC/DST)

- A single point of failure

- A Local adversary could monitor all the traffic

Mix Networks: ANDaNA[2]

  • 2 Hops to the source
  • Low latency
  • Partially disable CON caching
  • CCNx specific

Mix Networks e.g. Tor

  • 3 Hops to the source
  • Low latency

[2] ANDaNA: Anonymousnamed data networking application.DiBenedetto, S., Gasti, P., Tsudik, G., & Uzun, E. NDSS'12

censorship
Censorship

Internet

CON

DNS Tempering

Effective in some CON

Content (name) blacklisting

Host blacklisting

Easier in CON:

  • Name/Content are not encrypted
  • No need for specialized hardware

DPI (Content blacklisting)

  • Strong adversary
  • specialized Hardware

At a single router, censorship appears to be easier in CON

tracking
Tracking

Internet

CON

Cookies

  • Widespread
  • Efficient
  • Tailored to the business model
  • No same origin policy
  • Only dynamic content can be tracked
  • Business model migration ?

Stateless Tracking

-More difficult to carry (no addresses + caching)

  • How to handle security incident ?
  • Using IP and host fingerprinting

CON is more resilient to tracking but poses new challenges

data authenticity and confidentiality
Data authenticity and confidentiality

Internet

CON

One size fits all (SSL)

  • Well studied
  • Highly optimized

End to End trust model

  • Different consumer = different trust model
  • Widely accepted (PKI) or new trust management model
take home messages
Take home messages
  • Content Oriented Networking Privacy

More resilient to tracking

‘’Weak’’ anonymity as native feature

Possibly more vulnerable to censorship

Some privacy challenges due to caches, naming, signatures