Tarzan a peer to peer anonymizing network layer by michael j freedman robert morris
1 / 34

Tarzan: A Peer-to-peer Anonymizing Network Layer by Michael J.Freedman, Robert Morris - PowerPoint PPT Presentation

  • Uploaded on

Tarzan: A Peer-to-peer Anonymizing Network Layer by Michael J.Freedman, Robert Morris. Computer Science Graduate Student Jinhae Kim. Contents. Introduction Design Goals Network Model Architecture Details of Design Security Analysis Conclusion. Traffic Analysis Reveals Identities.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Tarzan: A Peer-to-peer Anonymizing Network Layer by Michael J.Freedman, Robert Morris' - yuli-ramos

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Tarzan a peer to peer anonymizing network layer by michael j freedman robert morris

Tarzan: A Peer-to-peer Anonymizing Network Layerby Michael J.Freedman, Robert Morris

Computer Science

Graduate Student

Jinhae Kim


  • Introduction

  • Design Goals

  • Network Model

  • Architecture

  • Details of Design

  • Security Analysis

  • Conclusion

Traffic analysis reveals identities
Traffic Analysis Reveals Identities

  • Who is talking to whom may be confidential or private:

    • Who is searching a public database?

    • Which companies are collaborating?

    • Who are you talking to via e-mail?

    • Where do you shop on-line?


  • Internet Anonymization

    • Without revealing own ID, a host can communicate with an arbitrary server.

  • Anonymizer.Com

    • A host sends messages to a server through a proxy.

  • Anonymous remailer system, Onion Routing, and Zero-Knowledge’s Freedom

    • A host connects to a server through a set of mix relays.

Introduction problems
Introduction - Problems

  • Proxy server

    • Dos attacks

    • Single point of failure

  • A set of mix relay

    • Network edge traffic analysis

Introduction tarzan
Introduction - Tarzan

  • Sequence of mix relay

  • No centralized (equal peer)

  • Hide the originator

  • Each node can be a originator and/or relay

    • Prevent edge analysis

  • Construct a tunnel with sequence of Tarzan peer using layered encryption

  • Ensure the anonymity in network layer

Design goal s
Design Goals

  • Application independence

  • Anonymity against malicious nodes

  • Fault-tolerance and availability

  • Performance

  • Anonymity against a global eavesdropper

Network model
Network Model

  • In relation to node X, adversarial machines can control address spaces and can spoof virtual nodes within corrupted domains

unswitched LAN

honest routers

local subnet

malicious routers

corrupted domains

honest nodes

border gateway

malicious nodes

spoofed nodes


Architecture overview



Architecture Overview

  • An IP packet is diverted to the local tunnel initiator.

  • Translate to a private address space, wrap in several layers of encryption, and send to the first relay in UDP.

  • Decrypts one layer and send to the next relay.

  • PNAT extracts the original IP packet, NATs the packet to its own public address, and writes the raw packet to the internet.











src: PNAT

dst: Dest

(31  17)

(17  59)



Tag: 17

Tag: 59

Tag: 31

src: App

dst: Dest

src: Priv

dst: Dest

src: Priv

dst: Dest

src: Priv

dst: Dest

Packet relay
Packet Relay

  • A flow tag uniquely identifies each link of each tunnel.

    • Symmetric encryption hides data.

    • A MAC protects its integrity.

    • Separate keys are used in each direction of each relay.

  • The tunnel initiator

    • clear each IP packet’s source address field.

    • perform a nested encoding for each tunnel relay.

    • encapsulates the result in a UDP packet.

Packet relay encoding
Packet Relay - Encoding

  • T = (h1, h2,…,hl, hpnat) : A sequence of nodes

  • ekhi, ikhi : Forward encryption and integrity keys

  • seq : packet sequence number

  • An initiator produces block Bi for each relay hi, starting with hpnat

    • ci = ENC (ekhi, {Bi+1})

    • ai= MAC (ikhi, {seq, ci})

    • Bi = {seq, ci, ai}

Tunnel setup
Tunnel Setup

  • A Tarzan node pseudo-randomly selects a series of nodes.

  • The initiator iteratively setup the entire tunnel hop by hop.

  • Generate and Distribute the symmetric keys encrypted under the relays’ public keys.

Tunnel setup protocol




!ok or timeout








Tunnel Setup Protocol

h1R {h0.neighbors}

h2R {h1.neighbors}

h3R {h2.neighbors}


h3R {h2.neighbors}

Ip packet forwarding
IP Packet Forwarding

  • Create a generic anonymizing IP tunnel

    • IP forwarder: divert certain packets and ships them over a Tarzan tunnel.

    • Client forwarder: replace real address with a random address

    • PNAT (Pseudonymous Network Address Translator)

  • Remote hosts can communicate with PNAT normally.

  • Double-blinded channel: achieve both sender and recipient anonymity (using different PNAT)

Tunnel failure and reconstruction
Tunnel Failure and Reconstruction

  • The initiator regularly sends ping to the PNAT.

  • PNAT failure: select a new hpnat for the tunnel.

  • Otherwise: attempt to rebuild the tunnel to the original PNAT.

  • Higher-level connections don’t die upon tunnel failure.

Peer discovery
Peer Discovery

  • A Tarzan node requires some means to learn about all other nodes.

  • Use a simple gossip-based protocol for peer discovery.

  • The Tarzan discovery protocol supports three related operations.

    • Initialization: allow fast information propagation.

    • Redirection: allow nodes to shed load.

    • Maintenance: provide an incremental update a node’s peer database with only new information.

Peer discovery protocol
Peer Discovery Protocol

  • Ua, Va: the set of a’s unvalidated/validated known peers

  • A new node a contacts existing node b to discover Ua .

  • Node a validates b once a receives a response.

  • Node a successively contacts the new neighbors in Ua .

  • Retrying neighbors in Va .

  • If the difference between Va and Vb is big:

    • b is busy: a.redirect (b), otherwise: a.initialize (b)

  • Otherwise:

    • a.maintain (b); b.maintain(a)

Peer selection
Peer Selection

  • Three-level hierarchy: /16, /24 subnets, and relevant IP addresses

  • The leading d-bits of a node’s IP address are transformed to an identifier via hash (ipaddr/d, date)

  • Lookup (key) method: generate id16 via hash (key/16, date) and find the smallest identifier ≥ id16 on the /0 identifier ring; and so on…

  • Example: Lookup (key) with id16 = 541A, id24 = 82F1, and id32 = 261B. This ultimately maps to the hash value 4F9A, which yields IP address


























Cover traffic and link encoding
Cover Traffic and Link Encoding

  • Use of cover traffic to provide more time-invariant traffic patterns independent of bandwidth demands.

  • A traffic mimics: traffic invariants between a node and mimics that protect against information leakage.

Selecting mimics
Selecting Mimics

  • Upon joining the network, node a asks k other nodes to exchange mimic traffic with it.

  • Mimic relationship must be symmetric.

  • Mai: i th mimic of node a, as the peer returned by

    lookupi (a.ipaddr).

  • lookupi (a.ipaddr): similar to peer selection except the identifier idid is generated by recursively applying the cryptographic hash function i times to {a.ipaddr/d, date}, i ≤ (k+1).

  • Node a sends to Mai a mimic request, including the tuple {a.ipaddr/d, date}.

  • Accept condition

    • 1< i ≤(k+1)

    • Mai.lookupi (a.ipaddr) = Mai

Tunneling through mimics
Tunneling Through Mimics

  • Choice of relay: mimics of the previous hop


Mimic topology and traffic flows for k = 3

  • Each node has ҡ ≈ 6 mimics.

  • Tunnel: arrows in bold

  • a random PNAT: dotted line

Unifying traffic patterns
Unifying Traffic Patterns

  • The packet headers, sizes, and rates of a node’s incoming traffic from its mimics must be identical to its outgoing traffic.

  • All packets along mimics links are symmetrically encrypted.

  • Encrypted packets along links are padded to be all the same size.

  • A node generates and distributes symmetric keys when it connects with a new mimic.

Security analysis
Security Analysis

  • Adversary

    • Break sender anonymity by back-tracing observed messages to their source.

    • Watching traffic patterns or message encodings.

    • Trace a message forward to its egress from a PNAT to compromise the recipient anonymity of non-participating servers.

  • Tarzan

    • P2P design: expose less identifying topological information.

    • Resist powerful traffic-analysis attacks.

Comparing anonymity properties
Comparing Anonymity Properties

  • Tarzan’s model: P2P, layered encryption

  • Onion Routing: network core, layered encryption

  • Crowds: P2P, link encryption only

Onion routing
Onion Routing

  • Define Route

    • Initiator and responder interface onion routing proxies

  • Construct the anonymous connection

  • Move data through the connection

    • Using layered encryption

  • Destroy the anonymous connection

  • Reference:

    • http://www.onion-router.net/Publications.html


  • “blending into a crowd”:

    • operate by grouping users into a large and geographically diverse group (crowd)

  • Collaborating crowd members cannot distinguish the originator from a member who is merely forwarding.

Crowds path in a crowds
Crowds – Path in a Crowds

  • Reference

    • http://avirubin.com/crowds.pdf


Web Servers













Static vs adaptive adversaries
Static Vs. Adaptive Adversaries

  • Static adversary

    • Corrupt some number of independent physical machines

    • Read packets and analyze the contents, sizes, rates, and volumes of packets addressed to machines under its control

    • Use timing analysis to determine whether packets seen at different relays belong to the same tunnel

  • Time-bounded adaptive adversary

    • Pick-and-choose which machines to compromise after it joins the system

    • But Time-bounded…

Considering adaptive adversaries
Considering Adaptive Adversaries

  • Protect against an adaptive adversary

    • The period to compromise all tunnel relays must be longer than the tunnel’s duration.

    • Tunnels should not be repeatedly constructed through the same small set of largely-compromised relays.

  • Tarzan

    • randomly choosing Node-selection mechanism: host diversity

    • Honest nodes store tunnel keys and routing tables only in memory: disable core dumps and process tracing.

    • Scalable architecture: offer a large choice of nodes.

    • Mimic reassignment: ensure set of relays changes daily.

Defining probability of failure
Defining Probability of Failure

  • An adversary compromises M gateway routers or LAN machines.

  • An adversary run m malicious node within each of these M corrupted domains.

  • The network size is n, N-domain system.

    • CLAIM 1. A node selects a malicious mimic with prob. M/N.

    • CLAIM 2. Nobody can bias an initiator’s choice of relays.

  • To achieve claims, a node must select its mimics uniformly over the entire set of domains.

Malicious nodes attempt
Malicious Nodes Attempt…

  • Corrupt gossiping

    • Gossip addresses that do net exist or only returns malicious nodes.

  • Leverage open admission

    • Try to control “important” IP addresses or run multiple nodes.

  • Ignore neighbor-selection algorithm

    • Attempt to select malicious nodes as its mimic.

Security enforcement
Security Enforcement

  • Securing Resource Discovery

    • Protect against fake entries: Tarzan differentiates between unvalidated and validated addresses in the peer-discovery and selection process.

  • Hardening the Open Admissions Policy

    • Distribute keys indirectly through a gossiping protocol.

    • Tunnel initiators choose mimics by selecting uniformly at random from among available domains.

  • Enforcing Proper Mimic Selection

    • Tunnel should be constructed through nodes selected in an unbiased and random fashion.

Traffic analysis attacks
Traffic Analysis Attacks

  • Information leakage in tunnels

    • Prevent global eavesdropper: Cover traffic

  • Information leakage at network exit points

    • Network-edge attack: packet replay, tagging, reordering, and flooding

    • Prevention: Seq. no, buffering incoming packets, encrypting messages, cover traffic


  • Tarzan provides a flexible layer for sender, recipient

  • Sustain anonymity in hostile environments, against both malicious participants and global eavesdroppers

  • Transparent to internet application

  • P2P design: decentralized, highly scalable, and easy to manage.

  • Lack of network core: increase fault-tolerance to individual relay failure