Slicing the Onion: Anonymity Using Unreliable Overlays - PowerPoint PPT Presentation

About This Presentation
Title:

Slicing the Onion: Anonymity Using Unreliable Overlays

Description:

'Borat: Cultural' 'Leanings of America' Me. D. Confidentiality via Information ... 'Borat: Cultural. Leanings of America' Destination gets all pieces can decode ... – PowerPoint PPT presentation

Number of Views:83
Avg rating:3.0/5.0
Slides: 59
Provided by: nmsLc
Learn more at: http://nms.lcs.mit.edu
Category:

less

Transcript and Presenter's Notes

Title: Slicing the Onion: Anonymity Using Unreliable Overlays


1
Slicing the Onion Anonymity Using Unreliable
Overlays
  • Sachin Katti
  • Jeffrey Cohen Dina Katabi

2
Problem Statement
Leverage existing popular P2P overlays to send
confidential, anonymous messages without keys
3
Overlays rock!
Ideal for anonymous communication
  • Thousands of nodes
  • Plenty of traffic to hide anonymous communication
  • Diverse membership ? Nodes unlikely to collude
  • Dynamic ? Hard to track

4
Overlays suck!
  • Nodes dont have public keys
  • Nodes are not trustworthy
  • Nodes are unreliable

5
This talk Information Slicing
  • Message confidentiality, and source and
    destination anonymity
  • No public keys
  • Churn resilient

6
1. Message Confidentiality Without Keys
7
Confidentiality via Information Slicing
Split message to random pieces and send pieces
along node-disjoint paths
8
Confidentiality via Information Slicing
Me
D
9
Message Recovery by destination
10
Even an attacker that gets all but one piece
cannot decode!
Destination gets all pieces ? can decode ?
11
2. Anonymity without Keys
12
System Setup
  • Anonymous communication has two phases
  • Route Setup
  • A node learns how to forward a received message
  • Data transmission
  • Just follow the routes

13
Setup Anonymous Routes
  • Each node knows its next hop
  • No one else knows the next hop of a node
  • Why not tell each node the ID of its next hop in
    a confidential message?

Idea Build anonymity by confidentially sending
to each node its routing info!
14
Naïve way to send to a node its next hop
Exponential Blowup!
15
Challenge Exponential Blowup Solution Reuse
nodes without giving them too much information
V
Z
W
R
Zs next hop information
Rs next hop information
16
Challenge Exponential Blowup Solution Reuse
nodes without giving them too much information
V
Z
W
R
V and W will know Z and Rs next hops
17
Challenge Exponential Blowup Solution Reuse
nodes without giving them too much information
V
Z
W
R
Reuse V to send pieces that belong to different
nodes
18
Challenge Exponential Blowup Solution Reuse
nodes without giving them too much information
V
Z
W
R
Reuse nodes to send multiple pieces as long as
the pieces belong to different messages
19
Slicing Protocol
Source has multiple IP addresses
20
Slicing Protocol
Source organizes nodes into stages
D
X
R
21
Slicing Protocol
Destination D is placed randomly (here in last
stage)
D
X
R
22
Slicing Protocol
Source confidentially tells each node its next
hop info
D
X
R
23
Slicing Protocol
V receives the ids of its next hops along
disjoint paths
D
X
R
24
Slicing Protocol
V also receives one piece meant for Z and one for
R, but cannot decipher their next hops
D
X
R
25
Slicing Protocol
W also receives its info and pieces for Z and R W
cannot decipher Zs and Rs next hops
D
X
R
26
Slicing Protocol
V and W have pieces meant for Z and R
D
X
R
27
Slicing Protocol
V and W forward the pieces meant for Z and R
D
X
R
28
Slicing Protocol
Node disjoint paths to deliver to Z its V and W
do not have enough pieces to know Zs info
D
X
R
29
Slicing Protocol
The same for R
D
X
R
30
Slicing Protocol
V and W are reused without revealing anything
about Z and Rs routing information
D
X
R
31
Slicing Protocol
Similarly source constructs entire graph
D
X
R
32
Slicing Protocol
D
X
R
Anonymity without keys!
33
3. Dealing With Churn
34
Slicing Protocol - Churn
  • What if node V departs?

D
X
R
35
Slicing Protocol - Churn
  • What if node V departs?
  • Destination cannot decode

D
X
X
R
36
How Do We Combat Churn?
  • Churn causes data loss
  • Typical solution ? Add Redundancy
  • Use coding to efficiently add redundancy

37
Source Coding the Data
  • Source Coding (Erasure Codes)
  • Split into 3 pieces instead of 2
  • Any 2 pieces suffice to retrieve data
  • Added redundancy of (1/2) 50

38
Source Coding For Robustness
S
Z
V
D
X
S1
R
X
W
S2
P
Y
U
Source coding can tolerate one node failure in
the network
  • Destination D gets two pieces ? Can decode

39
Source Coding For Robustness
S
Z
V
D
X
S1
R
X
W
S2
P
Y
U
  • What if a second node (here Z) fails?

40
Source Coding For Robustness
S
Z
V
D
X
X
S1
R
X
W
S2
P
Y
U
  • What if a second node (here Z) fails?
  • Destination D cannot decode

41
Coding partially solves problem
Z
X
R
  • Focus on node R

42
Coding partially solves problem
R
Due to upstream node failure, R receives 2
pieces instead of 3
43
Coding partially solves problem
R
R can only send out two pieces now, Initial
redundancy is destroyed
44
Regenerating Redundancy
R
Pieces are linear combinations of message
fragments
45
Network Coding
R
Take Linear combination of the pieces
New piece
R can create a linear combination of the pieces
he received to generate a new piece
46
Network Coding
R
R can now send out 3 pieces instead of 2
Redundancy is regenerated inside the network
47
Network Coding
R
Network coding can tolerate one node failure in
every stage
Can tolerate downstream node failures
48
General Network Coding
  • Nodes send linear combinations of incoming pieces
  • Technique generalizes to any number of extra
    pieces

For k extra pieces, network coding tolerates k
failures in every stage
49
4. Evaluation
50
Evaluation Environment
  • Implementation in Python
  • Evaluated both in simulation and on PlanetLab
  • Evaluate anonymity, performance and churn
    resilience
  • Each metric is evaluated against the optimal
    existing baseline

51
Anonymity
  • Simulate an overlay of 10000 nodes
  • Attackers are placed randomly in the network
  • Attackers can control nodes, snoop on their
    edges, and collude
  • Comparison with Chaum mixes (optimal baseline)
  • Entropy is standard anonymity metric

Anonymity
52
How anonymous is information slicing?
Source Anonymity
Chaum mix
Info. Slicing
Anonymity
Fraction of Attacking Nodes
High anonymity despite no keys
53
Churn Resilience
  • Compared against practical anonymity system ?
    Onion Routing
  • For fairness, onion routing is modified to have
    redundancy using source coding
  • Metric
  • Prob. of successfully sending a message, given a
    particular redundancy

54
Churn Resilience
Results for a Probability of Node Failure 0.3
Info. Slicing
Probability of Success
Onion Routing with source coding
Added Redundancy
Large increase in probability of success because
of network coding
55
Implementation on PlanetLab
56
Churn Resilience - Planetlab
Probability of Success
Added Redundancy
Network Coding nearly doubles the churn
resilience with the same overhead!
57
Performance
  • Two nodes in each stage and five stages

PlanetLab
Local Network
Info. Slicing
Info. Slicing
Throughput (Mb/s)
Throughput (Mb/s)
Onion Routing
Onion Routing
No. of Stages
No. of Stages
Parallel paths ? Increased throughput
58
Conclusion
Enabled anonymous communication in P2P overlays
with no keys. Information Slicing provides
  • Confidentiality ? Node disjoint paths
  • Low Cost Anonymity ? Node Reuse
  • Churn Resilience ? Network Coding
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Slicing the Onion: Anonymity Using Unreliable Overlays" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!