Download ppt - Networks and Mobile Systems

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
Document related concepts

Zero-configuration networking wikipedia , lookup

Computer network wikipedia , lookup

Distributed operating system wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Airborne Networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

CAN bus wikipedia , lookup

Routing wikipedia , lookup

Kademlia wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Transcript 
Slicing the Onion:
Anonymity Using Unreliable Overlays
Sachin Katti
Jeffrey Cohen & Dina Katabi
Problem Statement
Leverage existing popular P2P overlays
to send confidential, anonymous
messages without keys
Overlays rock!
Ideal for anonymous communication
• Thousands of nodes
• Plenty of traffic to hide anonymous
communication
• Diverse membership  Nodes unlikely to
collude
• Dynamic  Hard to track
Overlays suck!
• Nodes don’t have public keys
• Nodes are not trustworthy
• Nodes are unreliable
This talk:
Information Slicing
• Message confidentiality, and source and
destination anonymity
• No public keys
• Churn resilient
1. Message Confidentiality
Without Keys
Confidentiality via Information Slicing
Split message to random pieces and send
pieces along node-disjoint paths
“Borat: Cultural
Leanings of America”
“Borat: Cultural”
“Leanings of America”
a 
a
“Borat: Cultural”
11
12
a
 “Leanings of America”
a
 21 22 
“aaspdgfqw”
“asdlfrwe”
Original Message
Split into two
Randomize them!
Random pieces
Confidentiality via Information Slicing
a11, a12 “aaspdgfqw”
Me
a21, a22 “asdlfrwe”
D
Message Recovery by destination
a11 , a12 ,“aaspdgfqw”
a21 , a22 , “asdlfrwe”
a11 a12 
a

a
21
22


1
“aaspdgfqw”
“asdlfrwe”
“Borat: Cultural”
“Leanings of America”
“Borat: Cultural
Leanings of America”
Received random pieces
Matrix inversion
Pieces of
original message
Original Message
Even an attacker that gets all but one piece
cannot decode!
Destination gets all pieces  can decode 
2. Anonymity without Keys
System Setup
Anonymous communication has two phases
• Route Setup
• A node learns how to forward a received
message
• Data transmission
• Just follow the routes
Setup Anonymous Routes
• Each node knows its next hop
• No one else knows the next hop of a node
• Why not tell each node the ID of its next
hop in a confidential message?
Idea : Build anonymity by confidentially
sending to each node it’s routing info!
Naïve way to send to a node its next hop
Exponential Blowup!
Challenge: Exponential Blowup
Solution:
Reuse nodes without giving them
too much information
V
Z
W
R
Z’s next hop information: IZ1, IZ2
R’s next hop information: IR1,IR2
Challenge: Exponential Blowup
Solution:
Reuse nodes without giving them
too much information
V
IZ1
Z
IZ2
IR1
W
IR2
R
V and W will know Z and R’s next hops
Challenge: Exponential Blowup
Solution:
Reuse nodes without giving them
too much information
V
IZ1
Z
IR1
W
R
Reuse V to send pieces that belong to different
nodes
Challenge: Exponential Blowup
Solution:
Reuse nodes without giving them
too much information
V
IZ1
IZ2
W
Z
IR1
IR2
R
Reuse nodes to send multiple pieces as long as
the pieces belong to different messages
Slicing Protocol
Source has multiple IP addresses
S
S’
Slicing Protocol
Source organizes nodes into stages
S
V
Z
D
S’
W
R
X
Slicing Protocol
Destination D is placed randomly (here in last stage)
S
V
Z
D
S’
W
R
X
Slicing Protocol
Source confidentially tells each node its next hop info
S
V
Z
D
S’
W
R
X
Slicing Protocol
V receives the ids of its next hops along disjoint paths
S
IV1
V
Z
D
W
R
X
IV2
S’
Slicing Protocol
V also receives one piece meant for Z and one for R,
but cannot decipher their next hops
S
IV1, IZ1
V
Z
D
W
R
X
IV2 , IR2
S’
Slicing Protocol
W also receives its info and pieces for Z and R
W cannot decipher Z’s and R’s next hops
S
IV1, IZ1
IV2 , IR2
S’
V
Z
D
R
X
IW1 , IR1
IW2 , IZ2
W
Slicing Protocol
V and W have pieces meant for Z and R
S
S’
IZ1, IR2
V
Z
D
W
R
X
IZ2 , IR1
Slicing Protocol
V and W forward the pieces meant for Z and R
S
IV1, IZ1
V
IZ1
Z
D
R
X
IR2
IV2 , IR2
S’
IW1 , IR1 IZ2
IW2 , IZ2
W
IR1
Slicing Protocol
Node disjoint paths to deliver to Z its IZ1, IZ2
V and W do not have enough pieces to know Z’s info
S
IV1, IZ1
V
IZ1
Z
D
R
X
IR2
IV2 , IR2
S’
IW1 , IR1 IZ2
IW2 , IZ2
W
IR1
Slicing Protocol
The same for R
S
IV1, IZ1
V
IZ1
Z
D
R
X
IR2
IV2 , IR2
S’
IW1 , IR1 IZ2
IW2 , IZ2
W
IR1
Slicing Protocol
V and W are reused without revealing anything
about Z and R’s routing information
S
IV1, IZ1
V
IZ1
Z
D
R
X
IR2
IV2 , IR2
S’
IW1 , IR1 IZ2
IW2 , IZ2
W
IR1
Slicing Protocol
Similarly source constructs entire graph
S
V
Z
D
S’
W
R
X
Slicing Protocol
S
V
Z
D
S’
W
R
X
Anonymity without keys!
3. Dealing With Churn
Slicing Protocol - Churn
• What if node V departs?
S
V
Z
D
S’
W
R
X
Slicing Protocol - Churn
• What if node V departs?
• Destination cannot decode
S
S’
V
Z
D
W
R
X
X
How Do We Combat Churn?
• Churn causes data loss
• Typical solution  Add Redundancy
• Use coding to efficiently add redundancy
Source Coding the Data
• Source Coding (Erasure Codes)
• Split into 3 pieces instead of 2
a11 a12 
a
 m1 
a
22  

 21
m
a 31 a 32   2 
I1 
 
I2 
I3 
 
• Any 2 pieces suffice to retrieve data
a 21 a 22 
a

a
32 
 31
1
I2 
I 
 3
m1 
m 
 2
• Added redundancy of (1/2) = 50%
Source
Coding
For
Robustness
S
Z
V
D
X
S1
W
R
X
S2
U
P
Y
tolerate
one
• Source
Destinationcoding
D gets twocan
pieces
 Can decode
node failure in the network
Source
Coding
For
Robustness
S
Z
V
D
X
S1
W
R
X
S2
U
P
Y
• What if a second node (here Z) fails?
Source
Coding
For
Robustness
S
Z
V
X
X
D
S1
W
R
X
S2
U
P
Y
• What if a second node (here Z) fails?
• Destination D cannot decode
Coding
partially
solves
problem
S
Z
V
X
X
D
S1
W
R
X
S2
U
P
Y
• Focus on node R
Coding partially solves problem
I1
R
I2
Due to upstream node failure, R receives
2 pieces instead of 3
Coding partially solves problem
I1
I1
R
I2
I2
R can only send out two pieces now,
Initial redundancy is destroyed
Regenerating Redundancy
I1
R
I1  a11m1  a12m2
I2  a 21m1  a 22m2
I2
Pieces are linear combinations of message fragments
Network Coding
I1
I2
R
I1  a11m1  a12m2
I2  a 21m1  a 22m2
Take Linear combination
of the pieces
I'3  I1  I2  (a11  a 21 )m1  (a12  a 22 )m2
New piece
I
'
3
R can create a linear combination of the pieces he
received to generate a new piece
Network Coding
I1
I1
I2
R
I2
I'3
R can now send out 3 pieces instead of 2
Redundancy is regenerated inside the network
Network Coding
I1
I1
I2
R
I2
I'3
Network coding can tolerate one
Can tolerate downstream node failures
node failure in every stage
General Network Coding
• Nodes send linear combinations of incoming pieces
• Technique generalizes to any number of extra pieces
For k extra pieces, network
coding tolerates k failures in
every stage
4. Evaluation
Evaluation Environment
• Implementation in Python
• Evaluated both in simulation and on PlanetLab
• Evaluate anonymity, performance and churn
resilience
• Each metric is evaluated against the optimal
existing baseline
Anonymity
• Simulate an overlay of 10000 nodes
• Attackers are placed randomly in the network
• Attackers can control nodes, snoop on their
edges, and collude
• Comparison with Chaum mixes (optimal baseline)
• Entropy is standard anonymity metric
 P( x) log( P( x))
Anonymity  
log( N )
x
How anonymous is information slicing?
Anonymity
Source Anonymity
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
Chaum mix
Info. Slicing
0
0.005
0.05
0.3
0.7
Fraction of Attacking Nodes
High anonymity despite no keys
Churn Resilience
• Compared against practical anonymity
system  Onion Routing
• For fairness, onion routing is modified to
have redundancy using source coding
• Metric:
• Prob. of successfully sending a message,
given a particular redundancy
Churn Resilience
Probability of Success
Results for a Probability of Node Failure = 0.3
Info. Slicing
Onion Routing
with source coding
Added Redundancy
Large increase in probability of success
because of network coding
Implementation on PlanetLab
Probability of Success
Churn Resilience - Planetlab
1
0.9
0.8
0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
Information
Slicing
Onion Routing
with source
coding
0
0.5
1
Added Redundancy
1.5
Network Coding nearly doubles the
churn resilience with the same overhead!
Performance
• Two nodes in each stage and five stages
PlanetLab
Info. Slicing
Onion Routing
No. of Stages
Throughput (Mb/s)
Throughput (Mb/s)
Local Network
Info. Slicing
Onion Routing
No. of Stages
Parallel paths  Increased throughput
Conclusion
Enabled anonymous communication in P2P
overlays with no keys.
Information Slicing provides
• Confidentiality  Node disjoint paths
• Low Cost Anonymity  Node Reuse
• Churn Resilience  Network Coding
Related documents
Watch video for chapters 1
Watch video for chapters 1
Website user experience
Website user experience
Survey: Distributed Operating Systems Introduction 1 Network
Survey: Distributed Operating Systems Introduction 1 Network
Linked data structures and algorithms
Linked data structures and algorithms
Course Lecture 6
Course Lecture 6
to be levied on AMS
to be levied on AMS
Problem 3.4 For the circuit in Fig. P3.4: (a) Apply nodal analysis to
Problem 3.4 For the circuit in Fig. P3.4: (a) Apply nodal analysis to
Ch. 11 PowerPoint Solution Describe the five logical data groups or
Ch. 11 PowerPoint Solution Describe the five logical data groups or
Document
Document
Association Rule Mining in Peer-to
Association Rule Mining in Peer-to