Motivation Anonymous Communication NISAN Torsk Conclusion Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt theri@mailbox.tu-berlin.de Seminar Computer Security Technische Universität Berlin 28 July 2011 1 / 16
Motivation Anonymous Communication NISAN Torsk Conclusion Motivation Anonymous communication The identity of sender and recipient of a message in combination remain unknown to intermediate parties. → Intermediate nodes know at most one of the two establish Circuit : path of multiple nodes which relay messages possible: directory service using a Distributed Hash Table (DHT) Chord - basis for NISAN Kademlia - basis for Torsk sophisticated security mechanisms still some vulnerabilities [1] 2 / 16
Motivation Anonymous Communication NISAN Torsk Conclusion Anonymous Communication Mix Nodes : Symmetric key I establishes a circuit I R through random Message nodes A , B and C Message wrapped in A B C layers of encryption and relayed I : Initiator Tor : Central directory service A : Entry Node → Scalability problem B : Middle Node DHT : lookup on C : Exit Node random number of ID space to find a R : Recipient random node 3 / 16
Motivation Chord Anonymous Communication Threat model NISAN Design Torsk Vulnerabilities Conclusion Chord : DHT protocol Node identifier N : hash, length m bit Key K : any random m -bit value [ 0 .. 2 m ] : ID space directed circle K belongs to next N Chord ring in the ring N : Node identifier K : Key 4 / 16
Motivation Chord Anonymous Communication Threat model NISAN Design Torsk Vulnerabilities Conclusion Finger Table : Routing table, up to m entries i -th entry of node with ID n : node that belongs to key k = n + 2 ( i − 1 ) Find_node( k ) : return entry closest to k Search terminates Chord finger table after m lookups 5 / 16
Motivation Chord Anonymous Communication Threat model NISAN Design Torsk Vulnerabilities Conclusion Threat model : Attacker controls M fraction f of all nodes I f ≤ 20 % Attacks: H Passive attacks : D K Observe almost all F G lookups on the E many queried malicious nodes J L → Link sender to recipient Network with 10 nodes, Active attacks : of which 2 are malicious Send false information f = 20 % → Control the circuit 6 / 16
Motivation Chord Anonymous Communication Threat model NISAN Design Torsk Vulnerabilities Conclusion NISAN : Chord + further security measures Against active attacks : Aggregated greedy search for k : α lookups, aggregate results, maintain top list → protect from false answers Bounds checking : mean distance of “ideal” i th entry to actual entry Against passive attacks : Hide lookup target k , queried nodes return full table Still information leakage through range guessing (next slide) Random walks as alternative lookup, but not used Tradeoff between active and passive attacks active ones considered worse 7 / 16
Motivation Chord Anonymous Communication Threat model NISAN Design Torsk Vulnerabilities Conclusion Bounds estimation : search target k Nodes before k all queried → lower bound: queried malicious node Node with ID > k will not be queried → upper bound: node known but not queried finally selected node Range estimation of the finally selected within at most m − 1 node hops 8 / 16
Motivation Chord Anonymous Communication Threat model NISAN Design Torsk Vulnerabilities Conclusion Passive attack : Control exit node and trace back all lookups Attacker controls exit node C → Sees recipient’s identity Hop-by-hop tracing example: From B back to querier A A performed lookup for T B was in top list, at most m − 1 hops before T L is lower bound of lookup, U is upper bound Find correct L for lookup on T , which is close to B L was contacted by A Lookups A L B T U Select from top list Estimated range of lookup 9 / 16
Motivation Anonymous Communication Kademlia NISAN Design Torsk Vulnerabilities Conclusion Kademlia : DHT with 160-bit opaque node IDs and keys closeness of IDs and keys: XOR metric - long common prefix binary tree routing tables: k-buckets, address range based on closeness iterative lookup 10 / 16
Motivation Anonymous Communication Kademlia NISAN Design Torsk Vulnerabilities Conclusion Torsk : Kademlia + Myrmic (certificates) nCert on each node: Assigned by Neighborhood Authority (NA) when signing in Contains nList of neighbors (= ID space) Also stored on neighbor nodes to guarantee recency → Protects against nodes pretending to be close (active attacks) Contains rList of random nodes Other active attack: Selective dropping of requests Passive attack: Information leakage Protect against both: Buddy mechanism - ask random other nodes to perform the lookup 11 / 16
Motivation Anonymous Communication Kademlia NISAN Design Torsk Vulnerabilities Conclusion Buddy selection : Search for buddy nodes by random walk 1 . Choose random node from rList 2 . Ask it for its nCert and all its neighbors’ nCerts 3 . All are valid and consistent ? Yes Select new random node from nCert No Start over 4 . Terminate after l steps (random) 12 / 16
Motivation Anonymous Communication Kademlia NISAN Design Torsk Vulnerabilities Conclusion Lookup through buddy: I B 1 . pass random key to A 4 2 . A asks buddy for lookup 3 1 3 . Q looks up key, Q A 4 . B returns nCert , is relayed back to I 5 . A discard Q 2 Passive timing attack : Correlate lookups Protection with cover traffic: Each node has lookup “slots” filled with random IDs Received lookup request replaces one of them Periodically perform lookup of all “slots” → No information is leaked 13 / 16
Motivation Anonymous Communication Kademlia NISAN Design Torsk Vulnerabilities Conclusion Active attack : Buddy exhaustion of honest middlemen → Prevent circuit extension Flood with lookup requests → uses up buddies, sabotate lookup for Probability of stopping a random walk new ones by providing false certificates 14 / 16
Motivation Anonymous Communication NISAN Torsk Conclusion NISAN: Information leakage Longer circuits not an ideal solution (more malicious nodes) → Passive attacks possible Torsk : Sabotate honest circuits → Active attacks possible Improved buddy lookup: Go one step back when invalid certificate → DoS only slows down the process Block nodes who request too many lookups? DoS also possible on non-DHT systems 15 / 16
Motivation Anonymous Communication NISAN Torsk Conclusion Thank you! Questions? 16 / 16
Motivation Anonymous Communication NISAN Torsk Conclusion Q. Wang, P. Mittal and N. Borisov: In Search of an Anonymous and Secure Lookup . R. Dingledine, N. Mathewson, and P. Syverson: Tor: The second-generation onion router . R. Morris, D. Karger, F. Kaashoek, and H. Balakrishnan: Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications . A. Panchenko, S. Richter, and A. Rache: Nisan: Network information service for anonymization networks . P. Maymounkov and D. Mazieres: Kademlia: A peer-to-peer information system based on the xor metric . J. McLachlan, A. Tran, N. Hopper, and Y. Kim: Scalable onion routing with torsk . 16 / 16
Recommend
More recommend