hashing it out in public common failure modes of dht-based anonymity schemes
DESCRIPTION
Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes. Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011. Anonymous Networks. Serve as an important tool Online privacy Censorship resistance Surveillance evasion - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/1.jpg)
Hashing it Out in PublicCommon Failure Modes of DHT-based Anonymity Schemes
Andrew Tran, Nicholas Hopper, Yongdae Kim
Presenter: Josh Colvin, Fall 2011
![Page 2: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/2.jpg)
Anonymous Networks
• Serve as an important tool– Online privacy– Censorship resistance– Surveillance evasion– Safeguarding freedom of expression online
![Page 3: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/3.jpg)
Anonymity Guidelines
• Hiding among more users provides stronger anonymity• Usability, latency, and scalability
therefore contribute to security
![Page 4: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/4.jpg)
Clarification
• All schemes considered here fall under certain specific criteria–Based on the circuit model–Provide low-latency connections–Anonymity based on limited knowledge of
the circuit
![Page 5: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/5.jpg)
Tor
• Rely on a global list of all active nodes in the network–Limited scalability due to quadratic
communication costs
![Page 6: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/6.jpg)
Distributed Hash Table
• Node is assigned an identifier (nodeID)• Specific data are also assigned keys• Overlay designates ownership of a set of keys
to a single live node (root)• Each node maintains a routing table• Every routing table maintains a number of
distinct entries
![Page 7: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/7.jpg)
DHT Queries
• Two main types of queries–Recursive– Iterative
• Both processes take O(log n) steps
![Page 8: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/8.jpg)
Recursive Queries
• Source gives control of the query to the closest node to the target
• Process repeats until the root is found (or not)• Passes data back
![Page 9: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/9.jpg)
Iterative Queries
• Requests data from node in routing table with greatest prefix match
• Queried node responds with location of node with greater prefix match
• Source node continues chain of queries until no greater match can be found
• The result must now be the intended target (if it exists)
![Page 10: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/10.jpg)
Recursive Query Example
A
C
D
B
![Page 11: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/11.jpg)
Iterative Query Example
A
C
D
B
![Page 12: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/12.jpg)
Note on Routing Types
• Node failure does not necessarily identify the source of the failure for recursive routing– Selective uncooperation is possible without
running the risk of being blacklisted• Iterative routing does not share this problem– Passive attacks on anonymity can occur
![Page 13: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/13.jpg)
DHT Attacks
• Two main security issues– Passing a query through a malicious node is
statistically likely– Query result accuracy is difficult to verify
![Page 14: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/14.jpg)
Query Capture
• Query is captured if any hops used are controlled by an attacker
• With a small fraction ( < 20%) of compromised nodes, this can be very likely
![Page 15: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/15.jpg)
Adversary’s Options
• Once an attacker has a captured query, he has three options– Forward the query to a malicious (or possibly
nonexistent) node– Drop the query– Log the query
![Page 16: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/16.jpg)
Mitigating Attacks
• Several options for minimizing the ability of adversaries to operate effectively– Make nodeID’s verifiable– Redundant queries– “density check”
![Page 17: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/17.jpg)
Verifiable nodeID’s
• Can be implemented by hashing IP addresses for use as nodeID’s
• Attackers cannot place a malicious node without controlling an IP address that maps to the desired space
• Unable to easily support NAT boxes without a security tradeoff
![Page 18: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/18.jpg)
Redundant Queries
• Multiple routes are followed• Precautions must be taken to prevent path
convergence• Increases bandwidth overhead• Increased likelihood of identity compromise• On average, the majority of paths will be
compromised– Cannot easily distinguish valid responses
![Page 19: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/19.jpg)
“Density Check”
• Tests if the distance between a result node and the key is consistent with the distribution of nodeID’s near the source
• If this distance is too large (e.g. 1.5x greater), the result of the query is rejected
• Must have a sufficiently large number of nodes to be accurate
![Page 20: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/20.jpg)
Insecure Relay Selection
• Lack of proper security measures applied to DHT lookups
• In general, traditional security methods are insufficient to prevent a bias towards selecting malicious nodes
• No clear method to verify if a particular peer is the current root of a key– A malicious node could claim to be the correct
result of a query
![Page 21: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/21.jpg)
Insecure Relay Selection, Cont.
• A malicious node may return offline nodes• A threshold-type scheme may also prove
unreliable– On average, the majority of redundant routes will
pass through a malicious node
![Page 22: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/22.jpg)
Vulnerable Schemes
• Out of ten different DHT-based anonymous overlay networks:– Two specify mechanisms to prevent DHT lookup
failures– Five use overlay circuit extension with no
provisions for redundant routing– The remaining three make no provisions for
robustness
![Page 23: Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes](https://reader036.vdocuments.us/reader036/viewer/2022062520/568163c5550346895dd4f286/html5/thumbnails/23.jpg)
Questions?