Anonymous Named Data Networking Application NDN Security Group - - PowerPoint PPT Presentation

▶

Mar 18, 2024 108 likes •234 views

Anonymous Named Data Networking Application NDN Security Group Ersin Uzun, Steven DiBenedetto, Gene Tsudik, Paolo Gasti Privacy Challenges in NDN Name Privacy: semantically related names Interested in /healthonline/STDs/..

SLIDE 1

Anonymous Named Data Networking Application

NDN Security Group

Ersin Uzun, Steven DiBenedetto, Gene Tsudik, Paolo Gasti

SLIDE 2

Privacy Challenges in NDN

Name Privacy: semantically related names

– Interested in “/healthonline/STDs/..”

Content Privacy: unencrypted public content.

– Retrieved content is an “.mp3” file

Signature Privacy: leaked signer(publisher) identity

– Retrieved content is signed by “match.com”

Cache privacy: detectable cache hits/misses

– Interests from this user usually misses caches -- it is for Russian content.

SLIDE 3

Objective

Design a practical system for NDN that enables

– user privacy and anonymity – censorship resistance

Implement and evaluate its performance and

anonymity guarantees

SLIDE 4

Threat Model

Passive:

– Traffic observation & fingerprinting – Timing & size correlation

Active:

– Moving attacker – Compromised routers & content producers

SLIDE 5

Named Data Onion Routing (NDor)

Consists of client and anonymizing router (AR)

software

Supports two modes

– Ephemeral : Asymmetric encryption of interests – Session: Symmetric encryption of interests

Client:

– Encrypt & encapsulate interests – Decrypt & decapsulate data

Anonymizing Routers:

– Decrypt & decapsulate interests – Encrypt & encapsulate data

SLIDE 6

Interest & Content Format

Layers of encrypted Interests reside inside the

name component of interests

– E.g.,: /anonymizer/Enc(Timestamp || key || Interest)

Content is encrypted with the client-provided key
n its way back

– Encapsulation is published under the requested name and signed by ARs.

SLIDE 7

NDor Example

/OR1 /OR2 ? /nytimes.com/today ? /nytimes.com/today

OR2/ ? /OR1/ nytimes.com/today nytimes.com/today ? /OR2/

SLIDE 8

Experimental Setup

Experiments on ONL

– Line topology – Comparison with TOR (for comparable privacy)

OR1 OR2

Forwarding Path

Data

SLIDE 9

Initial Results

NDor-S

Dor

Cold Start:

Including Initial setup time Warm Start: Omitting the setup time

Computational relative overhead is comparable to Tor...
Expected real-life overhead is less than Tor
NDor requires less hops (2 ARs only compared to 3 in Tor and others)
Dynamic caching on and around exit nodes

SLIDE 10

Thanks!

NDN website:

– http://www.named-data.net

Contact information:

Anonymous Named Data Networking Application NDN Security Group - - PowerPoint PPT Presentation

Anonymous Named Data Networking Application

Privacy Challenges in NDN

– Interested in “/healthonline/STDs/..”

– Retrieved content is an “.mp3” file

– Retrieved content is signed by “match.com”

– Interests from this user usually misses caches -- it is for Russian content.

Objective

– user privacy and anonymity – censorship resistance

anonymity guarantees

Threat Model

– Traffic observation & fingerprinting – Timing & size correlation

– Moving attacker – Compromised routers & content producers

Named Data Onion Routing (NDor)

software

– Ephemeral : Asymmetric encryption of interests – Session: Symmetric encryption of interests

– Encrypt & encapsulate interests – Decrypt & decapsulate data

– Decrypt & decapsulate interests – Encrypt & encapsulate data

Interest & Content Format

name component of interests

– E.g.,: /anonymizer/Enc(Timestamp || key || Interest)

– Encapsulation is published under the requested name and signed by ARs.

NDor Example

Experimental Setup

– Line topology – Comparison with TOR (for comparable privacy)

Forwarding Path

Initial Results

Other Security topics in NDN project

– Esp. signature schemes

– e.g., access control, key mgnt, signed interests…

– Alternatives for PKI

Thanks!

– http://www.named-data.net

– euzun@parc.com