Attacks on Structured Peer-to-Peer Anonymous Communication Systems - - PowerPoint PPT Presentation

attacks on structured peer to peer anonymous
SMART_READER_LITE
LIVE PREVIEW

Attacks on Structured Peer-to-Peer Anonymous Communication Systems - - PowerPoint PPT Presentation

Mar 14, 2024 200 likes •392 views

Motivation Anonymous Communication NISAN Torsk Conclusion Attacks on Structured Peer-to-Peer Anonymous Communication Systems Theresa Enghardt theri@mailbox.tu-berlin.de Seminar Computer Security Technische Universitt Berlin 28 July 2011

slide-1
SLIDE 1

Motivation Anonymous Communication NISAN Torsk Conclusion

Attacks on Structured Peer-to-Peer Anonymous Communication Systems

Theresa Enghardt

theri@mailbox.tu-berlin.de

Seminar Computer Security Technische Universität Berlin

28 July 2011

1 / 16

slide-2
SLIDE 2

Motivation Anonymous Communication NISAN Torsk Conclusion

Motivation

Anonymous communication The identity of sender and recipient of a message in combination remain unknown to intermediate parties. → Intermediate nodes know at most one of the two establish Circuit: path of multiple nodes which relay messages possible: directory service using a Distributed Hash Table (DHT)

Chord - basis for NISAN Kademlia - basis for Torsk sophisticated security mechanisms still some vulnerabilities [1]

2 / 16

slide-3
SLIDE 3

Motivation Anonymous Communication NISAN Torsk Conclusion

Anonymous Communication

Mix Nodes: I establishes a circuit through random nodes A, B and C Message wrapped in layers of encryption and relayed

Tor: Central directory service → Scalability problem DHT: lookup on random number of ID space to find a random node

I A B C R Message

Symmetric key

I: Initiator A: Entry Node B: Middle Node C: Exit Node R: Recipient

3 / 16

slide-4
SLIDE 4

Motivation Anonymous Communication NISAN Torsk Conclusion Chord Threat model Design Vulnerabilities

Chord: DHT protocol Node identifier N: hash, length m bit Key K: any random m-bit value [0..2m]: ID space directed circle K belongs to next N in the ring Chord ring N: Node identifier K: Key

4 / 16

slide-5
SLIDE 5

Motivation Anonymous Communication NISAN Torsk Conclusion Chord Threat model Design Vulnerabilities

Finger Table: Routing table, up to m entries i-th entry of node with ID n: node that belongs to key k = n + 2(i−1) Find_node(k): return entry closest to k Search terminates after m lookups Chord finger table

5 / 16

slide-6
SLIDE 6

Motivation Anonymous Communication NISAN Torsk Conclusion Chord Threat model Design Vulnerabilities

Threat model: Attacker controls fraction f of all nodes f ≤ 20% Attacks:

Passive attacks: Observe almost all lookups on the many queried malicious nodes → Link sender to recipient Active attacks: Send false information → Control the circuit

D E F G H I J K L M Network with 10 nodes,

  • f which 2 are malicious

f = 20%

6 / 16

slide-7
SLIDE 7

Motivation Anonymous Communication NISAN Torsk Conclusion Chord Threat model Design Vulnerabilities

NISAN: Chord + further security measures Against active attacks:

Aggregated greedy search for k: α lookups, aggregate results, maintain top list → protect from false answers Bounds checking: mean distance of “ideal” ith entry to actual entry

Against passive attacks:

Hide lookup target k, queried nodes return full table Still information leakage through range guessing (next slide) Random walks as alternative lookup, but not used Tradeoff between active and passive attacks active ones considered worse

7 / 16

slide-8
SLIDE 8

Motivation Anonymous Communication NISAN Torsk Conclusion Chord Threat model Design Vulnerabilities

Bounds estimation: search target k

Nodes before k all queried → lower bound: queried malicious node Node with ID > k will not be queried → upper bound: node known but not queried

finally selected node within at most m − 1 hops Range estimation of the finally selected node

8 / 16

slide-9
SLIDE 9

Motivation Anonymous Communication NISAN Torsk Conclusion Chord Threat model Design Vulnerabilities

Passive attack: Control exit node and trace back all lookups Attacker controls exit node C → Sees recipient’s identity Hop-by-hop tracing example: From B back to querier A

A performed lookup for T B was in top list, at most m − 1 hops before T L is lower bound of lookup, U is upper bound Find correct L for lookup on T, which is close to B L was contacted by A

A

L B T

U

Estimated range of lookup Lookups Select from top list

9 / 16

slide-10
SLIDE 10

Motivation Anonymous Communication NISAN Torsk Conclusion Kademlia Design Vulnerabilities

Kademlia: DHT with 160-bit opaque node IDs and keys closeness of IDs and keys: XOR metric - long common prefix binary tree routing tables: k-buckets, address range based on closeness iterative lookup

10 / 16

slide-11
SLIDE 11

Motivation Anonymous Communication NISAN Torsk Conclusion Kademlia Design Vulnerabilities

Torsk: Kademlia + Myrmic (certificates) nCert on each node:

Assigned by Neighborhood Authority (NA) when signing in Contains nList of neighbors (= ID space) Also stored on neighbor nodes to guarantee recency → Protects against nodes pretending to be close (active attacks) Contains rList of random nodes

Other active attack: Selective dropping of requests Passive attack: Information leakage Protect against both: Buddy mechanism - ask random other nodes to perform the lookup

11 / 16

slide-12
SLIDE 12

Motivation Anonymous Communication NISAN Torsk Conclusion Kademlia Design Vulnerabilities

Buddy selection: Search for buddy nodes by random walk

  • 1. Choose random node from rList
  • 2. Ask it for its nCert and all its neighbors’ nCerts
  • 3. All are valid and consistent ?

Yes Select new random node from nCert No Start over

  • 4. Terminate after l steps (random)

12 / 16

slide-13
SLIDE 13

Motivation Anonymous Communication NISAN Torsk Conclusion Kademlia Design Vulnerabilities

I A Q B 1 2 3 4 Lookup through buddy:

  • 1. pass random key to A
  • 2. A asks buddy for lookup
  • 3. Q looks up key,
  • 4. B returns nCert, is relayed back to I
  • 5. A discard Q

Passive timing attack: Correlate lookups Protection with cover traffic:

Each node has lookup “slots” filled with random IDs Received lookup request replaces one of them Periodically perform lookup of all “slots” → No information is leaked

13 / 16

slide-14
SLIDE 14

Motivation Anonymous Communication NISAN Torsk Conclusion Kademlia Design Vulnerabilities

Active attack: Buddy exhaustion of honest middlemen → Prevent circuit extension Flood with lookup requests → uses up buddies, sabotate lookup for new ones Probability of stopping a random walk by providing false certificates

14 / 16

slide-15
SLIDE 15

Motivation Anonymous Communication NISAN Torsk Conclusion

NISAN:

Information leakage Longer circuits not an ideal solution (more malicious nodes) → Passive attacks possible

Torsk:

Sabotate honest circuits → Active attacks possible Improved buddy lookup: Go one step back when invalid certificate → DoS only slows down the process Block nodes who request too many lookups? DoS also possible on non-DHT systems

15 / 16

slide-16
SLIDE 16

Motivation Anonymous Communication NISAN Torsk Conclusion

Thank you! Questions?

16 / 16

slide-17
SLIDE 17

Motivation Anonymous Communication NISAN Torsk Conclusion

  • Q. Wang, P. Mittal and N. Borisov: In Search of an

Anonymous and Secure Lookup.

  • R. Dingledine, N. Mathewson, and P. Syverson: Tor: The

second-generation onion router.

  • R. Morris, D. Karger, F. Kaashoek, and H. Balakrishnan:

Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications.

  • A. Panchenko, S. Richter, and A. Rache: Nisan: Network

information service for anonymization networks.

  • P. Maymounkov and D. Mazieres: Kademlia: A peer-to-peer

information system based on the xor metric.

  • J. McLachlan, A. Tran, N. Hopper, and Y. Kim: Scalable
  • nion routing with torsk.

16 / 16