dropping on the edge flexibility and dropping on the edge
play

Dropping on the Edge: Flexibility and Dropping on the Edge: - PowerPoint PPT Presentation

Dec 03, 2023 •350 likes •573 views

7/25/2019 PoPET s18 Dropping on the Edge: Flexibility and Dropping on the Edge: Flexibility and Trac Conrmation in Onion Routing Trac Conrmation in Onion Routing Protocols Protocols Florentin Rochet and Olivier Pereira

  1. 7/25/2019 PoPET s18 Dropping on the Edge: Flexibility and Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Tra�c Con�rmation in Onion Routing Protocols Protocols Florentin Rochet and Olivier Pereira Florentin Rochet and Olivier Pereira UCLouvain Crypto Group, Belgium Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 1/21 1

  2. Overview Overview 7/25/2019 PoPET s18 Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 2/21 2

  3. Overview Overview 7/25/2019 PoPET s18 Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 3/21 3

  4. Overview Overview 7/25/2019 PoPET s18 Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 4/21 4

  5. 7/25/2019 PoPET s18 Architectural Principle of the Internet Architectural Principle of the Internet Robustness principle (among others): Be conservative in what you do, be liberal in what you accept from others. [RFC761] [RFC1122] [RFC1958] , , Can lead to strong attacks in deployed anonymity systems Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 5/21 5

  6. 7/25/2019 PoPET s18 Forward compatibility Forward compatibility Allows compliance to future version of the protocol. static int connection_edge_process_relay_cell(cell_t *cell, ...) { ... switch(rh.command) { case RELAY_COMMAND_DROP: return 0; // do nothing. ... case RELAY_COMMAND_DATA: //process data ... return 0; ... } log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Unrecognized command %d", rh.command); return 0; /* for forward compatibility, don't kill the circuit */ } Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 6/21 6

  7. 7/25/2019 PoPET s18 Outline Outline 1. Guard Discovery Attack Uses forward compatibility, a path selection trick and a side-channel 2. Dropmark attack An active traf�c con�rmation attack with interesting properties Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 7/21 7

  8. 7/25/2019 PoPET s18 Guard discovery Guard discovery Combines a path selection trick, forward compatibility and a side-channel. Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 8/21 8

  9. 7/25/2019 PoPET s18 Guard discovery Guard discovery The public report of bandwidth consumption acts as a side-channel What is the probability of success in the wild? Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 9/21 9

  10. 7/25/2019 PoPET s18 Assumptions Assumptions Consumed bandwidth of the targeted guard is always higher during the attack Silently dropped traf�c strengthens this assumption Less variance in public measurements during the attack Graceful behaviour of the relay Graceful behaviour of the relay operator Given those assumptions, we can use the history of the network to evaluate the attack Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 10/21 10

  11. 7/25/2019 PoPET s18 Let's investigate di�erent situations Let's investigate di�erent situations Onion Service's BW << Guard's BW Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 11/21 11

  12. 7/25/2019 PoPET s18 Triggering the OOM killer algorithm Triggering the OOM killer algorithm One day guard discovery attack with a bug exploit We �ll the memory of the guard relay Can trigger easily the OOM algorithm which generates a counter bug (public information) Figure: Chutney experiment triggering the OOM killer algorithm of the onion service's guard Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 12/21 12

  13. 7/25/2019 PoPET s18 Let's investigate di�erent situations Let's investigate di�erent situations Onion Service's BW >> Guard's BW Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 13/21 13

  14. 7/25/2019 PoPET s18 Evaluation Evaluation Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 14/21 14

  15. 7/25/2019 PoPET s18 Evaluation Evaluation Evaluating spare resources of guards The attack would be inne�cient if the Onion service guard is already overloaded Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 15/21 15

  16. 7/25/2019 PoPET s18 Evaluation Evaluation With the assumption that the counter exploit is �xed success rate to retrieve only one (correct) guard in a few days, against a few MB/s ≈ 96% onion service This attack cost less than a sandwich Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 16/21 16

  17. 7/25/2019 PoPET s18 Countermeasures Countermeasures Multiple suggestions to counter the guard discovery The Tor Project chose to perform a volume analysis , and to increase the bandwidth reporting interval Onion service operators: decreasing the available bandwidth reduces the risk (once the counter exploit is solved) See @mikeperry-tor/vanguards on GitHub for mitigations Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 17/21 17

  18. 7/25/2019 PoPET s18 Outline Outline 1. Guard Discovery Attack Uses forward compatibility, a path selection trick and a side-channel 2. Dropmark attack An active traf�c con�rmation attack with interesting properties Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 18/21 18

  19. 7/25/2019 PoPET s18 Dropmark attack Dropmark attack Active end-to-end correlation attack with interesting properties Does not need the victim to transfer any packet to succeed The application level traf�c does not in�uence the success rate Uses forward compatibility and a side-channel Assumes colluding exit and guard (or network observer on client-guard) Implemented and tested in Shadow with TPR and FPR ≈ 99.86% ≈ 0.03% Can be applied in many different scenarios Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 19/21 19

  20. 7/25/2019 PoPET s18 Dropmark attack Dropmark attack Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 20/21 20

  21. 7/25/2019 PoPET s18 Contributions/Conclusion Contributions/Conclusion Contributions: Identi�cation of potential weaknesses resulting from Tor's forward compatibility New guard discovery attack New traf�c con�rmation attack with intriguing properties Many more attacks out there to hunt ... Implementations and tutorial to reproduce our results available on GitHub Discussion Removing forward compatibility? Complicates the integration on novel ideas May reduce the Tor network diversity or slow down deployment of new versions Increases code complexity May not solve the problem ... Florentin R. - Dropping on the Edge: Flexibility and Tra�c Con�rmation in Onion Routing Protocols - 25th Jul 2019 file:///export/home/frochet/Documents/T or/pets18-slides/index.html?print-pdf 21/21 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cloud Cloud Cloud Cloud network Edge Edge Edge Edge as a Edge Edge Edge Edge Edge

Cloud Cloud Cloud Cloud network Edge Edge Edge Edge as a Edge Edge Edge Edge Edge

We are here EaaS 1.0 EaaS 2.0 Pre-Edge CSP Led Cloud Cloud Cloud Cloud network Edge Edge Edge Edge as a Edge Edge Edge Edge Edge Service Edge On Premise Edge Edge Edge (EaaS) Edge Client Client Client Client Machine

439 views • 13 slides
Edge-based Segmentation Transform Hough Edge Tracking Linking Edge Detection Canny Edge

Edge-based Segmentation Transform Hough Edge Tracking Linking Edge Detection Canny Edge

Edge-based Marr-Hildreth http://vision.ouc.edu.cn/~zhenghaiyong CVBIOUC ZhaoHaiwei DaiJialun WangRuchen Edge-based Segmentation Transform Hough Edge Tracking Linking Edge Detection Canny Edge Techniques

690 views • 31 slides
PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new

PSA APIs An overview Attestation API 1.0.1 we are in the process of dropping a new release which allows signing using symmetric attestation keys (using COSE Mac0) Fully documented in ARM IHI 0085 TF-M master is slightly behind the

542 views • 17 slides
Are your students dropping out because youre reinforcing their insecurities? Dave Paunesku,

Are your students dropping out because youre reinforcing their insecurities? Dave Paunesku,

Are your students dropping out because youre reinforcing their insecurities? Dave Paunesku, Ph.D. Stanford University January 27, 2017 San Francisco, CA Anxiety Clouded Thinking Bad Decisions St Struc uctur ural &amp; Academ emic

410 views • 13 slides
Dropping Data FE ATU R E E N G IN E E R IN G W ITH P YSPAR K John Hog u e Lead Data Scientist ,

Dropping Data FE ATU R E E N G IN E E R IN G W ITH P YSPAR K John Hog u e Lead Data Scientist ,

Dropping Data FE ATU R E E N G IN E E R IN G W ITH P YSPAR K John Hog u e Lead Data Scientist , General Mills Where can data go bad ? Recorded w rong Uniq u e e v ents Forma ed incorrectl y D u plications Missing Not rele v ant FEATURE

541 views • 36 slides
What is your edge? From the cloud to the edge, extending your reach April 2, 2019

What is your edge? From the cloud to the edge, extending your reach April 2, 2019

What is your edge? From the cloud to the edge, extending your reach April 2, 2019 Alan.Clark@suse.com A Definition of Edge The delivery of computing capabilities to the logical extremes of a network in order to improve the performance,

712 views • 31 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

654 views • 44 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

517 views • 23 slides
Time Dropping Soapsticks Brings New Life to an Old Idea Joe Lopez: Chevron USA Jim Votaw:

Time Dropping Soapsticks Brings New Life to an Old Idea Joe Lopez: Chevron USA Jim Votaw:

Time Dropping Soapsticks Brings New Life to an Old Idea Joe Lopez: Chevron USA Jim Votaw: J&amp;J Solutions Adam Shaheen: PetroVision Field Services 2006 Gas Well Deliquification Workshop February 27 March 1, 2005 Contents Soapstick

842 views • 16 slides
&gt; SOFT EDGE &lt; By Iskos-Be rlin &gt; SOFT EDGE &lt; Soft Edge chair series is based on the

&gt; SOFT EDGE &lt; By Iskos-Be rlin &gt; SOFT EDGE &lt; Soft Edge chair series is based on the

&gt; SOFT EDGE &lt; By Iskos-Be rlin &gt; SOFT EDGE &lt; Soft Edge chair series is based on the next step in the development of moulded plywood technique. It gives us the possibility to obtain a 3-dimensionality which is unusual for ordinary

381 views • 12 slides
KLB Higher Education Evening 2016 1 Reasons for dropping out 2 Reasons to apply to

KLB Higher Education Evening 2016 1 Reasons for dropping out 2 Reasons to apply to

KLB Higher Education Evening 2016 1 Reasons for dropping out 2 Reasons to apply to university.. About 30% of 18 year olds were accepted into Higher Education Head start/investment for the future in that it improves your chances of

378 views • 25 slides
Dropping in 80Gbits (sort of) of Stateful Firewalling with OpenBSD (PF, OpenOSPF) UKNOF 37,

Dropping in 80Gbits (sort of) of Stateful Firewalling with OpenBSD (PF, OpenOSPF) UKNOF 37,

Dropping in 80Gbits (sort of) of Stateful Firewalling with OpenBSD (PF, OpenOSPF) UKNOF 37, Manchester Caveats I am not pushing 80Gbits yet (sorry if you were expecting Netflix levels of awesome) See: Sort of Who am I? Gareth Llewellyn

424 views • 38 slides
Name-dropping in 18th Century Public Discourse Aleksi Jalavala 1 , Annika Pensola 1 , Bruno

Name-dropping in 18th Century Public Discourse Aleksi Jalavala 1 , Annika Pensola 1 , Bruno

Name-dropping in 18th Century Public Discourse Aleksi Jalavala 1 , Annika Pensola 1 , Bruno Sartini 3 , David Rosson 2 , Peeter Tinits 5 , Selina Lehtoranta 1 , Sophie Schneider 4 , Veera Oksala 1 mon Hengchen 1 , Tanja Sily 1 Team leaders: Si 1

604 views • 31 slides
President Truman and Dropping the Atomic Bomb Mark P. Adams, Truman Presidential Library and

President Truman and Dropping the Atomic Bomb Mark P. Adams, Truman Presidential Library and

Leadership in Times of Crisis: President Truman and Dropping the Atomic Bomb Mark P. Adams, Truman Presidential Library and Museum ICMA Conference Presenter About me Content expert Examine decision making Weighing all options

135 views • 11 slides
Dropping legacy devices in Qemu Gabriel Laskar &lt;gabriel@lse.epita.fr&gt; Why do we need a

Dropping legacy devices in Qemu Gabriel Laskar &lt;gabriel@lse.epita.fr&gt; Why do we need a

Dropping legacy devices in Qemu Gabriel Laskar &lt;gabriel@lse.epita.fr&gt; Why do we need a smaller VM? Reduced boot time Smaller attack surface Performances Why not? ISA Devices On a fixed io address (non discoverable, no

418 views • 12 slides
1 Canny Edge Detection Steps: 1. Apply derivative of Gaussian 2. Non-maximum suppression

1 Canny Edge Detection Steps: 1. Apply derivative of Gaussian 2. Non-maximum suppression

Edge and Corner Detection What causes an edge? Reading: Chapter 8 (skip 8.1) Goal: Identify sudden changes

342 views • 5 slides
LSH-Based Probabilistic Pruning of Inverted Indices for Sets and Ranked Lists Koninika Pal and

LSH-Based Probabilistic Pruning of Inverted Indices for Sets and Ranked Lists Koninika Pal and

LSH-Based Probabilistic Pruning of Inverted Indices for Sets and Ranked Lists Koninika Pal and Sebastian Michel pal@cs.uni-kl.de smichel@cs.uni-kl.de TU Kaiserslautern, Germany 1 K. Pal - WebDB 2017 Introduction Top-k Rankings,

361 views • 32 slides
Database System Architecture Index Structures Hector Garcia-Molina Stijn Vansummeren Index

Database System Architecture Index Structures Hector Garcia-Molina Stijn Vansummeren Index

Database System Architecture Index Structures Hector Garcia-Molina Stijn Vansummeren Index structure Any data structure that takes as input a search key and efficiently returns the collection of matching records Sequential File 10 20

776 views • 65 slides
An Example of Index An Example of Index pattern of structure in indicators pattern of structure

An Example of Index An Example of Index pattern of structure in indicators pattern of structure

Chapter 6. Composite Measures What are indexes, scales, and Chapter 6. Composite Measures What are indexes, scales, and - Indexes, Scales and Typologies - Indexes, Scales and Typologies typologies? typologies? What are indexes, scales,

251 views • 3 slides
Turbocharge your MySQL analytics with ElasticSearch Guillaume Lefranc Data &amp; Infrastructure

Turbocharge your MySQL analytics with ElasticSearch Guillaume Lefranc Data &amp; Infrastructure

Turbocharge your MySQL analytics with ElasticSearch Guillaume Lefranc Data &amp; Infrastructure Architect, Productsup GmbH Percona Live Europe 2017 About the Speaker Guillaume Lefranc Data Architect at Productsup Replication

939 views • 55 slides
Outline Restless Bandits 1 Overview Problem Description Decomposition Applications 2

Outline Restless Bandits 1 Overview Problem Description Decomposition Applications 2

Whittles index for Markovian bandits A UNIFYING COMPUTATION OF W HITTLE S INDEX FOR M ARKOVIAN BANDITS Manu K. Gupta 2 Joint work with U. Ayesta 1 , 2 &amp; I.M. Verloop 1 , 2 1 Centre National de la Recherche Scientifique (CNRS), 2 Institut

1.22k views • 98 slides
AICPA Business and Industry Economic Outlook Survey Detailed Survey Results: 2Q 2020 Management

AICPA Business and Industry Economic Outlook Survey Detailed Survey Results: 2Q 2020 Management

AICPA Business and Industry Economic Outlook Survey Detailed Survey Results: 2Q 2020 Management Accounting &amp; Finance Survey Background Conducted between May 5-27, 2020 Quarterly survey CPA decision makers primarily

616 views • 44 slides
MECT Microeconometrics Blundell Lecture 1 Overview and Binary Response Models Richard Blundell

MECT Microeconometrics Blundell Lecture 1 Overview and Binary Response Models Richard Blundell

MECT Microeconometrics Blundell Lecture 1 Overview and Binary Response Models Richard Blundell http://www.ucl.ac.uk/~uctp39a/ University College London February-March 2015 Blundell ( University College London ) MECT Lecture 1 February-March

671 views • 49 slides
Learning from Irregularly-Sampled Time Series A Missing Data Perspective Steven Cheng-Xian Li

Learning from Irregularly-Sampled Time Series A Missing Data Perspective Steven Cheng-Xian Li

Learning from Irregularly-Sampled Time Series A Missing Data Perspective Steven Cheng-Xian Li Benjamin M. Marlin University of Massachusetts Amherst Irregularly-Sampled Time Series Irregularly-sampled time series: Time series with non-uniform

798 views • 42 slides

More recommend