enhancing security and privacy of tor s ecosystem
play

Enhancing Security and Privacy of Tors Ecosystem by using Trusted - PowerPoint PPT Presentation

Nov 19, 2023 •228 likes •600 views

Enhancing Security and Privacy of Tors Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1 Tor anonymity network Tor: the most popular anonymity network for Internet

  1. Enhancing Security and Privacy of Tor’s Ecosystem by using Trusted Execution Environments Seongmin Kim , Juhyeng Han, Jaehyeong Ha, Taesoo Kim *, Dongsu Han * 1

  2. Tor anonymity network • Tor: the most popular anonymity network for Internet users – Helps users to defend against traffic analysis and keep user’s privacy (e.g., what sites you visit, IP address) [ from Tor project, www.torproject.org ] – Freely available as an open source – 1.8 million users on a daily basis The geographic location of Tor relays * * from Onionview, https://onionview.codeplex.com/ 2

  3. Tor anonymity network • Tor: the most popular anonymity network for Internet users – Helps users to defend against traffic analysis and keep user’s privacy (e.g., what sites you visit, IP address) [ from Tor project, www.torproject.org ] – Freely available as an open source – 1.8 million users on a daily basis The geographic location of Tor relays * * from Onionview, https://onionview.codeplex.com/ 3

  4. Tor anonymity network • Tor: the most popular anonymity network for Internet users – Helps users to defend against traffic analysis and keep user’s privacy (e.g., what sites you visit, IP address) [ from Tor project, www.torproject.org ] – Freely available as an open source – 1.8 million users on a daily basis The geographic location of Tor relays * * from Onionview, https://onionview.codeplex.com/ 4

  5. Tor anonymity network • Tor: the most popular anonymity network for Internet users – Helps users to defend against traffic analysis and keep user’s privacy (e.g., what sites you visit, IP address) [ from Tor project, www.torproject.org ] – Freely available as an open source – 1.8 million users on a daily basis The geographic location of Tor relays * * from Onionview, https://onionview.codeplex.com/ 5

  6. Tor network: Threat model • 3-hop onion routing: a single Tor entity cannot know both client and server Tor client Entry Middle Exit Destination TLS channel TLS channel TLS channel Plain-text Processing Unit : Cell (512 Bytes) 6

  7. Tor network: Threat model • 3-hop onion routing: a single Tor entity cannot know both client and server Tor client Entry Middle Exit Destination TLS channel TLS channel TLS channel Plain-text Processing Unit : Cell (512 Bytes) • Tor’s Threat model – Tor is a volunteer-based network: Tor relays are not trusted Can run a Tor relays of Can compromise some his own fraction of Tor relays 7

  8. Tor network: Threat model • 3-hop onion routing: a single Tor entity cannot know both client and server Tor client Entry Middle Exit Destination TLS channel TLS channel TLS channel Plain-text Processing Unit : Cell (512 Bytes) • Tor’s Threat model – Tor is a volunteer-based network: Tor relays are not trusted Can run a Tor relays of Can compromise some Can observe some fraction his own fraction of Tor relays of network traffic 8

  9. Tor network: Threat model (Cont.) Tor client Destination Directory authorities • Careful admission • Behavior monitoring 9

  10. Tor network: Threat model (Cont.) Tor client Destination Anonymity Broken! Directory authorities • Careful admission • Behavior monitoring 10

  11. Tor network: Threat model (Cont.) Tor client Destination Anonymity Broken! Directory authorities … • Careful admission • Having a large • Behavior monitoring number of relays Out-of-scope: network-level adversary (controls a large fraction of network) 1. Currently runs ~10,000 relays 2. Large-scale traffic correlation is believed to be verify difficult in practice 11

  12. Tor network: Threat model (Cont.) Tor client Destination Anonymity Broken! Directory authorities … • Careful admission • Having a large • behavior monitoring number of relays Out-of-scope : network-level adversary who can controls a large fraction of Tor network However, Tor is still vulnerable to many types of attacks under 1. Currently runs ~10000 relays its traditional threat model 2. Large-scale traffic correlation are believed to be verify difficult in practice 12

  13. Limitations of Tor Problem 1. Tor relays are semi-trusted – Authorities cannot fully verify the behaviors of them Problem 2. Even attackers control a few Tor relays, they can – Access internal information (circuit identifier, cell header, …) – Modify the behavior of relays (DDoS, packet tampering, …) <Low-resource attacks> • • • tagging attack [ICC08, TON12, Harvesting hidden service Malicious circuit creation CCS12, S&P13] descriptors [S&P13] [Security09, CCS11] • • • Bandwidth inflation [PETS07, Circuit demultiplexing [S&P06] Sniper attack [NDSS15] • • S&P13] Website fingerprinting Bad apple attack • Controlling HSDir [S&P13] [Security15] [LEET11] Modifying the behavior Both Accessing internal information 13

  14. Limitations of Tor (Cont.) Tor clients Exit Entry Middle Destination TLS channel TLS channel Cell TLS channel Plain-text Cell Processing Unit: Cell (512 Bytes) Information visible to attackers Attackers can modify the behavior header Modify or inject the cell Cell: Give false information to others Bandwidth 20MB/s Inflated! 150MB/s Demultiplex and identify a circuit 14

  15. Limitations of Tor (Cont.) Exit Tor client Entry Middle Destination TLS channel TLS channel TLS channel Plain-text To address the problems on Tor, 1) Fundamental trust bootstrapping mechanism 2) Advanced trust model to verify untrusted remote parties are required 15

  16. Trend: Commoditization of TEE • Trusted Execution Environment (TEE): Hardware technology for trusted computing Modified Original Secure container Integrity checking Tor code  Prevents behavior modification edit Application (untrusted) Cannot access data, flow control X  Protects the secrecy of the program OS (untrusted) • Intel SGX : a promising TEE technology for generic applications – Native performance in the secure mode – Available on Intel Skylake and Kaby lake CPU 16

  17. SGX-Tor: Leveraging Intel SGX on Tor SGX-Tor Improved trust model Operational privacy Middle Intel SGX Practicality Tor network Improved trust model Operational privacy Practicality • Spells out what users trust • Protects sensitive data and • The chance of having more in practice Tor operations hardware resources donated • Provides ultimate privacy • Prevents modifications on • Incrementally deployable • Compatibility Tor relays 17

  18. SGX-Tor: Leveraging Intel SGX on Tor SGX-Tor Improved trust model Operational privacy Middle Intel SGX Practicality Tor network  Reduces the power of an attacker who currently gets the Improved trust model Operational privacy Practicality sensitive information by running Tor relays • Explicitly spells out what • Protects sensitive data and • Increasing the chance of users trust in practice Tor operations having more hardware  Raises the bar for Tor adversary to a traditional network- • Provides ultimate privacy • Denies modifications on resources donated • Incrementally deployable due to the mix-in model Tor relays level adversary (only passively see the TLS bytestream) • Compatibility 18

  19. Intel SGX 101: Isolated Execution • Protects app’s secret from untrusted privilege software • Application keeps its data/code inside the “ Enclave ” • Trusted Computing Base (TCB) = Enclave + CPU package Physical Address Memory Space CPU Package Enclave Processor Key Encrypted Memory Encryption Cell Engine (MEE) Snooping EPC Access from (Enclave Page Cache) OS/VMM 19

  20. Intel SGX 101: Remote attestation • Attest an application on remote platform – Checks the integrity of enclave (hash of code/data pages) – Verifies whether enclave is running on real SGX CPU – Can establish a “ secure channel ” between enclaves User platform Remote platform 1. Request Application Challenger Enclave Application Enclave 4. Send Ephemeral QUOTE 2. Create REPORT 5. Verify 3. Sign with Quoting Attestation EPID group key Enclave Verification (Create QUOTE) EPID key 20 20

  21. SGX-Tor: Threat Model <SGX Threat model> <Tor Threat model> Enclave Application (untrusted) CPU OS (untrusted) TCB : Enclave + CPU package A powerful network-level adversary : out-of-scope • Only trusts the underlying SGX hardware & Tor code itself • Do not address network-level adversaries : who can perform large-scale traffic analysis • Out of scope :Vulnerabilities in Tor codes, SGX side channel attacks  Mitigated by recent SGX research: Moat [CCS16], SGX-Shield [NDSS17], T-SGX [NDSS17] 21

  22. SGX-Tor: Design and Implementation User process (Tor application) Enclave memory Tor code/data (Core) - Circuit Establishment - Hidden service - Voting - Encryption/Decryption - Cell/Consensus creation Crypto/TLS operations Securely obtains the SSL Library entropy and time value Integrity check with remote host Validates the enclave hash Attestation Module of the Tor program Seals/unseals private data Encrypts and stores the sensitive Sealing Module data outside the enclave 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR MISSION Least Authoritys mission is to build and support ethical and usable technology solutions that advance digital security and privacy as

552 views • 13 slides
A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky,

A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky,

A dynamic technique for enhancing the security and privacy of web applications Ariel Futoransky, Ezequiel Gutesman and Ariel Waissbein Core Security Technologies August 2, 2007 - Blackhat Briefings Outline Outline 1 Introduction 2 Known Tools

762 views • 60 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy &amp; Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in

Privacy &amp; Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in

Evolution of Privacy &amp; Security at Henry Ford Health System 2 THE HFHS ECOSYSTEM $6 Billion in Revenues 1300+ Member Medical Group $200 Million in uncompensated 1000+ Member Physician Network care (Non-Employed &amp;

335 views • 22 slides
CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian

CSE 127: Introduction to Security Lecture 17: Privacy and Anonymity Nadia Heninger and Deian Stefan UCSD Fall 2019 Lecture outline Foundations of privacy Historical and current crypto wars in the US Privacy-enhancing

611 views • 50 slides
Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract:

Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract:

Proceedings on Privacy Enhancing Technologies ; 2020 (2):436458 Shrirang Mare*, Franziska Roesner, and Tadayoshi Kohno Smart Devices in Airbnbs: Considering Privacy and Security for both Guests and Hosts Abstract: Consumer smart home devices

596 views • 23 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Meanings of &quot;Privacy&quot; in Privacy Enhancing Technologies

Meanings of &quot;Privacy&quot; in Privacy Enhancing Technologies

Meanings of &quot;Privacy&quot; in Privacy Enhancing Technologies Claudia Diaz KU Leuven COSIC Digital IdenBty Management (DIM) November 8, 2013 Claudia

565 views • 19 slides
Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous,

Privacy Enhancing Technologies 2003 An Analysis of GNUnet and the Implications for Anonymous, Censorship-Resistant Networks Dennis Kgler Federal Office for Information Security, Germany Dennis.Kuegler@bsi.bund.de 1 Anonymous,

488 views • 16 slides
Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B.

5/18/2016 Security and Privacy 12A. Operating Systems Security Operating Systems Principles 12B. Authentication 12C. Authorization Security and Privacy 12D. Trust 12E. At-Rest Encryption Mark Kampe (markk@cs.ucla.edu) Security and Privacy

116 views • 8 slides
SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY

SECURITY, ADVERSARIAL SECURITY, ADVERSARIAL LEARNING, AND PRIVACY LEARNING, AND PRIVACY Christian Kaestner with slides from Eunsuk Kang Required reading: Hulten, Geoff. &quot;Building Intelligent Systems: A Guide to Machine Learning

1.95k views • 113 slides
Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design

T rialog, Atos, T rilateral, Inria , AUP, Gradiant, UPM, UUlm, Fraunhofer SIT, WIT , KU Leuve Privacy Enhancing T echnologies Carmela Troncoso, Gradiant PRIPARE Workshop on Privacy by Design Ulm 9 th -10 th March 2015 11/03/2015 Privacy

668 views • 48 slides
Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 2427, 2018 Dionysis Manousakas , Cecilia Mascolo , , Alastair R. Beresford , Dennis Chan , Nikhil Sharma

758 views • 45 slides
S &amp; P SECURITY &amp; PRIVACY GROUP Security and Privacy for Payment Channel Networks

S &amp; P SECURITY &amp; PRIVACY GROUP Security and Privacy for Payment Channel Networks

FAKULTT FR !NFORMATIK Faculty of Informatics S &amp; P SECURITY &amp; PRIVACY GROUP Security and Privacy for Payment Channel Networks Pedro Moreno-Sanchez Blockchain Summer School BDLT19 Vienna, Sep 2nd 2019 Blockchain Research

1.41k views • 73 slides
Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways

Sending out an SMS : Characterizing the Security of the SMS Ecosystem with Public Gateways Bradley Reaves , Nolen Scaife, Dave Tian, Logan Blue, Patrick Traynor, Kevin R. B. Butler Florida Institute of Cyber Security (FICS) SMS Ecosystem Cell

404 views • 14 slides
Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric Brewer presented by Nikita Borisov ECE598NB - Spring 2006 Motivation Threats to privacy Online actions monitored Information

776 views • 26 slides
How we managed to scale Percona XtraDB Cluster (PXC) Krunal Bauskar PXC Product Lead @ Percona

How we managed to scale Percona XtraDB Cluster (PXC) Krunal Bauskar PXC Product Lead @ Percona

How we managed to scale Percona XtraDB Cluster (PXC) Krunal Bauskar PXC Product Lead @ Percona Agenda PXC Performance Performance fixes PXC Performance PXC Performance 3x-10X Improvement PXC Performance DML execution in MySQL

395 views • 38 slides
Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e

Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e

Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e Platzer Edmund M. Clarke Carnegie Mellon University, Computer Science Department, Pittsburgh, PA Formal Methods, FM, Eindhoven, November 2009 0.5 0.4

1.11k views • 71 slides
Professor: Kevin Molloy (adapted from slides originally developed by Alvin Chao) When does

Professor: Kevin Molloy (adapted from slides originally developed by Alvin Chao) When does

Professor: Kevin Molloy (adapted from slides originally developed by Alvin Chao) When does Java allow you to assign one type of primitive to another? byte miles; checking = 56000; short minutes; total = 0; int checking; sum = total;

118 views • 11 slides
Production Functions and Productivity Paul T. Scott NYU Stern ptscott@gmail.com PhD Empirical

Production Functions and Productivity Paul T. Scott NYU Stern ptscott@gmail.com PhD Empirical

Production Functions and Productivity Paul T. Scott NYU Stern ptscott@gmail.com PhD Empirical IO Fall 2017 1 / 84 Intro Overview Brief background on industry dynamics Methods for estimating production functions: Olley Pakes

1.83k views • 84 slides
Vocabularies to Classification Systems: Modelling DDC with FRSAD Joan S. Mitchell OCLC, Inc.

Vocabularies to Classification Systems: Modelling DDC with FRSAD Joan S. Mitchell OCLC, Inc.

Extending Models for Controlled Vocabularies to Classification Systems: Modelling DDC with FRSAD Joan S. Mitchell OCLC, Inc. Marcia Lei Zeng Kent State University Maja umer University of Ljubljana, Slovenia The big question Can the FRSAD

588 views • 38 slides
Non-neoplastic Parotid Disorders David W. Eisele, M.D., F.A.C.S . Department of Otolaryngology-

Non-neoplastic Parotid Disorders David W. Eisele, M.D., F.A.C.S . Department of Otolaryngology-

Non-neoplastic Parotid Disorders David W. Eisele, M.D., F.A.C.S . Department of Otolaryngology- Head and Neck Surgery Johns Hopkins University School of Medicine Disclosure Nothing to disclose Objectives Presentation Evaluation

1.09k views • 38 slides
VAR, SVAR and VECM models Christopher F Baum EC 823: Applied Econometrics Boston College, Spring

VAR, SVAR and VECM models Christopher F Baum EC 823: Applied Econometrics Boston College, Spring

VAR, SVAR and VECM models Christopher F Baum EC 823: Applied Econometrics Boston College, Spring 2013 Christopher F Baum (BC / DIW) VAR, SVAR and VECM models Boston College, Spring 2013 1 / 61 Vector autoregressive models Vector

1.01k views • 61 slides
How to make a logic probabilistic? Pedro Baltazar SQIG - IT, Lisbon - Portugal

How to make a logic probabilistic? Pedro Baltazar SQIG - IT, Lisbon - Portugal

How to make a logic probabilistic? Pedro Baltazar SQIG - IT, Lisbon - Portugal pedro.baltazar@ist.utl.pt CMU, CMACS Seminar - January 14th, 2010 Sources: D. Henriques, M. Biscaia, P. Baltazar, and P. Mateus, Probabilistic quantified linear

807 views • 54 slides

More recommend