Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing - - PowerPoint PPT Presentation

hiding amongst the clouds
SMART_READER_LITE
LIVE PREVIEW

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing - - PowerPoint PPT Presentation

Mar 02, 2023 22 likes •826 views

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University https://www.torproject.org/about/overview.html We and but... and C loud-based O nion

slide-1
SLIDE 1

Hiding Amongst the Clouds

A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University

slide-2
SLIDE 2

https://www.torproject.org/about/overview.html

slide-3
SLIDE 3

We

slide-4
SLIDE 4

and

slide-5
SLIDE 5
slide-6
SLIDE 6

but...

slide-7
SLIDE 7
slide-8
SLIDE 8
slide-9
SLIDE 9

and

slide-10
SLIDE 10
slide-11
SLIDE 11

C O R outing

loud-based nion

slide-12
SLIDE 12

Benefits, Risks, and Challenges

  • Potential benefits of cloud infrastructure
  • High performance
  • Adaptability to censorship
  • Economic challenges
  • New security problems
slide-13
SLIDE 13

Benefits of Cloud Infrastructure

Performance (latency, throughput) Censorship Resistance

slide-14
SLIDE 14

Performance

  • Individual nodes are higher bandwidth
  • Ability to add and remove nodes to meet demand

5:00 P .M.

slide-15
SLIDE 15

Performance

  • Individual nodes are higher bandwidth
  • Ability to add and remove nodes to meet demand

7:00 P .M.

slide-16
SLIDE 16

Performance

  • Individual nodes are higher bandwidth
  • Ability to add and remove nodes to meet demand

8:00 P .M.

slide-17
SLIDE 17

Performance

  • Individual nodes are higher bandwidth
  • Ability to add and remove nodes to meet demand

11:00 P .M.

slide-18
SLIDE 18

Performance

  • Individual nodes are higher bandwidth
  • Ability to add and remove nodes to meet demand

12:00 A.M.

slide-19
SLIDE 19

Performance

  • Individual nodes are higher bandwidth
  • Ability to add and remove nodes to meet demand

2:00 A.M.

slide-20
SLIDE 20

COR has higher throughput than Tor

slide-21
SLIDE 21

COR has higher throughput than Tor

slide-22
SLIDE 22

COR has higher throughput than Tor

US & International

slide-23
SLIDE 23

COR has higher throughput than Tor

US Only US & International

slide-24
SLIDE 24

COR has higher throughput than Tor

US Only US & International

7.6x speedup

slide-25
SLIDE 25

Multi-homed Datacenters are Harder to Monitor

slide-26
SLIDE 26

Multi-homed Datacenters are Harder to Monitor

Home

1-10 Mbps

slide-27
SLIDE 27

Multi-homed Datacenters are Harder to Monitor

Home

1-10 Mbps

slide-28
SLIDE 28

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps

slide-29
SLIDE 29

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps Sprint 10-100 Gbps

slide-30
SLIDE 30

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps Sprint Level 3 10-100 Gbps

slide-31
SLIDE 31

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps Sprint Level 3 AT&T 10-100 Gbps

slide-32
SLIDE 32

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps Sprint Level 3 AT&T 10-100 Gbps

slide-33
SLIDE 33

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps Sprint Level 3 AT&T 10-100 Gbps

slide-34
SLIDE 34

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps Sprint Level 3 AT&T 10-100 Gbps

slide-35
SLIDE 35

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps Sprint Level 3 AT&T 10-100 Gbps

slide-36
SLIDE 36

Multi-homed Datacenters are Harder to Monitor

Datacenter Home

1-10 Mbps Sprint Level 3 AT&T 10-100 Gbps

slide-37
SLIDE 37

Blocking Clouds Causes Collateral Damage

slide-38
SLIDE 38

Blocking Clouds Causes Collateral Damage

X

slide-39
SLIDE 39

Blocking Clouds Causes Collateral Damage

X X

slide-40
SLIDE 40

Blocking Clouds Causes Collateral Damage

X X X

slide-41
SLIDE 41

Blocking Clouds Causes Collateral Damage

X X X X

slide-42
SLIDE 42

Blocking Clouds Causes Collateral Damage

slide-43
SLIDE 43

Blocking Clouds Causes Collateral Damage

slide-44
SLIDE 44

Blocking Clouds Causes Collateral Damage

slide-45
SLIDE 45

Blocking Clouds Causes Collateral Damage

slide-46
SLIDE 46

Blocking Clouds Causes Collateral Damage

slide-47
SLIDE 47

Benefits of Clouds

  • Higher performance
  • Elasticity to scale to demand
  • Multi-homing and scale makes eavesdropping difficult
  • Elasticity forces censors to make hard choices:

collateral damage or unblocked access

slide-48
SLIDE 48

Economics

Cloud pricing is affordable for end users

slide-49
SLIDE 49

Cost of running COR in the cloud

  • Cloud providers charge for CPU and bandwidth
slide-50
SLIDE 50

Cost of running COR in the cloud

  • Cloud providers charge for CPU and bandwidth
  • CPU is cheap
slide-51
SLIDE 51

Cost of running COR in the cloud

  • Cloud providers charge for CPU and bandwidth
  • CPU is cheap
  • 100+ users on a 34¢/hr node
slide-52
SLIDE 52

Cost of running COR in the cloud

  • Cloud providers charge for CPU and bandwidth
  • CPU is cheap
  • 100+ users on a 34¢/hr node
slide-53
SLIDE 53

Cost of running COR in the cloud

  • Cloud providers charge for CPU and bandwidth
  • CPU is cheap
  • 100+ users on a 34¢/hr node
  • Bandwidth is dominant cost
slide-54
SLIDE 54

Cost of running COR in the cloud

  • Cloud providers charge for CPU and bandwidth

Amazon EC2 Pricing

  • CPU is cheap
  • 100+ users on a 34¢/hr node
  • Bandwidth is dominant cost
  • 100MB as low as 1¢
slide-55
SLIDE 55

Tor’s Total Bandwidth Cost in the Cloud

Approximately 900 MB/s 376 TB/month COR Cost: $61,200/month

slide-56
SLIDE 56

Security Challenges and Solutions

Involved Parties and Trust Model Building Tunnels Paying for Tunnels Learning About Relays

slide-57
SLIDE 57

Distributing Trust

  • Tor
  • Tunnels between volunteer relays
  • COR
  • Tunnels between clouds from different providers
slide-58
SLIDE 58

Is that sufficient?

  • Should users pay cloud providers directly?
  • Not anonymous: Credit cards and Paypal leak info
slide-59
SLIDE 59

Is that sufficient?

  • Should users pay cloud providers directly?
  • Not anonymous: Credit cards and Paypal leak info
  • Another layer of indirection: Anonymity Service Providers
  • Operate relays and pay cloud providers
  • Mask users’ identities
  • Accept anonymous payment for access
slide-60
SLIDE 60

System Roles

  • Cloud Hosting Providers (CHPs)
  • Provide infrastructure for COR relays
  • Anonymity Service Providers (ASPs)
  • Run relays and directory servers
  • Sell tokens
  • Redeemable for XX MB of connectivity
  • r XX amount of time
slide-61
SLIDE 61

System Architecture Example

CHP A CHP B ASP 1 USER DESTINATION SERVER

ENCRYPTED REQUEST TRAFFIC

ASP 2

Organizations used above are examples only

IP 1.1.1.1 IP 2.2.2.2

slide-62
SLIDE 62

System Architecture Example

CHP A CHP B ASP 1 USER DESTINATION SERVER

ENCRYPTED REQUEST TRAFFIC

ASP 2

Organizations used above are examples only

Cloud Hosting Providers

IP 1.1.1.1 IP 2.2.2.2

slide-63
SLIDE 63

System Architecture Example

CHP A CHP B ASP 1 USER DESTINATION SERVER

ENCRYPTED REQUEST TRAFFIC

ASP 2

Organizations used above are examples only

IP 1.1.1.1 IP 2.2.2.2

slide-64
SLIDE 64

System Architecture Example

CHP A CHP B ASP 1 USER DESTINATION SERVER

ENCRYPTED REQUEST TRAFFIC

ASP 2

Organizations used above are examples only

IP 1.1.1.1 IP 2.2.2.2

Anonymity Service Providers

slide-65
SLIDE 65

System Architecture Example

CHP A CHP B ASP 1 USER DESTINATION SERVER

ENCRYPTED REQUEST TRAFFIC

ASP 2

Organizations used above are examples only

IP 1.1.1.1 IP 2.2.2.2

slide-66
SLIDE 66

Circuit Construction Must be Policy Aware

slide-67
SLIDE 67

Circuit Construction Must be Policy Aware

  • Two relays within each datacenter
slide-68
SLIDE 68

Circuit Construction Must be Policy Aware

  • Two relays within each datacenter
  • Different entry and exit ASPs
slide-69
SLIDE 69

Circuit Construction Must be Policy Aware

  • Two relays within each datacenter
  • Different entry and exit ASPs
  • Different entry and exit CHPs
slide-70
SLIDE 70

Circuit Construction Must be Policy Aware

  • Two relays within each datacenter
  • Different entry and exit ASPs
  • Different entry and exit CHPs
  • ASP and CHP relays are contiguous within a circuit
slide-71
SLIDE 71

Paying for Access

  • Users purchase tokens
  • Redeem tokens for access (bandwidth or time)
  • Chaum’s e-cash:
  • Cryptographically untraceable
slide-72
SLIDE 72

How do users gain access?

  • Users need two things:
  • Tokens
  • COR Directory
slide-73
SLIDE 73

How do users gain access?

  • Users need two things:
  • Tokens
  • COR Directory
  • Solution: Bootstrapping Network
  • Low speed
  • High Latency
  • Free
slide-74
SLIDE 74

Adversaries enumerate and block ingress

  • Current technologies
  • Tor Bridges
  • Two separate problems:
  • COR Relays
  • High speed, low latency, not free
  • Bootstrapping
  • Low speed, high latency, free
slide-75
SLIDE 75

Summary Tor COR

slide-76
SLIDE 76

Summary Tor COR Secure

slide-77
SLIDE 77

Summary Tor COR Secure High Speed

slide-78
SLIDE 78

Summary Tor COR Secure High Speed Dynamic Scaling

slide-79
SLIDE 79

Summary Tor COR Secure High Speed Dynamic Scaling Adaptive to censorship

slide-80
SLIDE 80

Summary Tor COR Secure High Speed Dynamic Scaling Free Adaptive to censorship