hiding amongst the clouds
play

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing - PowerPoint PPT Presentation

Mar 02, 2023 •22 likes •822 views

Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University https://www.torproject.org/about/overview.html We and but... and C loud-based O nion

  1. Hiding Amongst the Clouds A Proposal for Cloud-based Onion Routing Nicholas Jones Matvey Arye Jacopo Cesareo Michael J. Freedman Princeton University

  2. https://www.torproject.org/about/overview.html

  3. We

  4. and

  6. but...

  9. and

  11. C loud-based O nion R outing

  12. Benefits, Risks, and Challenges - Potential benefits of cloud infrastructure - High performance - Adaptability to censorship - Economic challenges - New security problems

  13. Benefits of Cloud Infrastructure Performance (latency, throughput) Censorship Resistance

  14. Performance - Individual nodes are higher bandwidth - Ability to add and remove nodes to meet demand 5:00 P .M.

  15. Performance - Individual nodes are higher bandwidth - Ability to add and remove nodes to meet demand 7:00 P .M.

  16. Performance - Individual nodes are higher bandwidth - Ability to add and remove nodes to meet demand 8:00 P .M.

  17. Performance - Individual nodes are higher bandwidth - Ability to add and remove nodes to meet demand 11:00 P .M.

  18. Performance - Individual nodes are higher bandwidth - Ability to add and remove nodes to meet demand 12:00 A.M.

  19. Performance - Individual nodes are higher bandwidth - Ability to add and remove nodes to meet demand 2:00 A.M.

  20. COR has higher throughput than Tor

  21. COR has higher throughput than Tor

  22. COR has higher throughput than Tor US & International

  23. COR has higher throughput than Tor US & International US Only

  24. COR has higher throughput than Tor US & International US Only 7.6x speedup

  25. Multi-homed Datacenters are Harder to Monitor

  26. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home

  27. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home

  28. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home Datacenter

  29. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home 10-100 Gbps Sprint Datacenter

  30. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home 10-100 Gbps Sprint Datacenter Level 3

  31. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home 10-100 Gbps Sprint Datacenter Level 3 AT&T

  32. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home 10-100 Gbps Sprint Datacenter Level 3 AT&T

  33. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home 10-100 Gbps Sprint Datacenter Level 3 AT&T

  34. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home 10-100 Gbps Sprint Datacenter Level 3 AT&T

  35. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home 10-100 Gbps Sprint Datacenter Level 3 AT&T

  36. Multi-homed Datacenters are Harder to Monitor 1-10 Mbps Home 10-100 Gbps Sprint Datacenter Level 3 AT&T

  37. Blocking Clouds Causes Collateral Damage

  38. Blocking Clouds Causes Collateral Damage X

  39. Blocking Clouds Causes Collateral Damage X X

  40. Blocking Clouds Causes Collateral Damage X X X

  41. Blocking Clouds Causes Collateral Damage X X X X

  42. Blocking Clouds Causes Collateral Damage

  43. Blocking Clouds Causes Collateral Damage

  44. Blocking Clouds Causes Collateral Damage

  45. Blocking Clouds Causes Collateral Damage

  46. Blocking Clouds Causes Collateral Damage

  47. Benefits of Clouds - Higher performance - Elasticity to scale to demand - Multi-homing and scale makes eavesdropping difficult - Elasticity forces censors to make hard choices: collateral damage or unblocked access

  48. Economics Cloud pricing is affordable for end users

  49. Cost of running COR in the cloud - Cloud providers charge for CPU and bandwidth

  50. Cost of running COR in the cloud - Cloud providers charge for CPU and bandwidth - CPU is cheap

  51. Cost of running COR in the cloud - Cloud providers charge for CPU and bandwidth - CPU is cheap - 100+ users on a 34 ¢/hr node

  52. Cost of running COR in the cloud - Cloud providers charge for CPU and bandwidth - CPU is cheap - 100+ users on a 34 ¢/hr node

  53. Cost of running COR in the cloud - Cloud providers charge for CPU and bandwidth - CPU is cheap - 100+ users on a 34 ¢/hr node - Bandwidth is dominant cost

  54. Cost of running COR in the cloud - Cloud providers charge for CPU and bandwidth - CPU is cheap - 100+ users on a 34 ¢/hr node - Bandwidth is dominant cost - 100MB as low as 1 ¢ Amazon EC2 Pricing

  55. Tor’s Total Bandwidth Cost in the Cloud Approximately 900 MB/s 376 TB/month COR Cost: $61,200/month

  56. Security Challenges and Solutions Involved Parties and Trust Model Building Tunnels Paying for Tunnels Learning About Relays

  57. Distributing Trust - Tor - Tunnels between volunteer relays - COR - Tunnels between clouds from different providers

  58. Is that sufficient? - Should users pay cloud providers directly? - Not anonymous: Credit cards and Paypal leak info

  59. Is that sufficient? - Should users pay cloud providers directly? - Not anonymous: Credit cards and Paypal leak info - Another layer of indirection: Anonymity Service Providers - Operate relays and pay cloud providers - Mask users’ identities - Accept anonymous payment for access

  60. System Roles - Cloud Hosting Providers (CHPs) - Provide infrastructure for COR relays - Anonymity Service Providers (ASPs) - Run relays and directory servers - Sell tokens - Redeemable for XX MB of connectivity or XX amount of time

  61. System Architecture Example ASP 2 ASP 1 CHP A DESTINATION SERVER REQUEST TRAFFIC ENCRYPTED IP 2.2.2.2 IP 1.1.1.1 USER CHP B Organizations used above are examples only

  62. System Architecture Example ASP 2 ASP 1 CHP A DESTINATION SERVER REQUEST TRAFFIC ENCRYPTED IP 2.2.2.2 IP 1.1.1.1 USER CHP B Cloud Hosting Providers Organizations used above are examples only

  63. System Architecture Example ASP 2 ASP 1 CHP A DESTINATION SERVER REQUEST TRAFFIC ENCRYPTED IP 2.2.2.2 IP 1.1.1.1 USER CHP B Organizations used above are examples only

  64. System Architecture Example ASP 2 ASP 1 CHP A DESTINATION SERVER REQUEST TRAFFIC ENCRYPTED IP 2.2.2.2 IP 1.1.1.1 USER CHP B Anonymity Service Providers Organizations used above are examples only

  65. System Architecture Example ASP 2 ASP 1 CHP A DESTINATION SERVER REQUEST TRAFFIC ENCRYPTED IP 2.2.2.2 IP 1.1.1.1 USER CHP B Organizations used above are examples only

  66. Circuit Construction Must be Policy Aware

  67. Circuit Construction Must be Policy Aware - Two relays within each datacenter

  68. Circuit Construction Must be Policy Aware - Two relays within each datacenter - Different entry and exit ASPs

  69. Circuit Construction Must be Policy Aware - Two relays within each datacenter - Different entry and exit ASPs - Different entry and exit CHPs

  70. Circuit Construction Must be Policy Aware - Two relays within each datacenter - Different entry and exit ASPs - Different entry and exit CHPs - ASP and CHP relays are contiguous within a circuit

  71. Paying for Access - Users purchase tokens - Redeem tokens for access (bandwidth or time) - Chaum’s e-cash: - Cryptographically untraceable

  72. How do users gain access? - Users need two things: - Tokens - COR Directory

  73. How do users gain access? - Users need two things: - Tokens - COR Directory - Solution: Bootstrapping Network - Low speed - High Latency - Free

  74. Adversaries enumerate and block ingress - Current technologies - Tor Bridges - Two separate problems: - COR Relays - High speed, low latency, not free - Bootstrapping - Low speed, high latency, free

  75. Summary Tor COR

  76. Summary Tor COR Secure

  77. Summary Tor COR Secure High Speed

  78. Summary Tor COR Secure High Speed Dynamic Scaling

  79. Summary Tor COR Secure High Speed Dynamic Scaling Adaptive to censorship

  80. Summary Tor COR Secure High Speed Dynamic Scaling Adaptive to censorship Free

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

When you look up into the sky, you will often see clouds. No two clouds are the same, and there

When you look up into the sky, you will often see clouds. No two clouds are the same, and there

When you look up into the sky, you will often see clouds. No two clouds are the same, and there are many different types of clouds. Different kinds of clouds lead to different types of weather. Cirrus clouds are the highest group of clouds that

271 views • 5 slides
Information hiding Information hiding Notice how a user of a service being provided by an

Information hiding Information hiding Notice how a user of a service being provided by an

Information hiding Information hiding Notice how a user of a service being provided by an object, need only know the name of the messages that the object will accept. They need not have any idea how the actions performed in response to

474 views • 34 slides
Social Clouds Creating a research agenda Andrew Lippman MIT Media Lab October, 2010 Clouds and

Social Clouds Creating a research agenda Andrew Lippman MIT Media Lab October, 2010 Clouds and

Social Clouds Creating a research agenda Andrew Lippman MIT Media Lab October, 2010 Clouds and Mists: 1 st Cloud Defined by access Familiar as the internet Result of a nexus: PC, backbone, ISPs Web Opened vast doors to creativity Clouds and

592 views • 24 slides
Session 3: Hydrology & Clouds 3:00- 5:30 PM Session 3: Hydrology & Clouds 3:00- 5:30 PM

Session 3: Hydrology & Clouds 3:00- 5:30 PM Session 3: Hydrology & Clouds 3:00- 5:30 PM

Session 3: Hydrology & Clouds 3:00- 5:30 PM Session 3: Hydrology & Clouds 3:00- 5:30 PM Session 3: Hydrology & Clouds 3:00- 5:30 PM Session 3: Hydrology & Clouds 3:00- 5:30 PM Theme: Basically a continuation of climate talks

453 views • 19 slides
RESOURCE MANAGEMENT RESOURCE MANAGEMENT STRATEGIES FOR SDR CLOUDS STRATEGIES FOR SDR CLOUDS Vuk

RESOURCE MANAGEMENT RESOURCE MANAGEMENT STRATEGIES FOR SDR CLOUDS STRATEGIES FOR SDR CLOUDS Vuk

Department of Signal Theory and Communications UNIVERSITAT POLITCNICA DE CATALUNYA RESOURCE MANAGEMENT RESOURCE MANAGEMENT STRATEGIES FOR SDR CLOUDS STRATEGIES FOR SDR CLOUDS Vuk Marojevic Ismael Gomez Pere Gilabert Gabriel Montoro

399 views • 27 slides
POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos

POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos

POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos Cristiano Giuffrida Vrije Universiteit Amsterdam Teaser Break ideal information hiding in seconds Few probes, typically no crashes

854 views • 33 slides
David Lorge Parnas When the first papers on information Hiding were published (1970-72) ,

David Lorge Parnas When the first papers on information Hiding were published (1970-72) ,

Middle Road Software, Inc. How Precise Documentation allows Information Hiding to Reduce Software Complexity and Increase its Agility" David Lorge Parnas When the first papers on information Hiding were published (1970-72) , reaction

845 views • 47 slides
Q-Clouds: Managing Performance Interference Effects for QoS-Aware Clouds Ripal Nathuji Aman

Q-Clouds: Managing Performance Interference Effects for QoS-Aware Clouds Ripal Nathuji Aman

Q-Clouds: Managing Performance Interference Effects for QoS-Aware Clouds Ripal Nathuji Aman Kansal Alireza Ghaffarkhah Presented by Joshua Davis Motivation and Background Cloud computing Off load processing and storage Charged per

549 views • 28 slides
e n o t s y e K OpenStack in the context of Fog/Edge Massively Distributed Clouds

e n o t s y e K OpenStack in the context of Fog/Edge Massively Distributed Clouds

e n o t s y e K OpenStack in the context of Fog/Edge Massively Distributed Clouds Fog/Edge/Massively Distributed Clouds (FEMDC) SIG Beyond the clouds - The Discovery initiative 1 Who are We? Marie Delavergne Adrien Lebre

563 views • 42 slides
Forensic Data Hiding Optimized for JPEG 2000 Dieter Bardyn, Johann A. Briffa, Ann Dooms and Peter

Forensic Data Hiding Optimized for JPEG 2000 Dieter Bardyn, Johann A. Briffa, Ann Dooms and Peter

Forensic Data Hiding Optimized for JPEG 2000 Dieter Bardyn, Johann A. Briffa, Ann Dooms and Peter Schelkens May 18, 2011 Overview Image adaptive data hiding Overview Image adaptive data hiding Overview Image adaptive data hiding

778 views • 60 slides
Using Clouds to address Grid Limitations Giacomo Mc Evoy 1 Bruno Schulze 1 1 National Laboratory

Using Clouds to address Grid Limitations Giacomo Mc Evoy 1 Bruno Schulze 1 1 National Laboratory

Introduction Theoretical approach to Clouds Application of Clouds Summary Thanks Using Clouds to address Grid Limitations Giacomo Mc Evoy 1 Bruno Schulze 1 1 National Laboratory for Scientific Computing (LNCC) 6th International Workshop on

320 views • 19 slides
4. Droplet Growth in Warm Clouds In warm clouds, droplets can grow by condensation in a

4. Droplet Growth in Warm Clouds In warm clouds, droplets can grow by condensation in a

4. Droplet Growth in Warm Clouds In warm clouds, droplets can grow by condensation in a supersaturated environment and by colliding and coalescing with other cloud droplets. 4. Droplet Growth in Warm Clouds In warm clouds, droplets can grow by

1.17k views • 94 slides
Representation of convection and clouds in the IFS ......20 years and still the same? Peter

Representation of convection and clouds in the IFS ......20 years and still the same? Peter

Representation of convection and clouds in the IFS ......20 years and still the same? Peter Bechtold with contributions from Richard Forbes and Maike Ahlgrimm IITM Introspect 2017 workshop: IFS clouds and convection Slide 1 Challenge 1:

436 views • 28 slides
Breathing in the Clouds: Thin Air or Bad Atmosphere? G. Vossen: Breathing in the Clouds 1

Breathing in the Clouds: Thin Air or Bad Atmosphere? G. Vossen: Breathing in the Clouds 1

Gottfried Vossen University of Mnster, Germany & University of Waikato, New Zealand Breathing in the Clouds: Thin Air or Bad Atmosphere? G. Vossen: Breathing in the Clouds 1 Breathing in the Clouds: Thin Air or Bad Atmosphere? G.

1.11k views • 63 slides
of Multi-Clouds Dana Petcu West University of Timisoara & Institute e-Austria Timisoara 1

of Multi-Clouds Dana Petcu West University of Timisoara & Institute e-Austria Timisoara 1

The challenges of Multi-Clouds Dana Petcu West University of Timisoara & Institute e-Austria Timisoara 1 12/19/2013 Agenda more concrete Generalities Backgound Clouds and their future? Why Multiple Clouds? Taxonomy

959 views • 60 slides
Clouds in the ECMWF GCM Clouds in the ECMWF GCM George Aumann JPL Larrabee Strow, Scott Hannon

Clouds in the ECMWF GCM Clouds in the ECMWF GCM George Aumann JPL Larrabee Strow, Scott Hannon

Clouds in the ECMWF GCM Clouds in the ECMWF GCM George Aumann JPL Larrabee Strow, Scott Hannon and Sergio DeSouza-Machado UMBC 6 May 2009 H. H. Aumann Outline Why are we doing this simulation How is it being done What we learned Some

414 views • 37 slides
On getting tc classifier fully programmable with cls bpf. Daniel Borkmann

On getting tc classifier fully programmable with cls bpf. Daniel Borkmann

Proceedings of NetDev 1.1: The Technical Conference on Linux Networking (February 10th-12th 2016. Seville, Spain) On getting tc classifier fully programmable with cls bpf. Daniel Borkmann <daniel@iogearbox.net> Noiro Networks / Cisco

598 views • 23 slides
Using the Network Layering DAG CS 118 Computer Network Fundamentals Peter Reiher Lecture 13 CS

Using the Network Layering DAG CS 118 Computer Network Fundamentals Peter Reiher Lecture 13 CS

Using the Network Layering DAG CS 118 Computer Network Fundamentals Peter Reiher Lecture 13 CS 118 Page 1 Winter 2016 Outline The DAG A closer look at tables A closer look at directed links A closer look at FSMs and their

1.03k views • 64 slides
Java replacement for Win indows In Interface to Sim imulation of Errors Geometric

Java replacement for Win indows In Interface to Sim imulation of Errors Geometric

Java replacement for Win indows In Interface to Sim imulation of Errors Geometric misalignments No Fernndez lvarez 27/01/2017 Su Summary ry 1. Introduction to WISE geometric 2. WISE calculations 3. WISE usage 4. WISEs output

927 views • 29 slides
- tunnel-effect ( "micro-convergence" ) for SC-LDPC [ 1 ] [ 1 ] Schmalen, ten Brink,

- tunnel-effect ( "micro-convergence" ) for SC-LDPC [ 1 ] [ 1 ] Schmalen, ten Brink,

EXIT-Chart of SC-LDPC Spatial Coupling & Tail-biting Further Investigation Simulation results Block-LDPC SC-LDPC 1 1 0.9 0.9 0.8 0.8 0.7 0.7 I E,VND , I A,CND 0.6 I E,VND , I A,CND 0.6 0.5 0.5 0.4 0.4 0.3 0.3 0.2 0.2 I

436 views • 5 slides
Scamper http://www.wand.net.nz/scamper/ Matthew Luckie mjl@wand.net.nz Introduction It is

Scamper http://www.wand.net.nz/scamper/ Matthew Luckie mjl@wand.net.nz Introduction It is

Scamper http://www.wand.net.nz/scamper/ Matthew Luckie mjl@wand.net.nz Introduction It is coming up towards the end of a years contract between the University of Waikato and WIDE that funded the development of scamper 1 April

1.35k views • 39 slides
Abbey - Chesterton Bridge Stakeholder Group Meeting 3 Agenda Introductory words

Abbey - Chesterton Bridge Stakeholder Group Meeting 3 Agenda Introductory words

Abbey - Chesterton Bridge Stakeholder Group Meeting 3 Agenda Introductory words Introduction to the Project Team Strategic context for a bridge Presentation by Project Sponsor Presentation by Architect Question cards

481 views • 21 slides
Communication Protocols Lecture 19 TLS We saw... Symmetric-Key Components SKE, MAC Public-Key

Communication Protocols Lecture 19 TLS We saw... Symmetric-Key Components SKE, MAC Public-Key

Communication Protocols Lecture 19 TLS We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE (e.g., DDH, RSA) and

444 views • 16 slides
Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny

Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny

Countering Cryptographic Subversion Post-Snowden Cryptography Workshop Brussels 8/12/2015 Kenny Paterson Information Security Group @kennyog ; www.isg.rhul.ac.uk/~kp The post-Snowden adversary Since the Snowden revelations beginning in

481 views • 27 slides

More recommend