perfect imitation and secure asymmetry for decoy routing
play

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems - PowerPoint PPT Presentation

Sep 26, 2023 •363 likes •909 views

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich Ian Goldberg 20 June 2017 EPFL Summer Research Institute Censorship Censors may monitor, alter or block traffic that enters or leaves their area

  1. Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich Ian Goldberg 20 June 2017 EPFL Summer Research Institute

  2. Censorship Censors may monitor, alter or block traffic that enters or leaves their area of influence. 1

  3. Censorship Strategies Censorship measurement studies in Iran [Aryan et al.], Pakistan [Nabi et al.], and China [Winter and Lindskog] show the following techniques: • Filtering by IP address • Filtering by hostname • Protocol-specific throttling • URL keyword filtering • Active probing • Application-layer DPI 2

  4. Censorship Circumvention 3

  5. Censorship Circumvention 3

  6. Censorship Circumvention 3

  7. Censorship Circumvention 3

  8. Decoy Routing 1. Establish TLS connection with overt site 4

  9. Decoy Routing 1. Establish TLS connection with overt site 2. Steganographically share TLS master secret with friendly ISP (Wustrow et al., 2011) (Houmansadr et al., 2011) (Karlin et al., 2011) (Wustrow et al., 2014) (Ellard et al., 2015) 4

  10. Decoy Routing 1. Establish TLS connection with overt site 2. Steganographically share TLS master secret with friendly ISP (Wustrow et al., 2011) (Houmansadr et al., 2011) (Karlin et al., 2011) (Wustrow et al., 2014) (Ellard et al., 2015) 3. Sever or abandon connection to the overt site 4

  11. Decoy Routing 1. Establish TLS connection with overt site 2. Steganographically share TLS master secret with friendly ISP (Wustrow et al., 2011) (Houmansadr et al., 2011) (Karlin et al., 2011) (Wustrow et al., 2014) (Ellard et al., 2015) 3. Sever or abandon connection to the overt site 4. Proxy information between client and covert site 4

  12. Attacks on Decoy Routing (Wustrow et al., 2011) (Schuchard et al., 2012) Active Attacks • Replay attacks • Man in the middle 5

  13. Attacks on Decoy Routing (Wustrow et al., 2011) (Schuchard et al., 2012) Routing-Based (RAD) Attacks • TCP replay • Crazy Ivan Active Attacks • Replay attacks • Man in the middle 5

  14. Attacks on Decoy Routing (Wustrow et al., 2011) (Schuchard et al., 2012) Routing-Based (RAD) Attacks • TCP replay • Crazy Ivan Active Attacks Passive Attacks • Replay attacks • Traffic analysis • Man in the middle • Latency analysis 5

  15. Attacks on Decoy Routing (Wustrow et al., 2011) (Schuchard et al., 2012) Routing-Based (RAD) Attacks • TCP replay* • Crazy Ivan Active Attacks Passive Attacks • Replay attacks • Traffic analysis • Man in the middle* • Latency analysis 5

  16. Traffic Analysis 6

  17. Traffic Analysis 6

  18. Traffic Analysis 6

  19. Traffic Analysis 6

  20. Traffic Analysis 6

  21. Traffic Analysis 6

  22. Latency Analysis (Schuchard et al., 2012) Friendly ISP Client Overt site Covert site 7

  23. Slitheen Slitheen traffic patterns to overt destinations are identical to a regular access to the overt site. Covert content is squeezed into “leaf” resources (images, videos, etc.) that do not affect future connections for additional overt resources. 8

  24. Architecture Overview Censor SOCKS proxy Slitheen Uncensored Censored (frontend) relay station (overt) site (covert) site T agged TLS handshake Overt User Simulator (OUS) HTTP GET notblocked.com HTTP GET notblocked.com X-Slitheen: SOCKS data X-Ignore: ]jkl&jdsa((#@$jkl Proxy SOCKS data Client HTTP 200 OK HTTP 200 OK Content-T ype: slitheen Content-T ype: image/png Downstream data from proxy Data from overt site HTTP 200 OK HTTP 200 OK Content-T ype: text/html Content-T ype: text/html Data from overt site Data from overt site 9

  25. Tagging Procedure • Relay station has keypair ( r , g r ) 10

  26. Tagging Procedure • Relay station has keypair ( r , g r ) • Client picks s , uses g s � H 1 ( g rs � χ ) as ClientHello random • Relay station (and only the relay station) can recognize the tag 10

  27. Tagging Procedure • Relay station has keypair ( r , g r ) • Client picks s , uses g s � H 1 ( g rs � χ ) as ClientHello random • Relay station (and only the relay station) can recognize the tag • Client uses H 2 ( g rs � χ ) as (EC)DHE private key • Relay station can compute the TLS master secret and MITM the connection 10

  28. Tagging Procedure • Relay station has keypair ( r , g r ) • Client picks s , uses g s � H 1 ( g rs � χ ) as ClientHello random • Relay station (and only the relay station) can recognize the tag • Client uses H 2 ( g rs � χ ) as (EC)DHE private key • Relay station can compute the TLS master secret and MITM the connection • Relay station modifies the server’s Finished message to alert the client that Slitheen is active 10

  29. Data Replacement 11

  30. Data Replacement 11

  31. Data Replacement 11

  32. Data Replacement 11

  33. Data Replacement 11

  34. Data Replacement 11

  35. TLS Record Format • Encrypted HTTP responses are sent from the overt site in a series of TLS records • TLS records can be (and often are) fragmented across packets • We do not delay packets at the relay station to reconstruct records 12

  36. Finding Leaves We can only decrypt a record after receiving all of it. 13

  37. Finding Leaves We can only decrypt a record after receiving all of it. We only need to decrypt the HTTP response header to find leaves. 13

  38. Finding Leaves We can only decrypt a record after receiving all of it. We only need to decrypt the HTTP response header to find leaves. Misordered packets further complicate our decisions. 13

  39. HTTP States 14

  40. Latency Results Gmail Wikipedia 1.00 1.00 0.75 0.75 Type Type CDF CDF Decoy Decoy 0.50 0.50 Regular Regular 0.25 0.25 0.00 0.00 600 700 800 900 1000 450 500 550 Decoy page download time (ms) Decoy page download time (ms) 15

  41. Bandwidth 1.00 Downstream leaf content from the 0.75 Alexa top 10,000 TLS sites • Roughly 25% of all sites offer CDF 0.50 500 kB or more of potentially replaceable content 0.25 • About 40% of traffic across all sites was leaf content 0.00 1kB 10kB 100kB 1MB 10MB Downstream leaf content (bytes) 16

  42. Realistic Bandwidth Site name Leaf content (bytes) % leaf content replaced % total replaced Gmail 8800 ± 100 87 . 7 ± 0 . 2 23 ± 9 Wikipedia 24000 ± 2000 100 ± 0 33 ± 4 Yahoo 400000 ± 100000 100 . 0 ± 0 . 2 40 ± 20 Facebook 40000 ± 10000 0 ± 0 0 ± 0 1.00 0.75 Type CDF Total 0.50 Leaf Replaced 0.25 0.00 1kB 10kB 100kB 1MB 10MB Replaceable leaf content (bytes) 17

  43. Comparison TapDance Curveball Cirripede Rebound Slitheen Telex No in-line blocking � � � � � � Supports asymmetric routes � � � � � � Defends against TCP replay attacks � � � � � � Defends against latency analysis � � � � � � Defends against website fingerprinting � � � � � � RAD-resistant � � � � � � 18

  44. Supporting Asymmetry and RAD-Resistance 19

  45. Supporting Asymmetry and RAD-Resistance • Slitheen station is on downstream path • Opposite to TapDance, Rebound 19

  46. Supporting Asymmetry and RAD-Resistance • Slitheen station is on downstream path • Opposite to TapDance, Rebound • How does it identify tagged flows and learn the TLS master secret? 19

  47. Supporting Asymmetry and RAD-Resistance • Lightweight gossip station on upstream path • No flow blocking; just gets a copy of TLS flows • When it sees a TLS ClientHello (without having seen a TCP SYN ACK), broadcast it to Slitheen stations • If a Slitheen station claims the tag, send upstream TLS data to it 19

  48. Supporting Asymmetry and RAD-Resistance • But surely that upstream ClientHello won’t get from the gossip station to the Slitheen station in time? • The Slitheen station needs it before the TLS handshake completes so that it can read and modify the Finished message 19

  49. Supporting Asymmetry and RAD-Resistance • Key idea: the client’s Slitheen secret s on its next connection to that overt site will be selected as a function of the previous client-relay shared secret • The first connection acts as a Cirripede-esque registration • The Slitheen station can then predict that client’s future ClientHello messages! 19

  50. Supporting Asymmetry and RAD-Resistance • Gossip stations offer a two-tiered deployment strategy • No need for flow-blocking or traffic replacement routers • So easier to deploy 19

  51. Supporting Asymmetry and RAD-Resistance • Easier for censor to perform RAD attack on upstream data (change routing for that one flow ) than downstream (advertise new BGP route to everyone ) • Put lots of cheap gossip stations on possible upstream paths • More heavyweight Slitheen stations on more stable downstream paths 19

  52. Comparison Curveball+gossip Slitheen+gossip Telex+gossip TapDance Cirripede Curveball Rebound Slitheen Telex No in-line blocking � � � � � � � � � Supports asymmetric routes � � � � � � � � � Defends against TCP replay attacks � � � � � � � � � Defends against latency analysis � � � � � � � � � Defends against website fingerprinting � � � � � � � � � RAD-resistant � � � � � � � � � 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

560 views • 15 slides
Perfect Sampling of Queuing Networks with Complex Routing complexity and computational aspects

Perfect Sampling of Queuing Networks with Complex Routing complexity and computational aspects

System Simulation Perfect Sampling Discrete Time Markov Chain Event Driven Simulation Case Studies Advanced Topics Synthesis Perfect Sampling of Queuing Networks with Complex Routing complexity and computational aspects Jean-Marc Vincent

1.24k views • 108 slides
Perfect Secrecy A cryptosystem is unconditionally secure if it cannot be broken, even with

Perfect Secrecy A cryptosystem is unconditionally secure if it cannot be broken, even with

Perfect Secrecy A cryptosystem is unconditionally secure if it cannot be broken, even with infinite computational resources. (There are other (weaker) types of security; well talk about those later.) A cryptosystem is unconditionally secure

642 views • 4 slides
verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at

verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at

verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at ETH Security and Correctness Protocol-level properties - Path validity : Constructed paths are valid and reflect the routing decisions by on-path

294 views • 8 slides
Imitation Theory and Experimental Evidence Joerg Oechssler University of Heidelberg

Imitation Theory and Experimental Evidence Joerg Oechssler University of Heidelberg

Imitation Theory and Experimental Evidence Joerg Oechssler University of Heidelberg Imitation is relevant Neoplan (Germany) vs. Zhongwei (P.R. China) Imitation is prevalent Zeiss Ikon Contax II (1936) vs. Nikon I (1948) Imitator

655 views • 46 slides
Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why

Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why

Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why do we keep seeing these headlines? 1. The Meta Goal Can we devise changes to operational practices, or operational tools or routing technologies

572 views • 15 slides
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner

T-79.194 Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner presentation by Maarit Hietalahti Helsinki University of Technology Laboratory for Theoretical Computer Science

298 views • 14 slides
Imitation as a Stepping Stone to Innovation Amy Jocelyn Glass Texas A&M University Shift

Imitation as a Stepping Stone to Innovation Amy Jocelyn Glass Texas A&M University Shift

Imitation as a Stepping Stone to Innovation Amy Jocelyn Glass Texas A&M University Shift from Imitation to Innovation Countries such as Korea, China, and Taiwan shifting from imitation to innovation. Product cycle literature

323 views • 18 slides
On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture

On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture

International Workshop on OMNeT++ Code Contribution On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture Mohamad Sbeiti and Christian Wietfeld 05.03.2013 Faculty of Electrical and Computing

463 views • 7 slides
Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of

Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of

Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of Connec2cut, Bar Ilan Univ, Fraunhofer SIT Joint project with Tomas Hlavacek, Yafim Kazak, Rafi Peretz, Fabian Sauer and Haya Shulman Route-Hijacking:

687 views • 36 slides
Perfect vs. Imperfect Steganography Stegosystems can be divided into two classes: Perfectly

Perfect vs. Imperfect Steganography Stegosystems can be divided into two classes: Perfectly

Fisher Information Determines Capacity of -secure Steganography Tom Filler and Jessica Fridrich Dept. of Electrical and Computer Engineering SUNY Binghamton, New York 11th Information Hiding, Darmstadt, Germany, 2009 Perfect vs.

391 views • 24 slides
Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous

Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous

Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous Imitation (RSI) + Target Phrase Origins of RSI Language teaching: Swedish prosody to L2 learners Developed by Gabor Harrar, at the Finnish

242 views • 13 slides
Particle Hole Asymmetry in the Pseudogap Particle-Hole Asymmetry in the Pseudogap Phase of the

Particle Hole Asymmetry in the Pseudogap Particle-Hole Asymmetry in the Pseudogap Phase of the

Particle Hole Asymmetry in the Pseudogap Particle-Hole Asymmetry in the Pseudogap Phase of the High Tc Superconductors Peter Johnson Condensed Matter Physics and Materials Science Department BNL BNL Hvar 2008 Hvar 2008 A Cuprate Bi 2 Sr 2 Ca

425 views • 31 slides
4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has columns for the destination network (or hosts) with the corresponding cost and the next router address to reach a destination. Additional

1.08k views • 84 slides
Agenda Topology Discovery Background Limitations using mrinfo-rec A new probing tool:

Agenda Topology Discovery Background Limitations using mrinfo-rec A new probing tool:

MERLIN Measure the Router Level of the INternet Pascal Mrindol, Benoit Donnet, Jean-Jacques Pansiot, Matthew Luckie, Young Hyun Kaiserslautern - June 2011 Next Generation Internet 2011 Agenda Topology Discovery Background Limitations

414 views • 9 slides
Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting,

Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting,

GRNET Firewall-On-Demand Service Andreas Polyrakis, GRNET 15-16 February 2012, 5 th TF-NOC meeting, Dubrovnik, Croatia Contents 2 Firewall-On-Demand Motivation & Technology background Implementation Future plans &

470 views • 26 slides
Revisiting Bloom Filters Payload attribution via Hierarchiecal Bloom Filters Kulesh

Revisiting Bloom Filters Payload attribution via Hierarchiecal Bloom Filters Kulesh

Revisiting Bloom Filters Payload attribution via Hierarchiecal Bloom Filters Kulesh Shanmugasundaram, Herve Bronnimann, Nasir Memon 600.624 - Advanced Network Security version 3 Overview Questions Collaborative Intrusion Detection

1.29k views • 58 slides
Chapter 4: Manipulating Routing Updates CCNP-RS ROUTE Ali Aydemir Chapter 4 Objectives

Chapter 4: Manipulating Routing Updates CCNP-RS ROUTE Ali Aydemir Chapter 4 Objectives

Chapter 4: Manipulating Routing Updates CCNP-RS ROUTE Ali Aydemir Chapter 4 Objectives Describe network performance issues and ways to control routing updates and traffic. Describe the purpose of and considerations for using

1.49k views • 105 slides
Measuring the Adoption of Route Origin Validation and Filtering Andreas Reuter

Measuring the Adoption of Route Origin Validation and Filtering Andreas Reuter

Measuring the Adoption of Route Origin Validation and Filtering Andreas Reuter (andreas.reuter@fu-berlin.de) Joint work with Randy Bush, Ethan Katz-Bassett, Italo Cunha, Thomas C. Schmidt, and Matthias Whlisch PEERING The BGP Testbed The BGP

1.56k views • 52 slides
Jobber Automating Inter-Tenant Trust in The Cloud Andy Sayler Eric Keller Dirk Grunwald How

Jobber Automating Inter-Tenant Trust in The Cloud Andy Sayler Eric Keller Dirk Grunwald How

Jobber Automating Inter-Tenant Trust in The Cloud Andy Sayler Eric Keller Dirk Grunwald How can we make the Data Center... more efficient? more secure? more manageable? Over 50% Enterprise Companies Use Cloud Infrastructure* * Cohen,

1k views • 59 slides
Performance Evaluation of Open Virtual Routers M.Siraj Rathore siraj@kth.se Outline Network

Performance Evaluation of Open Virtual Routers M.Siraj Rathore siraj@kth.se Outline Network

Performance Evaluation of Open Virtual Routers M.Siraj Rathore siraj@kth.se Outline Network Virtualization PC based Virtual Routers Challenges Virtual Router Design Performance Evaluation Conclusion Network

619 views • 17 slides
2Q19 Supplemental Slides John McCallion Chief Financial Officer Cautionary Statement on

2Q19 Supplemental Slides John McCallion Chief Financial Officer Cautionary Statement on

2Q19 Supplemental Slides John McCallion Chief Financial Officer Cautionary Statement on Forward-Looking Statements This presentation may contain or refer to forward-looking statements. Forward-looking statements give expectations or forecasts

510 views • 21 slides

More recommend