Slicing the licing the Onion: Onion: Anonymity Without PKI - - PowerPoint PPT Presentation

slicing the licing the onion onion
SMART_READER_LITE
LIVE PREVIEW

Slicing the licing the Onion: Onion: Anonymity Without PKI - - PowerPoint PPT Presentation

Jan 13, 2023 261 likes •705 views

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi & Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

slide-1
SLIDE 1

Slicing the licing the Onion: Onion:

Anonymity Without PKI Anonymity Without PKI

Sachin Katti

Dina Katabi & Katya Puchala

slide-2
SLIDE 2

Onio Onion Rout n Routing over P2P ing over P2P

State of the art:

slide-3
SLIDE 3

Alice Bob

Onio Onion Rout n Routing over P2P ing over P2P

State of the art:

slide-4
SLIDE 4

Alice

Encr ypt packet s in layer s

Onio Onion Rout n Routing over P2P ing over P2P

State of the art:

Bob

slide-5
SLIDE 5

Alice

Onio Onion Rout n Routing over P2P ing over P2P

State of the art:

Bob

slide-6
SLIDE 6
  • Each node only knows its previous hop and next hop
  • Bob does not know the identity of Alice either

Alice

Onio Onion Rout n Routing over P2P ing over P2P

State of the art:

Bob

slide-7
SLIDE 7

Wha What’s the the ca catch? tch?

Centralized trusted PKI

Alice Bob

slide-8
SLIDE 8

PK PKI Sho I Showst stopp

  • ppers

rs!

  • Key distribution
  • Key updates
  • Compulsion attacks
  • Trust model

Ca Can we we ha have ve an anon

  • nymit

ymity y without PKI? without PKI? Ca Can we we ha have ve an anon

  • nymit

ymity y without PKI? without PKI?

slide-9
SLIDE 9

This This ta talk… Ho How to d w to do anonym

  • nymous
  • us

co communica mmunicati tion w

  • n with

thou

  • ut

t PKI

slide-10
SLIDE 10

What What kin kind of an

  • f anonymity?
  • nymity?
  • Message confidentiality
  • Source anonymity
  • Destination anonymity
slide-11
SLIDE 11

Confidentia nfidentiality witho y without PKI t PKI

Source Destination

M M1 M2

Sour ce split s message M int o t wo par t s

Source sends M1 and M2 along node disj oint pat hs

slide-12
SLIDE 12

Confi nfiden entia tiality wi y withou thout t PKI

“Lets meet at 5 pm” “Lets meet” “at 5 pm”

“Lets meet” “at 5 pm” “aaspdgf qw” “asdlf rwe”

Random slices Randomize them! Split into two Message

A

A1 A2

slide-13
SLIDE 13

Confi nfiden entia tiality wi y withou thout t PKI

Source

A1 “aaspdgfqw” A2 “asdlfrwe”

Destination

Reconstruct original information from the slices

slide-14
SLIDE 14

Confi nfiden entia tiality wi y withou thout t PKI

Received random slices

A1 “aaspdgf qw” A2 “asdlf rwe” “aaspdgf qw” “asdlf rwe”

  • 1

Matrix inversion

“Lets meet” “at 5 pm” “Lets meet at 5 pm”

Original pieces of message Original message

A1 A2

slide-15
SLIDE 15

What about What about anonymity? anonymity?

Id Idea : B : Build an anon

  • nym

ymit ity fro from co confid iden entialit lity

slide-16
SLIDE 16

What about What about anonymity? anonymity?

Source tells each relay the ID of its next hop in a confidential message Id Idea : B : Build an anon

  • nym

ymit ity fro from co confid iden entialit lity

slide-17
SLIDE 17

Challenge Challenge

Exponential Exponential b blowup! up! Exponential Exponential b blowup! up!

slide-18
SLIDE 18

Challenge Challenge : : Exponential Blowup xponential Blowup Solu lution : : No Node R de Reuse Solu lution : : No Node R de Reuse

slide-19
SLIDE 19

S S’

Source has multiple I P addresses

Il Illustra lustrati tive Examp ve Example

slide-20
SLIDE 20

Il Illustra lustrati tive Examp ve Example

S S’ V W R Z X Y

Source picks relays and organizes them in stages

slide-21
SLIDE 21

S S’ V W R Z X Y

Destination is placed randomly

Il Illustra lustrati tive Examp ve Example

slide-22
SLIDE 22

S S’ V W R Z X Y

Il Illustra lustrati tive Examp ve Example

slide-23
SLIDE 23

S S’ V W R Z X Y

{Z1R1} {Z2R2}

V needs t o know Z and R

Il Illustra lustrati tive Examp ve Example

slide-24
SLIDE 24

S S’ V W R Z X Y

{Z1R1} {Z2R2} {Z1 R1} {Z2 R2} {Z R} V combines t he t wo slices t o get it s next hops Z and R

Il Illustra lustrati tive Examp ve Example

slide-25
SLIDE 25

S S’ V W R Z X Y

Il Illustra lustrati tive Examp ve Example

slide-26
SLIDE 26

S S’ V W R Z X Y

{Y1X1} {Y2 X2} {Y2 X2} {Y1 X1}

R needs t o know X and Y

Il Illustra lustrati tive Examp ve Example

R can combine incoming slices t o get X and Y

slide-27
SLIDE 27

S S’ V W R Z X Y

Il Illustra lustrati tive Examp ve Example

Node disj oint pat hs t o R

slide-28
SLIDE 28

S S’ V W R Z X Y

Il Illustra lustrati tive Examp ve Example

Node disj oint pat hs t o Y

slide-29
SLIDE 29

S S’ V W R Z X Y

Il Illustra lustrati tive Examp ve Example

Node V is reused t o const ruct disj oint pat hs t o R and Y

slide-30
SLIDE 30

S S’ V W R Z X Y

{Z1R1} {Y1X1} {Z1 R

1 }{Y2 X2}

{Z1R1} { Z

2

R

2

} {Y2 X2} {Y1X1}

Send slices in the same packet

Il Illustra lustrati tive Examp ve Example

slide-31
SLIDE 31

S S’ V W R Z X Y

{Z1R1}{Y1X1}{ rnd1} {Z1 R

1 }{Y2 X2 }{rnd2}

{Z1R1} { Z

2

R

2

} {Y2 X2}{ rnd2} { Y2 X2 } {Y1X1}

Small number of nodes

{Y1 X1 }{rnd1} { rnd2} { rnd1} { r n d

2

} {rnd1}

Il Illustra lustrati tive Examp ve Example

slide-32
SLIDE 32

Slicin Slicing Protoc g Protocol

  • l
  • Parameters

– No. of stages ! L – Splitting factor ! d

  • Information for each relay I

– Next hop IP addresses – Receiver flag – Symmetric session key (no PKI problems)

slide-33
SLIDE 33

Slicin Slicing Protoc g Protocol

  • l
  • Source picks L*d relays including the

receiver

  • Relays are organized into L stages of d

nodes each

  • For each relay source computes I
  • Source divides each I into d random

slices (I 1 ,… … , I d)

slide-34
SLIDE 34

Slicin Slicing Protoc g Protocol

  • l
  • Relay X has to get the d slices (I x1 ,…

… , I xd)

S S’ V W R Z X Y

(I x1 ,I x2)

slide-35
SLIDE 35

Slicin Slicing Protoc g Protocol

  • l
  • For each stage prior to X divide the d slices

randomly between the d nodes in that stage

S S’ V W R Z X Y

(I x1 ,I x2) (I x2) (I x1) (I x1) (I x2) (I x2) (I x1)

slide-36
SLIDE 36

Slicin Slicing Protoc g Protocol

  • l

S S’ V W R Z X Y

(I X1 ,I X2) (I X2) (I X1) (I X1) (I X2) (I X2) (I X1) (I X1) (I X2)

  • Slices are following node disjoint paths
slide-37
SLIDE 37

Slicin Slicing Protoc g Protocol

  • l

S S’ V W R Z X Y

(I X1 ,I X2) (I X2 I Y1) (I Y1 ,I Y2) (I X1 I Y2) (I X2 I Y2) (I X1 I Y1) (I X1 I Y2) (I X2 I Y1) (I Y1) (I Y2)

  • Slices are following node disjoint paths
slide-38
SLIDE 38

Slicin Slicing Protoc g Protocol

  • l
  • Source organizes L*d relays into L stages of d

nodes

  • Source divides node information I into d

random slices (I 1 ,… … , I d)

  • Relay X gets the d random slices (I x1 ,…

… , I xd)

  • If X is in stage k

– Source goes to stages k-1 to 1 – Assigns the d slices of node X randomly to the d nodes in that stage

slide-39
SLIDE 39

Slicin Slicing Protoc g Protocol

  • l - Decodin

ecoding

  • Node uses the d slices from its parents to

decode its information

I x1 I xd decoding I x X r econst r uct

I P addresses of next hops Receiver Flag Symmet ric Key

slide-40
SLIDE 40

Slicing Protocol licing Protocol – Data ata Transmission Transmission

  • Each node in the graph has a symmetric

key assigned by the source

  • Source uses normal onion routing to

transmit data

slide-41
SLIDE 41

Why Why this is is is ex exci citing? ng?

  • No PKI ! Truly distributed P2P

anonymous overlays

  • Scales to large number of nodes
  • Simple matrix multiplications ! Efficient

anonymity

Prac actical anonymity tical anonymity Prac actical anonymity tical anonymity

slide-42
SLIDE 42

What we are doing… What we are doing…

  • Resilience to node churn
  • Anonymity similar to Chaum mixes (i.e.,
  • nion routing)
  • Resilience to traffic analysis attacks
  • Implementing it on Planetlab
slide-43
SLIDE 43

To To c conc nclude…

Fundamentally new way to provide anonymity that does not need PKI