vuvuzela scalable private messaging resistant to traffic
play

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis - PowerPoint PPT Presentation

Nov 12, 2022 •451 likes •608 views

Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David Lazar, Matei Zaharia, Nickolai Zeldovich MIT CSAIL Symposium on Operating Systems Principles (SOSP), 2015 1 / 12 Motivation Encryption systems hide

  1. Vuvuzela: Scalable Private Messaging Resistant to Traffic Analysis Jelle van den Hooff, David Lazar, Matei Zaharia, Nickolai Zeldovich MIT CSAIL Symposium on Operating Systems Principles (SOSP), 2015 1 / 12

  2. Motivation Encryption systems hide only content of messages Protection of metadata is critical for privacy Strong, provable privacy guarantees XOR scalability “If you have enough metadata, you don’t really need content.” Stewart Baker “We kill people based on metadata.” Michael Hayden 2 / 12

  3. Vuvuzela — Goals Private point-to-point messaging Scalable (millions of users, tens of thousands of messages per second) Limited amount of information about communication patterns over time No availability guarantees 3 / 12

  4. Vuvuzela — Goals Private point-to-point messaging Scalable (millions of users, tens of thousands of messages per second) Limited amount of information about communication patterns over time No availability guarantees Vuvuzela gives Alice differ- Alice Bob Charlie Alice Bob Charlie Alice Bob Charlie ential privacy: any event ob- served by the adversary has roughly equal probability in all worlds. ? ? ? Vuvuzela Vuvuzela Vuvuzela 3 / 12

  5. Vuvuzela — Threat Model Strong, active attacker that. . . controls all but one (any) of the Vuvuzela servers controls an arbitrary number of clients monitors/blocks/delays/injects traffic on any network link CC BY 3.0 US “Electronic Frontier Foundation” https://www.eff.org/pages/eff-nsa-graphics 4 / 12

  6. Vuvuzela — Assumptions/Prerequisites Standard cryptography: encryption, key exchange, signatures, hashes Established public keys for Vuvuzela servers and users (PKI) Bug-free implementation 5 / 12

  7. Overview Single chain of Vuvuzela servers Users connect to first server Last server hosts dead drops Mix messages and randomly add fakes Fixed-rate, fixed-size encrypted messages → fixed number of conversations/client Two protocols: dialing + conversion Chain of Vuvuzela servers (only one must be trusted) Alice Bob Adversary that observes Charlie all network tra ffi c 6 / 12

  8. Dialing Protocol Dialing round every 10 minutes m large invitation dead drops Invitation for user with public key pk stored in H ( pk ) mod m Special no-op dead drop (3) Users retrieve their invitations directly 1 2 Alice 3 4 Bob 5 6 Charlie (1) Users send (2) Honest server mixes invitations and adds cover tra ffi c 7 / 12

  9. Conversion Protocol (Strawman) Synchronous rounds coordinated by first server Ephemeral conversation dead drops with 128-bit ID (1) Alice and (2) Alice sends Bob agree on “Hi, Bob!” Adversary can a dead drop Alice see Alice and to use Bob talking (3) Dead drop Bob holds message (4) Bob reads message Charlie (2b) Charlie sends write message, but his read partner isn’t here 8 / 12 141

  10. Conversion Protocol Dead drop selected based on shared secret derived from public keys of communication partners and round number Alice Bob Charlie (1) Users access (2) Honest server (3) Adversary can’t tell dead drops unlinks users from who is talking to who dead drops and by looking at dead adds cover tra ffi c drop access patterns 9 / 12 140

  11. Evaluation Prototype Implemented in Go with ~ 2700 SLOC No CDN- or Torrent-based distribution for dialing protocol 10 / 12

  12. Evaluation Prototype Implemented in Go with ~ 2700 SLOC No CDN- or Torrent-based distribution for dialing protocol Setup Amazon EC2 virtual servers: 36 Xeon E5-2666 v3, 60 GiB RAM, 10 Gbps network 3 Vuvuzela server 5 servers to simulate clients Dedicated (untrusted) entry server Deterministic amount of nose, i.e. number of fake messages 80/256 bytes per dialing/conversation message 5 % of users dial another user each dialing round 100 clients fetch their dialing dead drop + extrapolation of required bandwidth 10 / 12

  13. Results 60 s 60 s µ=300,000 µ=13,000 conversation messages End-to-end latency for End-to-end latency for µ=200,000 50 s 50 s dialing invitations µ=100,000 40 s 40 s 30 s 30 s 20 s 20 s 10 s 10 s 0 s 0 s 10 500,000 1M 1.5M 2M 10 500,000 1M 1.5M 2M Number of online users Number of online users 1.2M fake message 12 kB/s per user With 1M users and µ = 300 k: 37 s end-to-end 12 GB/sec in aggregate latency, 68k messages/s, 166 MB/s per server, 10s of seconds per round Limiting factor: 340k Curve25519 DH operations per second and server 11 / 12 148 148

  14. Conclusion Private messaging system scalable to millions of users Protects against traffic analysis of powerful attacker Minimizes observable variables and hides them with noise Quantifiable security properties High bandwidth demands (especially on servers) 12 / 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Vuvuzela a scalable private messaging system David Lazar Jelle van den Hooff, Matei Zaharia,

Vuvuzela a scalable private messaging system David Lazar Jelle van den Hooff, Matei Zaharia,

Vuvuzela a scalable private messaging system David Lazar Jelle van den Hooff, Matei Zaharia, Nickolai Zeldovich Motivation Alice Bob (Oncologist) Encryption Z28gUGF0cmlvdHMhCg c2VhaGF3a3Mgc3Vjawo Alice Bob (Oncologist) Problem: metadata

609 views • 59 slides
WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable

WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable

WSO2 Message Broker Scalable persistent Messaging System Outline Messaging Scalable Messaging Distributed Message Brokers WSO2 MB Architecture o Distributed Pub/sub architecture o Distributed Queues architecture User Story

1.12k views • 33 slides
Matteo Merli What is Apache Pulsar? Distributed pub/sub messaging Backed by a scalable log

Matteo Merli What is Apache Pulsar? Distributed pub/sub messaging Backed by a scalable log

Guaranteed e ff ectively-once messaging semantic Matteo Merli What is Apache Pulsar? Distributed pub/sub messaging Backed by a scalable log store Apache BookKeeper Streaming & Queuing Low latency Multi-tenant

531 views • 37 slides
Scalable Bias-Resistant Distributed Randomness Ewa Syta* , Philipp Jovanovic , Eleftherios

Scalable Bias-Resistant Distributed Randomness Ewa Syta* , Philipp Jovanovic , Eleftherios

Scalable Bias-Resistant Distributed Randomness Ewa Syta* , Philipp Jovanovic , Eleftherios Kokoris Kogias , Nicolas Gailly , Linus Gasser , Ismail Khoffi , Michael J. Fischer , Bryan Ford *Trinity College, USA EPFL,

320 views • 31 slides
Stadium A Distributed Metadata-private Messaging System Nirvan Tyagi Yossi Gilad Derek Leung

Stadium A Distributed Metadata-private Messaging System Nirvan Tyagi Yossi Gilad Derek Leung

Stadium A Distributed Metadata-private Messaging System Nirvan Tyagi Yossi Gilad Derek Leung Matei Zaharia Nickolai Zeldovich SOSP 2017 Previous talk: Anonymous broadcast This talk: Private messaging Alice Bob Problem: Communication

725 views • 50 slides
An introduction to using slip-resistant flooring from Altro discover altro.com/slip-resistant

An introduction to using slip-resistant flooring from Altro discover altro.com/slip-resistant

An introduction to using slip-resistant flooring from Altro discover altro.com/slip-resistant Typical applications Healthcare Education Back-of-house High traffic areas Manufacturing and industrial areas General

536 views • 43 slides
Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr.

Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr.

Anomaly Detection Algorithms for Malware Traffic Analysis using Tamper Resistant Features Dr. Patrick McDaniel Berkay Celik Fall 2015 Introduction Motivation Related Work Data Approach Experimental Results Comparison

391 views • 25 slides
TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) ,

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) ,

TARANET: Traffic-Analysis Resistant Anonymity at the Network Layer Chen Chen (CMU) , Daniele E. Asoni , Adrian Perrig (ETH Zrich) , David Barrera (Polytechnique Montreal) , George Danezis (UCL) , Carmela Troncoso (EPFL)

1.98k views • 131 slides
Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali, Ramin

Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali, Ramin

Electrical and Computer Engineering Department Practical Traffic Analysis Attacks on Secure Messaging Applications Alireza Bahramali, Ramin Soltani, Amir Houmansadr, Dennis Goeckel, Don Towsley University of Massachusetts Amherst Instant

512 views • 40 slides
Scalable Mul*-Class Traffic Management in Data Center Backbone

Scalable Mul*-Class Traffic Management in Data Center Backbone

Scalable Mul*-Class Traffic Management in Data Center Backbone Networks Amitabha Ghosh (UtopiaCompression) Sangtae Ha (Princeton) Edward Crabbe (Google) Jennifer

391 views • 28 slides
I N the past few years, network traffic characterization has several consecutive transitions lead

I N the past few years, network traffic characterization has several consecutive transitions lead

Deterministic Finite Automaton for Scalable Traffic Identification: the Power of Compressing by Range Rafael Antonello, Stenio Fernandes, Djamel Sadok, Judith Gza Szabo Kelner Ericsson Traffic Lab Federal University of Pernambuco (UFPE)

406 views • 8 slides
Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture

Optimized or Balanced Mix Design Crack Resistant Rut Resistant Resistant to Moisture Damage 1 Balanced Mix Design: ETG Definition Asphalt mix design using performance tests on appropriately conditioned specimens that address

480 views • 46 slides
Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model

Secure Messaging Lecture 23 Messaging Alice Bob Secure Messaging Corruption model Server/network is adversarial (but trusted identity registration needed) Windows of compromise when a party is under adversarial control (or readable

933 views • 14 slides
Antimicrobial Stewardship Messaging in Canada Changing Attitudes and Behaviours to Drive Change

Antimicrobial Stewardship Messaging in Canada Changing Attitudes and Behaviours to Drive Change

Antimicrobial Stewardship Messaging in Canada Changing Attitudes and Behaviours to Drive Change Presidential Advisory Council on Combating Antibiotic-Resistant Bacteria July 11, 2019 Denise Gilby, M.Sc. Public Health Agency of Canada Key

370 views • 14 slides
SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware Yuuki

SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware Yuuki

SF-TAP: Scalable and Flexible Traffic Analysis Platform Running on Commodity Hardware Yuuki Takano, Ryosuke Miura, Shingo Yasuda Kunio Akashi, Tomoya Inoue 1 in USENIX LISA 2015 NICT, JAIST (Japan) Table of Contents 2 1. Motivation 2.

303 views • 18 slides
Demo of DANE-Enhanced Version of Off-the-Record Private Messaging Tool Bootstrapping Trust

Demo of DANE-Enhanced Version of Off-the-Record Private Messaging Tool Bootstrapping Trust

Demo of DANE-Enhanced Version of Off-the-Record Private Messaging Tool Bootstrapping Trust for Off-The-Record With DNS and DNSSEC Allison Mankin (Verisign Labs), Willem Toorop (NLNet Labs), Iain Learmonth (University of Aberdeen) ,

484 views • 9 slides
Multiple scattering in EPOS: Implications for charm production K.W. in collaboration with B.

Multiple scattering in EPOS: Implications for charm production K.W. in collaboration with B.

MPI at the LHC 2015 Trieste Klaus Werner Subatech, Nantes 0-0 Multiple scattering in EPOS: Implications for charm production K.W. in collaboration with B. Guiot, Iu. Karpenko, T. Pierog MPI at the LHC 2015 Trieste

587 views • 46 slides
Jet quenching from So1 Collinear Effec7ve Theory Grigory

Jet quenching from So1 Collinear Effec7ve Theory Grigory

Jet quenching from So1 Collinear Effec7ve Theory Grigory Ovanesyan arXiv:1512.00006 GO, Ringer, Vitev

504 views • 25 slides
Fluid dynamics in the extreme - The Quark-Gluon Plasma Jacquelyn Noronha-Hostler University of

Fluid dynamics in the extreme - The Quark-Gluon Plasma Jacquelyn Noronha-Hostler University of

Fluid dynamics in the extreme - The Quark-Gluon Plasma Jacquelyn Noronha-Hostler University of Illinois Urbana-Champaign Theoretical Physics Colloquium via Arizona State University Fluids 101 It flows (its particles easily move past each

2.42k views • 59 slides
Generative Models for Social Media Analytics: Networks, Text, and Time Kevin S. Xu (University

Generative Models for Social Media Analytics: Networks, Text, and Time Kevin S. Xu (University

Generative Models for Social Media Analytics: Networks, Text, and Time Kevin S. Xu (University of Toledo) James R. Foulds (University of Maryland-Baltimore County) ICWSM 2018 Tutorial About Us Kevin S. Xu James R. Foulds Assistant

1.55k views • 150 slides
Measurements of jets in heavy ion collisions Christine Nattrass University of Tennessee,

Measurements of jets in heavy ion collisions Christine Nattrass University of Tennessee,

Measurements of jets in heavy ion collisions Christine Nattrass University of Tennessee, Knoxville Largely based on Connors, Nattrass, Reed, & Salur arxiv:1705.01974 Overview Jet quenching in a nutshell Partons lose energy in the

832 views • 48 slides
STUDENT SERVICES FINANCIAL AID Lenoir Community College believes that no person who has ability

STUDENT SERVICES FINANCIAL AID Lenoir Community College believes that no person who has ability

STUDENT SERVICES FINANCIAL AID Lenoir Community College believes that no person who has ability and motivation should be deprived of the advantages of a college education due to a lack of funds. The College provides limited student financial

449 views • 10 slides
A Soft Constraint-based Approach to the Cascade Vulnerability Problem Stefano Bistarelli

A Soft Constraint-based Approach to the Cascade Vulnerability Problem Stefano Bistarelli

A Soft Constraint-based Approach to the Cascade Vulnerability Problem Stefano Bistarelli Istituto di Informatica e Telematica, CNR, Pisa, Italy stefano.bistarelli@iit.cnr.it Dipartimento di Scienze Universit a degli Studi G.

622 views • 24 slides
Metric Methods with Open Collider Data Machine Learning and the Physical Sciences, NeurIPS 2019

Metric Methods with Open Collider Data Machine Learning and the Physical Sciences, NeurIPS 2019

Metric Methods with Open Collider Data Machine Learning and the Physical Sciences, NeurIPS 2019 Eric M. Metodiev Center for Theoretical Physics Massachusetts Institute of T echnology Patrick Radha Preksha Jesse Komiske Mastandrea Naik

602 views • 34 slides

More recommend