1 cs 144r: networks design projects cs 244r: advanced networks design projects hbs 4560: the future...
Post on 22-Dec-2015
217 views
TRANSCRIPT
![Page 1: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/1.jpg)
11
CS 144r: Networks Design ProjectsCS 244r: Advanced Networks Design
ProjectsHBS 4560: The Future of Business
Networks
Anonymizing InfrastructureFebruary 22, 2002
Professor Marco Iansiti, HBS Professor H. T. Kung, FAS
Harvard University
![Page 2: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/2.jpg)
2
Topics for TodayTopics for Today
Overview of an IP-layer anonymizing infrastructure
Project on attacking the anonymizing infrastructure
![Page 3: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/3.jpg)
3
Problem To SolveProblem To Solve
An authentication server, by definition, needs to An authentication server, by definition, needs to process requests from unknown users; thus, it process requests from unknown users; thus, it can be subject to DOS attackscan be subject to DOS attacks
AuthenticationServer
ClientsThe Internet
![Page 4: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/4.jpg)
4
A Solution Approach Based on A Solution Approach Based on an Anonymizing Infrastructurean Anonymizing Infrastructure
Provide an Provide an IP-layer anonymizing IP-layer anonymizing infrastructureinfrastructure that can hide IP addresses that can hide IP addresses of authentication servers from clientsof authentication servers from clients
This anonymizing infrastructure can be This anonymizing infrastructure can be useful for current and future authentication useful for current and future authentication servers and other servers servers and other servers
![Page 5: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/5.jpg)
5
The Traditional Internet: Packet The Traditional Internet: Packet Reveals Server Address in the ClearReveals Server Address in the Clear
Server
140.247.60.30
Client
Packet
The Internet
140.247.60.30
D
![Page 6: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/6.jpg)
6
The Anonymizing Infrastructure: Use The Anonymizing Infrastructure: Use Forwarders to Hide Servers’ AddressesForwarders to Hide Servers’ Addresses
Server
Client
Addresses encrypted in Fs’ keys
D
D
D
D
F1
F2
The infrastructure is an overlay network of The infrastructure is an overlay network of forwarders, Fsforwarders, Fs
Forwarders are stateless and use anycast Forwarders are stateless and use anycast addresses for improved availabilityaddresses for improved availability
![Page 7: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/7.jpg)
7
Use of Gateways To Allow Existing Use of Gateways To Allow Existing Clients and Servers Without ModificationClients and Servers Without Modification
ServerClient D
D
D
D
F1
F2
GWc
GWs
Gateways, GWc and GWs, allow existing Gateways, GWc and GWs, allow existing clients and servers to use the anonymous clients and servers to use the anonymous forwarding infrastructure without modificationforwarding infrastructure without modification
Initialization Server
![Page 8: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/8.jpg)
8
Three Usage Steps for the Three Usage Steps for the Anonymizing Infrastructure Anonymizing Infrastructure
1. Server Registration: Given a server, select a : Given a server, select a sequence of forwarders, compute the sequence of forwarders, compute the encrypted IP address for the server, and encrypted IP address for the server, and register the resultsregister the results The sequence of forwarders can be selected The sequence of forwarders can be selected
mmanually or automatically or automatically
2. Client Initialization: Given a server, obtain the encrypted address for the server, the address of the first decrypting forwarder, and other information required for forwarding
3. Packet Forwarding: forward packets over the : forward packets over the selected sequence of forwardersselected sequence of forwarders
![Page 9: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/9.jpg)
9
Internet Drafts and Mailing ListInternet Drafts and Mailing List
Internet Drafts:Internet Drafts: Bradner, S., and Kung, H. T., "Requirements for an Bradner, S., and Kung, H. T., "Requirements for an
Anonymizing Packet Forwarder," <draft-bradner-Anonymizing Packet Forwarder," <draft-bradner-annfwd-req.txt>, November 2001annfwd-req.txt>, November 2001
Kung, H. T. and Bradner, S., "A Framework for an Kung, H. T. and Bradner, S., "A Framework for an Anonymizing Packet Forwarder," <draft-kung-annfwd-Anonymizing Packet Forwarder," <draft-kung-annfwd-framework.txt>, November 2001.framework.txt>, November 2001.
Mailing list:Mailing list:
http://wireless.eecs.harvard.edu/anon
Comments would be appreciatedComments would be appreciated
![Page 10: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/10.jpg)
10
Experimental System for an Experimental System for an Anonymizing Infrastructure Anonymizing Infrastructure
• We have implemented the three usage steps for an anonymizing infrastructurenonymizing infrastructure
• A FreeBSD-based experimental system is A FreeBSD-based experimental system is working in our lab at Harvard working in our lab at Harvard
• In the following we use our experimental In the following we use our experimental system to illustrate the three steps system to illustrate the three steps
![Page 11: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/11.jpg)
11
Step 1: Server RegistrationStep 1: Server Registration
Server alias:
Server IP address:
1st forwarder:
Server port numbers:
2nd forwarder:
Kerberos Server in CS at Harvard
140.247.60.105
88
![Page 12: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/12.jpg)
12
Step 2: Client InitializationStep 2: Client Initialization
ServerClient D
D
D
D
F1
F2
Initialization Server
Client obtains information, such as server’s Client obtains information, such as server’s address encrypted in Fs’ keys and F1’s address encrypted in Fs’ keys and F1’s address, from an initialization serveraddress, from an initialization server
![Page 13: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/13.jpg)
13
Step 3: Packet ForwardingStep 3: Packet Forwarding
ServerClient D
D
D
D
F1
F2Initialization Server
Client’s packet is forwarded to F1. F1 decrypts Client’s packet is forwarded to F1. F1 decrypts the address and discovers the next hop is F2. the address and discovers the next hop is F2. Then packet is forwarded to F2, etc.Then packet is forwarded to F2, etc.
The return path is from server to F2, F1 and The return path is from server to F2, F1 and clientclient
![Page 14: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/14.jpg)
14
Use of Client and Server Gateways Use of Client and Server Gateways in Our Experimental Systemin Our Experimental System
ServerClient D
D
D
D
F1
F2
GWc
GWs
Gateways, GWc and GWs, allow existing Gateways, GWc and GWs, allow existing clients and servers to use the anonymous clients and servers to use the anonymous forwarding infrastructure without modificationforwarding infrastructure without modification
Initialization Server
![Page 15: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/15.jpg)
15
Experimental System PlatformExperimental System PlatformUse divert socket on FreeBSD-4.4 Use divert socket on FreeBSD-4.4
machines (machines (http://www.freebsd.org/http://www.freebsd.org/) in ) in implementing forwarders, GWc and GWsimplementing forwarders, GWc and GWs
PPTP VPN: mpd (netgraph multi-link PPP PPTP VPN: mpd (netgraph multi-link PPP daemon)daemon)
Crypto softwareCrypto softwarePublic key: RSA from OpenSSL (Public key: RSA from OpenSSL (
http://www.openssl.org/http://www.openssl.org/))Symmetric key: 128-bit AES (Rijndael) (Symmetric key: 128-bit AES (Rijndael) (
http://www.nist.gov/aes/http://www.nist.gov/aes/))
![Page 16: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/16.jpg)
16
Two Threat ModelsTwo Threat Models
1)1) Monitoring a forwarder’s input & Monitoring a forwarder’s input & output, or compromising a forwarderoutput, or compromising a forwarderCapture client and forwarder or server Capture client and forwarder or server
addressaddress
2)2) Using the anonymizing infrastructure Using the anonymizing infrastructure to launch attacksto launch attacksMake tracking of attackers difficultMake tracking of attackers difficult
![Page 17: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/17.jpg)
17
CountermeasuresCountermeasures(See the Next Three Slides)(See the Next Three Slides)
Multi-hop forwardingMulti-hop forwarding to make it hard to to make it hard to discover the exit forwarder before the discover the exit forwarder before the serverserver
Uncorrelated, per-packet encryptionUncorrelated, per-packet encryption for for each of the hops (except the hop between each of the hops (except the hop between the client to the first forwarder where the client to the first forwarder where encryption is not needed) to defend against encryption is not needed) to defend against unauthorized monitoringunauthorized monitoring
Protocol camouflagingProtocol camouflagingSpaghetti forwardingSpaghetti forwarding
![Page 18: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/18.jpg)
18
Multi-hop ForwardingMulti-hop Forwarding
ServerClient D
D
F1
F2
D
F3
D
F4
To locate F4, the exit forwarder, the entire To locate F4, the exit forwarder, the entire path (F1, F2, F3, F4) will need to be path (F1, F2, F3, F4) will need to be discovereddiscovered
![Page 19: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/19.jpg)
19
Uncorrelated, Per-packet Encryption Uncorrelated, Per-packet Encryption in Our Experimental Systemin Our Experimental System
ServerClient D
D
F1
F2
GWc
GWs
N submissions of the same packet
When there is unauthorized monitoring, this When there is unauthorized monitoring, this feature makes it difficult for attackers to use feature makes it difficult for attackers to use traffic analysis to discover the forwarding path traffic analysis to discover the forwarding path
N different encrypted packet payloads
![Page 20: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/20.jpg)
20
Camouflaged TCP over UDPCamouflaged TCP over UDP
IPheader
TCPheader
TCPpayload
IPheader
UDPheader
TCPpayload
TCPheader
IPheader
TCPheader
TCPpayload
UDPheader
TCPheader
Normal TCP
TCP over UDP
Camouflaged TCP over UDP
![Page 21: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/21.jpg)
21
Spaghetti ForwardingSpaghetti Forwarding
D
D
F1
F4
D
F3
D
F2 ServerClient
![Page 22: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/22.jpg)
22
Additional CountermeasuresAdditional Countermeasures
Rate limiting forwardersRate limiting forwardersDynamic re-selection of forwardersDynamic re-selection of forwardersSecure connection between GWc and Secure connection between GWc and
Initialization ServerInitialization Server to ensure the former to ensure the former receives trustworthy information from the receives trustworthy information from the latterlatter
![Page 23: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/23.jpg)
23
Revisit the Project Definition: Attacking Revisit the Project Definition: Attacking An An Experimental Anonymizing Infrastructure Experimental Anonymizing Infrastructure Attacker’s objectiveAttacker’s objective
Find the IP address that the anonymizing Find the IP address that the anonymizing infrastructure tries to hideinfrastructure tries to hide
AssumptionsAssumptions Links in the infrastructure and those connected to it Links in the infrastructure and those connected to it
can be monitoredcan be monitored DemonstrationDemonstration
Given an encrypted IP address of a server, find its Given an encrypted IP address of a server, find its true addresstrue address
Attacker’s scoreAttacker’s score An attacker’s score decreases exponentially in the An attacker’s score decreases exponentially in the
number of false forwarders explorednumber of false forwarders explored
![Page 24: 1 CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure February](https://reader030.vdocuments.mx/reader030/viewer/2022032523/56649d7f5503460f94a62f3f/html5/thumbnails/24.jpg)
24
The TestbedThe Testbed
Initialization Sever
Client
GWc GWs
F2
F1
Server
SSL
VPN