harvesting verifiable challenges from oblivious online sources
DESCRIPTION
Harvesting Verifiable Challenges from Oblivious Online Sources. J. Alex Halderman Brent Waters Princeton University SRI International. Complete audit expensive seek probabilistic guarantee. Who chooses what to audit?. Motivating Example. Peer. Peer. Peer. Peer. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/1.jpg)
Harvesting Verifiable Challenges from Oblivious Online Sources
J. Alex Halderman Brent Waters Princeton University SRI International
![Page 2: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/2.jpg)
Complete audit expensive seek probabilistic guarantee
Who chooses what to audit?
![Page 3: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/3.jpg)
Motivating Example
Peer
Peer
Peer
PeerPeer
Peer
Peer
Peer
Peer
Peer
![Page 4: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/4.jpg)
Sybil Attack
Peer
Peer
Peer
PeerPeer
Peer
Peer
Peer
Peer
Peer
One machine,multiple identities
Defense: Require each peer to expend resources (CPU time).Verify probabilistically?
![Page 5: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/5.jpg)
Solution
Proof of Work: Client Puzzles
ChallengerSolverChallenge
Verify
Sol., Chal., Cert.
Verifier 1
Solver
Verify
Puzzle Server
Verifier 2
Verify
Sol., Chal., C
ert.Challenge,Certificate
![Page 6: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/6.jpg)
P2P Client Puzzles?
Solve puzzle once for many (unknown) challengersDecentralized: no puzzle server
![Page 7: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/7.jpg)
Our Approach: Harvested Challenges
• Unified tool and framework for producing random challenges from oblivious sources– Decentralized– Noninteractive– Reusable
• Useful for many verification applications
![Page 8: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/8.jpg)
Oblivious Online Sources
Abstraction: Logs of discrete items, appended over timeDifficult to control or predict before published*Past items stable, accessible for some period
RSS Feeds(news stories, blogs posts, …)
Physical Observations(weather, earthquakes,
sunspots, …)
Financial Data(market prices,
volumes, …)
![Page 9: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/9.jpg)
Harvesting Challenges
Puzzle server replaced by oblivious Internet sourcesSolver derives challenges from sources’ fresh contentVerifiers check source content to confirm derivation
Sol., Chal., Cert.
Puzzle Server
Verifier
Verify
Challenge,Certificate
Derivation,Solution
Solver
Slashdot NYTimes Stock Quotes
![Page 10: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/10.jpg)
Using Source Data4:00 Item 14:15 Item 24:30 Item 34:45 Item 45:00 Item 55:15 Item 65:30 Item 75:45 Item 86:00 Item 9
5:00 Item 55:15 Item 65:30 Item 75:45 Item 8 Revised Item 86:00 Item 96:15 Item 106:30 Item 116:45 Item 127:00 Item 13
Challenge := H( )Derivation :=
Mismatch:
Take Deriver’s word?
Challenge := H( )
Robustness vs. Security: Adversary controls some inputs
6 P.M. − Deriver harvests challenge 7 P.M. − Verifier verifies challenge
![Page 11: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/11.jpg)
OS X Leopard Firewall Flaw
ed
Claim of a Blu-ray BD+ Crack
Ubuntu Killing Your Hard Drive
a936b29d497
Random Oracle
![Page 12: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/12.jpg)
OS X Leopard Firewall Flaw
ed
Claim of a Blu-ray BD+ Crack
000000000000000000000000
18e039ca12b
Random Oracle
a936b29d497
![Page 13: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/13.jpg)
OS X Leopard Firewall Flaw
ed
Claim of a Blu-ray BD+ Crack
000000000000000000000001
6400dd3fc1a
Random Oracle
a936b29d497
18e039ca12bAdversary gets to pick frombounded set
![Page 14: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/14.jpg)
1% sample from set with 10% fraud
![Page 15: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/15.jpg)
Application Policies
Derivers and verifiers share a common policy
Sources: where content will be harvestedConditions: what source content will be acceptable for application purposes– Quantity– Freshness
Policies: acceptable combinations of content from different sources
![Page 16: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/16.jpg)
Source: RSS Feed
source NYTimes (type = RSSFeedurl = “http://nytimes.com/stories.xml”min_entries = 5max_entries = 20max_age = 86400)
![Page 17: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/17.jpg)
Source: Stock Quotes
source TechStocks(type = DailyQuotessymbols = “GOOG,YHOO,MSFT,INTC,IBM”min_entries = 4)
![Page 18: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/18.jpg)
Policies
policy PickOne { NYTimes, CNN, Slashdot }
policy PickTwo { NYTimes, CNN, Slashdot }[2,2]
![Page 19: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/19.jpg)
Complex Policy
policy Nested {{ NYTimes, CNN, Slashdot }[2,2],Recent
} policy Recent {
NYTimes(min_entries=1, max_age=3600)CNN(min_entries=1, max_age=3600)
}[2,2]
![Page 20: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/20.jpg)
Our Implementation: “Combine”
• Python API and command line utility• Open source• Supports RSS feeds, stock prices,
dedicated beacons• Extensible
![Page 21: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/21.jpg)
Combine Usage
$combine –policyfile example.pol –derivation alice.d –derive
derived: Example, a936b29d497…, 1169960994
$combine –policyfile example.pol –derivation alice.d –verify
verified: Example, a936b29d497…, 1169960994(or failure)
![Page 22: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/22.jpg)
Experimental Evaluation
• RSS feeds suitability?Availability?Rate of new posts?Time before posts age out?Frequency old posts are changed?
• Monitored 275 “popular” and “longtail” feeds• Simulated satisfaction of policies
![Page 23: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/23.jpg)
Results: RSS Feed Suitability
A. Fresh within one hour, verifiable 6 hours laterB. Fresh within one hour, verifiable 12 hours laterC. Fresh within one day, verifiable 7 days laterD. Fresh within one day, verifiable 14 days later
![Page 24: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/24.jpg)
7 Days
Satisfaction periods for policy “Short”
Satisfaction periods for policy “Long”
7 RS
S So
urce
s7
RSS
Sour
ces
![Page 25: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/25.jpg)
Conclusion
• Harvested challenges: a general tool to aid in randomly auditing systems– Create and verify challenges noninteractively using
data from oblivious sources• “Combine” library and policy language,
available for use• Future: building applications
![Page 26: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/26.jpg)
Harvesting Verifiable Challenges from Oblivious Online Sources
J. Alex Halderman Brent Waters
www.cs.princeton.edu/~jhalderm/projects/combine/
![Page 27: Harvesting Verifiable Challenges from Oblivious Online Sources](https://reader036.vdocuments.mx/reader036/viewer/2022081517/5681656e550346895dd8004e/html5/thumbnails/27.jpg)
Harvesting Challenges
Item 1: Source 1, Hash, Time
Derivation
Item 2: Source 1, Hash, TimeItem 3: Source 1, Hash, TimeItem 4: Source 2, Hash, TimeItem 5: Source 2, Hash, Time
…
Deriver
Item 1
Policy:Freshness?Max quantity?
Source 1Source 2
Verifier
Policy:Freshness?Matches derivation?
Source 1
Challenge := H(Derivation)Uses challenge
Source 2Item 1
Item 1
Item 3
Item 3≠=
Satisfied?Uses challenge