220 likes | 365 Views
“Defeating Vanish with low-cost sybil attacks against large dhts ”. Privacy Enhancing Technologies (CS898AB) Review by Jason Tomlinson. Scott Wolchok , Owen S. Hofmann, Nadia Heninger , Edward W. Felten , J. Alex Halderman , Christopher J. Rossbach , Brent Waters, and Emmet Witchel.
E N D
“Defeating Vanish with low-cost sybil attacks against large dhts” Privacy Enhancing Technologies (CS898AB) Review by Jason Tomlinson Scott Wolchok, Owen S. Hofmann, Nadia Heninger, Edward W. Felten, J. Alex Halderman, Christopher J. Rossbach, Brent Waters, and EmmetWitchel
TABLE OF CONTENTS • INTRODUCTION (pages 1-3) • What is a DHT? • What is Vanish? • What is Sybil? • BACKGROUND (pages 3-4) • ATTACKING VANISH (pages 4-6) • EVALUATION (pages 6-10) • DISCUSSION (pages 10-11) • COUNTERMEASURES (pages 11-13) • CONCLUSION (page 14)
INTRODUCTION Before we can discuss the details of this paper its import to discuss a few basics. We will cover the following: What is DHT? What is Vanish? What is SYBIL? • What is a DHT?A DHT (Digital Hash Table) is a Hash Table that is decentralized and distributed across a system. A hash table is a set of key value pairs. A user participating in the system can search for a key or set of keys to locate paired values. • What is Vanish? (The following is a quick review only. ) Electronic documents and communications may contain data that pose some level of risk relating to matters of data security and privacy. This data might be exploited by a criminals, data mining services, government agencies, legal entities and others resulting negative consequences. Many corporations adopt document retention policies designed to minimize the risk associated with documentation and communications containing confidential information.
INTRODUCTION • What is Vanish? (Continued…) Vanish takes a intriguing approach to try and solve problems relating to document retention across digital systems. The idea is that data can be secured using encryption. The encryption key can be broken into many parts and then distributed across a DHT network. These keys are set to expire after a period of time. Once the keys expire they are “permanently deleted” from DHT network. A “Vanish Data Object” (VDO) is the encrypted data together with its key parts. Vanish attempts to leverage large P2P architectures with millions of nodes obfuscate the location of the key value pairs required for the decryption of its associated data. The goal is to sufficiently complicate the retrieval processes of the key value pairs after they have been deleted from the system. The intended result of this design is to create data that self destructs over time.
INTRODUCTION • What is Sybil? There are two types of attacks discussed in this paper. In general a crawler continuously probes, discovers, and records the DHT entries distributed across the entire DHT network. This data can be used stored indefinitely so that the keys necessary for decryption can be reproduced long after they had aged-out of DHT network. 1The authors suggest a 99% recovery success rate is possible using a low cost Sybil attack. The authors showed they could extract the contents of a Vuze DHT using a Sybil attack method called “hopping”. The attacker participates in the DHT network accessing the system using many Identities. The Vuze DHT will replicate its contents periodically to other near by nodes. Participating in Vuze DHT using many identities enables the attacker to receive and log these transfers in a far more efficient manner than original thought.
Introduction • An analysis of Vanish paper suggest the original authors of the paper largely overestimated the cost of running an attack and did not account for optimization. • Possible Defenses: Reduce Replication, impose restrictions on node IDs, employing client puzzles, and switching from a public to a private DHT. • Concerns as a result of the public prototype: Trust in the system may result behavior changes. Example: The user no longer deletes sensitive emails.
BACKGROUND • Vanish is discussed in more detail in this section of the paper but we will exclude this section from our discussion. It was discussed in detail in Tuesdays presentation. • On page 3 the authors outline the encapsulate and decapsulate algorithms. • The goal of vanish is to provide a type of forward security. • It assumes a “Limited Network View” and “Limited View of DHT” • Deployed Implementation: Vanish 0.1 with Firefox Extension • The Vuze DHT deployed as part of the VuzeBitTorrent client also Know as Azureus.
ATTACKING VANISH • The threshold phenomenon works to an attacker advantage. • The formula suggest an attacker would need 60,000 sybils to achieve an 80% probability to learn each stored share. Vuze allows 65,525 node IDs (one for each UDP port). • The next page shows a graph of the recovery probabilities. • Vuze DHTs: Vuze nodes replicate their data to up to 20 near by nodes. Many Sybilscould participate in an attack waiting for replication. 1The authors establish VDO recovery probability using the following formula:
Attacking vanish • Attacker only needs to observe a value briefly rather than obtaining computing resources and bandwidth. • Vuze replication strategy allows attackers to optimize because replication occurs when a every 30 minutes and immediately when a node first joins. • Running m Sybilsby moving and hopping though the identites an attacker can observe data stored all over the network. • Hopping supports mt/T Sybils where m=sybils, t=time, T=hope duration. • Fist Unvanish Demonstration – A discussion of the implementations and their results. The key result is a low cost approach that uses simple code to launch an effective attack. • 1Advanced Implementation (ClearView) – Written from-scratch, coded in C it attempts further optimization by lower CPU and memory footprints. Many DHT clients on a single process. Thousands of concurrent Sybils on a single EC2 instance. ICMP a problem for the Linux kernel, Firewall modified to block outgoing and unwanted inbound traffic.
EVALUATION • 1This section measure effectiveness of the attacks and quantifies costs associated with attacks run on Amazon EC2. • 1Simple Hopping – Key points: 10 EC2 instances 50 concurrent Sybils hopping every 150 seconds extracting data from 96,000 nodes IDs for the 8 duration of DHT store. This resulted in 92% key recovery and 100% decryption of 104 VDOs. The cost required to run the service for a year was approximately $23,500. The original paper suggested a cost of $860,000.
EVALUATION • 1Here is a quick look at the data table for advanced Hopping.
DISCUSSION • Problems with the Vanish Analysis (original paper) • Vanish considers Sybil attacks against Vuze DHT with an annual cost of $860,000 (two orders of magnitude higher) • The paper considered the number of Sybils required to compromise at 25% of VDO using a private test bed of 8000. Extrapolation for a larger system lead to an overestimate.. • First Sybils would need to run continuously for 8 hours. Hopping attack revealed as little as 3 minutes would be required. Note: 544 vs. 87,000 • Based on attack requiring 87,000 they calculated the cost at $860,000. This papers suggest a cost less than $5000.
Discussion • Problems with the Vanish Design • Vanish assumed that the security properties of the system would remain stabile. However, the evolutions of computer systems evolves to support the needs of the main user population. • Attacks on Vanish are made simpler because of Vuze DHT replication. This replication supports Vuze primary purpose but is counter productive to Vanish. • Vuze is unlikely to accept changes in support of Vanish because it would impact reliability of its primary user population.
COUNTERMEASURES • Raising Vanish key recovery threshold Vanish uses the k-of-n secret sharing scheme and 7 of 10 shares are required. The authors suggest a stronger share values (99 of 100). This option would decrease probability of recover but system churn may result in early destruction. • Switching to a privately hosted DHT Using OpenDHT on a private network to prevent crawling attacks. • Adding client puzzles to Vuze Requiring clients to perform complex expensive calculations on an EC2 server tied to the date and user ID. With a calculation time of over a minute increase cost of an attack. • Detecting attackers • Monitoring for attacker fingerprints (ClearView) • Restrict the protocol and look for abuse (could be bypaseds) • Monitor IP addresses (bootstrap node Routing table scanner), Peruze • Perform selective blocking or penalize interactions
countermeasures • Social Networking • Forming trust-based networks using user designated trusted peers. • Restricting node IDs to Vuze • In the Vuze DHT node ID a function of the clients IP. Restricting the number of IDs available to each IP would effectiveness of a Sybil attack.Note: -1999 to 30, address space availability and botnet, breaking Vuze DHT backward compatibility.
CONCLUSION The authors of this paper felt that goal of Vanish was intriguing and useful but in its current form it is unable to meet this goal.
References Wolchok, Scott, Owen S. Hofmann, Nadia Heninger, Edward W. Felten, J. Alex Halderman, Christopher J. Rossbach, Brent Waters, and Emmett Witchel. Defeating Vanish with Low-Cost Sybil Attacks Against Large DHT’s