1 / 24

CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects

CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks. Anonymizing Infrastructure February 22, 2002 Professor Marco Iansiti, HBS Professor H. T. Kung, FAS Harvard University. Topics for Today.

nitsa
Download Presentation

CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CS 144r: Networks Design Projects CS 244r: Advanced Networks Design Projects HBS 4560: The Future of Business Networks Anonymizing Infrastructure • February 22, 2002 • Professor Marco Iansiti, HBS Professor H. T. Kung, FAS • Harvard University

  2. Topics for Today • Overview of an IP-layer anonymizing infrastructure • Project on attacking the anonymizing infrastructure

  3. Problem To Solve An authentication server, by definition, needs to process requests from unknown users; thus, it can be subject to DOS attacks The Internet Clients Authentication Server

  4. A Solution Approach Based on an Anonymizing Infrastructure • Provide an IP-layer anonymizing infrastructure that can hide IP addresses of authentication servers from clients • This anonymizing infrastructure can be useful for current and future authentication servers and other servers

  5. B a y N e w t o r k s The Traditional Internet: Packet Reveals Server Address in the Clear 140.247.60.30 Packet D The Internet Client Server 140.247.60.30

  6. B B B B a a a a y y y y N N N N e e e e w t w t t w w t o o o o r r r r k k k k s s s s D D D D The Anonymizing Infrastructure: Use Forwarders to Hide Servers’ Addresses Addresses encrypted in Fs’ keys F2 Server F1 Client • The infrastructure is an overlay network of forwarders, Fs • Forwarders are stateless and use anycast addresses for improved availability

  7. B B B B a a a a y y y y N N N N e e e e t w t w w w t t o o o o r r r r k k k k s s s s D D D D Use of Gateways To Allow Existing Clients and Servers Without Modification F1 GWc Client GWs Server F2 Initialization Server • Gateways, GWc and GWs, allow existing clients and servers to use the anonymous forwarding infrastructure without modification

  8. Three Usage Steps for the Anonymizing Infrastructure • Server Registration: Given a server, select a sequence of forwarders, compute the encrypted IP address for the server, and register the results • The sequence of forwarders can be selected manually or automatically • Client Initialization: Given a server, obtain the encrypted address for the server, the address of the first decrypting forwarder, and other information required for forwarding • Packet Forwarding: forward packets over the selected sequence of forwarders

  9. Internet Drafts and Mailing List • Internet Drafts: • Bradner, S., and Kung, H. T., "Requirements for an Anonymizing Packet Forwarder," <draft-bradner-annfwd-req.txt>, November 2001 • Kung, H. T. and Bradner, S., "A Framework for an Anonymizing Packet Forwarder," <draft-kung-annfwd-framework.txt>, November 2001. • Mailing list: http://wireless.eecs.harvard.edu/anon Comments would be appreciated

  10. Experimental System for an Anonymizing Infrastructure • We have implemented the three usage steps for an anonymizing infrastructure • A FreeBSD-based experimental system is working in our lab at Harvard • In the following we use our experimental system to illustrate the three steps

  11. Step 1: Server Registration Server alias: KerberosServer in CS at Harvard Server IP address: 140.247.60.105 Server port numbers: 88 1st forwarder: 2nd forwarder:

  12. B B B B a a a a y y y y N N N N e e e e w t w t t w t w o o o o r r r r k k k k s s s s D D D D Step 2: Client Initialization F1 Client Server F2 Initialization Server • Client obtains information, such as server’s address encrypted in Fs’ keys and F1’s address, from an initialization server

  13. B B B B a a a a y y y y N N N N e e e e w t w t t w t w o o o o r r r r k k k k s s s s D D D D Step 3: Packet Forwarding F1 Client Server F2 Initialization Server • Client’s packet is forwarded to F1. F1 decrypts the address and discovers the next hop is F2. Then packet is forwarded to F2, etc. • The return path is from server to F2, F1 and client

  14. B B B B a a a a y y y y N N N N e e e e t w t w w w t t o o o o r r r r k k k k s s s s D D D D Use of Client and Server Gateways in Our Experimental System F1 GWc Client GWs Server F2 Initialization Server • Gateways, GWc and GWs, allow existing clients and servers to use the anonymous forwarding infrastructure without modification

  15. Experimental System Platform • Use divert socket on FreeBSD-4.4 machines (http://www.freebsd.org/) in implementing forwarders, GWc and GWs • PPTP VPN: mpd (netgraph multi-link PPP daemon) • Crypto software • Public key: RSA from OpenSSL (http://www.openssl.org/) • Symmetric key: 128-bit AES (Rijndael) (http://www.nist.gov/aes/)

  16. Two Threat Models • Monitoring a forwarder’s input & output, or compromising a forwarder • Capture client and forwarder or server address • Using the anonymizing infrastructure to launch attacks • Make tracking of attackers difficult

  17. Countermeasures(See the Next Three Slides) • Multi-hop forwarding to make it hard to discover the exit forwarder before the server • Uncorrelated, per-packet encryption for each of the hops (except the hop between the client to the first forwarder where encryption is not needed) to defend against unauthorized monitoring • Protocol camouflaging • Spaghetti forwarding

  18. B B B B a a a a y y y y N N N N e e e e w w t t t t w w o o o o r r r r k k k k s s s s D D D D Multi-hop Forwarding F3 F1 Client F2 Server F4 • To locate F4, the exit forwarder, the entire path (F1, F2, F3, F4) will need to be discovered

  19. B B a a y y N N e e w t t w o o r r k k s s D D Uncorrelated, Per-packet Encryption in Our Experimental System N different encrypted packet payloads N submissions of the same packet F1 GWc Client F2 Server GWs • When there is unauthorized monitoring, this feature makes it difficult for attackers to use traffic analysis to discover the forwarding path

  20. Camouflaged TCP over UDP Normal TCP IP header TCP header TCP payload TCP over UDP IP header UDP header TCP header TCP payload Camouflaged TCP over UDP IP header TCP header UDP header TCP payload TCP header

  21. B B B B a a a a y y y y N N N N e e e e t w t t w w t w o o o o r r r r k k k k s s s s D D D D Spaghetti Forwarding F3 F1 Client F4 Server F2

  22. Additional Countermeasures • Rate limiting forwarders • Dynamic re-selection of forwarders • Secure connection between GWc and Initialization Server to ensure the former receives trustworthy information from the latter

  23. Revisit the Project Definition: Attacking An Experimental Anonymizing Infrastructure • Attacker’s objective • Find the IP address that the anonymizing infrastructure tries to hide • Assumptions • Links in the infrastructure and those connected to it can be monitored • Demonstration • Given an encrypted IP address of a server, find its true address • Attacker’s score • An attacker’s score decreases exponentially in the number of false forwarders explored

  24. The Testbed Client F2 VPN GWc GWs F1 SSL Server Initialization Sever

More Related