1 / 98

P2P 安全探讨

P2P 安全探讨. 章节内容. 6.1 匿名 6.2 声誉和信任 6.3 文件污染 6.4 路由安全 6.5 安全前沿研究. 6.1 匿名. “匿名”的根源可以追溯到“安全散列函数”,包括发送者匿名、接收者匿名、文件标识匿名、关系匿名等 P2P 系统天然可用于匿名. Anonymity. Author anonymity: 分享资源的作者的身份不能够被有心人知道,即身份和分享的资源不能够有关连性。 Publisher anonymity: Publisher 的身份不能够和提供的资源有所关连性。

vian
Download Presentation

P2P 安全探讨

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. P2P安全探讨

  2. 章节内容 • 6.1 匿名 • 6.2 声誉和信任 • 6.3 文件污染 • 6.4 路由安全 • 6.5 安全前沿研究

  3. 6.1 匿名 • “匿名”的根源可以追溯到“安全散列函数”,包括发送者匿名、接收者匿名、文件标识匿名、关系匿名等 • P2P系统天然可用于匿名

  4. Anonymity • Author anonymity: 分享资源的作者的身份不能够被有心人知道,即身份和分享的资源不能够有关连性。 • Publisher anonymity: Publisher的身份不能够和提供的资源有所关连性。 • Reader (Requester) anonymity: 同个网络中的资源任何人都可以读取,但读取者的信息不能够被公开或得知。 • Server anonymity: 服务器的信息不能够和提供的资源有任何的关连性。 • Document anonymity: 服务器也不知道储存的内容。 • Query anonymity: 服务器知道请求资源的ID,但是不能够有第三者去确认此ID的正确性。

  5. 匿名的方法 • 匿名代理:用户通过匿名代理发送消息,但匿名代理安全性以及本身是系统瓶颈,易受攻击 • 混合中继网mix-net:用户通过一组“混合中继”mix relays结点连接到服务器,核心中继结点是安全隐患(Tor) • 随机中继:Freenet,Tarzan(理论上完备细致,但实现极其困难)等

  6. 混合中继网-onion routing • 常用的匿名传输代理服务器Tor是基于洋葱路由(Onion Routing) • 用户在本机运行一个洋葱代理服务器(onion proxy),这个代理周期性地与其他Tor交流,从而在Tor网络中构成虚拟环路(virtual circuit)。同时对于客户端,洋葱代理服务器又作为SOCKS接口。一些应用程序就可以将Tor作为代理服务器,网络通讯就可以通过Tor的虚拟环路来进行。 • Tor是在7层协议栈中的应用层进行加密(也就是按照‘onion’的模式)而它之所以被称为onion是因为它的结构就跟洋葱相同,你只能看出它的外表而想要看到核心就必须把它层层的剥开。 • 每个router间的传输都经过symmetric key来加密,形成有层次的结构。它中间所经过的各节点,都好像洋葱的一层皮,把客户端包在里面,算是保护信息来源的一种方式,这样在洋葱路由器之间可以保持通讯安全。

  7. 洋葱路由– Onion routing ( A real-time MIX network ) • 一个通用可用于如Internet开放式网络上的匿名通信体系 general purpose infrastructure for anonymous communications over a public network (e.g., Internet) • 通过适当的代理支持多类应用如:HTTP,FTP,SMTP… supports several types of applications (HTTP, FTP, SMTP, rlogin, telnet,…) through the use of application specific proxies • 应用数据通过动态建立的匿名连接传输 • anonymous connections through onion routers are built dynamically to carry application data • 具有分布式、容错、安全等特性 • distributed, fault tolerant, and secure

  8. 洋葱路由--网络设置和操作 • 在邻居路由器间保持长期的socket连接(links) • long-term socket connections between “neighboring” onion routers are established  links • 一个连接link上的两邻居采用两个DES加密key,每个方向一个确保通信安全 • neighbors on a link setup two DES keys using the Station-to-Station protocol (one key in each direction) • 多个匿名连接可以复用在一个连接link上,这时每个匿名连接分配一个ACI标识(局部性的标识)。 • 消息类似ACM传输,分成48bytes定长信元。信元用DES加密。传输中来自不同连接的信元mix复用,但保持连接有序。 6 5 4 3 2 1 6 5 4 4 3 3 2 2 1 1 mixing 4 3 2 1

  9. Overview of architecture long-term socket connections application (initiator) onion router application proxy - prepares the data stream for transfer - sanitizes appl. data - processes status msg sent by the exit funnel application (responder) exit funnel - demultiplexes connections from the OR network - opens connection to responder application and reports a one byte status msg back to the application proxy onion proxy - opens the anonymous connection via the OR network - encrypts/decrypts data entry funnel - multiplexes connections from onion proxies

  10. Onions消息包 • onion是多层数据结构,它encapsulate了OR网络中的匿名连接 • it encapsulates the route of the anonymous connection within the OR network • 每层包括: • backward crypto function (DES-OFB, RC4)后向加密函数 • forward crypto function (DES-OFB, RC4)前向加密函数 • IP address and port number of the next onion router下一跳路由<ip,port> • expiration time过期时间 • key seed material 用于前向和后向加密函数的密钥 • used to generate the keys for the backward and forward crypto functions • 同时每一层都用相应的洋葱路由器的公钥加密 • each layer is encrypted with the public key of the onion router for which data in that layer is intended bwd fn | fwd fn | next = blue | keys bwd fn | fwd fn | next = green | keys bwd fn | fwd fn | next = 0 | keys

  11. onion Anonymous connection setup illustrated onion proxy application (responder)

  12. onion Anonymous connection setup illustrated onion proxy application (responder) bwd: entry funnel, crypto fns and keys fwd: blue, ACI = 12, crypto fns and keys

  13. onion ACI = 12 Anonymous connection setup illustrated onion proxy application (responder)

  14. onion Anonymous connection setup illustrated onion proxy application (responder) bwd: magenta, ACI = 12, crypto fns and keys fwd: green, ACI = 8, crypto fns and keys

  15. onion ACI = 8 Anonymous connection setup illustrated onion proxy application (responder)

  16. onion Anonymous connection setup illustrated onion proxy application (responder) bwd: blue, ACI = 8, crypto fns and keys fwd: exit funnel

  17. standard structure status open socket Anonymous connection setup illustrated bwd: entry funnel, crypto fns and keys fwd: blue, ACI = 12, crypto fns and keys onion proxy bwd: blue, ACI = 8, crypto fns and keys fwd: exit funnel application (responder) bwd: magenta(紫红), ACI = 12, crypto fns and keys fwd: green, ACI = 8, crypto fns and keys

  18. Tarzan--P2P匿名网络层 • Tarzan在英文中的意思为“泰山” • Tarzan是一个P2P的匿名IP网络覆盖,它通过数据多层加密和消息多跳路由来实现匿名性。 • Tarzan将mix-net的匿名方法扩展到P2P环境中,结点之间通过中继结点序列(这一序列结点构成一条隧道)来通信。 • 实现:发送者匿名、接收者匿名、关系匿名(一对结点之间相互通信的关系不会被其他结点发现) • Tarzan: A Peer-to-Peer Anonymizing Network LayerACM CCS 2002 http://pdos.lcs.mit.edu/tarzan/

  19. Anonymity • Participant can communicate anonymously with non-participant • User can talk to CNN.com ? User • Nobody knows who user is

  20. The Vision for Anonymization • Thousands of nodes participate • Bounce traffic off one another • Mechanism to organize nodes: peer-to-peer • All applications can use: IP layer

  21. Proxy Alternative 1: Proxy Approach • Intermediate node to proxy traffic • Completely trust the proxy Anonymizer.com User

  22. Threat model • Corrupt proxy(s) • Adversary runs proxy(s) • Adversary targets proxy(s) and compromises, possibly adaptively • Network links observed • Limited, localized network sniffing • Wide-spread (even global) eavesdropping • e.g., Carnivore, Chinese firewall, ISP search warrants

  23. Proxy Proxy Failures of Proxy Approach User • Proxy reveals identity • Traffic analysis is easy

  24. Proxy Failures of Proxy Approach • CNN blocks connections from proxy X User X • Proxy reveals identity • Traffic analysis is easy • Adversary blocks access to proxy (DoS)

  25. Relay Relay Relay Relay Alternative 2: Centralized Mixnet • MIX encoding creates encrypted tunnel of relays • Individual malicious relays cannot reveal identity • Packet forwarding through tunnel User Onion Routing, Freedom Small-scale, static network

  26. Relay Relay Relay Relay Failures of Centralized Mixnet User X • CNN blocks core routers

  27. Relay Relay Relay Relay Relay Relay Relay Failures of Centralized Mixnet User • CNN blocks core routers • Adversary targets core routers

  28. Relay Relay Relay Relay Relay Alternative 2: Centralized Mixnet User • CNN blocks core routers • Adversary targets core routers • So, add cover traffic between relays • Hides data traffic among cover

  29. Relay Relay Relay Relay Relay Relay Failures of Centralized Mixnet User • CNN blocks core routers • Adversary targets core routers

  30. Relay Relay Relay Relay Relay Relay Relay Relay Failures of Centralized Mixnet User • CNN blocks core routers • Adversary targets core routers • Still allows network-edge analysis

  31. Relay Relay Relay Relay Relay Relay Relay Relay Relay Relay Failures of Centralized Mixnet User • Internal cover traffic does not protect edges • External cover traffic prohibitively expensive? • n2 communication complexity

  32. Tarzan: Me Relay, You Relay • Thousands of nodes participate • CNN cannot block everybody • Adversary cannot target everybody

  33. Tarzan: Me Relay, You Relay • Thousands of nodes participate • Cover traffic protects all nodes • Global eavesdropping gains little info

  34. ? ? ? ? ? Benefits of Peer-to-Peer Design • Thousands of nodes participate • Cover traffic protects all nodes • All nodes also act as relays • No network edge to analyze • First hop does not know he’s first

  35. Tarzan: Joining the System 1. Contacts known peers to learn neighbor lists 2. Validates each peer by directly pinging User

  36. User Tarzan: Generating Cover Traffic Nodes begin passing cover traffic with mimics: • Nodes send at some traffic rate per time period • Traffic rate independent of actual demand • All packets are same length and link encrypted

  37. PNAT Tarzan: Selecting tunnel nodes User To build tunnel: Iteratively selects peers and builds tunnel from among last-hop’s mimics

  38. PNAT But, Adversaries Can Join System User

  39. PNAT But, Adversaries Can Join System User • Adversary can join more than once by spoofing addresses outside its control • Contact peers directly to validate IP addr and learn PK

  40. PNAT But, Adversaries Can Join System User • Adversary can join more than once by running many nodes on each machine it controls • Randomly select by subnet “domain” (/16 prefix, not IP)

  41. PNAT But, Adversaries Can Join System User • Adversary can join more than once by running many nodes on each machine it controls • Randomly select by subnet “domain” (/16 prefix, not IP)

  42. 考虑到一个路由器上可能有多个IP地址,从而虚拟地操纵多个Tarzan结点,因此定义了域domain概念,以此标识被某个恶意节点控制的子网。考虑到一个路由器上可能有多个IP地址,从而虚拟地操纵多个Tarzan结点,因此定义了域domain概念,以此标识被某个恶意节点控制的子网。 如图,恶意的路由器控制了整个域(子网),而一般的恶意结点则不能控制整个域,但它能监听域内其它结点的通信。 域的划分粒度通常为<当前ip/16>,<当前ip/24> Tarzan网络安全模型

  43. Tarzan体系架构

  44. 6.2 声誉和信任 • 匿名隐藏网络行为,而“声誉”与匿名相反,它对“好”的网络行为的鼓励 • “信任”往往是基于“声誉”的,很多时候二者不做区分 • Bittorrent的阻塞算法实质就是采用声誉机制。目前对匿名、信任等的研究得到较大的关注。

  45. 设计P2P声誉、信任系统涉及的问题 • 此系统必须是自管辖的(self-policing),系统本身为其用户定义了共有的行为准则和声誉/信任衡量,即使在没有集中式认证或权威第三方的情况下,系统用户也能总体上遵循并加强这些准则 • 此系统必须是匿名的,一个用户的声誉应该同一个不透明的ID相关联 • 不应该给予新来者任何额外的利益,用户的声誉必须通过多次事务中的表现来衡量 • 应该尽量最小化声誉/信任机制带来的额外开销 • 应该对恶意结点有较强的容错性

  46. CCS02[Damiani et.al.,2002]:提出了一种基于声誉的,在P2P网络中选择可靠资源的方法。每个Peer在下载资源前,通过分布式的投票算法(polling algorithm)来评价资源的可靠性,从而限制恶意资源在P2P网络中的传播。 • ACM Conference on Electronic Commerce [Xiong and Liu.03] 设计了一个服务于P2P电子商务社群的、基于声誉的信任模型PeerTrust。此模型基于事务回馈(transaction feedback)来量化和比较Peer的可信任性(trustworthiness)。 • BitTorren的阻塞算法是隐匿的声誉方法,但只基于本次下载而不考虑历史行为。

  47. EigenTrust算法-完备的P2P声誉管理 • EigenTrust特征信任,www2003[Kamvar et al.2003]Standford University • EigenTrust使用用户间满意度矩阵的特征向量来计算信任值 • 信任值基础: • 每次事务后,用户要互相评价。如用户i从用户j那里下载一个文件后(也可能下载失败),用户i会以一个信任值tr(i,j)来评价这次事务。1为成功,-1为不成功(下载失败或非想要的)。 • 一个用户i对j历史性的评价(称为满意度s),记为sij

  48. EigenTrust收集、计算信任值的方法 • 传递信任值(friends of friends):用户i信任那些给他提供正确下载的用户,所以也信任这些用户所提供的信任值。满意度的规范化(normalize):规范化可以有效地避免恶意结点给予其他结点太高或太低的评价。规范后的信任值记为cij, 有∑cij=1

  49. What they think of peer k. And weight each friend’s opinion by how much you trust him. Ask your friends j .1 .5 0 0 0 .2 .1 .3 .2 .3 .1 .1 0 .2 0 .3 0 .5 .1 0 0 0 .2 The Math i对k的信任通过朋友对k的信任传递 • C为矩阵[cij],CT表示矩阵的转置,ci表示包含cij的向量

  50. 问你的朋友: t=CTci. • 问朋友的朋友: t=(CT)2ci. • 重复n次问: t=(CT)nci.,步数n越大,得到的评价越广泛从而越准确。 • 可以证明,当n很大时,每个用户i的信任值向量ti都将趋向于矩阵C的“左主特征向量”(left principal eigenvector)e • 也就是说,在EigenTrust模型中t是一个全局特征向量,它的每个元素ti代表了整个系统赋予用户j的信任值。 • 因此,每个peer并不需要存储或者计算它自己的信任向量。因为这是一个全局特征量,统一的。 • Therefore, each peer doesn’t have to store and compute its own trust vector. The whole network can cooperate to store and compute t.

More Related