300 likes | 440 Views
Making Peer-to-Peer Anonymous Routing Resilient to Failures. Yingwu Zhu Seattle University http://fac-staff.seattleu.edu/zhuy. Overview. Background P2P Anonymous Routing Research Problem Current Solutions Our Approach Erasure Coding Message and Path Redundancy Wise Choice of Mixes.
E N D
Making Peer-to-Peer Anonymous Routing Resilient to Failures Yingwu Zhu Seattle University http://fac-staff.seattleu.edu/zhuy IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
P2P Anonymous Routing • Using P2P networks as an anonymizing network to achieve initiator/responder anonymity • Using peer nodes as mixes or relay nodes to relay messages, tunneling communication for initiators/responders • Many are based on Onion Routing • Layered encryption creates an Onion • Multi-hop routing: an anonymous message represented by an Onion goes through a small number of mixes (strip the Onion) IPDPS 2007
P2P Anonymous Routing • Why appealing? • A potentially large anonymity set offered by the open set of peer nodes • Sidestep political background and local jurisdiction issues due to the distribution of peer nodes • Scalable compared to current static anonymizing networks which operate a small set of fixed mixes • Ideal for hiding anonymous traffics due to communication patterns and heterogeneity of peer nodes’ locations • More?... IPDPS 2007
P2P Anonymous Routing • A big challenge: node churn in P2P networks • Problems • Fragile and short-lived paths: node failures disrupts anonymous paths/tunnels • Message loss and communication failures • Complicate path construction which is expensive, i.e., usually incurs expensive asymmetric encryption/decryption IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
Research Problem • Can we make P2P anonymous routing resilient to node failures? • We are not alone! • Mix-base solutions • Multicast-based solutions IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
Current Solutions • Mix-based • Use a group of peer nodes as a mix to mask single mix node failures • The peer nodes in each group share secrecy to encrypt/decrypt messages along the path • E.g., TAP and Cashmere IPDPS 2007
Current Solutions • Multicast-based • Initiators and responders join a group • Messages are multicasted to all group members • Cover/noise traffics are used to gain initiator/responder anonymity • Bandwidth overhead due to message multicasting and cover traffics • E.g., P5, APFS, Hordes IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
Our Approach • Based on a simple yet powerful idea • Resilience can be achieved by redundancy • Rely on Onion routing • Layered encryption and multi-hop routing • Techniques employed • Message redundancy by erasure coding • Path redundancy (coded messages are sent over multiple disjoint paths) • Wise choice of peer nodes as mixes in each single path IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
Erasure Coding • Widely used in file & storage systems • Tradeoff between data availability and storage cost • Breaks a message M into n coded segments, each of length |M|/m • m of n segments suffice to reconstruct M • Redundancy r = n/m IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
M1 M1 M1 M1 Mk … … Mk Mk Mk … … Mn Mn Mn Mn Onion Routing Message and Path Redundancy M: original message Mi: coded segment with length of |M|/m, 1≤ i ≤ n Bob Alice Alice can reconstruct M upon the first m arrived coded segments IPDPS 2007
Allocation of Coded Segments • Message M n coded segments with length of|M|/m, redundancy r = n/m • k disjoint paths from Bob to Alice • Idea: equally distribute n segments over k paths (k ≤ n, assume k is a multiple of r for simplicity) • P(k) = Psuccess (Alice receives M) = Prob(≥k/r paths succeed in message delivery) p = (pnode_availability)L L: # of nodes in a path Goal: maximize P(k) with respect to k and r IPDPS 2007
Allocation of Coded Segments Guideline to maximize routing resilience upon different node availabilities and message redundancy degrees IPDPS 2007
Validation of 3 Observations Impact of different ks on success of routing under different node availabilities of 0.70, 0.86, and 0.95, where L = 3 and r = 2. IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
Wise Choice of Mixes • Problem • Current mix-based protocols do NOT consider node lifetime when choosing mixes • Random selection in mixes • Our goal • Choose nodes that tend to live longer as mixes • Improve path durability (prolong path lifetime) • Challenge • Can we predict node lifetime? IPDPS 2007
Node Lifetime Distribution Figure 1: Cumulative dist. of the measured Gnutella node lifetime dist. comparedwith a Pareto dist. with α=0.83 and β = 1560 sec. IPDPS 2007
Wise Choice of Mixes • Based on the Pareto distribution • Prediction: Nodes that have stayed a long time tend to stay longer in the system • Each node gossips node liveness information they have learned • Each node seeking anonymity makes mix choices to construct anonymous paths based on node liveness prediction IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
Experimental Setup • Simulator built from P2psim 3.0 by MIT • Augment OneHop • Membership management is essentially a hierarchical gossip protocol • Learn node liveness information • Node lifetime dist. to simulate churn • Pareto • Uniform • Exponential IPDPS 2007
Results • Main results are omitted here. • Security analysis • Similar to Onion Routing • Please see paper for details IPDPS 2007
Impact of wise choice of mixes on path durability (the duration that a sender can successfully route messages to a destination over 4 disjoint paths with redundancy degree of 4) IPDPS 2007
Overview • Background • P2P Anonymous Routing • Research Problem • Current Solutions • Our Approach • Erasure Coding • Message and Path Redundancy • Wise Choice of Mixes • Evaluation • Experimental Setup • Results • Summary IPDPS 2007
Summary • Strike a balance between routing resilience and bandwidth cost while preserving sender anonymity • Message redundancy by erasure coding and path redundancy • Improve path construction and routing resilience • Tolerate up to path failures • Choice of mixes based on node lifetime prediction • Based on Pareto dist. • Surprisingly, work very well for other dist. like Uniform and Exponential dist. (significantlybetter than random selection) • Bandwidth cost by erasure coding is modest IPDPS 2007
Questions ? IPDPS 2007