Towards an Analysis of Onion Routing Security - PowerPoint PPT Presentation

About This Presentation
Title:

Towards an Analysis of Onion Routing Security

Description:

Towards an Analysis of Onion Routing Security. Syverson, Tsudik, Reed, and Landwehr ... Onion router real time Chaum mix. Store and forward with minimal delays ... – PowerPoint PPT presentation

Number of Views:63
Avg rating:3.0/5.0
Slides: 20
Provided by: adam93
Learn more at: http://hatswitch.org
Category:

less

Transcript and Presenter's Notes

Title: Towards an Analysis of Onion Routing Security


1
Towards an Analysis of Onion Routing Security
  • Syverson, Tsudik, Reed, and Landwehr
  • PET 2000
  • Presented by Adam Lee
  • 1/26/2006

2
Goals of the Paper
  • Overview of onion routing
  • Explanation of security goals
  • Description of network model assumptions
  • Discussion of adversary types
  • Security analysis
  • Comparison with Crowds

3
Onion Routing
  • Onion router real time Chaum mix
  • Store and forward with minimal delays
  • Onion routing connection phases
  • Setup
  • Transmission
  • Teardown

4
Setup Phase
  • Connection initiator builds an onion
  • Layered cryptographic structure, specifying
  • Path through network
  • Point-to-point symmetric encryption algorithms
  • Cryptographic keys
  • Structure not rigorously specified in paper
  • At each step
  • Router decrypts entire structure
  • Sets up encrypted channels to predecessor and
    successor nodes
  • Forwards new onion on to successor

5
Transmission Phase
  • When connection initiator wants to send data
  • Break data into uniform (128 bit) blocks
  • Encrypt each block once for each router in the
    path
  • Note Use symmetric encryption here
  • Send data to first onion router
  • All onion routers connected by persistent TCP
    thick pipes which add another layer of encryption
    on top of all of this encryption!

6
Security Goals
  • The goal is to hide
  • Sender activity
  • Receiver activity
  • Sender content
  • Receiver content
  • Source-destination pairs

7
Network Assumptions
  1. Onion routers are all fully connected
  2. Links are padded or bandwidth-limited to a
    constant rate
  3. Unrestricted exit policies
  4. For each route, each hop is chosen at random
  5. Number of nodes in a route is chosen at random

8
Know Your Enemy
  • 4 Types of adversaries
  • Observer
  • Disrupter
  • Hostile user
  • Compromised COR
  • Adversary distributions
  • Single
  • Multiple
  • Roving
  • Global

Note Authors claim that a group of roving
compromised CORs is most powerful (and realistic)
adversary model.
Is this true?
9
Security Analysis
10
Analysis Parameters
  • r number of CORs in the system
  • S set of CORs in the system
  • n route length
  • R R1, R2, , Rn A specific route
  • c maximum number of compromised CORs
  • C set of compromised CORS

11
Important Cases
  • Assume not all CORs are compromised (i.e., c lt
    n). There are three important cases to consider.
  • R1 ? C
  • Probability c/r
  • Rn ? C
  • Probability c/r
  • R1 and Rn ? C
  • Probability c2/r2
  • Each case has its own important properties

12
Properties of Attacks
R1 ? C Rn ? C R1 and Rn ? C
Sender activity Yes No Yes
Receiver activity No Yes Yes
Sender content No No Inferred
Receiver content No Yes Yes
S/D linking No No Yes
13
The Attackers Game
  • Probability that at least one COR on the route is
    compromised a startup
  • 1 - Pr(R ? C ?) 1 - (r-c)n/rn
  • Adversary determines
  • Rs where s min(j ? 1 n and Rj ? R ? C)
  • Re where e max(j ? 1 n and Rj ? R ? C)
  • Attacker can easily test to see if Rs Re, Rs
    R1, or Re Rn

14
The Attackers Game (cont.)
  • At each time step
  • Move one step closer to R1 (e.g., Rs Rs-1)
  • Move one step closer to Rn (e.g., Re Re1)
  • Compromise c-2 routers to try to find another
    link in the route
  • Unless one endpoint is found, then can compromise
    c-1 routers
  • Worst case max(s, n-e) rounds to reach both
    endpoints
  • Dont offer analytic solution to expected number
    of rounds to compromise both endpoints

15
Example (n6, r10, c2)
Attacker Wins!
16
Thoughts on the Game
  • What is a round? An attacker unit of time? A
    defender unit of time?
  • How long is a round? What does this analysis
    tell us without knowing that?
  • If compromising routers is as easy as jus doing
    it, what security at all does onion routing offer
    us?
  • Can we derive meaningful requirements from this
    analysis?

17
Discussion Questions
  • What are the dangers of assumption 2 (constant
    bandwidth)?
  • Is the freedom to choose ones routes through the
    network a double-edged sword?

18
Discussion Questions (cont.)
  • Assumption 4 says routes are chosen at random.
    From an probability standpoint, is this better or
    worse than everyone using the same route (e.g., a
    Hamiltonian path through the COR network)? Is it
    the same?
  • The title of this paper is Towards an Analysis
    of Onion Routing Security and it clearly makes a
    good first contribution to this area. How could
    this analysis be improved and/or made more
    comprehensive?

19
Discussion Questions (cont.)
  • Why would NRL fund this type of work? Contrast
    this with the previous work done in this area by
    groups such as the cypherpunks.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Towards an Analysis of Onion Routing Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!