11
CS 144r: Networks Design ProjectsCS 244r: Advanced Networks Design
ProjectsHBS 4560: The Future of Business
Networks
Anonymizing InfrastructureFebruary 22, 2002
Professor Marco Iansiti, HBS Professor H. T. Kung, FAS
Harvard University
2
Topics for TodayTopics for Today
Overview of an IP-layer anonymizing infrastructure
Project on attacking the anonymizing infrastructure
3
Problem To SolveProblem To Solve
An authentication server, by definition, needs to An authentication server, by definition, needs to process requests from unknown users; thus, it process requests from unknown users; thus, it can be subject to DOS attackscan be subject to DOS attacks
AuthenticationServer
ClientsThe Internet
4
A Solution Approach Based on A Solution Approach Based on an Anonymizing Infrastructurean Anonymizing Infrastructure
Provide an Provide an IP-layer anonymizing IP-layer anonymizing infrastructureinfrastructure that can hide IP addresses that can hide IP addresses of authentication servers from clientsof authentication servers from clients
This anonymizing infrastructure can be This anonymizing infrastructure can be useful for current and future authentication useful for current and future authentication servers and other servers servers and other servers
5
The Traditional Internet: Packet The Traditional Internet: Packet Reveals Server Address in the ClearReveals Server Address in the Clear
Server
140.247.60.30
Client
Packet
The Internet
140.247.60.30
D
6
The Anonymizing Infrastructure: Use The Anonymizing Infrastructure: Use Forwarders to Hide Servers’ AddressesForwarders to Hide Servers’ Addresses
Server
Client
Addresses encrypted in Fs’ keys
D
D
D
D
F1
F2
The infrastructure is an overlay network of The infrastructure is an overlay network of forwarders, Fsforwarders, Fs
Forwarders are stateless and use anycast Forwarders are stateless and use anycast addresses for improved availabilityaddresses for improved availability
7
Use of Gateways To Allow Existing Use of Gateways To Allow Existing Clients and Servers Without ModificationClients and Servers Without Modification
ServerClient D
D
D
D
F1
F2
GWc
GWs
Gateways, GWc and GWs, allow existing Gateways, GWc and GWs, allow existing clients and servers to use the anonymous clients and servers to use the anonymous forwarding infrastructure without modificationforwarding infrastructure without modification
Initialization Server
8
Three Usage Steps for the Three Usage Steps for the Anonymizing Infrastructure Anonymizing Infrastructure
1. Server Registration: Given a server, select a : Given a server, select a sequence of forwarders, compute the sequence of forwarders, compute the encrypted IP address for the server, and encrypted IP address for the server, and register the resultsregister the results The sequence of forwarders can be selected The sequence of forwarders can be selected
mmanually or automatically or automatically
2. Client Initialization: Given a server, obtain the encrypted address for the server, the address of the first decrypting forwarder, and other information required for forwarding
3. Packet Forwarding: forward packets over the : forward packets over the selected sequence of forwardersselected sequence of forwarders
9
Internet Drafts and Mailing ListInternet Drafts and Mailing List
Internet Drafts:Internet Drafts: Bradner, S., and Kung, H. T., "Requirements for an Bradner, S., and Kung, H. T., "Requirements for an
Anonymizing Packet Forwarder," <draft-bradner-Anonymizing Packet Forwarder," <draft-bradner-annfwd-req.txt>, November 2001annfwd-req.txt>, November 2001
Kung, H. T. and Bradner, S., "A Framework for an Kung, H. T. and Bradner, S., "A Framework for an Anonymizing Packet Forwarder," <draft-kung-annfwd-Anonymizing Packet Forwarder," <draft-kung-annfwd-framework.txt>, November 2001.framework.txt>, November 2001.
Mailing list:Mailing list:
http://wireless.eecs.harvard.edu/anon
Comments would be appreciatedComments would be appreciated
10
Experimental System for an Experimental System for an Anonymizing Infrastructure Anonymizing Infrastructure
• We have implemented the three usage steps for an anonymizing infrastructurenonymizing infrastructure
• A FreeBSD-based experimental system is A FreeBSD-based experimental system is working in our lab at Harvard working in our lab at Harvard
• In the following we use our experimental In the following we use our experimental system to illustrate the three steps system to illustrate the three steps
11
Step 1: Server RegistrationStep 1: Server Registration
Server alias:
Server IP address:
1st forwarder:
Server port numbers:
2nd forwarder:
Kerberos Server in CS at Harvard
140.247.60.105
88
12
Step 2: Client InitializationStep 2: Client Initialization
ServerClient D
D
D
D
F1
F2
Initialization Server
Client obtains information, such as server’s Client obtains information, such as server’s address encrypted in Fs’ keys and F1’s address encrypted in Fs’ keys and F1’s address, from an initialization serveraddress, from an initialization server
13
Step 3: Packet ForwardingStep 3: Packet Forwarding
ServerClient D
D
D
D
F1
F2Initialization Server
Client’s packet is forwarded to F1. F1 decrypts Client’s packet is forwarded to F1. F1 decrypts the address and discovers the next hop is F2. the address and discovers the next hop is F2. Then packet is forwarded to F2, etc.Then packet is forwarded to F2, etc.
The return path is from server to F2, F1 and The return path is from server to F2, F1 and clientclient
14
Use of Client and Server Gateways Use of Client and Server Gateways in Our Experimental Systemin Our Experimental System
ServerClient D
D
D
D
F1
F2
GWc
GWs
Gateways, GWc and GWs, allow existing Gateways, GWc and GWs, allow existing clients and servers to use the anonymous clients and servers to use the anonymous forwarding infrastructure without modificationforwarding infrastructure without modification
Initialization Server
15
Experimental System PlatformExperimental System PlatformUse divert socket on FreeBSD-4.4 Use divert socket on FreeBSD-4.4
machines (machines (http://www.freebsd.org/http://www.freebsd.org/) in ) in implementing forwarders, GWc and GWsimplementing forwarders, GWc and GWs
PPTP VPN: mpd (netgraph multi-link PPP PPTP VPN: mpd (netgraph multi-link PPP daemon)daemon)
Crypto softwareCrypto softwarePublic key: RSA from OpenSSL (Public key: RSA from OpenSSL (
http://www.openssl.org/http://www.openssl.org/))Symmetric key: 128-bit AES (Rijndael) (Symmetric key: 128-bit AES (Rijndael) (
http://www.nist.gov/aes/http://www.nist.gov/aes/))
16
Two Threat ModelsTwo Threat Models
1)1) Monitoring a forwarder’s input & Monitoring a forwarder’s input & output, or compromising a forwarderoutput, or compromising a forwarderCapture client and forwarder or server Capture client and forwarder or server
addressaddress
2)2) Using the anonymizing infrastructure Using the anonymizing infrastructure to launch attacksto launch attacksMake tracking of attackers difficultMake tracking of attackers difficult
17
CountermeasuresCountermeasures(See the Next Three Slides)(See the Next Three Slides)
Multi-hop forwardingMulti-hop forwarding to make it hard to to make it hard to discover the exit forwarder before the discover the exit forwarder before the serverserver
Uncorrelated, per-packet encryptionUncorrelated, per-packet encryption for for each of the hops (except the hop between each of the hops (except the hop between the client to the first forwarder where the client to the first forwarder where encryption is not needed) to defend against encryption is not needed) to defend against unauthorized monitoringunauthorized monitoring
Protocol camouflagingProtocol camouflagingSpaghetti forwardingSpaghetti forwarding
18
Multi-hop ForwardingMulti-hop Forwarding
ServerClient D
D
F1
F2
D
F3
D
F4
To locate F4, the exit forwarder, the entire To locate F4, the exit forwarder, the entire path (F1, F2, F3, F4) will need to be path (F1, F2, F3, F4) will need to be discovereddiscovered
19
Uncorrelated, Per-packet Encryption Uncorrelated, Per-packet Encryption in Our Experimental Systemin Our Experimental System
ServerClient D
D
F1
F2
GWc
GWs
N submissions of the same packet
When there is unauthorized monitoring, this When there is unauthorized monitoring, this feature makes it difficult for attackers to use feature makes it difficult for attackers to use traffic analysis to discover the forwarding path traffic analysis to discover the forwarding path
N different encrypted packet payloads
20
Camouflaged TCP over UDPCamouflaged TCP over UDP
IPheader
TCPheader
TCPpayload
IPheader
UDPheader
TCPpayload
TCPheader
IPheader
TCPheader
TCPpayload
UDPheader
TCPheader
Normal TCP
TCP over UDP
Camouflaged TCP over UDP
22
Additional CountermeasuresAdditional Countermeasures
Rate limiting forwardersRate limiting forwardersDynamic re-selection of forwardersDynamic re-selection of forwardersSecure connection between GWc and Secure connection between GWc and
Initialization ServerInitialization Server to ensure the former to ensure the former receives trustworthy information from the receives trustworthy information from the latterlatter
23
Revisit the Project Definition: Attacking Revisit the Project Definition: Attacking An An Experimental Anonymizing Infrastructure Experimental Anonymizing Infrastructure Attacker’s objectiveAttacker’s objective
Find the IP address that the anonymizing Find the IP address that the anonymizing infrastructure tries to hideinfrastructure tries to hide
AssumptionsAssumptions Links in the infrastructure and those connected to it Links in the infrastructure and those connected to it
can be monitoredcan be monitored DemonstrationDemonstration
Given an encrypted IP address of a server, find its Given an encrypted IP address of a server, find its true addresstrue address
Attacker’s scoreAttacker’s score An attacker’s score decreases exponentially in the An attacker’s score decreases exponentially in the
number of false forwarders explorednumber of false forwarders explored