andana: onion routing for ndn steve dibenedetto colorado state university andana: anonymous named...

Report

Post on 17-Dec-2015

213 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

ANDaNA: Onion Routing for NDN

Steve DiBenedettoColorado State University

ANDaNA: Anonymous Named Data Networking Application NDSS ’12

Steven DiBenedetto, Paolo Gasti, Gene Tsudik, Ersin Uzun

http://arxiv.org/find/cs/1/au:+DiBenedetto_S/0/1/0/all/0/1
http://arxiv.org/find/cs/1/au:+Gasti_P/0/1/0/all/0/1
http://arxiv.org/find/cs/1/au:+Tsudik_G/0/1/0/all/0/1
http://arxiv.org/find/cs/1/au:+Uzun_E/0/1/0/all/0/1

D: /omh/blood-pressure/steveLoc: /fitbit/key { mmHg: 100 }

D: /omh/blood-pressure/steve { mmHg: 100 }

Information Linkage & Leakage

I: /omh/blood-pressure/steve

I: /omh/blood-pressure/steveNonce: <rand-int>Lifetime: <int>Loc: /fitbit/key

• Encrypted names, payloads, and header fields may link requester to sensitive content or leak information

3

Onion Routing in NDN

/OR-1

/OR-2

I: /omh/blood-pressure/steveNonce: <rand-int>Loc: /fitbit/keyI: /omh/blood-pressure/steve

Nonce: <rand-int>Loc: /fitbit/key

I: /OR-2

I: /OR-1

I: /omh/blood-pressure/steveNonce: <rand-int>Loc: /fitbit/key

I: /OR-2I: /omh/blood-pressure/steveNonce: <rand-int>Loc: /fitbit/key

D: /omh/blood-pressure/steveLoc: /fitbit/key { mmHg: 100 }

D: /omh/blood-pressure/steveLoc: /fitbit/key

{ mmHg: 100 }

D: /OR-2

D: /omh/blood-pressure/steveLoc: /fitbit/key

{ mmHg: 100 }

D: /OR-2

D: /OR-1

4

Improvements Over Tor• Need fewer relays than Tor (2 vs 3)

– Potentially 1 less Internet-wide RTT

• ANDaNA paths are HIGHLY ephemeral– No path setup cost– Change keys and relays at will during a Data stream without interruption– Tor sets up much longer lived circuits in comparison (~ 10 minutes)

• Symmetric key session-based mode also available– Can be freely intermixed with public key crypto mode for the same Data stream.

• NDN gives us a lot for free– CS improves retransmission and chance for cache hit at exit node– OR prefixes can refer to multiple relays– OR directory more robust to attacks thanks to signed Data

5

The Exit Node Problem

/OR-1

/OR-2

I: /omh/blood-pressure/steveExclude: <name-comp>Loc: /fitbit/key

D: /omh/blood-pressure/steveLoc: /fitbit/key { mmHg: 100 }

NDN-NP environments are not the general case: both are privacy/security aware

6

Summary

• ANDaNA provides a Tor-like service for NDN, but new tradeoffs to consider

• ANDaNA is fundamentally a proxy: use as many (or few) relays as needed

7

Thoughts

• What’s the threat model for NDN-NP?

• Tradeoffs:– ANDaNA provides low latency anonymity– Mix networks could be used if NDN-NP can tolerate

latency

• Implementing confidentiality:– Confidentially must be left to applications.– Users don’t own the network, but can own overlays

top related

national diabetes services scheme (ndss) insulin · pdf...
Documents
[emmanuele dibenedetto (auth.)] real analysis(bookza.org)...
Documents
1 andana lucrare de diploma
Documents
understanding and detecting international ... - ndss...
Documents
polypyus – the firmware historian - ndss symposium
Documents
ajith suresh - ndss symposium
Documents
social engineering - nii.ac.jp · ... (analytics,...
Documents
realizzato da : gaetano dibenedetto 2°d i.t.i.s. per la...
Documents
ndss ambassador sargent shriver international global...
Documents
dachshund - ndss symposium · dachshund digging for and...
Documents
dibenedettolaw.comdibenedettolaw.com/.../corriere_della_sera-dibenedetto-amanda_knox.pdf ·...
Documents
ndss registration form - diabetes australia · pdf...
Documents
the adrenal gland: fight or flight alexa branco, emily...
Documents
i am: joy dibenedetto
Documents
fookune ndss gsm (1)
Documents
guess who’s texting you? evaluating the security of...
Documents
ndss symposium
Documents
botsniffer ndss slides
Documents
you are what you like - ndss symposium · you are what you...
Documents
ndss 2007 philipp vogt, florian nentwich, nenad jovanovic,...
Documents