flexible anonymous network - pet_symposium...1: "dropping on the edge: flexibility and trafc...
TRANSCRIPT
![Page 1: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/1.jpg)
Flexible Anonymous NetworkFlexible Anonymous Network
Florentin RochetFlorentin Rochet🔒🔒, Olivier Bonaventure, Olivier Bonaventure📨📨, and, and
Olivier PereiraOlivier Pereira🔒🔒
🔒 UCLouvain Crypto Group, Belgium
📨 UCLouvain IP Networking Lab, Belgium
1Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 2: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/2.jpg)
TorTorA distributed network run by volunteers to seperate identi�cation from the routing task
2Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 3: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/3.jpg)
Features deploymentFeatures deploymentDeploying new protocol features is painfully dif�cult
3Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 4: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/4.jpg)
Features deploymentFeatures deploymentDeploying new protocol features is painfully dif�cult
4Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 5: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/5.jpg)
The impossible choiceThe impossible choice
5Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 6: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/6.jpg)
Protocol tolerance (as implemented today) is a vector to ef�cient attacks1, 2, 3, 4, 5
1: "Dropping on the Edge: Flexibility and Traf�c Con�rmation in Onion Routing Protocols", PoPETs2018
2: "CMU-FBI relay_early con�rmation attack", (see Tor's blog post)
3: "The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network", NDSS 2014
4: "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization", S&P 2013
5: "A Practical Congestion Attack on Tor Using Long Paths", Usenix Security 2009
We need to deploy �xes faster
... without excluding any relay from the network
(Probably impossible with *current* deployment methods)
It is also about security!
6Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 7: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/7.jpg)
Introducing FANIntroducing FAN
De�nition:
We call FAN, for Flexible Anonymous Network, an anonymousnetwork architecture able to transparently change its behaviorfor one or many users without having to restart relays orperturbing other user connections while proceeding to add,remove or modify protocol features.
Threat model is context-dependent (we will see why)High performance
7Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 8: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/8.jpg)
What is the magic trick?
8Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 9: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/9.jpg)
A userland VMA userland VM
Run within the Tor processImplements a RISC architectureLoad and execute "Protocol Plugins"(upon bytecode authentication)Protocol Plugins are sandboxed
9Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 10: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/10.jpg)
code in hello_world.c:
Meta-info in hello_world.plugin:
Hello World!Hello World!
#include "core/or/plugin.h" // things that can be defined in a .h and included here #include "hello_world_features.h" // My plugin main entry point uint64_t hello_world(void *args) { log_fn_(LOG_DEBUG, LD_PLUGIN, __FUNCTION__, "Hello, I am becoming self-aware. Run."); return 0; }
hello_world replace some_tor_function for_some_module hello_w
10Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 11: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/11.jpg)
How would Protocol Plugins impact performance on areal usecase
11Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 12: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/12.jpg)
Is versionned (new version currently in deployment)New version solves fairness and security issues, but would take many years to be widelyused
Deployment could be almost instantaneous with Protocol Plugins
10000ft �ow-control overview10000ft �ow-control overview
12Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 13: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/13.jpg)
SENDME cells in a pluginSENDME cells in a plugin4 nodes (client-relay-relay-relay) on the loopback (4 cpus); 20 MB stream pushed 50times
13Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 14: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/14.jpg)
Some perf evalSome perf eval200 relays, 2000 clients:
14Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 15: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/15.jpg)
What *should* be extensible? (ongoing research)What about safety and security for a network-wide extension system? (ongoing research)
Safety: sending protocol plugins to the whole network *must* be a multi-devagreementSecurity: threshold signatures (TUF?[1]); *must* survive key compromise;
Is eBPF the right tool? What about webAssembly? (ongoing research)Advancing Tor's control over plugin execution (ongoing research)
[1] J. Samuel, N. Mathewson, J. Cappos, and R. Dingledine. Survivable key compromise in software update systems. InProceedings of the 17th ACM conference on Computer and communications security, pages 61–72. ACM, 2010
How to properly integrate?How to properly integrate?
15Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 16: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/16.jpg)
Custom Internet Privacy (Further Work)Custom Internet Privacy (Further Work)Can we go further than re-designing forward compatibility?What if clients plug their own set of features to their ephemeral connection?
Could improve performance/anonymity tradeoff (ongoing research)e.g., Plug a padding scheme when using a given .onione.g., Join a mixnet plugin when sending emails
We could push the threat model to the application (or even to the user forexpert mode)Protocol Plugins could ease contributions from the research communityHuh. Great remote code exploitation toolset, what can go wrong?
1 piece of the puzzle to defend in our upcomming ACM SIGCOMM'19"Pluginizing QUIC" work
✓
✓
✓
✗
16Florentin R. - Flexible Anonymous Network - 26th Jul 2019
![Page 17: Flexible Anonymous Network - PET_Symposium...1: "Dropping on the Edge: Flexibility and Trafc Conrmation in Onion Routing Protocols", PoPETs 2018 2: "CMU-FBI relay_early conrmation](https://reader033.vdocuments.site/reader033/viewer/2022050314/5f76ff6c98315241cd1d0b46/html5/thumbnails/17.jpg)
Protocol Plugins is a generic solution, and may be used to address many problemse.g., censorship? Using an authorized application supporting protocol plugins to hideephemeral features (e.g., end-to-end secure messaging over bitcoin gossipingprotocol?)... many more ;)
Custom Internet Privacy: the quest for the one anonymous network that �ts many usages!10+ years of research ahead with theoretical and practical challenges!
Getting security right is going to take timeDisclaimer: current VM implementation is experimental and has some strong limitations
But heh, that would eventually be much improved
ConclusionConclusion
Be conservative in what you do, stay conservative in what youaccept from others
17Florentin R. - Flexible Anonymous Network - 26th Jul 2019