6 research outputs found
TORKAMELEON. IMPROVING TOR’S CENSORSHIP RESISTANCE WITH K-ANONYMIZATION MEDIA MORPHING COVERT INPUT CHANNELS
Anonymity networks such as Tor and other related tools are powerful means of increas-
ing the anonymity and privacy of Internet users’ communications. Tor is currently the
most widely used solution by whistleblowers to disclose confidential information and
denounce censorship measures, including violations of civil rights, freedom of expres-
sion, or guarantees of free access to information. However, recent research studies have
shown that Tor is vulnerable to so-called powerful correlation attacks carried out by
global adversaries or collaborative Internet censorship parties. In the Tor ”arms race”
scenario, we can see that as new censorship, surveillance, and deep correlation tools have
been researched, new, improved solutions for preserving anonymity have also emerged.
In recent research proposals, unobservable encapsulation of IP packets in covert media
channels is one of the most promising defenses against such threat models. They leverage
WebRTC-based covert channels as a robust and practical approach against powerful traf-
fic correlation analysis. At the same time, these solutions are difficult to combat through
the traffic-blocking measures commonly used by censorship authorities.
In this dissertation, we propose TorKameleon, a censorship evasion solution de-
signed to protect Tor users with increased censorship resistance against powerful traffic
correlation attacks executed by global adversaries. The system is based on flexible K-
anonymization input circuits that can support TLS tunneling and WebRTC-based covert
channels before forwarding users’ original input traffic to the Tor network. Our goal
is to protect users from machine and deep learning correlation attacks between incom-
ing user traffic and observed traffic at different Tor network relays, such as middle and
egress relays. TorKameleon is the first system to implement a Tor pluggable transport
based on parameterizable TLS tunneling and WebRTC-based covert channels. We have
implemented the TorKameleon prototype and performed extensive validations to ob-
serve the correctness and experimental performance of the proposed solution in the Tor
environment. With these evaluations, we analyze the necessary tradeoffs between the
performance of the standard Tor network and the achieved effectiveness and performance
of TorKameleon, capable of preserving the required unobservability properties.Redes de anonimização como o Tor e soluções ou ferramentas semelhantes são meios
poderosos de aumentar a anonimidade e a privacidade das comunicações de utilizadores
da Internet . O Tor é atualmente a rede de anonimato mais utilizada por delatores para
divulgar informações confidenciais e denunciar medidas de censura tais como violações
de direitos civis e da liberdade de expressão, ou falhas nas garantias de livre acesso à
informação. No entanto, estudos recentes mostram que o Tor é vulnerável a adversários
globais ou a entidades que colaboram entre si para garantir a censura online. Neste
cenário competitivo e de jogo do “gato e do rato”, é possível verificar que à medida que
novas soluções de censura e vigilância são investigadas, novos sistemas melhorados para
a preservação de anonimato são também apresentados e refinados. O encapsulamento de
pacotes IP em túneis encapsulados em protocolos de media são uma das mais promissoras
soluções contra os novos modelos de ataque à anonimidade. Estas soluções alavancam
canais encobertos em protocolos de media baseados em WebRTC para resistir a poderosos
ataques de correlação de tráfego e a medidas de bloqueios normalmente usadas pelos
censores.
Nesta dissertação propomos o TorKameleon, uma solução desenhada para protoger
os utilizadores da rede Tor contra os mais recentes ataques de correlação feitos por um
modelo de adversário global. O sistema é baseado em estratégias de anonimização e
reencaminhamento do tráfego do utilizador através de K nós, utilizando também encap-
sulamento do tráfego em canais encobertos em túneis TLS ou WebRTC. O nosso objetivo
é proteger os utilizadores da rede Tor de ataques de correlação implementados através
de modelos de aprendizagem automática feitos entre o tráfego do utilizador que entra
na rede Tor e esse mesmo tráfego noutro segmento da rede, como por exemplo nos nós
de saída da rede. O TorKameleon é o primeiro sistema a implementar um Tor pluggable
transport parametrizável, baseado em túneis TLS ou em canais encobertos em protocolos
media. Implementamos um protótipo do sistema e realizamos uma extensa avalição expe-
rimental, inserindo a solução no ambiente da rede Tor. Com base nestas avaliações, anali-
zamos o tradeoff necessário entre a performance da rede Tor e a eficácia e a performance
obtida do TorKameleon, que garante as propriedades de preservação de anonimato
Recommended from our members
Global Data Plane: A Widely Distributed Storage and Communication Infrastructure
With the advancement of technology, richer computation devices are making their way into everyday life. However, such smarter devices merely act as a source and sink of information; the storage of information is highly centralized in data-centers in today’s world. Even though such data-centers allow for amortization of cost per bit of information, the density and distribution of such data-centers is not necessarily representative of human population density. This disparity of where the information is produced and consumed vs where it is stored only slightly affects the applications of today, but it will be the limiting factor for applications of tomorrow.The computation resources at the edge are more powerful than ever, and present an opportunity to address this disparity. We envision that a seamless combination of these edge-resources with the data-center resources is the way forward. However, the resulting issues of trust and data-security are not easy to solve in a world full of complexity. Toward this vision of a federated infrastructure composed of resources at the edge as well as those in data-centers, we describe the architecture and design of a widely distributed system for data storage and communication that attempts to alleviate some of these data security challenges; we call this system the Global Data Plane (GDP).The key abstraction in the GDP is a secure cohesive container of information called a DataCapsule, which provides a layer of uniformity on top of a heterogeneous infrastructure. A DataCapsule represents a secure history of transactions in a persistent form that can be used for building other applications on top. Existing applications can be refactored to use DataCapsules as the ground truth of persistent state; such a refactoring enables cleaner application design that allows for better security analysis of information flows. Not only cleaner design, the GDP also enables locality of access for performance and data privacy—an ever growing concern in the information age.The DataCapsules are enabled by an underlying routing fabric, called the GDP network, which provides secure routing for datagrams in a flat namespace. The GDP network is a core component of the GDP that enables various GDP components to interact with each other. In addition to the DataCapsules, this underlying network is available to applications for native communication as well. Flat namespace networks are known to provide a number of desirable properties, such as location independence, built-in multicast, etc. However, existing architectures for such networks suffer from routing security issues, typically because malicious entities can claim to possess arbitrary names and thus, receive traffic intended for arbitrary destinations. GDP network takes a different approach by defining an ownership of the name and the associated mechanisms for participants to delegate routing for such names to others. By directly integrating with GDP network, applications can enjoy the benefits of flat namespace networks without compromising routing security.The Global Data Plane and DataCapsules together represent our vision for secure ubiquitous storage. As opposed to the current approach of perimeter security for infrastructure, i.e. drawing a perimeter around parts of infrastructure and trusting everything inside it, our vision is to use cryptographic tools to enable intrinsic security for the information itself regardless of the context in which such information lives. In this dissertation, we show how to make this vision a reality, and how to adapt real world applications to reap the benefits of secure ubiquitous storage
Private and censorship-resistant communication over public networks
Society’s increasing reliance on digital communication networks is creating unprecedented opportunities for wholesale
surveillance and censorship. This thesis investigates the use of public networks such as the Internet to build
robust, private communication systems that can resist monitoring and attacks by powerful adversaries such as national
governments.
We sketch the design of a censorship-resistant communication system based on peer-to-peer Internet overlays in which
the participants only communicate directly with people they know and trust. This ‘friend-to-friend’ approach protects
the participants’ privacy, but it also presents two significant challenges. The first is that, as with any peer-to-peer
overlay, the users of the system must collectively provide the resources necessary for its operation; some users might
prefer to use the system without contributing resources equal to those they consume, and if many users do so, the
system may not be able to survive.
To address this challenge we present a new game theoretic model of the problem of encouraging cooperation between
selfish actors under conditions of scarcity, and develop a strategy for the game that provides rational incentives for
cooperation under a wide range of conditions.
The second challenge is that the structure of a friend-to-friend overlay may reveal the users’ social relationships to
an adversary monitoring the underlying network. To conceal their sensitive relationships from the adversary, the
users must be able to communicate indirectly across the overlay in a way that resists monitoring and attacks by other
participants.
We address this second challenge by developing two new routing protocols that robustly deliver messages across
networks with unknown topologies, without revealing the identities of the communication endpoints to intermediate
nodes or vice versa. The protocols make use of a novel unforgeable acknowledgement mechanism that proves that a
message has been delivered without identifying the source or destination of the message or the path by which it was
delivered. One of the routing protocols is shown to be robust to attacks by malicious participants, while the other
provides rational incentives for selfish participants to cooperate in forwarding messages