]> git.siccegge.de Git - talk/attack-i2p-raid2013.git/blob - beamer.tex
projects / talk / attack-i2p-raid2013.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Include missing files
[talk/attack-i2p-raid2013.git] / beamer.tex
1 \documentclass{beamer}
2 \usetheme{i4}
3 \usepackage[utf8]{inputenc}
4 \usepackage{tikz}
5 \usepackage{multicol}
6 \usepackage{listings}
7 \lstloadlanguages{lisp}
8
9 \usetikzlibrary{svg.path,positioning,intersections}
10 \usepgflibrary{shapes.geometric}
11 \usepgflibrary{shapes.misc}
12 \usepgflibrary{shapes.symbols}
13
14 \usepgflibrary{shapes}
15 \usetikzlibrary{shapes,decorations,shadows}
16 \usetikzlibrary{decorations.pathmorphing}
17 \usetikzlibrary{decorations.shapes}
18 \usetikzlibrary{fadings}
19 \usetikzlibrary{patterns}
20 \usetikzlibrary{calc}
21 \tikzstyle{netdb}=[anchor=center,color=black,rectangle,draw,minimum
22 size=.6em,minimum height=.2em]
23 \tikzstyle{client}=[fill=i4gray,rectangle,draw]
24 \tikzstyle{chain}=[rectangle,draw,minimum size=1em,minimum height=.5em]
25 \tikzstyle{arrow}=[->,thick,draw,shorten <=2pt,shorten >=2pt,]
26 \tikzstyle{tunnel}=[fill=gray,shape=ellipse,minimum size=4em,minimum height=1.1em]
27
28 \newcommand{\iip}[1]{\textcolor{i4red}{#1}}
29
30 \author[Christoph Egger]{{\bf Christoph Egger}, Johannes Schlumberger, Christopher
31 Kruegel, Giovanni Vigna}
32 \title{Practical Attacks Against The I2P Network}
33 \institute{Friedrich-Alexander University Erlangen-Nuremberg\\
34 University of California, Santa Barbara}
35 \date{October 25, 2013}
36 \begin{document}
37
38 \begin{frame}[plain]
39 \vspace{1.5em}
40 \titlepage
41 \begin{center}
42 \includegraphics[width=0.23\paperwidth]{fau_siegel}
43 \hspace{1.5em}
44 \includegraphics[width=0.25\paperwidth]{ucsbseal}
45 \end{center}
46 \end{frame}
47
48 \begin{frame}
49 \frametitle{Outline}
50 \begin{multicols}{2}
51 \begin{block}{What is I2P?}
52 \begin{itemize}
53 \item Tunnels
54 \item Network Database
55 \item \textcolor{gray}{Floodfill Participation}
56 \item Threat model
57 \end{itemize}
58 \end{block}
59 \begin{block}{\textcolor{gray}{Floodfill Takeover Attack}}
60
61 \end{block}
62 \begin{block}{Sibyl Attack}
63 \begin{itemize}
64 \item Attack Description
65 \item Evaluation
66 \end{itemize}
67 \end{block}
68 \begin{block}{\textcolor{gray}{Eclipse Attack}}
69
70 \end{block}
71 \begin{block}{Deanonymization Attack}
72 \begin{itemize}
73 \item Attack Description
74 \item Evaluation
75 \end{itemize}
76 \end{block}
77 \begin{block}{Conclusions}
78 \begin{itemize}
79 \item Limitations
80 \item I2P improvements
81 \item \textcolor{gray}{Related Work}
82 \end{itemize}
83 \end{block}
84 \end{multicols}
85 \end{frame}
86
87 \begin{frame}
88 \frametitle{Anonymity}
89 \begin{block}{Who needs anonymity}
90 \begin{itemize}
91 \item Criminals
92 \item Civil rights activists
93 \item Everyone else
94 \end{itemize}
95 \end{block}\pause
96 \begin{block}{I2P and tor}
97 \begin{itemize}
98 \item Tor: directory authorities $\leftrightarrow$ I2P:
99 decentralized DHT
100 \item Tor: proxy to the outside world $\leftrightarrow$ I2P:
101 separated \emph{Darknet}
102 \end{itemize}
103 \end{block}
104 \end{frame}
105
106 \begin{frame}
107 \frametitle{Introduction to I2P}
108 \begin{itemize}\addtolength{\itemsep}{1\baselineskip}
109 \item Solution for anonymous communication
110 \item Separated from the ``Internet'' -- \emph{Darknet}
111 \item Fully distributed design
112 \item Based on onion-routing
113 \item Between 18,000 and 28,000 active users
114 \end{itemize}
115 \end{frame}
116
117 \section{I2P}
118 \begin{frame}
119 \frametitle{I2P}
120 \begin{multicols}{2}
121 \begin{block}{Router}
122 \begin{itemize}
123 \item Handle connections
124 \item Provide name services
125 \end{itemize}
126 \end{block}
127 % \pause
128 \begin{block}{Applications}
129 \begin{itemize}
130 \item Server, client or P2P software
131 \item Sockets interface with TCP-like or UDP-like semantics
132 \end{itemize}
133 \end{block}
134 % \pause
135 \begin{figure}
136 \centering
137 \begin{tikzpicture}[scale=1.2]
138 \tikzstyle{every node}=[font=\small]
139 \node[minimum width=9em,minimum height=9em,draw=gray](clientpc) at (25mm,9mm) {};
140 \node[above=0mm of clientpc.south] {User's Computer};
141 \node[cloud,drop shadow,fill=white,draw,minimum
142 width=4.5em,minimum height=2.5em](ip) at (22mm,30mm) {I2P};
143 \node[client](client) at (22mm, 18mm) {I2P Router};
144 \node[rectangle,draw,below=0mm of client.south east](app1) {Application};
145 \node[rectangle,draw,below=0mm of app1.south](app2) {Application};
146 \node[rectangle,draw,below=0mm of app2.south](app3) {Application};
147
148 \path[arrow] (app1.west) -| ([xshift=3.5mm]client.south west);
149 \path[arrow] (app2.west) -| ([xshift=2.5mm]client.south west);
150 \path[arrow] (app3.west) -| ([xshift=1.5mm]client.south west);
151 \path[arrow] ([xshift=.5mm]client.north) -- ([xshift=.5mm]ip.south);
152 \path[arrow] ([xshift=-.5mm]ip.south) -- ([xshift=-.5mm]client.north);
153 \end{tikzpicture}
154 \end{figure}
155
156 \end{multicols}
157 \end{frame}
158
159 \begin{frame}
160 \frametitle{Tunnels}
161 \begin{itemize}
162 \item Using onion-routing for anonymity
163 \item Unidirectional
164 \item Paired for bi-directional communication
165 \end{itemize}\pause
166 \begin{block}{Client Tunnels}
167 \begin{itemize}
168 \item Used for data interactions
169 \item Several per application
170 \end{itemize}
171 \end{block}
172 % \pause
173 \begin{block}{Exploratory Tunnels}
174 \begin{itemize}
175 \item Used for database interaction
176 \item 2 to 3 per node
177 \end{itemize}
178 \end{block}
179 \end{frame}
180
181 \begin{frame}
182 \frametitle{Network Database}
183 \begin{itemize}
184 \item<1-> Kademlia-like DHT based on \texttt{XOR}-distance run on
185 320 super-nodes
186 \item<1-> Layout of the database changes completely every day
187 \item<2-> \iip{databaseRecord}\\
188 Information named using a hash over their cryptographic Keys
189 \item<2-> \iip{storageLocation}\\
190 Hash over name and today's date
191 \item<3-> \iip{routerInfo}\\
192 Peer information: IP address, port, protocol, keys
193 \item<3-> \iip{leaseSet}\\
194 Service information: Entry tunnels, keys
195 \end{itemize}
196 \end{frame}
197
198 \begin{frame}
199 \frametitle{Sample Interaction}
200 Accessing a hidden website -- ``http://civilrights.i2p''
201 \begin{figure}
202 \centering
203 \input{sample-interaction}
204 \end{figure}
205 \end{frame}
206
207 \begin{frame}
208 \frametitle{Threat Model}
209 \begin{itemize}\addtolength{\itemsep}{1\baselineskip}
210 \item Implicitly specified in terms of attacks considered
211 \item Only allows local adversaries: No global view about traffic
212 passing through the network
213 \item Only allows limited number of malicious nodes -- around 20\,\%
214 of \iip{netDB} super-nodes and 20\,\% of total nodes
215 \item Secure cryptographic primitives
216 \end{itemize}
217 \end{frame}
218
219 \section{Sibyl Attack}
220 \begin{frame}
221 \frametitle{Sybil Attack}
222 \begin{block}{Definition}
223 In a sybil attack, the adversary utilizes multiple identities to
224 break assumptions about the system
225 \end{block}\pause
226 \begin{block}{Goal}
227 Gaining control over parts of the keyspace in the \iip{netDB} with
228 limited resources. As a result be the only source considered for
229 certain pieces of data and therefore able to monitor every access
230 to it
231 \end{block}\pause
232 \begin{block}{Challenge}
233 Active identities require considerable resources to be useful
234 \end{block}\pause
235 \begin{block}{Solution}
236 Compute a large pool of identities and only activate the relevant ones
237 \end{block}
238 \end{frame}
239
240 \begin{frame}
241 \frametitle{Sybil Attack}
242 \begin{block}{Generating identities}
243 \begin{itemize}
244 \item Building a database of 50,000 identities takes around 30
245 minutes on 12-core Xeon server
246 \item 156 nodes on average between two adjacent database nodes
247 \item All identities available to all malicious nodes
248 \end{itemize}
249 \end{block}\pause
250 \begin{block}{Using identities}
251 \begin{itemize}
252 \item Malicious nodes can calculate the correct identities and
253 change identity at any time
254 \item Nodes coordinate to avoid duplicate identities
255 \end{itemize}
256 \end{block}
257 \end{frame}
258
259 \section{Deanonymizing Users}
260 \begin{frame}
261 \frametitle{Deanonymizing Users}
262 \begin{block}{Goal}
263 Given an user Alice and a resource R, we want to confirm or refute
264 Alice using R with high probability.
265 \end{block}\pause
266 \begin{block}{Vulnerability}
267 \begin{itemize}
268 \item<2-> Nodes store their \iip{routerInfo} directly in the \iip{netDB}
269 \item<3-> Nodes verify the storage 20 seconds later using one of their
270 \iip{exploratory tunnels}
271 \item<4-> Nodes use the same \iip{exploratory tunnel} again for
272 resource lookups
273 \end{itemize}
274 \end{block}
275 \end{frame}
276
277 \begin{frame}
278 \frametitle{Deanonymizing Users}
279 \begin{figure}
280 \centering
281 \input{deanonymization}
282 \end{figure}
283 \end{frame}
284
285 \begin{frame}
286 \frametitle{Deanonyizing Attack}
287 \begin{block}{Setup}
288 \begin{itemize}
289 \item 20 attacking nodes in a single network
290 \begin{itemize}
291 \item 10 nodes capturing resource lookups
292 \item 10 nodes performing timing attack on \iip{routerInfo} storage
293 \end{itemize}
294 \item 6 monitoring nodes: split between two continents
295 \end{itemize}
296 \end{block}\pause
297 \begin{block}{Results}
298 \begin{itemize}
299 \item 60\,\% of potentially observable links detected
300 \item 52\,\% of attributed hits correct
301 \item Working equally well for geographically remote hosts
302 \end{itemize}
303 \end{block}
304 \end{frame}
305
306 \section{Conclusions}
307 \begin{frame}
308 \frametitle{Limitations}
309 \begin{itemize}\addtolength{\itemsep}{1\baselineskip}
310 \item Only works reliably for longer/repeated resource access
311 \item Less reliable for popular resources
312 \item Needs extra resources per tracked user and per resource
313 \end{itemize}
314 \end{frame}
315
316 \begin{frame}
317 \frametitle{I2P Improvements}
318 \begin{itemize}\addtolength{\itemsep}{1\baselineskip}
319 \item Working with I2P developers to make it secure again
320 \item<2-> Implemented improvements
321 \begin{itemize}
322 \item Limiting \iip{netDB} nodes per IPv4 network
323 \item Randomizing the time delta
324 \item Ongoing discussion about deeper modifications to the \iip{netDB}
325 \end{itemize}
326 \item<3-> Further improvements
327 \begin{itemize}
328 \item Ignoring new \iip{netDB} nodes
329 \item Removing storage verification
330 \item Expiring tunnels after storage verification
331 \end{itemize}
332 \end{itemize}
333 \end{frame}
334
335 \begin{frame}{Questions?}
336 \vspace*{\fill}
337 \begin{center}
338 \includegraphics[width=7cm]{42.pdf}
339 \end{center}
340 \vspace*{\fill}
341 \end{frame}
342
343 \begin{frame}
344 \frametitle{Bibliography}
345 \nocite{Mittal:2012}
346 \nocite{Timpanaro:2011}
347 \nocite{Herrmann:2011}
348 \nocite{Douceur:2002}
349 \nocite{Dingledine:2004}
350 \nocite{Evans:2011}
351 \bibliographystyle{plain}
352 \tiny{\bibliography{../i2p}}
353 \end{frame}
354
355 \end{document}
356
357 %%% Local Variables:
358 %%% mode: latex
359 %%% TeX-master: t
360 %%% TeX-PDF-mode: t
361 %%% End: