Privacy in Content Oriented Networking: Threats and countermeasures
description
Transcript of Privacy in Content Oriented Networking: Threats and countermeasures
![Page 1: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/1.jpg)
Privacy in Content Oriented Networking: Threats and countermeasures
Abdelberi Chaabane, Emiliano De Cristofaro, Mohamed Ali Kaafar, and Ersin Uzun
![Page 2: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/2.jpg)
2
3 Interconnecting information2 Interconnecting hosts1 Interconnecting wires
Telephony TCP/IP
A brief History of networking
![Page 3: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/3.jpg)
3
Change in Communication Paradigm
• Today Internet struggles – Scalability– Mobility– Security
• Move to Content-oriented Network– Traffic is already content-oriented
• CDN, overlays, P2P– Users/applications care “what to receive”
• They don’t care “from whom”• Host based communication model is getting ‘’outdated’’
![Page 4: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/4.jpg)
4
Notable Content Oriented Networking Architectures
NetInfNetwork of Information
DONA
![Page 5: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/5.jpg)
5
Macro-building blocks
• Named Content– Objects are named to facilitate data dissemination and
search • Content Based Routing– Routing content rather than host
• Content Delivery– Using multipath routing and leveraging in network
caching• In Network caching– All components provide caching capability
![Page 6: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/6.jpg)
6
CCN Operations
![Page 7: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/7.jpg)
7
Contributions
• Systematic study of privacy challenges in CON– Exposing several worrisome issues– Proposing some countermeasures– Highlighting open problems
• Comparing CON to Today’s Internet (TI) from a privacy perspective
![Page 8: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/8.jpg)
8
Outline
1. Privacy challenges in CONCache privacyContent PrivacyName privacySignature privacy
2. The potential of CON privacyAnonymityCensorship ResistanceUntraceabilityData authenticity and confidentiality
![Page 9: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/9.jpg)
9
CON PrivacyCache Privacy
-Data is cached in every hop
-Infer who consumed what
Name Privacy
-Names are related to the content
- Infer what a user is consuming
Signature Privacy
-Content is signed
- Identify the communicating parties
Content Privacy
-Encryption is not mandatory
-Publicly available content spied on / censored
![Page 10: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/10.jpg)
10
Timing attackRTTS
RTTCFetch the targetedcontent RTTt
1. If |RTTt -RTTc| < ε: Content has been fetched by a neighboring consumer
2. If RTTt > RTTc and RTTt < RTTs: Content has been recently fetched from the source
3. Otherwise: The target content has not been consumed
![Page 11: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/11.jpg)
11
Potential Solution
• Wait before reply– When a content m is fetched, the corresponding RTTm is stored
– All subsequent requests to m are delayed with RTTm
1. Increased the delay1. It provably achieves perfect privacy[1]
2. No assumption about content correlation/ Network topology
3. Reduced bandwidth
1: Acs, G., Conti, M., Gasti, P., Ghali, C., & Tsudik, G. Cache Privacy in Named-Data Networking. ICDCS’13.
![Page 12: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/12.jpg)
12
Potential Solution
• Delay the first K– When a content m is fetched, the corresponding RTTm is stored and a
random number K is chosen – K subsequent requests to m are delayed with RTTm
1. Assumption about content correlation
2. Increased delay for non popular content
1. Popular content is not delayed2. Formal model to quantify the
tradeoff privacy/latency [1]3. Reduced bandwidth
![Page 13: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/13.jpg)
13
Potential Solution• Collaborative caching– Multiple caches collaborate to create a distributed cache
![Page 14: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/14.jpg)
14
Potential Solution• Collaborative caching– Multiple caches collaborate to create a distributed cache
1. Administrative collaboration 2. Potential Delay
1. Increases the anonymity set2. Increases hit rate
![Page 15: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/15.jpg)
15
Content Based Monitoring and Censorship
• CON routers – Long-term storage– Computationally powerful
• ‘Less’ powerful adversary is needed to perform censorship
![Page 16: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/16.jpg)
16
Potential Solution
• Broadcast encryption– The producer send an encrypted message to a set of users N – Only users in N can decrypt the message
1. Producer generate/store N keys
2. Producer public key and cipher text are of size of O(√N)
1. Content is encrypted once2. Caching is preserved 3. Fine grained user control
(revocation)
![Page 17: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/17.jpg)
17
Potential Solution
• Proxy re-encryption
![Page 18: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/18.jpg)
18
Potential Solution
• Proxy re-encryption
1. Asymmetric encryption 1. Content is available for any user
2. Content is encrypted once3. Caching is preserved4. Fine grained user control
(revocation)
![Page 19: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/19.jpg)
19
Monitoring/Tracking
• Content name are semantically correlated with the content– E.g. /US/WebMD/AIDS/Symptoms/html
• Unlike HTTPS, content name is not encrypted as they are used for routing
![Page 20: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/20.jpg)
20
Potential Solution
• Bloom Filter– Using Bloom filter to obfuscate
the content name:• A hierarchical Bloom filter for routing table• A counting Bloom filter for each forwarding
interface
1. Introduce false positives2. BF require periodic resetting
1. Obfuscates content name2. Small architectural changes3. Reduce the size of
routing/forwarding tables
![Page 21: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/21.jpg)
21
Censorship/ Monitoring
• Signature is used to provide guarantee on provenance and integrity
• This signature can be used to censor/monitor the content.
![Page 22: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/22.jpg)
22
Potential Solution
• Group Signature
• Group Signature
![Page 23: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/23.jpg)
23
Potential Solution
• Group Signature– Hide the signer in a set of potential signers (signer ambiguity)
Group Manager
Pub Key
Priv Key
![Page 24: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/24.jpg)
24
Potential Solution
• Group Signature– Hide the signer in a set of potential signers (signer ambiguity)
1. Presence of a group manager2. Censorship possible
1. Signature still verifiable2. Efficient
![Page 25: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/25.jpg)
25
Potential Solution
• Ring Signature– Hide the signer in a set of potential signers (signer ambiguity)– Signature is generated from the signer private key and a set of
public key
Pub Key
Priv Key
![Page 26: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/26.jpg)
26
Potential Solution
• Ring Signature– Hide the signer in a set of potential signers (signer ambiguity)– Signature is generated from the signer private key and a set of
public key
1. Communication overhead linear in the size of the ring
2. Censorship possible
1. Signer anonymity protected2. Trustful content (as long as all signers are trustworthy)
3. No signers interaction / No group manager
![Page 27: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/27.jpg)
27
Outline
1. Privacy challenges in CON1. Cache privacy2. Content Privacy3. Name privacy4. Signature privacy
2. The potential of CON privacy1. Anonymity2. Censorship Resistance3. Untraceability4. Data authenticity and confidentiality
![Page 28: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/28.jpg)
28
Anonymity
A Trusted Anonymzing proxy Natively provided by the architecture (no SRC/DST)
- A single point of failure- A Local adversary could monitor all the traffic
Mix Networks e.g. Tor• 3 Hops to the source• Low latency
Mix Networks: ANDaNA[2]• 2 Hops to the source• Low latency• Partially disable CON
caching• CCNx specific
Internet CON
[2] ANDaNA: Anonymous named data networking application. DiBenedetto, S., Gasti, P., Tsudik, G., & Uzun, E. NDSS'12
![Page 29: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/29.jpg)
29
Censorship
DNS Tempering Effective in some CON
Easier in CON:• Name/Content are not
encrypted• No need for specialized
hardware
At a single router, censorship appears to be easier in CON
Internet CON
Host blacklisting Content (name) blacklisting
DPI (Content blacklisting)• Strong adversary• specialized Hardware
![Page 30: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/30.jpg)
30
Tracking
Cookies
• No same origin policy• Only dynamic content can
be tracked• Business model
migration ?
CON is more resilient to tracking but poses new challenges
Internet CON
-More difficult to carry (no addresses + caching)• How to handle security
incident ?
• Using IP and host fingerprinting
Stateless Tracking
• Widespread • Efficient • Tailored to the business
model
![Page 31: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/31.jpg)
31
Data authenticity and confidentiality
One size fits all (SSL)• Well studied • Highly optimized
End to End trust model • Different consumer =
different trust model• Widely accepted (PKI) or
new trust management model
Internet CON
![Page 32: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/32.jpg)
32
Take home messages
• Content Oriented Networking PrivacyMore resilient to tracking‘’Weak’’ anonymity as native feature
Possibly more vulnerable to censorship Some privacy challenges due to caches, naming, signatures
![Page 33: Privacy in Content Oriented Networking: Threats and countermeasures](https://reader036.fdocuments.in/reader036/viewer/2022062400/56816870550346895ddede66/html5/thumbnails/33.jpg)
33