PETS 2018: Secure asymmetry and deployability for decoy routing systems
31 views
Skip to first unread message
David Fifield
Sep 24, 2018, 4:56:28 PM9/24/18
to traff...@googlegroups.com
Secure asymmetry and deployability for decoy routing systems
Cecylia Bocovich and Ian Goldberg
https://www.petsymposium.org/2018/files/papers/issue3/popets-2018-0020.pdf
This paper presents a design modification for decoy routing that enables
operation over asymmetric routes, and partially non-blocking operation.
You can think of it as an add-on for existing symmetric designs (Telex,
Curveball, Slitheen). It works by having routers in the upstream
direction "gossip" information about TLS connections to downstream
routers. When an upstream station sees the beginning of a TLS flow, it
shares certain metadata such as the client random and ciphersuite list
with the downstream routers. The metadata allows a downstream router to
recognize the downstream half of a tagged flow and recover the TLS
master secret. When the downstream station recognizes a tagged flow, it
proves to the upstream router that it has done so via a
challenge–response protocol; and then the upstream router begins
forwarding a copy of all upstream data directly to the downstream
router—now the route is effectively symmetric because the downstream
router sees both directions.
The upstream routers can be simple non-blocking network taps. The
downstream routers are blocking, but only for the subset of flows that
are tagged. Like Waterfall (https://censorbib.nymity.ch/#Nasr2017a),
most of the work happens in the downstream direction, which has the
effect of making routing-around-decoys attacks harder. Waterfall
requires client pre-registration with a registration server that shares
connection metadata with all the downstream routers. The difference in
this paper is that there is no single registration server; in effect,
every upstream router acts as an implicit registration server. The
asymmetry between upstream and downstream routers is described as an
advantage for deployment: ISPs who are sympathetic but not ready to
install a heavyweight flow-blocking element can instead run a
lightweight upstream-only router.
Cecylia Bocovich and Ian Goldberg
https://www.petsymposium.org/2018/files/papers/issue3/popets-2018-0020.pdf
This paper presents a design modification for decoy routing that enables
operation over asymmetric routes, and partially non-blocking operation.
You can think of it as an add-on for existing symmetric designs (Telex,
Curveball, Slitheen). It works by having routers in the upstream
direction "gossip" information about TLS connections to downstream
routers. When an upstream station sees the beginning of a TLS flow, it
shares certain metadata such as the client random and ciphersuite list
with the downstream routers. The metadata allows a downstream router to
recognize the downstream half of a tagged flow and recover the TLS
master secret. When the downstream station recognizes a tagged flow, it
proves to the upstream router that it has done so via a
challenge–response protocol; and then the upstream router begins
forwarding a copy of all upstream data directly to the downstream
router—now the route is effectively symmetric because the downstream
router sees both directions.
The upstream routers can be simple non-blocking network taps. The
downstream routers are blocking, but only for the subset of flows that
are tagged. Like Waterfall (https://censorbib.nymity.ch/#Nasr2017a),
most of the work happens in the downstream direction, which has the
effect of making routing-around-decoys attacks harder. Waterfall
requires client pre-registration with a registration server that shares
connection metadata with all the downstream routers. The difference in
this paper is that there is no single registration server; in effect,
every upstream router acts as an implicit registration server. The
asymmetry between upstream and downstream routers is described as an
advantage for deployment: ISPs who are sympathetic but not ready to
install a heavyweight flow-blocking element can instead run a
lightweight upstream-only router.
Reply all
Reply to author
Forward
0 new messages