ebook img

Scalable Techniques for Security and Anonymity in Distributed Systems PDF

149 Pages·2015·2.64 MB·English
by  
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Scalable Techniques for Security and Anonymity in Distributed Systems

UC Riverside UC Riverside Electronic Theses and Dissertations Title Scalable Techniques for Security and Anonymity in Distributed Systems Permalink https://escholarship.org/uc/item/03c0z1bh Author Akhoondi, Masoud Publication Date 2015 Peer reviewed|Thesis/dissertation eScholarship.org Powered by the California Digital Library University of California UNIVERSITYOFCALIFORNIA RIVERSIDE ScalableTechniquesforSecurityandAnonymityinDistributedSystems ADissertationsubmittedinpartialsatisfaction oftherequirementsforthedegreeof DoctorofPhilosophy in ComputerScience by MasoudAkhoondi December2015 DissertationCommittee: Dr. HarshaV.Madhyastha,Co-Chairperson Dr. SrikanthV.Krishnamurthy,Co-Chairperson Dr. ZhiyunQian Dr. VagelisHristidis Copyrightby MasoudAkhoondi 2015 TheDissertationofMasoudAkhoondiisapproved: CommitteeCo-Chairperson CommitteeCo-Chairperson UniversityofCalifornia,Riverside Acknowledgments It is an honor for me to have had the opportunity to work with my advisor Prof. Harsha V. Madhyastha. I am deeply grateful to Harsha for the invaluable guidance and his generous support during my PhD. Without his brilliant and insightful advice he has given me, thisdissertationwouldnothavebeenpossibleandthiswillcontinuetobenefitmyentireresearch life. HarshaisveryenthusiasticandoneofthesmartestpeoplethatIknow,hewasveryadequate inourmeetingsorwhenitcametothoselatenightdeadlines. IhopethatIcouldbeashelpful, energetic,anddedicatedasHarshais. IamextremelyfortunatetocollaborateandworkwithProf. SrikanthKrishnamurthy during second year of my PhD. I would like to express my deepest gratitude to him for his scientificadvice,knowledge,manyinsightfuldiscussionsandsuggestions. IwouldliketoexpressimmenseappreciationtoProf. ZhiyunQianforhisadviceand mentoringnotonlywhenIwasinternatNECLaboratories,butalsoduringfifthyearofmyPhD on the project that I started during my internship. I would also like to thank all the people at NECLaboratoriesthatIworkedwith. A big shout-out to my labmates Dorian, Curtis, Zhe, Indrajeet and Ali at distributed systemslabwithwhomIspenthoursunderstandingproblemsandprovidinggreatfeedbackon all the aspects of the work done on this dissertation. I would also like to thank all my friends at UCR for being part of this wonderful journey. I will forever cherish the memorable times at UCRwithmyfriendsHamid,Mohammad,Moloud,Pamela,ShailendraandSteve. Icannotfindwordstoexpressmygratitudetomyfamily,especiallytomyparentsfor theirconstantlove,patienceandsupportthroughmylife. Withoutthem,Icouldnothavemade thisachievement. iv Tomyparentsfortheirconstantsupportandunconditionallove. v ABSTRACTOFTHEDISSERTATION ScalableTechniquesforSecurityandAnonymityinDistributedSystems by MasoudAkhoondi DoctorofPhilosophy,GraduatePrograminComputerScience UniversityofCalifornia,Riverside,December2015 Dr. HarshaV.Madhyastha,Co-Chairperson Dr. SrikanthV.Krishnamurthy,Co-Chairperson Security and privacy in distributed systems are long-standing hard problems. On the one hand, solutions for anonymous communications over the Internet are either vulnerable to traffic analysis or offer poor performance. On the other hand, compromises within enterprises remainhardtotrackdownduetocomplexdependenciesbetweenhosts,applications,andtheir data. In this thesis, I develop two solutions to improve the anonymity vs. performance trade-offforcommunicationsovertheInternet. LASTorimprovesperformanceofTorbymod- ifyingpathselectionalgorithmanditalsomitigatetrafficanalysisattackbydetectingcommon autonomous system (AS) across the entry and exit segments of a circuit and avoiding using those paths. LASTor reduces median latencies of visiting top 200 websites by 25% while the false negative rate of not detecting a potential snooping AS from 57% to 11%. Next solution, Innominate, is a new framework for anonymous online communication that both offers traffic analysis resistant strong anonymity and scalable performance. Innominate adopts relay-based techniqueforlowlatencycommunication, howeverinsteadofasingleclientserversasarelay, grouprelayisusedtoprovidestronganonymity. As of security inside enterprises, I develop DeltaTrack, the first enterprise attack vi forensics system that leverages differential dependency tracking to automate the pruning of irrelevant nodes and edges in the backtracking graph. DeltaTrack continuously monitors sys- temcalleventsfromallhostsandsummarizestheircommonexecutionbehaviorsinareference model. Then,thereferencemodelisleveragedtopruneawayfrequentlyobservedeventsacross many hosts since they are unlikely to be relevant to the intrusion. DeltaTrack can reduce the number of nodes and edges of the backtracking graph by up to 131x and 512x, respectively, whilemaintainingitsaccuracy. vii Contents ListofFigures xi ListofTables xiv 1 Introduction 1 1.1 AnonymousCommunications . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 DependencyTrackingforAttackForensicsinEnterprises . . . . . . . . . . . . 3 1.3 ThesisandContributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3.1 PrivacyinDistributedSystems . . . . . . . . . . . . . . . . . . . . . . 4 1.3.2 LASTor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.3 Innominate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.3.4 SecurityinDistributedSystems . . . . . . . . . . . . . . . . . . . . . 7 1.4 Organization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2 LASTor: ALow-LatencyAS-AwareTorClient 9 2.1 Backgroundandmotivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.1.1 Toroverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.1.2 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.2 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.1 Problemstatement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.2 Measurementdatasets . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.3 PathSelection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.3.1 Preferentialselectionoflow-latencypaths . . . . . . . . . . . . . . . . 20 2.3.2 Clusteringofrelays . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.3.3 Accountingfordistributeddestinations . . . . . . . . . . . . . . . . . 27 2.3.4 Latencyversusanonymitytradeoff . . . . . . . . . . . . . . . . . . . . 29 2.4 ASAwareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2.4.1 ASsetestimation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 2.4.2 AvoidingsnoopingASes . . . . . . . . . . . . . . . . . . . . . . . . . 35 2.4.3 EvaluationofAS-awareness . . . . . . . . . . . . . . . . . . . . . . . 37 2.4.4 ImpactofAS-awarenessonpathlatency . . . . . . . . . . . . . . . . . 39 2.5 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.5.1 Clientinaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 2.5.2 ModificationofdefaultTorclient . . . . . . . . . . . . . . . . . . . . 42 2.5.3 Inputdatasets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 2.6 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 viii 2.6.1 Accountingfordynamicload. . . . . . . . . . . . . . . . . . . . . . . 44 2.6.2 Loadbalancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 2.7 RelatedWork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 3 Innominate: Strongly Anonymous, Yet Scalably Performant, Online Communica- tions 52 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.2 BackgroundandRelatedWork . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.3 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 3.3.1 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 3.3.2 ThreatModel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 3.4 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 3.4.1 DistributedAnonymitySetsCreation . . . . . . . . . . . . . . . . . . . 63 3.4.2 DistributedGroupCreation. . . . . . . . . . . . . . . . . . . . . . . . 66 3.4.3 Group-basedTrafficRouting . . . . . . . . . . . . . . . . . . . . . . . 70 3.5 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 3.5.1 Registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 3.5.2 Communicationwithdestination. . . . . . . . . . . . . . . . . . . . . 71 3.6 AnonymityAnalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 3.6.1 ControlPlane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 3.6.2 DataPlane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 3.6.2.1 GroupAnonymity . . . . . . . . . . . . . . . . . . . . . . . 75 3.6.2.2 TheoriginatorAnonymity . . . . . . . . . . . . . . . . . . . 75 3.7 PerformanceAnalysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 3.7.1 InnominateInstantiation . . . . . . . . . . . . . . . . . . . . . . . . . 78 3.7.1.1 AnalysisofAnonymitySetsinSocialNetworks . . . . . . . 79 3.7.1.2 Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 3.7.2 Facilitators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 3.7.3 ThroughputofInnominate . . . . . . . . . . . . . . . . . . . . . . . . 83 4 DeltaTrack: DifferentialDependencyTrackingforAttackForensics 86 4.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 4.1.1 SourcesofDependencyExplosion . . . . . . . . . . . . . . . . . . . . 91 4.1.2 LimitationsofExistingHeuristics . . . . . . . . . . . . . . . . . . . . 95 4.2 ChallengesandAssumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.2.1 Assumptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 4.2.2 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 4.2.3 ThreatModel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 4.3 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 4.3.1 Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 4.3.2 TheReferenceModelofRelevancyScores . . . . . . . . . . . . . . . 101 4.3.3 K-hopBacktrackingAlgorithm . . . . . . . . . . . . . . . . . . . . . 104 4.3.4 SecurityAnalysisoftheK-hopAlgorithm . . . . . . . . . . . . . . . . 105 4.4 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 4.5 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 4.5.1 AnalysisofRealAttacks . . . . . . . . . . . . . . . . . . . . . . . . . 111 4.5.2 ReferenceModelEvaluation . . . . . . . . . . . . . . . . . . . . . . . 117 4.6 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 4.7 RelatedWork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 ix

Description:
on the project that I started during my internship. As of security inside enterprises, I develop DeltaTrack, the first enterprise SRC=/var/run/cups/cups.sock named /tmp/cve-2008-5377.ps, which is printed by the lp command.
See more

The list of books you might like

book image

Believe Me

Tahereh Mafi
·177 Pages
·2021
·2.19 MB

book image

$100m Offers

Alex Hormozi
·205 Pages
·2021
·3.18 MB

book image

As Good as Dead

Holly Jackson
·2021
·6.41 MB

book image

Better Than the Movies

Lynn Painter
·2021
·1.51 MB

book image

The Structure of Argument

Rottenberg, Annette T., Winchell, Donna Haisty
·1310 Pages
·2020
·22.501 MB

book image

C Sharp How To Program

1560 Pages
·18.336 MB

book image

The Brooklyn Paper Volume 29 Issue 29

The Brooklyn Paper
·2006
·4.8 MB

book image

Beating the Street

Peter Lynch
·14.42 MB

book image

2005 Missouri State Highway System Traffic Accident Statistics

Missouri Department of Transportation
·2006
·2.1 MB

book image

Government and political life in England and France, c.1300-c.1500

Fletcher, Christopher David; Genêt, Jean-Philippe; Watts, John Lovett
·394 Pages
·2015
·3.034 MB

book image

Capital Assembly

34 Pages
·2017
·0.46 MB

book image

The Flavor Bible

Karen Page & Andrew Dornenburg & Barry Salzman
·15.478 MB