Thursday, August 20, 2015

Session 11 Paper 3: Herd: A Scalable, Traffic Analysis Resistant Anonymity Network for VoIP Systems

Authors: Stevens Le Blond (MPI-SWS), David Choffnes (Northeastern University), William Caldwell (MPI-SWS), Peter Druschel (MPI-SWS), Nicholas Merritt (MPI-SWS)

Presenter: Stevens Le Blond

Link To Paper
Link To Public Review


Many entities perform surveillance on internet traffic including VOIP calls. Current anonymity systems have issues with complete privacy (Tor) or scalability (DC-Net) and do not ensure quality service. In this presentation, the authors present Herd: A scalable anonymity system for VOIP calling by using low latency proxies while resisting these adversaries.

Let's say if Hollande wants to give a call to Snowden by evading GCHQ :)
If they use Tor, it is vulnerable to a time series or an intersection attack in a situation where the GCHQ have access to the core network.  For verification, the authors simulate an intersection attack and show 98.3% are traceable with an intersection attack.

In Herd, the authors introduce Mixes, that act as a router (relay) for the caller and the callee to ensure anonymization purposes.  These mixes are present within datacenters in different jurisdictions.
To initiate a call,  each user picks a datacenter inside the jurisdiction that it trusts, as it is unlikely that all the clients will trust the same mix. To further deploy region (zone anonymity) they further divide Mixes into smaller regions called "trust zones" to decouple caller and callee connections.

The Threat Model:
Adversary can sniff all traffic, and can perform traffic based analysis.

Assumptions:
The Adversary does not have access to the complete internet infrastructure
There are jurisdictions that are friendly or indifferent.
Clients always use chaff and trust the mix.
Simple onion routing is used between communication through mixes.

To solve scalability issues, they introduce the concept of superpeers that shifts load from trusted to untrusted infrastructure. Clients connect to the superpeers (untrusted parties), which introduce are then connected to the trust zones.

They authors evaluate anonymity and scalability with other systems like Drac and Tor and use mobile and social network data (twitter and facebook) to simulate call patterns. Tor is susceptible to traffic analysis whereas Drac and Herd perform well in that scenario. When evaluating scalability, they observe that Herd scales out better than Drac. (See paper for numbers)

Some ongoing work includes:
Formal security analysis.
Deployment on  Mac and Windows.
Add other functionality such as video calls.

Q: How do you multiplex multiple client calls in a single mix?
A: you need to have several channels that are selected by the client.
Follow up: how does this choice happen?
The allocation is done by the mix, and then the clients establish chaffing channels.

Q: What are the legal requirements to operate the mix as a service.. eg. Germany has legal issues for  operating mixes, are you going to give us some good news?
A: You need to talk to the govt. about that

Q: In order for me to anonymity, there need to be a certain number of people, so if there are not enough people who will join?
A: The zone can place restrictions that you need to contribute to the calling ecosystem after which you can make a call.