Active Protocols for Agile Censor-Resistant Networks Robert Ricci Jay Lepreau University of Utah May 22, 2001 Key Ideas Censor-resistant (p2p) publishing is a compelling and feasible application of active networking …through on-demand, rapid, decentralized, diversification of the hop-by-hop protocol We prototyped this in Freenet Active Networking’s Biggest Problem Demand: no killer app Inherent problem, by definition! The space of AN protocols is interesting, not any given protocol But… a good match for censor-resistant networks Censor-Resistant Networks Goals – Make intentional deletion or denial of access infeasible or difficult – Often: Anonymity Usually: overlay network An example: Freenet – Keyed data retrieval system; routing based on a hash of key – Message initiation/relaying look the same – Copies made along return route for requests: preserves popular data Some Problems Facing CRNs CRN traffic may be identifiable – Static set of protocols a weakness Mere membership may be incriminating – Only identification may be necessary, not eavesdropping – Last link vulnerable: mercy of ISP Users on restricted networks cannot participate – But special techniques can get traffic through firewalls, proxies, etc. Agile Protocols Use active networking techniques for replacement of single-hop protocols Completely decentralized – Any node can create a new protocol & pass to its peer – Rapid response time to censorship – Nodes can customize for their environment Unbounded set of protocols – Attacker cannot even know what percentage of set they have discovered Protocol Examples Disguise and tunnel, eg through SMTP, HTTP Port-hopping… randomly Port-smearing (~spread spectrum) Bounce thru 3rd host Steganography …even better in wireless domain: physical & link level “Protocol Objects” Protocol Objects implement replacement single-hop protocols Identified by content hash What About Malicious Protocol Objects? Protecting Local Node’s Integrity, Privacy, and Availability Threat model like Java applet, but worse for privacy – node state: cache contents, neighbor list, IP addr, username, hard drive contents – message itself Integrity and privacy: std type-safety and namespace isolation Resource attacks: resource-managing JVM [OSDI’00, ...] Publishing-specific DoS Attacks Same general issues as malicious nodes Failure (total or intermittent) – Either malicious or unintentional – Heuristic approach: rate Protocol Objects • Ratings based on success rates for requests • Evaluate via loopback test harness – Ratings are node-local More attacks/responses in paper What About Bootstrapping? Shared by base Freenet system: must acquire initial {IP addr, port} out-ofband Now need {IP addr, byte code} Quantitative difference ==> qualitative change? Memory, piece of paper ==> floppy disk, email attachment, applet Conclusion: acceptable Our Implementation Prototype based on Freenet system Peers can exchange Java bytecode for new protocols Protocol usage can be asymmetric, can change on any message boundary Restricted namespace Four sample Protocol Objects ‘Classic’ Freenet protocol HTTPProtocol: Looks (vaguely) like HTTP TrickyProtocol: Negotiates port change after every message SpreadProtocol: Splits message on arbitrary byte boundaries, sends each chunk on a different port Reprise:AN’s Major Technical Challenges Performance: no problem – In Java already! – Overlay network: IP not my problem Security – Key: change local, keep global protocol – Global network: domain-specific, therefore tractable. – Local to node: tractable, based on recent research Conclusions, Future Work AN techniques seem likely to improve the censor-resistance of CR networks Feasible to implement in existing systems Future work – Implement ratings, etc. – Evaluate in lab – Evaluate “in the wild” Active Networking’s Major Technical Challenges Performance Security – Local: node – Global: network Attacks (cont’d) Selective failure: targeted censorship – Solution: encrypt before passing to PO Attack on document integrity – Reduce system integrity, or ‘tag’ for tracing – Solution: secure hash